last executing test programs:

4m52.286749427s ago: executing program 4 (id=3039):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f00000000c0), 0x10)
dup3(r1, r0, 0x0)
sendmsg$can_bcm(r1, &(0x7f0000000140)={0x0, 0x9fec6dab355a9826, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="05000000830800"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="000000000100000000000000fc000000ce7ffe681c735b57194182af7a4834162f4d55e5827a4fa9d907b30dee5f9af3dc029871384dcbed5f13a54640831002000000ef4e7cc3151d20000000000000"], 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[], 0x80}}, 0x48011)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
r3 = getpgid(0x0)
r4 = syz_pidfd_open(r3, 0x0)
pidfd_send_signal(r4, 0x11, 0x0, 0x4)

4m51.435764178s ago: executing program 4 (id=3043):
openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000480)=""/74, 0x49)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

4m48.756126979s ago: executing program 4 (id=3059):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x1410, 0x400, 0x70bd25, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x9c4943c1a5a5d01}, 0x40040)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x4f0b3715}}, './file0\x00'})
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xa8, r2, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x10}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7fffffff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xb}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7d}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3b}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40000}, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff)
r3 = fsopen(&(0x7f0000000440)='btrfs\x00', 0x1)
r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000480)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
read(r4, &(0x7f00000004c0)=""/74, 0x4a)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000540)=0x1208000, 0x4)
connect$unix(r3, &(0x7f0000000580)=@file={0x1, './file0\x00'}, 0x6e)
io_uring_register$IORING_REGISTER_CLOCK(r1, 0x1d, &(0x7f0000000600)={0x8}, 0x0)
statx(r1, &(0x7f0000000640)='./file0\x00', 0x4000, 0x100, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
quotactl_fd$Q_GETFMT(r3, 0x0, r5, &(0x7f0000000780))
read$FUSE(r1, &(0x7f0000000840)={0x2020, 0x0, 0x0, <r7=>0x0, 0x0, <r8=>0x0}, 0x2020)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000002880)={{{@in6=@empty, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000002980)=0xe8)
mount$9p_fd(0x0, &(0x7f00000007c0)='./file0/file0\x00', 0x0, 0x411, &(0x7f00000029c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r6}}, {@privport}, {@version_u}, {@access_uid={'access', 0x3d, r7}}, {@cache_none}, {@fscache}, {@cachetag={'cachetag', 0x3d, 'nl80211\x00'}}], [{@fowner_eq={'fowner', 0x3d, r9}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@fowner_eq={'fowner', 0x3d, r5}}, {@obj_type={'obj_type', 0x3d, '*@.](^,'}}, {@fscontext={'fscontext', 0x3d, 'root'}}]}})
recvfrom(0xffffffffffffffff, &(0x7f0000002b00)=""/145, 0x91, 0x1, &(0x7f0000002bc0)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x19}, 0x80)
write$cgroup_devices(r1, &(0x7f0000002c40)={'a', ' *:* ', 'w\x00'}, 0x8)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r1, 0x0, 0x4000804)
syz_emit_ethernet(0x16, &(0x7f0000002e00)={@random="2bbf3e0625cb", @empty, @val={@val={0x88a8, 0x2, 0x0, 0x3}, {0x8100, 0x2, 0x1, 0x4}}, {@generic={0x6006}}}, &(0x7f0000002e40)={0x0, 0x1, [0x698, 0x3e7, 0x57, 0xbfc]})
recvfrom$inet6(r1, &(0x7f0000002e80)=""/64, 0x40, 0x1c0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000002ec0), r1)
sched_setscheduler(r8, 0x0, &(0x7f0000002f00))
syz_clone(0x4000, &(0x7f0000002f40)="94b9edaa9eb438e42b2936408d574964feaaf20befe03801b92891a86701d4daea318695bf9f7723e7b2f0e2fd39d61269c0", 0x32, &(0x7f0000002f80), &(0x7f0000002fc0), &(0x7f0000003000)="292891c381a885f07a78fff6903d636ad560c67507f711e509915b7c5bc4afff75515ce4f5d0bc2755849d09a1bbdc59a70e7d160e8871849714929999a013100a90376a434ee54e7f9ce56bed65ed9d169f305024ea5d22810608bc1c67e131131f260e492532c9475fb21e490680e43839c01032fbc7308a8b36a6bfe9fccd6ba64bb3f38da3006425b4e7de7f22b6b7366da49047eb6cff8cd8f50c0c80a7b81a8e4b883caa623f41a5645956d0a655aa9c4dd7e42adf7cc93293799163939b3b45e8cb4355aa6077ecac7ac488dd70c13ce2511b6039464da8e415f9903c77c3360ce9d53faa14e3f272cbd02cd930206c396b5fed1a5f5b3da72c1f")
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000003100)={0x6, 'batadv_slave_1\x00', {0x80000001}, 0x101})
recvmmsg$unix(r1, &(0x7f0000008a80)=[{{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000003140)=""/138, 0x8a}, {&(0x7f0000003200)=""/224, 0xe0}], 0x2, &(0x7f0000003340)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0}}, {{&(0x7f0000003400), 0x6e, &(0x7f0000004640)=[{&(0x7f0000003480)=""/55, 0x37}, {&(0x7f00000034c0)=""/4096, 0x1000}, {&(0x7f00000044c0)=""/209, 0xd1}, {&(0x7f00000045c0)=""/51, 0x33}, {&(0x7f0000004600)=""/46, 0x2e}], 0x5, &(0x7f00000046c0)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe0}}, {{0x0, 0x0, &(0x7f0000004dc0)=[{&(0x7f00000047c0)=""/184, 0xb8}, {&(0x7f0000004880)=""/218, 0xda}, {&(0x7f0000004980)=""/43, 0x2b}, {&(0x7f00000049c0)=""/160, 0xa0}, {&(0x7f0000004a80)=""/223, 0xdf}, {&(0x7f0000004b80)=""/111, 0x6f}, {&(0x7f0000004c00)=""/108, 0x6c}, {&(0x7f0000004c80)}, {&(0x7f0000004cc0)=""/197, 0xc5}], 0x9, &(0x7f0000004e80)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x118}}, {{&(0x7f0000004fc0)=@abs, 0x6e, &(0x7f0000006180)=[{&(0x7f0000005040)=""/20, 0x14}, {0x0}, {&(0x7f0000006080)=""/56, 0x38}, {&(0x7f00000060c0)=""/3, 0x3}, {&(0x7f0000006100)=""/63, 0x3f}, {&(0x7f0000006140)=""/24, 0x18}], 0x6}}, {{0x0, 0x0, &(0x7f00000072c0)=[{&(0x7f0000006200)=""/4096, 0x1000}, {&(0x7f0000007200)=""/94, 0x5e}, {&(0x7f0000007280)=""/22, 0x16}], 0x3, &(0x7f0000007300)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f0000007380), 0x6e, &(0x7f0000008680)=[{&(0x7f0000007400)=""/23, 0x17}, {&(0x7f0000007440)=""/206, 0xce}, {&(0x7f0000007540)=""/193, 0xc1}, {&(0x7f0000007640)=""/4096, 0x1000}, {&(0x7f0000008640)=""/13, 0xd}], 0x5, &(0x7f0000008700)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}, {{0x0, 0x0, &(0x7f0000008980)=[{&(0x7f0000008840)=""/168, 0xa8}, {&(0x7f0000008900)=""/97, 0x61}], 0x2, &(0x7f00000089c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0}}], 0x7, 0x2, &(0x7f0000008c40)={0x77359400})

4m48.639869011s ago: executing program 4 (id=3060):
r0 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, 0x0, 0x20044054)

4m48.567197345s ago: executing program 4 (id=3061):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
r1 = fcntl$dupfd(r0, 0x406, r0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200047fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='bic', 0x3)
syz_genetlink_get_family_id$nl80211(0x0, r1)
write$binfmt_elf64(r1, &(0x7f0000000200)=ANY=[], 0x540)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="884ed38a", 0xfffffffffffffec3)
r3 = accept4(r2, 0x0, 0x0, 0x800)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f00000002c0)={'syztnl1\x00', 0x0})
mkdirat(0xffffffffffffff9c, 0x0, 0x1)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0)
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r5, 0x5, &(0x7f00000005c0)='fd', 0x0, r4)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x2)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r7, r7)
setpgid(0x0, r7)
fchdir(r6)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount$overlay(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x1080008, &(0x7f00000001c0)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@metacopy_on}, {@nfs_export_off}, {@nfs_export_on}, {@index_off}, {@uuid_auto}, {@xino_auto}]})

4m47.548099894s ago: executing program 4 (id=3069):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r4)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x2c, r5, 0x3141e0b2751b0f9b, 0x70bd2d, 0x255ddbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6051}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

3m13.372291426s ago: executing program 1 (id=3348):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
lsm_set_self_attr(0x64, &(0x7f0000000000)=ANY=[@ANYBLOB="250000150000000005"], 0x24, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000002600)={&(0x7f0000000080)=ANY=[@ANYBLOB='I\x00\x00\x00', @ANYRES16, @ANYBLOB="030327bd7000fcdbdf25070000002000018008000100", @ANYRES32, @ANYBLOB="140002006c6f00"/20], 0x34}, 0x1, 0x0, 0x0, 0x40008081}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f00000004c0)=ANY=[@ANYBLOB="200000006c0000042abd7000fedbdf2500000000", @ANYRES32, @ANYBLOB="55612b49d75301a87b532db0754d2798b8bdae3df19df2f1da2d06c2aee07b8daf9d863ad9837d19681ce06b58b5492920fd5de7e805b812b21302fec8d149197ee07609437245ae7ff36da8965316339043ad16aae9f61c4bac883dffee3cf5d62b40e2667ce6815a80d4910f071c28711d5a9cb77e34b14ed56a65dbbad0fd4b2d71026e4edd26c2ab55445c3656956f7429fa94cf12d676a0c28a279eac9576ccc465cdb77e0ea82d78772664ff29b5"], 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x48001)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)

3m12.715711859s ago: executing program 1 (id=3350):
r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000002780)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_timeval(r3, 0x1, 0x43, &(0x7f0000000340), 0x8)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x8, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x58}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xe, 0x3, 0x1, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newqdisc={0x170, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x140, 0x2, [@TCA_GRED_PARMS={0x38, 0x1, {0x8, 0x5, 0x400, 0x9, 0x81, 0x101, 0x86a4, 0xc40, 0x7fffffff, 0xfffffffd, 0x1, 0xb, 0x16, 0x6, 0xca11, 0xffff}}, @TCA_GRED_STAB={0x104, 0x2, "1fcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb0000000000000009e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acdf902703c7bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}]}}]}, 0x170}, 0x1, 0x0, 0x0, 0x845}, 0x24008004)
r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r7, &(0x7f0000000300)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x10, 0x2, @in={0x2, 0x4e24, @private=0xa010101}}}, 0xa0)
vmsplice(r1, &(0x7f0000002ac0)=[{&(0x7f00000003c0)="1181ca90724825f5776f0e7cbbb9ff9227b97d80c6febf9636123e6ff91fd0f3f6b3d29fa5250db29ff7fdc571b03e2736e4ed12d81d1a6190315b9505ad0e47cd51cf105ff988a6870c1d77c28aa03ff8fe6bafb22a7d437abba4c2c0c724f11348398008beca867b44d710c489d6108d6fc749bf8d3cc5ec381995d022f968c4fc9d637ba39a8a64ae714c7960ea99809d20acd7dba7a686509009bd91465c3f3c061c70d70108ce76", 0xaa}, {&(0x7f00000024c0)="5d63a8b5a94f4e46a130f23f644f10a165e97735efc7dd961e1e60774a699c93e13f2a2420ce", 0x26}, {&(0x7f0000002540)="a7cba1656fe61fd8d5cf7f4e00e6df640d24e637fa7dee159335d4e7088112f7798358a6c3403f0c597b534b6bb60ae6691e1043ba2ea26fd048836873964aa8859fcb7e79c7f9003512c9a1761cb7d2eb17187cc76c2a5be88ce83ea721e0b443997285c90150df71cad1ed", 0x6c}, {&(0x7f00000025c0)="59b4deaa029ae1513908ceab6c1b03adde27a0a1fa99c23ab5fe9b2715d5ca20bfb400ce6816d06fa3e4b62b4ae31fe511f9726e6249adedea5669c1f9edfb5e57b2fe1f8f704432a0013d74558315fd7877a7168be8dd1c7d2e7281a1d96aeb4534bccadd35d2997a0a417c045b9ecea797b25361bb36dc8924fcc5e7597095ca13a0eba1eb8633f0a794ec8042db7c314bbfea459271d8bf52bb78d227cb233754b2a975de42aad9b18c79af40498738d71813", 0xb4}, {&(0x7f0000002680)="6f4b9f524ae0cd1bb47b8d4ae61ec78ecce539b322281dee0afaeafeabfc66d2c9635a7b420d49c516970555580dd868360af5e74734c6f63a93b33547c28e4937bacd30b1deb5172f5d", 0x4a}, {&(0x7f00000027c0)}, {&(0x7f0000002880)="4fc27ca82392fa3cc02706f3ec6a118c1a33d9b99b20abce0a876fd0abd9278ab323ccb9583e275a18d0f2f14cdb89c7989cba87824bf9b656acd6a133956ecfb7151f313267244f266ffc34d3a8afe231bd63a6bac7f4f7400bd97536481ba65a47b8996d41407d5ecaf0a118ba60c80ea9e0c8a25b45ec8fd84cf9bbf51e2e061f42631768cb9bbd8339", 0x8b}, {&(0x7f0000002940)="6ff57c28025400c27cbdf2f3f38781532d23ff7ea614aedefb16e9530da30064d18412add13881e3bfcb0310d553b321f8bf264e1b098e8f5ae799cf43adf322f99066cd01b49ea733578d13c88e8dd6d4190a4c31c66993340b7017b9ef998795", 0x61}, {&(0x7f00000029c0)}], 0x9, 0x4)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3c0000001800dd8d03900d00ffffffff020000000008000600000020060015000400000018001680140003"], 0x3c}}, 0x0)
setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85)
read$FUSE(r0, 0x0, 0x0)

3m11.58413847s ago: executing program 1 (id=3354):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x30, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x2, 0x57}}}}, [@NL80211_ATTR_NETNS_FD={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4004}, 0x20044054)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r2)
sendmsg$IEEE802154_LIST_IFACE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="07012cbd7000fedbdf251f000000080002"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x20004800)

3m10.173124657s ago: executing program 1 (id=3358):
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x0, 0x0)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)
ioctl$MON_IOCT_RING_SIZE(r0, 0x80089203, 0x200000000000000)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0)
syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mkdir(&(0x7f0000000140)='./file0/../file0\x00', 0x190)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x2042, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r3 = accept4(r2, 0x0, 0x0, 0x80800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)=""/81, 0x51}], 0x1}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x4, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000229a9604000000000a000000911151000000000095"], &(0x7f0000000c40)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8}, 0x94)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0)
ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f0000000100)={0x2b, 0x22, 0x0, 0x2, 0x8, 0xa9, 0x5, 0x2, 0x1})
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$cgroup_devices(r6, 0x0, 0x9)
ioctl$VIDIOC_G_FREQUENCY(r6, 0xc02c5638, &(0x7f0000000240)={0x28000000, 0x3, 0x5})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007"], 0x0, 0x4}, 0x94)
socket$kcm(0x10, 0x2, 0x0)

3m8.908980241s ago: executing program 1 (id=3360):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[], 0x48)
syz_open_dev$mouse(0x0, 0x0, 0x2042)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
getpid()
syz_emit_ethernet(0xa56, &(0x7f0000001280)=ANY=[@ANYBLOB="61fe71b72b5f1780c202090386dd600019580a203afffe80000000000000000000000000001aff02000000000000000000000000000186009078010000030000000000000000030aa78ce5400659808000000003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42c60a5c15b37adac15084dbaf736b41d5af18020001ffffffffffffff80260004000318fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d036397a0acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978061d06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a000023f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000010b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743474671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68f2d2c6393a9f3becd1a9f51a948b5b303f4f0252107fcc1876d4ec1876d4e6fa3ce2dfdb43a6f021659ff5c2d6b3d9363ed09bd9281c9fe68a3000000006f0000044e43e740e077e1d16212fb05145e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1eb91a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d96967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c0000000000000000001f05090000000900000036da018dff16a70b8b1400001600e18e88605aa6be1a02a326a6bce65f81ed1f0bd4e77f8854c2b77855807444dd5cbd4b0ddeac8f5280f5d9178b66796b4c15a850e4078c8a61f4a1936bfd2868bfb38d16aa1129954c7c1c102f6eea58a67659ed751b2a1dea57caba3e1ce15024c25eb512471954efdf4de80d7ca3c600c8fca06311b404bf722cf06364ee49d1d33a69558cc4936aebf2f1a80d6cdb1d0cc17701e6152374fdc4bb7a24209117725839d0ee30d0041ab3b6cf4f16ab09546170b32b4ab35c624c848255416456abe7162b45ec1e8b42d7bba878ec610a8a03778931b49f53519887ee05795451ac3c3ca2d222e1a6fea611cd9f08adbb777e0cd67de188d27c0ee5e8bd2c76cff7ff14a4e249588ab5acd79044c61daf71fb88560d7fb1237c98a0707d84197b5b0605962c7a08f76b5a6f8ca28404a7a23f69aebcbb7ce8a992b52aee42756ba453856d6d187af7f62d4efbea4d1afccd1137e7f445233158ead8173baf8df610197656743854ffd52fa1aab3c5977422aca53d8ce83529638a997d9a9cca7402d939c39dec79ed274a586b69d798fb8649bb92dd78ed08c6518afcb196511b3e111826d4f1ef8e92d1e1c033160160a0dedea1baaed7eaa86adb4cb6c509116d66c5bde183defc33a4f907084ad89b92fea3cf60cce9aefceaa8a251fa5dc57ea1e648bf0a7a5b943f73291001790ccb1397d1b3e526ef30cbcc3204678063ffb9c4c07978b880a44e75a3be56f2029912631a1bc9d2e4f72127292dee3a98b1ebc03941a46475e8cacb75afa0e7d159bf83d925d1ea1849623eb3bc52acbf3f1be85c56ad2ae1c600b0e1124eaad8c21ba91878f9ceb9454352b0fe93856bb52bde7e08d14e5ac49e20e5af020c61de8fa2ca182bb1aa8049747e067011a553ce3bf7bd82c14cb4c90404c9b0451b590966c424918e0d582573c12a1c65aea5987350df5995fd38343be3a227f03f905a3c36102bbca9ccafb331e5f674b773e8f833919afbc0f8250da29a53dc260e0dcad772e542502924075ef5511cacd6fc533093f337d5a1ed93b50f2c186a86f6a2cd5ee37e77204fb99749a219ec6405e3860283ea41a2e69a1c48af70d4c56f6df00a2dd51acd29d1cae523ac9eeaaf3ea806395515bbb2c9a0168ff8c59c2975f2eee1f7b60e6fb9d0ef04f2940d956155fb0777e8be5a30debb690e243d4cf2663ddf7fa6f0ace86d0d881da1d8d7c08c62d08483661cd496771c42f7663d82ebfdb9f4caf2650f9d69c87e6867e426ce4521231d04efd516020b17b4e4bd7df8b33a6a6bdf6af4f2463f1ce96ede77d4dc9f89843ba7205e0e451933c0dc806896028beee7104b7792301e005806b0b06f652b91d96d5966f67d6a97631825851bc6c45f4a91a2a83e65c7df0048d167c4ecd3699b828f71358e4ca3f6918f30a981fcfe262bea444c6148577c9f1c76bf4d7111490110edae4b02b9cb43a79e34d96e93ac7d3351e151c1de3a8b2d4e73e92a08bec730d915bebe3f9c8d7f9e75f0e851ff63551b9b73547766827135fc683d8bf68199cad26910bea7a466153b22f6a7b48b8c34453ccc0ddd010d6cdff56023f5654fa6c3008bb7b33bf1db5634b47ca58e460285b1b4f4e32777c38f622fdd95bedabf3d5199d727ebbd4b9f2f396c7f43a29269afca56cfcd19d3a5dd1b316b8f4b0640f118df0518f6efceaa58cec88d581ff294b0cf5e9e5b8839e45d508c07f5fa7a9f91fd90fad1c9dc2110abda4eec60d60822be669f10e307dd1379284e956c59838020e866bcc20cf5f852f92b8e0f43b98e9b3df23c69e16e8a3e7e3432620e8d6c3ca0d9b1b8d62da27bf73ec0fc32f6e3230375a2c4773838309966b8ba20cda4be78cfeb05629f34b539532cc625252b326b953cf0bd1292adc5893f93196548b3dedb6d0850cf187be05ddbaf19e36ceb5575c38b2b68992564988e4fa7d5e4b610917d4af1179ab4102d4dc73035ca709e7566f2e4f815ab4a702f6e2f5c917d77511d591965a587193e4d4e8ec9c330e5a76c8940b9521718f7c6af215efb77d308a3c23357b325840cdd53fc598e5e93f1b6c5a558c0522dbfeb9d23cf3b348c170ce18a58422eaf4fb59ba55fc3f808f9e1b6c817ea003e159ab064ee6beebc067be398c31d7248f2e31d41dcab766deffe603be89481d734d3af6e51ffa8cefdcfbcd27871162c66447edaa1bd8b3df8e061694592cd0cd1ac1a6329734ebb678ec84993fefd90e3f85a625e326b9d7817bd6c268b071fd5d5bb385bb478d56126cb2166948eabecb529d766c6900a5a7a897f0f1d898d295eeb9dc72e6fa521b86b2a604208b91016c1a08927a5944b1daa996500c4bccff47da146f389b03b02e6905ae8fdfc49d4848acad0e5f4ddd48f8e16cee2120fbfe6196133d4d7e23a55d90fbbfa086fb8ab123a6e251879b9f740698e80e7f923ff783e51497c60b04feedffdbc"], 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$inet6(0xa, 0x800000000000002, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000180)=@xdp={0x2c, 0xdd86, r3}, 0x80, 0x0}}], 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000e80)={'ip6gre0\x00', &(0x7f0000000e00)={'syztnl0\x00', 0x0, 0x29, 0x3, 0x4, 0x0, 0x48, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x700, 0x8, 0x2, 0x6}})

3m5.115901651s ago: executing program 1 (id=3370):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0xf, &(0x7f0000000b40), 0x4)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x121000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r3 = fanotify_init(0xf00, 0x80000)
fanotify_mark(r3, 0x105, 0x40009965, r2, 0x0)
creat(&(0x7f0000000240)='./bus\x00', 0xc2)
close(r3)
syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRESOCT=r1, @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x2004004)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4343cc160214235027c07000fddbdf250a00", @ANYRES16=r5], 0x20}, 0x1, 0x0, 0x0, 0x24044044}, 0x4008000)
mount$fuse(0x0, 0x0, 0x0, 0x80, 0x0)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, &(0x7f00000001c0)=[{{0x4, 0x0, 0x1, 0x1}, {0x1, 0x1, 0x1, 0x1}}], 0x8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

3m4.093614702s ago: executing program 32 (id=3370):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$kcm(0x2, 0x922000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0xf, &(0x7f0000000b40), 0x4)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x121000, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
r3 = fanotify_init(0xf00, 0x80000)
fanotify_mark(r3, 0x105, 0x40009965, r2, 0x0)
creat(&(0x7f0000000240)='./bus\x00', 0xc2)
close(r3)
syz_open_dev$loop(&(0x7f0000000040), 0x8, 0x1)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRESOCT=r1, @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x2004004)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4343cc160214235027c07000fddbdf250a00", @ANYRES16=r5], 0x20}, 0x1, 0x0, 0x0, 0x24044044}, 0x4008000)
mount$fuse(0x0, 0x0, 0x0, 0x80, 0x0)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r6, 0x65, 0x1, &(0x7f00000001c0)=[{{0x4, 0x0, 0x1, 0x1}, {0x1, 0x1, 0x1, 0x1}}], 0x8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)

42.513329878s ago: executing program 0 (id=3729):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1f, 0x1, 0x4}, 0x28)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="9402000021000100fcffffff00000000ac1414aae5fffff8b49ed9825133a900fc0100000000000000000000000000000000add500200000000000801aeaaec1", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000070000400706362632874776f666973682900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040010000dc06216ef2c68e9f6da05d886dbc3273ef99796b36698e2bd5179c3eea5474fc78c9720bfc4f90a708001f0001000000cc0111"], 0x294}}, 0x0) (fail_nth: 5)

41.603986615s ago: executing program 0 (id=3730):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x6, &(0x7f0000006680))
msgsnd(0x0, &(0x7f0000000240)=ANY=[@ANYRES16], 0x8, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x3, 0x2000)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/fib_triestat\x00')
msgrcv(0x0, &(0x7f00000002c0)={0x0, ""/62}, 0x46, 0x3, 0x2000)
preadv(r0, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000500)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fsopen(&(0x7f0000000080)='jffs2\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f00000005c0)='fd', 0x0, r2)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000005400000054000000060000000300008409000000040000000100000003000000040000000000000c030000000000000000000003000000000100000002000000ff010000090000000000000700000000002e615f6100"], 0x0, 0x72, 0x0, 0x1}, 0x28)
fchdir(r4)
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r6, r6)
setpgid(0x0, r6)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r5, 0x9360, 0x0)
fsmount(r1, 0x0, 0x0)

40.193666341s ago: executing program 0 (id=3733):
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x4080050)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000280012800e0001006970366772657461700000001400028006000f000000000006000e"], 0x48}}, 0x0)

39.268938788s ago: executing program 0 (id=3735):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
mkdirat(0xffffffffffffff9c, 0x0, 0xce)
syz_open_dev$tty1(0xc, 0x4, 0x3)
r4 = fsopen(&(0x7f0000000140)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x9)
fchdir(r5)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r5, 0x2, 0x0)
r6 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r7, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="210f00000000fedbdf252080000008000300", @ANYRES32=r9], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x0)
r10 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r5)
sendmsg$L2TP_CMD_TUNNEL_GET(r6, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r10, 0x200, 0x70bd2d, 0x25dfdbfe, {}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, 0x30}}, 0x40440c0)

36.637211693s ago: executing program 0 (id=3739):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000000)={0x4, &(0x7f0000000040)=[{0x6, 0x85, 0x7, 0x7ff40001}, {0x4, 0xb, 0x2, 0x1}, {0x5, 0xff, 0x5, 0xfff}, {0x0, 0xb5, 0x3, 0x667}]})
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
geteuid()
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x0)
setresuid(r2, r2, 0x0)
sendmmsg$unix(r1, &(0x7f0000007480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [r1, r0, r1]}}], 0x30}}], 0x1, 0x4040004)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000400030000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000002000000850000001700000095000000000000004fede8873a4ade3269b9e6aae027b2154d70a1a20279d1260d731dd4a914d651ef5235f42ca035bc36e6"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xe, 0x0, &(0x7f00000001c0)="0101000871a7832e6b7303c3cd59", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x50)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

34.459789527s ago: executing program 0 (id=3746):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000100020601020000000000000000000000040900020073797a3100000000050004000000000811000300000073683a6e65742c6e657400000000a93f674351cb440f1866e29f59690eadc403df99bc0871e90a8ed804938e5449b7008f29a51eed92af46991f86040ccb929e6d8d6290367973"], 0x3c}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38001200", @ANYRES16=0x0, @ANYBLOB="000826bd7000fcdbdf25010000000000000007410000001c00180001000169623a6272696467655f736c6176655f30000000"], 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x44000)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {0x0, 0xff}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x240800, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
unshare(0x66000080)
fcntl$setlease(r6, 0x400, 0x3)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@decrefs={0x40046307, 0x4}], 0x0, 0x0, 0x0})
syz_emit_ethernet(0x2e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa00080045400020000076fbb6f07e05af26ff01e0000001110090783c010100fd0c0000"], 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0xd, 0x3, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, r5}], &(0x7f0000000480)='GPL\x00'}, 0x1f)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRESOCT=r7], 0x34}}, 0x2400c010)

18.654312767s ago: executing program 33 (id=3746):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c000100020601020000000000000000000000040900020073797a3100000000050004000000000811000300000073683a6e65742c6e657400000000a93f674351cb440f1866e29f59690eadc403df99bc0871e90a8ed804938e5449b7008f29a51eed92af46991f86040ccb929e6d8d6290367973"], 0x3c}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38001200", @ANYRES16=0x0, @ANYBLOB="000826bd7000fcdbdf25010000000000000007410000001c00180001000169623a6272696467655f736c6176655f30000000"], 0x38}, 0x1, 0x0, 0x0, 0x20000010}, 0x44000)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, {}, {0x0, 0xff}, 0x0, 0x0, 0xa}}}, 0xf8}}, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = dup3(r4, r3, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x240800, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
unshare(0x66000080)
fcntl$setlease(r6, 0x400, 0x3)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@decrefs={0x40046307, 0x4}], 0x0, 0x0, 0x0})
syz_emit_ethernet(0x2e, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaa00080045400020000076fbb6f07e05af26ff01e0000001110090783c010100fd0c0000"], 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0xd, 0x3, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x5, 0x1, 0x0, r5}], &(0x7f0000000480)='GPL\x00'}, 0x1f)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRESOCT=r7], 0x34}}, 0x2400c010)

5.615864593s ago: executing program 5 (id=3817):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x20, 0x40, 0x107, 0x70bd2b, 0x25dfdbfa, {0x3, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x10}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4c090}, 0xc000)

5.524005671s ago: executing program 5 (id=3820):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3, 0xffffdbfb}}, @func_proto, @const={0x0, 0x0, 0x0, 0xa, 0x2}]}}, 0x0, 0x4a, 0x0, 0x1}, 0x28)

5.383140405s ago: executing program 5 (id=3822):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x60, 0x10, 0x401, 0x2040000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x6024b, 0x21}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x30, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_DATA={0x10, 0x5, 0x0, 0x1, [{0xa}]}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x2}, @IFLA_MACVLAN_MACADDR={0xa}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)

5.28319372s ago: executing program 5 (id=3823):
socket$packet(0x11, 0x3, 0x300)
openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
syz_open_procfs(0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x129a02, 0x0)
pread64(r0, 0x0, 0x0, 0x4eb)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtaction={0x58, 0x30, 0x1, 0x0, 0x0, {}, [{0x44, 0x1, [@m_vlan={0x40, 0x1, 0x0, 0x0, {{0x9}, {0x11, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x58}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

3.064237399s ago: executing program 3 (id=3830):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000cc0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x700, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x70bd2c, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x2000000000000009}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x48}}, 0x4000010)

2.16819361s ago: executing program 3 (id=3832):
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48241, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e23, 0x5, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0}}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_lsm={0x1d, 0x2, &(0x7f0000000500)=ANY=[@ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x41, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x401}, 0x94)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xb, 0x3, &(0x7f0000000a00)=ANY=[], 0x0}, 0x94)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
sendto(0xffffffffffffffff, &(0x7f00000000c0)="1200000012", 0x5, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000280)=""/85, 0x55}, {0x0}, {&(0x7f0000000980)=""/73, 0x49}], 0x4}}], 0x1, 0xffa6, 0x0)
listen(r0, 0x2)
r1 = socket$alg(0x26, 0x5, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bind$alg(r1, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0xff, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0) (fail_nth: 5)

2.088759651s ago: executing program 5 (id=3833):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1, 0x8000}, 0xc)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x2c}, 0x94)
r3 = socket$inet6(0xa, 0x3, 0x3)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'bond_slave_1\x00', <r4=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r4, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="8040010000fa00000c002b8008000100", @ANYRES32=r2, @ANYBLOB="08001b"], 0x34}, 0x1, 0x0, 0x0, 0x20004040}, 0x0)
ioctl$UI_DEV_CREATE(r1, 0x5501)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000040)={0xc, 0x63a4, {0x51, 0x0, 0x2, {0xf, 0x6e2d}, {0xfff, 0x4}, @rumble={0x5, 0xfffc}}, {0x54, 0x7fff, 0x6, {0x9, 0x96}, {0x6, 0x1}, @period={0x59, 0x0, 0x308, 0x5, 0xd, {0x80, 0xd908, 0x6, 0x6}, 0x0, 0x0}}})
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000080)="fb", 0x1}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e00000000eb15000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000180100002020692500000000002060207b1a"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="2c0000001600010002000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="140001"], 0x2c}}, 0x24008818)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r6}, 0xc)
r9 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x6d9e, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r9, 0x40045730, &(0x7f0000000240)=0x100)

1.447558046s ago: executing program 2 (id=3834):
r0 = openat$smackfs_relabel_self(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
writev(r0, &(0x7f0000001480)=[{&(0x7f0000000080)="f57cec112b33921898f0263e563d4173e8f4976fbb40938bafba32c757e05fbe41a52b1f875d11aaff55b7865cc62f0ff4997daae77585103f21c1d7c9cdf7e2cb71d6c7fcd65affd320a4da23cc1822812e11991d909d1ea9ddeff6e338cdfb6288c25bb2ff2b9074b77544fa0e28067de1c7d0f86f4f2a6d78c4a1ba35ebe085c1d109184a8ba14f1bdd4739d9b436aad711168280a5ec009d857031ae5d651cd4669d037469d862be2efba5f7d1f2f996da13169e1ddf6b89f5fad0fcb0906334178dd898935abe17c7f11c6083b5", 0xd0}, {&(0x7f0000000180)="793be2dcd67ec5", 0x7}, {&(0x7f00000002c0)="ba5b38402a20bece2eb815332074a3a7e4440f880258ae65f742b427", 0x1c}], 0x3)

1.260498634s ago: executing program 2 (id=3835):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)

1.0801356s ago: executing program 3 (id=3836):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_IOVA_RANGES(0xffffffffffffffff, 0x3b84, &(0x7f00000024c0)={0x20, 0x0, 0x0, 0x0, 0x0})
waitid(0x0, 0x0, 0x0, 0x41000004, 0x0)

1.016671265s ago: executing program 2 (id=3837):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r1 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f00000001c0)=0x1)
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f00000000c0)=0x7)

856.170668ms ago: executing program 2 (id=3838):
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000000)="c1", 0x1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000000)=0x1ff, 0x4)
getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f0000000340))

720.075075ms ago: executing program 2 (id=3839):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x1410, 0x400, 0x70bd25, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_STAT_AUTO_MODE_MASK={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x9c4943c1a5a5d01}, 0x40040)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x4f0b3715}}, './file0\x00'})
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xa8, r2, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x10}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7fffffff}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xb}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7d}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3b}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40000}, 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff)
r3 = fsopen(&(0x7f0000000440)='btrfs\x00', 0x1)
r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000480)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
read(r4, &(0x7f00000004c0)=""/74, 0x4a)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000540)=0x1208000, 0x4)
connect$unix(r3, &(0x7f0000000580)=@file={0x1, './file0\x00'}, 0x6e)
io_uring_register$IORING_REGISTER_CLOCK(r1, 0x1d, &(0x7f0000000600)={0x8}, 0x0)
statx(r1, &(0x7f0000000640)='./file0\x00', 0x4000, 0x100, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0})
quotactl_fd$Q_GETFMT(r3, 0x0, r5, &(0x7f0000000780))
read$FUSE(r1, &(0x7f0000000840)={0x2020, 0x0, 0x0, <r7=>0x0, 0x0, <r8=>0x0}, 0x2020)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000002880)={{{@in6=@empty, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000002980)=0xe8)
mount$9p_fd(0x0, &(0x7f00000007c0)='./file0/file0\x00', 0x0, 0x411, &(0x7f00000029c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r6}}, {@privport}, {@version_u}, {@access_uid={'access', 0x3d, r7}}, {@cache_none}, {@fscache}, {@cachetag={'cachetag', 0x3d, 'nl80211\x00'}}], [{@fowner_eq={'fowner', 0x3d, r9}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@fowner_eq={'fowner', 0x3d, r5}}, {@obj_type={'obj_type', 0x3d, '*@.](^,'}}, {@fscontext={'fscontext', 0x3d, 'root'}}]}})
recvfrom(0xffffffffffffffff, &(0x7f0000002b00)=""/145, 0x91, 0x1, &(0x7f0000002bc0)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x19}, 0x80)
write$cgroup_devices(r1, &(0x7f0000002c40)={'a', ' *:* ', 'w\x00'}, 0x8)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r1, 0x0, 0x4000804)
syz_emit_ethernet(0x16, &(0x7f0000002e00)={@random="2bbf3e0625cb", @empty, @val={@val={0x88a8, 0x2, 0x0, 0x3}, {0x8100, 0x2, 0x1, 0x4}}, {@generic={0x6006}}}, &(0x7f0000002e40)={0x0, 0x1, [0x698, 0x3e7, 0x57, 0xbfc]})
recvfrom$inet6(r1, &(0x7f0000002e80)=""/64, 0x40, 0x1c0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000002ec0), r1)
sched_setscheduler(r8, 0x0, &(0x7f0000002f00))
syz_clone(0x4000, &(0x7f0000002f40)="94b9edaa9eb438e42b2936408d574964feaaf20befe03801b92891a86701d4daea318695bf9f7723e7b2f0e2fd39d61269c0", 0x32, &(0x7f0000002f80), &(0x7f0000002fc0), &(0x7f0000003000)="292891c381a885f07a78fff6903d636ad560c67507f711e509915b7c5bc4afff75515ce4f5d0bc2755849d09a1bbdc59a70e7d160e8871849714929999a013100a90376a434ee54e7f9ce56bed65ed9d169f305024ea5d22810608bc1c67e131131f260e492532c9475fb21e490680e43839c01032fbc7308a8b36a6bfe9fccd6ba64bb3f38da3006425b4e7de7f22b6b7366da49047eb6cff8cd8f50c0c80a7b81a8e4b883caa623f41a5645956d0a655aa9c4dd7e42adf7cc93293799163939b3b45e8cb4355aa6077ecac7ac488dd70c13ce2511b6039464da8e415f9903c77c3360ce9d53faa14e3f272cbd02cd930206c396b5fed1a5f5b3da72c1f")
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8982, &(0x7f0000003100)={0x6, 'batadv_slave_1\x00', {0x80000001}, 0x101})
recvmmsg$unix(r1, &(0x7f0000008a80)=[{{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000003140)=""/138, 0x8a}, {&(0x7f0000003200)=""/224, 0xe0}], 0x2, &(0x7f0000003340)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0}}, {{&(0x7f0000003400), 0x6e, &(0x7f0000004640)=[{&(0x7f0000003480)=""/55, 0x37}, {&(0x7f00000034c0)=""/4096, 0x1000}, {&(0x7f00000044c0)=""/209, 0xd1}, {&(0x7f00000045c0)=""/51, 0x33}, {&(0x7f0000004600)=""/46, 0x2e}], 0x5, &(0x7f00000046c0)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe0}}, {{0x0, 0x0, &(0x7f0000004dc0)=[{0x0}, {&(0x7f0000004880)=""/218, 0xda}, {&(0x7f0000004980)=""/43, 0x2b}, {&(0x7f00000049c0)=""/160, 0xa0}, {&(0x7f0000004a80)=""/223, 0xdf}, {&(0x7f0000004b80)=""/111, 0x6f}, {&(0x7f0000004c00)=""/108, 0x6c}, {&(0x7f0000004c80)}, {&(0x7f0000004cc0)=""/197, 0xc5}], 0x9, &(0x7f0000004e80)=[@rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0x100}}, {{&(0x7f0000004fc0)=@abs, 0x6e, &(0x7f0000006180)=[{&(0x7f0000005040)=""/20, 0x14}, {&(0x7f0000005080)=""/4096, 0x1000}, {&(0x7f0000006080)=""/56, 0x38}, {&(0x7f00000060c0)=""/3, 0x3}, {&(0x7f0000006100)=""/63, 0x3f}, {&(0x7f0000006140)=""/24, 0x18}], 0x6}}, {{0x0, 0x0, &(0x7f00000072c0)=[{&(0x7f0000006200)=""/4096, 0x1000}, {&(0x7f0000007200)=""/94, 0x5e}, {&(0x7f0000007280)=""/22, 0x16}], 0x3, &(0x7f0000007300)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f0000007380), 0x6e, &(0x7f0000008680)=[{&(0x7f0000007400)=""/23, 0x17}, {&(0x7f0000007440)=""/206, 0xce}, {&(0x7f0000007540)=""/193, 0xc1}, {&(0x7f0000007640)=""/4096, 0x1000}, {&(0x7f0000008640)=""/13, 0xd}], 0x5, &(0x7f0000008700)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}, {{0x0, 0x0, &(0x7f0000008980)=[{&(0x7f0000008840)=""/168, 0xa8}, {&(0x7f0000008900)=""/97, 0x61}], 0x2, &(0x7f00000089c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xa0}}], 0x7, 0x2, &(0x7f0000008c40)={0x77359400})

658.152898ms ago: executing program 3 (id=3840):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x48, 0x3, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x20044004}, 0x20000004)
sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, 0xb, 0x6, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x80)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x0, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_STA_WME={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x2c}, 0x1, 0x0, 0x0, 0x22040000}, 0x800)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001400)={0xffffffffffffffff, 0x0, 0x0, 0x26, 0x0, &(0x7f0000000340)=""/38, 0x3, 0x0, 0x0, 0x1000, &(0x7f0000000380), &(0x7f0000000400)="06e9992849e744beafb0f89a7d19b9928b9652a9fefd2e02ef6da75d0c201f22f4c43616e79745b1d721ad6a9a992e6cbc6f484818cb8f858b87c0e8b5c77d5d71a62e234a4b63d18dec8b1e33a9b90275304c208cda8376f445eb98e099a4b5fa669dfd5616e30c27f60aaa21914298db345af95f0a4e0be626111052c83053f45d33e985593266a0c6bf3278ff34d1546e8decf8099091e443ab801d4fe02ae30d7a6ed9e894811e1e21982306442c10035313aff1625031fc3fbae029069d0d85af8ceb2af856ca3b9da18ff75767145a4dd1b8eadcde9e675b311776aa24740abc0d53fd01b9b39748e762ed60f15d7308881089c1b27b0df42b061c49e4df7f072e256db17250832e49468ee40e6709b3ecea39afe10cfc5ff9ab387af8a989801748b76c30731951f2880f841a935b229e70a77c22d160b97f7185982befd33dac2bc732eb1708a7c3c4b65273c228f1cf38ef15d9b96b99e4c735fb8ab076aa9ee67aa31b10604060b8910e2fc299e1bb347b899f95bfe7e0da620eeaeb6948b3e3e1772656d506e5deeef1805593b01fdab0cbb00da3453dd35d5f16dd1eb33d148949525dce476b12c65597c2a4ef7c91a7547344440dbe79c36463008d2a88cac68a013c5de0c172a0fb5851523674c022d743b111674bc75945bc73cac6b5c900c71d00831ec011d5eca4230891d269131c79dfb5a5401d01637f6eb8c82fc37ecf0c4f3f4b35314e662562f8dfde9d680b1772bd0ea4f32397e178f8e57065be4f82457533949b95ee1c0536f8534f105dcc245fc88919b1427136d6be89e175d2b9b0079b0c78c30c755cc207811ba7a2244b6170c2c04977585c5b513ab67daec589b10617fe80c787200220a99b157d9289b7bd4d81d8b302f3f8afc952792c60c14229817a08cecb5934b1617f726703ad16bdbcac5c4c622684b7fa6b3e82599d99c279e78d5fd5462a3f3f1898003e9849672705b67b50fe5fa2459274b47b694fef2e50bb5c40975b868a9319d271274e6d3389a2f3efb5843cbccdf38878097044df4afc2a9a2b01b7bebf5991ac61ac033c0ff1ffcfb19e766bbafe943a97014ec847612e7483c1cb782126ce00098ef92b5f37eb74ab1184cb0995bed653105f9d9c4b8aac3cc6c99e5a429ceee9a0a74a0b45b96226c1434c5150c911646c472b777aa2a0e53f5ecf13a3274dc6a432a228c2a8ebf463f02cefcc1af3a87aabb750a558df620f483c73665ebbc2e8aab24f79797010a11969600845f0abdbaa455d05f2465d16972071ce9cfec17ac29b071233be9e96e1dd28b25e7e0c54da8272ffcf0e8a1753efea81173cc4367d89aee2170f4cf0c825b9bbb3109fd8aa1fb814e53eeadf1bd6c01b14493a5030c9915ea647a9df0e6a6b0a3f28462e344c227a23498265a4166c99a4961c4eae173caa1208b9de3fcb4809acef7aa81716026588c174a11a07120e71d97fa5c0c78cacc42f01ad4a963eac270b5ee9506ccb5a8f3cc7e18545ede1d870e8ba5b26f7e207fe76027b939e225f9c720860b81ff7e9dd6ab894ad5f6dc9a9c709ad642ddafa1158ad6f224ee3af778c11da64f08ee80ae3d4428e94fbe48cb0b61f9fdae887d0d7477fadfac3e8a330f57d46473d957ea709f46879bed56a507465c4f79f77291d1ca0789543884c055c863a5e14879081a518fc84cbd6a9e07c179acbea572c6adc520a6c9846a1edca4d7c0a756937126c9a633b364e3dc85c262bf86c17d93799a96d50ed7bd68c64d2aad26029ff7c5b408edcd20eec3f04eae0a86edd49cd3a601055eff2412fdec895a49c7f5932f81d576349484439e2cf1dcd7eb5862116e7ad7cc68adb286ed41083e8ec5b8a8837ddaf101e4f5acc1dd90ebf4945c1039d53397659e1e02c9aa523227d33ff2ec13bec30cec049754470aa1fc79b7be1234facf3a861ab15d2f5c55b4f7dd2242691481ce4b905863d399bdb02931c68a04c2353d1389d0f53bbea6494c396a0e6daef96b1d144d740898b00a0bc40ea5546b942cf3ad7979fdc3e9a405c697cecb41bbd914ef138feaffd06ff7cf472d208c99fbe7e238c33684023c9b93bb218c670cb54098a987d9df583e67ad92cd5fa6c8126f91873a28330ebb375f0ceba1a3ceceb3c504effdabc061fc8965d3869403b511a4019865de0787d676120294a916c2bb678ad687677bcaccb49fa1ed6131759e71de3018832b3bc9f663ceda7c89110c52c5937666f2930963b98f2a3e8ee39647d8e183f543108ccaa661a0aecdd0c75308e44d750362a37113efa0a44981f4968618c46d632e13c3c96e9365e1dcc27066bdd5ea18a8a512b1cbb653e6f2842a356f209942b17c974a1ae8d2dfcc3b9f3f8364a9ef1620bc6123484fd4e3323daa5905f8175de0a74d598b4b482ec964384fcccb738ab990ad99e3a97cb341d60cb9cee3ee511e35036006703ae2c6e35422b0e50c8f4a101bb5f128a596f84fe08dec4db8b028d83ce954eb841eb766e7d379a23a814d09290464f5dc439f198d7895dee4496a06eaf5abd3417e4329758b4524837a4e744b42a96e3d80e1981c62972ebe1f4be38e35e5a0d62542243430ff9f4498cf3390faa3d9544679c29fe0309c69929acf27c26cf76f6db7869686fc1ae317bd5070a766ffade1f3b54f823e874cf8f5c2f2e965e538cdc592b377e59c48cb90352234466fde8f8f595db7c61478de614d963f96a765cbe820ec02f01c8de71d9cd12f5e70387dda4e68d9d5a6c1c246239874e20b4cb0e7c991e153a7f48105aec982444a75ce397ac167ac22806b67ebe306ae6577b843aa49d0538c941782d4cf18323bbd4e7c97e88fe1573e58b8b42e7964fa83b2bb35c3e916ac57b474378d8144e91887cc20e0d59753463047e4c7e44620cef132a2997878764eec08a1341b7235df29608bfcac0f47612f1df995c7a9b6237e198b2fe631ff5d15bcdeb0ddecadb345b6d95e6c640e4a7bf7cc2f32ae72a8181b8eb28d9c00fe662c0092ae5670ac7101b91efc54f392b99ddf6305508dc259497e8bd6e9ba5209bd9574e05aa75ad73fa3c2dc0b00c802b20403fcb0cf70dad244ecd41ec8b772421adcc06e258afc13c1126008432d0ab1c3fe71ce1c410fd0e332a65ed90975336a0339192b9d41577dd2664eb6d60854cf1d5ce82627484e9038a751b4cb257e19a7996a9567fbe279096a79964e10bedcffa7eb01f7f8edac1b4d39d07d6f0519e766b939edc5f0558ec9e12dfa386bc18108dc8d07d1ebf470bda10aee0fc0e57ebb8dc2d410c74f5c685c56c75d211c113a8bbd28961cb4bead911bc6ab3f29bf96e04f4d1bce0a090c33eaaf85fdf9b805c970cc6abcaebcd80eae8f978510d084388ac63721a8f7586c704a687d07063e8197eeffaa77445420e86dd12dd9121c738e1ea3f165e12305a7d99dfd3bdb5a8130ccacfb73d4c27b4fa9974652fea7d60515eaad62351d70885b524169ed49b7dd834272aa580e7aeb6aea6b227b55716c0e44c52065712d9bd20f482653791e41f952e41af5c8029782663d76f353ccc6b5b691ac57febbca933c7314594e30c051502cce8c0976f78d5bad8ffc4e18238fd2474685f0f40b92c382ad9ec96205fad58f9236e261d5beffe72543d553425b315cbd6c1cd0317655eba3fc2d10f58b17bb011fbfe4f06e5a31e0244376490b953df5449004cf648f6f5da314917401f84181f32fb88baf13bd7b8b0ceed1f8889bad74442b54dec78c5cf526a5077bf8d9cb116fceab6c5309a112887450b14f7b972343ab82078bdac3a0cbc2970c383f115c131262cd867cae09b8083476837659e048c0c5cb916365959d2a7e1d31696fffd12e6eee8752d41833ba544e94fb81a6bcf21d9508b9ce37cbd333c547b340f75f3b8f958fa4bd06ae2079193906b6e6f0d8caaa346a3173a4233da1980b7e7066c7734cd5574fd4b763cbbc75113f3e845ca3f23f1f9c01ca6a693350c579ece4da0d70c63d95e6a7f4ff57424361f885a937ee03bef4823c0b7a8a99d18554bdd1ab56f47f933d56b278f16d90c47b995633011d2721881f557e31e94159427e60822e79a946b46c4e7f3a024dd05be45da2c40ad54e745789f6b3e48d0c5b255f1964afbcfb0882e98918333836237db696088d7f1adbae35acf6ce042a44c45f623d36a59a6a811b1fa2ca32382d800db1e8bb8024b3d328d4af23222321fee7406d50a243f9de27e0a54eda60c85c4178c76b8e691299cb9953f91c4fe5d7956ffec2d1dbeaab59f1e7c6bd9473fd07051d92cb701787deed1614bcdb7962407261e09768e949b939285f0a309be0ef22c59e3f34899c84f70e3f2f693db96fb79e6d518af1733668bdf8712afb1a70ac0cb8fc810ef4f9fe523b5d4929fb1d2bae1b8ab2584f02c1311c462984008864d7da08c8e17e1713c91e2c1ccde280d38ebe9d237fa042d540792fd75a3689f345a117380016623954c9a484b2bdca0c92bb202913d7a9e5380091e9292b56d56f5043a91819786490c34457e6186e24e04a6d936e51f7314234c348ca4983b3f19c8448aefc052d07f44c3567d60bacc5a6271b31a2a5215d3ac0a6775d53c607e9ada76aaed593d97f09fbd09707bdcbd10ca0e186fa8ce8cf904f8381599cebc9968297ad32562a16d809b7865fd49b8a40d5281fcc55709c7ead243a281c13d5563d0603b7d67a91befa01ba5fddaa2872476843e0d38c09c0c6263fc704b0483b8956d4a6fbb06139688a269a163ba175f32f2f7e132758e24439f2c5b760185cfe667b7ca4593c9ab6904b83d54a2f19ed804539d388ea5d6a911a968302ae5a9efdda19762605f31ccc2433fac97346fdeff515c98ba82b9d0a6bf5a81051afa2652f52247f0985e6a70ad6bdc9dee3810fda9279c23187cfe13c4b7f32176bf5b2b3c0291a838e05b72acba23d9ad338a4fd7b4f2f55c49829b588dfa7aae4ab62bb995915ea472bdbd676c865b4d4a62a4427edd711a52d69873d103b3afbe85f1733f15aecf9d503d2f386d39153f113a2cce5106c5f0589c54848801bbef4a850e46b88a2cfa09c0b7a856cc619500b2de45d1544f2875653332739388184e133dd44dc9849a69dbbafb5d792241634a0c68eb26e05bd65812bb7b907118d8b0e1c9427e4345ba68a7537a8077136382fb4a4f3537d26a78f6e49638963a37a153c4802a8539b13f0d224e064394c122432c76ea730ee273cd040b3b5f455f2d9e377f4d8e15598279793b39b1407f167e08340b53319f73f6fbe87d297c50f26ee6b87fe4e55a2621fda2ddf3adba5f59910a24a6ad83c412e115344d2e35f1726c018c3ea8755e3c22b8ad7d408730ca0c169a7d3605732bbd618b96dfccf92b8c8a11b699b35c7bc1d5a98de5a3a465876361e25b41e8796e52357ea02ed18cfd4d95c91b6eb95721deeb726e0975d824196494946fdffd1826f0a6d73fed0b1cddc1f40c32e6e00ff0845d9631bebc0c6046cd7dd27f7488b8f6e14bbc376f6e0a59a77cd43c555b741f9dc49ad47638d30a6815885ce96990cfe348749fff62f36b25d8ee1075d1861e5d0dbe76ae8c851c37e79caeb05827d2bfd8010b92ff338a80fcb14c1530bf239b9238570ed1ac0e71d2b586ddef7bc10997a737e0c39bfdb7bc3557b04b9eda1b0181a48fa6745e558df7038f51278887e28b5cf6bcf26a567270c704bf7949a42c2d874d0a2784460e4f34b8bd27d3a8a3927c5311fdaef9e7a6b2de075b50c4a7", 0xa, 0x0, 0xffffffff}, 0x50)

483.112304ms ago: executing program 3 (id=3841):
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000009000000040000000000001202000000020000000000001204000000070000000000001201000000010000000000000700060000002e302e5f61615f"], 0x0, 0x51, 0x0, 0x1}, 0x28)
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000000)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0)={0x0, 0xfc}, 0x2)
close(r0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f0000000200)={0x8000000, {{0xa, 0x0, 0x1, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff7ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b70500000000e000720a23fe0000000085000000ce000000b70000000000000095000000000000004e6258941c823b7505608556ba4ababb42684e890d31ae450400373a0a5447a801b8c1c4f0c4bd97c6555e61345400f9bd32abeb9ade0105000000000000a21902ff07000094a2b51c21df74924f5436a6ed89b98f75e800230c49c90fe1336481f3b92a63336c36fcd745d61d7739c6554ca201000000bebbe8282f8b1e26407437a397bf8f50e87ed4d27adfd876bffc402887781979461c4363bc5c9b6202ea471428197ef88bc333fbcec0ea4334f1ddb9d679ae95a90fd41d528f58d305000000435883df6c10ce86188c92292b2d0226082960be682836bdff8b0971f2a5405e453228e7b1005bd73479358a90df3e481947de6453736aa572158af6ea63d6d418fbbd2bba050000001da000ef78df03000000d19913a5fb03c79dac2e489f68127892658115e7ffb588a71dffffff951b8535167ab8069a2c92a3aa18e22517000026637b4c34bf2d0aa304ed42bf70480e9e97203fd169411f37fddd1f7fbe16dbbc0f307bceb5064f388a0350c3dc928b0e638b1e2b2a9d25264233e5d45eb377f56b95241024dbe30f67191c2b56b70328d6d3215dfffe5d89af1d10599bd494d921d1fb2db99b6aba0fa978f41eb1d4c553e5a9326ed550c13f8dd36716a899a1e79234294707c5312b924d142c17b20bb80ee202222c03fa84ccc374e717f694018630366397266090a82343aedfbf7afe892390c2eb775b0d16073da2229958db05de7df6ab7600004000010000006d8081cb3bf251d906c00da0e23b50465f8394820be571e3592d0000c7ef10fdc462e7040e7074ec43aa461fc54401a76406db718d4efd6c1bd10ce1d087cf9bba461162555a95524c84df0952d32093082b7aa71304e0d2d9ec310d1b676b378a5879e47941de1a28c3a8f400000000000000000e032b7d2badd0bc6617a859b7ac273b6304555f664469cec152030f06cc0ca1765838eb5590264736fbccfc3a8f4e3b10daf6a275daf5db2dac7096fe8ac8876acaad043663b3b0fedb05e6d31408fa20140c9d2db1c59ac8a3ce28e489d67d87d3a107ccea3007f58f2c5017e8807107f79ac50cc1d4f546b4443d137eb706b71b1767a10cca7a7c82b76c96e874aff249f36329a6526b354b6e674b08f7ef492b804c4b08fb10de807d79fd782027318cd7632e22d2faa16209272b39b5ec8d239832ea02cc88e249a2e77753a58987547571fbc8de747faab724bebb6401412b496e078fcb6c78ab447e871b76a8b0506f49594aa1d610567e14d739a60ff3ce04d0d2e5681e787c7e1ad25467bb81f2f440128207fe07a83759ec30cf9e0a3fd3f2fcee97fe8d273f8e712a8a64eaf2d89a1fa44554357fcd7ab531ff7a41c27164fca430a62d015b477de61853f5ee2e25b00a63642ec32ece2ff3bb5883deb895f52a923b5c744d8dccdd6a09ded8b90f1eeda8e6e884a4f090edb6ab9fc8107846508d51f3735493d5860cf80200ce31b92eb3563d485b5a7d192092d7a9fd2bc67d305d1d4573aad5f6501d1cd27657ce17330402dacb78d72d776330711645eed7d4c292f4448733c0826c4eb950f3d40453f82d7f792d106518f6bde874aff9e2bea7d73f74bebeeacfc700000000000000000000d40d73be47803297db004264c8c70b7761b22a7114a078a87d63d63b0c9dcc263a5b773bfeba212abef4181ad9e4872e328c0f105d51e3d167a2b717051d7681ba04552eeba18a000000b22b50d76d85040c9000ea68a528049a60d5e26b20455194f4be3b8466fd66d0e6cefcff7891c485d61cb66f4076cd60a22733cb00cf7cc12ca7d9bb864c0e650236a79a5c85349a9b1e6bbc3bace197e72490c566431cd3a08e9d1b641c1ba1f661d01573b904c3fa1427370fa15cecd294ac21fefe3d161fdf58e8bc5957ef145839f4370176e1be88d2e3516a1998c1621a00b4438b85a4dfee6f61827a1e50e158038b037dfda3ffb35069e41fc740ae720800de53948f176c3c15f3a529c02434b920d87f12a6e3420a2fdcb3559e7a5b1ddbb06b7a5977f63bfac701e673bf626d126b213c92e7169a930beb8d76f9db34e8098bea301baa96916d6458c923866dc192928b320738d1b298fb55f2a64500000000000000000000000000509885a38d9d995a46817e7ff7acddcc5f9253c63f86baf33f92820c9ff497cf76b6482c3ab53fb6ecea6d220b91b99b2fb4279ab09ae0645ab92df309000000000000a4868411948f8e3e259f717d722a1eebd3f6860a17f1ae9e10a1178f6aef4951b192d13e9600c1f700ca7b1d127e451034469bf2a8f93dbae6ad8e932e431dc18323794156238625bb9c45c5a76a68a8646e701b29a71ffbd854f50f195833106a5625ff94221f1f04c72525b50aae69081de9626de9847bf53475d90642d9730101d80b1b0000000000000000822b0641698d60160d9157548302dd2636d12c431f96728ae4a45361e6d47a1c4a52d67c0f0a62585c09fcfd70d0f249f87c44b47283c1c6f2430d70c751e4ada9b646e6e7c1719faee476d88a2943c71a21da55b7497dd7ed385ac2e8cb916390a3a0ed52e7371e1a141e69afa07b46ac20f3521fb251b72c82ee1c7eb4f67c0deed5618d0db925ce7a7c50a99835544c540f5d528587d1a26e78df1bc9a8e4d90c57d0b8122eae7b23e4456624f5337c16c42648c7a3d0b799ad409befe0cbe2aa781ba826918df7aa80dff4f62258e54419629eb1d37de7f6a3512bd618781d1ad3a4d4b0da44df9f9a93f0487f79a9b16dfa6f68b06ce6a96ca344d194cded05702c2300d1a4f451b33830765f8131f6c28fada65701851bba089b8a8347900e72d68cea965feb6a06225dd3f0e135323a5bde3b43c9d242b73abf9e05336af040a4a6bb5918146393f1d50705c1d1e986bf2f690de51ee8727d37339df5fc1db535bb1e9bb3e5dadb6e5a2bb4faa2dcbc6ca9b40ac96e448b9dadeb08fc2cf3a960f22bf20b9e967b7a75687372b8e3edc543896c360674d901a7f56b07ba1479b46eea3d94026a9c7e670ab40bb2c1ca1a7c90299361239bef773140af974c7efc285a64633d21513481b3ac62dec9fa3e8ce6156d76b82baa145bc550b0ccbc0934ccfea45292caa2f0654fe18dc0669a4f2af9fa232a293ad94261f55675cc686db72783a6bacc0df6a1ea943ae266af112f35319980cd681811a369e0d03cf7d22bed7cbe1afe498b88942b1bf7edae441a0d0d88fce65cb4e848793a28cbd7373f6acd3b5a48c034e487750388929d37fa3165f205dab3be5f3e5781a84298687cbf02dcaf0e14a2b260293f349d076eb75a2ddc5382d106f0beea02aa45018fe36d1176cf7704383b6922d10dc9feca3982ae232d4bb47c722c83a7cf6ee8832f038b072eb803a47cd7f753e80c9f6eedb89ee1c95361debf58f671170cfa57fb0c9cbad5c70244a2b6de2062cbd1ba2c85f73689d3ffcd37022ab9fcabd17fd40bfd316088dffe92728016ec5c72e21da52d09f849ab4a4b2d9b4799bab3a6d7f2ba57e100e7ffec0bd4c0659ebaf7b225edaa0af3f5aa99d1551d34b2d2faf0971dbe852142088b1c9b052e1177c47365d950e22c2b04283f62fec31837b5068dab60c5c2c1547acd52ab5e5cde41d24563b05e223e2aafe2c55ba3001d12e4de86597487e99c3b2bf193d7d6d0821481c16fd7cece5df2567182ca1ad6028028bf9f72d503b3d70e1c3c4b5e73ac286abb2b3b069f2ccda4c6a7a3759302b02034e8217b4ecdb9f1118a4117fd49d5467a84b70fae675af118bd885ee7798782765438caaf69856e236bf4b37bff5f971df3fd5e03a9ea39d5397b4e5c5a0d7eacf2"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1d4}, 0x48)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x40d, 0x70bd6d, 0x1ffffffc, {0x0, 0x0, 0x0, 0x0, 0x20046}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_PHYS_PORT_ID={0x4}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x20400c0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x1, r3, &(0x7f0000002b80), 0x8, &(0x7f0000000040))
r4 = socket$kcm(0xa, 0x1, 0x106)
sendmsg$sock(r4, &(0x7f0000000400)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x80, 0x0}, 0x2004c040)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x4, {{@in6=@mcast2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x2f}, {0x1000000000000000, 0x7, 0xffffffffffffff8b, 0x0, 0x0, 0x1, 0xb4e, 0xfffffffffffffffc}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1, 0x0, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sendmsg$kcm(r4, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x400000, 0x4}, 0x80, 0x0}, 0x20040010)
r6 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bind$inet6(r8, &(0x7f0000000040)={0xa, 0x4e23, 0xffffffff, @remote, 0x80000001}, 0x1c)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
r11 = dup(r10)
ioctl$SIOCSIFHWADDR(r11, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r9, &(0x7f00000004c0)=ANY=[], 0x56)
fchdir(r7)

164.18215ms ago: executing program 5 (id=3842):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x1)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r5 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r5, 0xffff)
fcntl$addseals(r5, 0x409, 0x7)
r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000001c0)=0x1)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0xfadf, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r7, 0x80046402, 0x0)
dup3(0xffffffffffffffff, r7, 0x80000)
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000000c0)=0x7)
close_range(r0, 0xffffffffffffffff, 0x0)

74.756773ms ago: executing program 2 (id=3843):
r0 = openat$smackfs_relabel_self(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
writev(r0, &(0x7f0000001480)=[{&(0x7f0000000080)="f57cec112b33921898f0263e563d4173e8f4976fbb40938bafba32c757e05fbe41a52b1f875d11aaff55b7865cc62f0ff4997daae77585103f21c1d7c9cdf7e2cb71d6c7fcd65affd320a4da23cc1822812e11991d909d1ea9ddeff6e338cdfb6288c25bb2ff2b9074b77544fa0e28067de1c7d0f86f4f2a6d78c4a1ba35ebe085c1d109184a8ba14f1bdd4739d9b436aad711168280a5ec009d857031ae5d651cd4669d037469d862be2efba5f7d1f2f996da13169e1ddf6b89f5fad0fcb0906334178dd898935abe17c7f11c6083b5", 0xd0}, {&(0x7f0000000180)="793be2dcd67e", 0x6}, {&(0x7f00000002c0)="ba5b38402a20bece2eb815332074a3a7e4440f880258ae65f742b427", 0x1c}], 0x3)

0s ago: executing program 3 (id=3844):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x1)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r5 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r5, 0xffff)
fcntl$addseals(r5, 0x409, 0x7)
r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000001c0)=0x1)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0xfadf, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r7, 0x80046402, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, <r8=>0xffffffffffffffff})
dup3(r8, r7, 0x80000)
ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f00000000c0)=0x7)
close_range(r0, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000ffff27bd7000fedbdfff00000000", @ANYRES32=0x0, @ANYBLOB="150c0000004800001c0012800b00010067726574617000000c00028008000700000000000a000100aa"], 0x48}, 0x1, 0x0, 0x0, 0x28000}, 0x8000)

kernel console output (not intermixed with test programs):

bytes leftover after parsing attributes in process `syz.2.3540'.
[ 1257.858907][T16475] veth0_macvtap: entered promiscuous mode
[ 1257.879902][T16475] veth1_macvtap: entered promiscuous mode
[ 1257.929590][T16959] FAULT_INJECTION: forcing a failure.
[ 1257.929590][T16959] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1257.929630][T16959] CPU: 0 UID: 0 PID: 16959 Comm: syz.3.3542 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1257.929661][T16959] Tainted: [L]=SOFTLOCKUP
[ 1257.929670][T16959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1257.929684][T16959] Call Trace:
[ 1257.929694][T16959]  <TASK>
[ 1257.929704][T16959]  dump_stack_lvl+0xe8/0x150
[ 1257.929744][T16959]  should_fail_ex+0x46b/0x600
[ 1257.929784][T16959]  _copy_from_iter+0x1d3/0x1670
[ 1257.929823][T16959]  ? sock_alloc_send_pskb+0x8a2/0x9a0
[ 1257.929868][T16959]  ? __pfx__copy_from_iter+0x10/0x10
[ 1257.929913][T16959]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1257.929949][T16959]  skb_copy_datagram_from_iter+0xf5/0x710
[ 1257.929984][T16959]  ? dev_get_by_index+0x22/0x2e0
[ 1257.930016][T16959]  ? skb_put+0x11b/0x210
[ 1257.930046][T16959]  packet_sendmsg+0x3799/0x5120
[ 1257.930107][T16959]  ? __lock_acquire+0x6b5/0x2cf0
[ 1257.930136][T16959]  ? smack_socket_sendmsg+0x1f8/0x590
[ 1257.930170][T16959]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1257.930202][T16959]  ? __lock_acquire+0x6b5/0x2cf0
[ 1257.930227][T16959]  ? __pfx_packet_sendmsg+0x10/0x10
[ 1257.930260][T16959]  ? __lock_acquire+0x6b5/0x2cf0
[ 1257.930289][T16959]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[ 1257.930332][T16959]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1257.930363][T16959]  ____sys_sendmsg+0x94c/0x9c0
[ 1257.930406][T16959]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1257.930444][T16959]  ? import_iovec+0x73/0xa0
[ 1257.930469][T16959]  ___sys_sendmsg+0x2a5/0x360
[ 1257.930496][T16959]  ? __lock_acquire+0x6b5/0x2cf0
[ 1257.930518][T16959]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1257.930548][T16959]  ? kstrtouint+0x6e/0xe0
[ 1257.930595][T16959]  ? __fget_files+0x2a/0x420
[ 1257.930614][T16959]  ? __fget_files+0x3a6/0x420
[ 1257.930645][T16959]  __sys_sendmmsg+0x282/0x4e0
[ 1257.930681][T16959]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1257.930716][T16959]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1257.930759][T16959]  ? ksys_write+0x248/0x270
[ 1257.930787][T16959]  ? __pfx_ksys_write+0x10/0x10
[ 1257.930821][T16959]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1257.930850][T16959]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1257.930874][T16959]  do_syscall_64+0x15f/0xf80
[ 1257.930905][T16959]  ? trace_irq_disable+0x3b/0x140
[ 1257.930937][T16959]  ? clear_bhb_loop+0x40/0x90
[ 1257.930964][T16959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1257.930987][T16959] RIP: 0033:0x7fabf32ac819
[ 1257.931009][T16959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1257.931029][T16959] RSP: 002b:00007fabf1506028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1257.931052][T16959] RAX: ffffffffffffffda RBX: 00007fabf3525fa0 RCX: 00007fabf32ac819
[ 1257.931069][T16959] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000006
[ 1257.931081][T16959] RBP: 00007fabf1506090 R08: 0000000000000000 R09: 0000000000000000
[ 1257.931095][T16959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1257.931108][T16959] R13: 00007fabf3526038 R14: 00007fabf3525fa0 R15: 00007ffc846e4888
[ 1257.931142][T16959]  </TASK>
[ 1258.286226][T16475] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1258.321715][T16475] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1258.358832][ T1169] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.359128][ T1169] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.359171][ T1169] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.359211][ T1169] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.400321][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1258.405600][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1258.751852][T16962] Driver unsupported XDP return value 0 on prog  (id 257) dev N/A, expect packet loss!
[ 1258.970539][T16971] ieee802154 phy0 wpan0: encryption failed: -22
[ 1259.106731][ T8974] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 1259.387412][ T8974] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1259.387444][ T8974] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1259.387494][ T8974] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping
[ 1259.387521][ T8974] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1259.405536][ T8974] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1259.405597][ T8974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[ 1259.405690][ T8974] usb 3-1: SerialNumber: syz
[ 1259.523746][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1259.943019][ T8974] usb 3-1: 0:2 : does not exist
[ 1259.943105][ T8974] usb 3-1: unit 5 not found!
[ 1260.279119][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1260.279182][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1260.299018][T16979] FAULT_INJECTION: forcing a failure.
[ 1260.299018][T16979] name failslab, interval 1, probability 0, space 0, times 0
[ 1260.299061][T16979] CPU: 1 UID: 0 PID: 16979 Comm: syz.3.3550 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1260.299091][T16979] Tainted: [L]=SOFTLOCKUP
[ 1260.299100][T16979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1260.299115][T16979] Call Trace:
[ 1260.299124][T16979]  <TASK>
[ 1260.299134][T16979]  dump_stack_lvl+0xe8/0x150
[ 1260.299173][T16979]  should_fail_ex+0x46b/0x600
[ 1260.299214][T16979]  should_failslab+0xa8/0x100
[ 1260.299247][T16979]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[ 1260.299276][T16979]  ? __alloc_skb+0x1d0/0x7d0
[ 1260.299309][T16979]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1260.299360][T16979]  __alloc_skb+0x1d0/0x7d0
[ 1260.299382][T16979]  ? netlink_ack_tlv_len+0x6c/0x210
[ 1260.299409][T16979]  netlink_ack+0x146/0xa50
[ 1260.299431][T16979]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1260.299458][T16979]  ? __pfx_nl802154_pre_doit+0x10/0x10
[ 1260.299488][T16979]  ? __pfx_nl802154_post_doit+0x10/0x10
[ 1260.299532][T16979]  netlink_rcv_skb+0x2b6/0x4b0
[ 1260.299560][T16979]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1260.299593][T16979]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1260.299638][T16979]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1260.299664][T16979]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1260.299696][T16979]  genl_rcv+0x28/0x40
[ 1260.299726][T16979]  netlink_unicast+0x780/0x920
[ 1260.299777][T16979]  netlink_sendmsg+0x813/0xb40
[ 1260.299814][T16979]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1260.299843][T16979]  ? unwind_get_return_address+0x4d/0x90
[ 1260.299874][T16979]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1260.299903][T16979]  ____sys_sendmsg+0x94c/0x9c0
[ 1260.299940][T16979]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1260.299981][T16979]  ? import_iovec+0x73/0xa0
[ 1260.300011][T16979]  ___sys_sendmsg+0x2a5/0x360
[ 1260.300038][T16979]  ? __lock_acquire+0x6b5/0x2cf0
[ 1260.300064][T16979]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1260.300126][T16979]  ? __fget_files+0x2a/0x420
[ 1260.300147][T16979]  ? __fget_files+0x3a6/0x420
[ 1260.300180][T16979]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1260.300213][T16979]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1260.300253][T16979]  ? __pfx_ksys_write+0x10/0x10
[ 1260.300289][T16979]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1260.300326][T16979]  do_syscall_64+0x15f/0xf80
[ 1260.300356][T16979]  ? trace_irq_disable+0x3b/0x140
[ 1260.300386][T16979]  ? clear_bhb_loop+0x40/0x90
[ 1260.300416][T16979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1260.300438][T16979] RIP: 0033:0x7fabf32ac819
[ 1260.300461][T16979] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1260.300480][T16979] RSP: 002b:00007fabf1506028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1260.300504][T16979] RAX: ffffffffffffffda RBX: 00007fabf3525fa0 RCX: 00007fabf32ac819
[ 1260.300522][T16979] RDX: 0000000000000010 RSI: 0000200000000680 RDI: 0000000000000004
[ 1260.300537][T16979] RBP: 00007fabf1506090 R08: 0000000000000000 R09: 0000000000000000
[ 1260.300550][T16979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1260.300564][T16979] R13: 00007fabf3526038 R14: 00007fabf3525fa0 R15: 00007ffc846e4888
[ 1260.300601][T16979]  </TASK>
[ 1260.553300][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1260.839973][ T8974] usb 3-1: USB disconnect, device number 96
[ 1260.929093][T16491] udevd[16491]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1261.463535][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1261.593039][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1261.655190][ T8974] usb 1-1: new full-speed USB device number 86 using dummy_hcd
[ 1261.724050][ T6572] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1261.724075][ T6572] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1261.762362][T15811] usb 4-1: new full-speed USB device number 72 using dummy_hcd
[ 1261.824994][ T8974] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1261.825053][ T8974] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1261.825217][ T8974] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1261.825248][ T8974] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1261.825274][ T8974] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1261.828610][ T8974] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1261.828643][ T8974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1261.828665][ T8974] usb 1-1: Product: syz
[ 1261.828682][ T8974] usb 1-1: Manufacturer: syz
[ 1261.828698][ T8974] usb 1-1: SerialNumber: syz
[ 1261.846828][T17000] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3558'.
[ 1261.932495][T12927] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[ 1261.936625][ T8974] usb 1-1: config 0 descriptor??
[ 1262.108179][T12927] usb 3-1: Using ep0 maxpacket: 16
[ 1262.110918][T12927] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1262.110949][T12927] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1262.138095][T12927] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1262.138128][T12927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1262.138152][T12927] usb 3-1: Product: syz
[ 1262.138169][T12927] usb 3-1: Manufacturer: syz
[ 1262.138185][T12927] usb 3-1: SerialNumber: syz
[ 1262.144527][ T8974] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 1262.144565][ T8974] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 1262.213000][T12927] usb 3-1: config 0 descriptor??
[ 1262.360427][T17003] ieee802154 phy0 wpan0: encryption failed: -22
[ 1262.740589][ T8974] radio-si470x 1-1:0.0: software version 0, hardware version 0
[ 1262.740685][ T8974] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[ 1262.740735][ T8974] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[ 1263.206978][ T8974] radio-si470x 1-1:0.0: submitting int urb failed (-90)
[ 1263.650582][ T6008] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1263.662536][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1263.731703][ T8974] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -110
[ 1263.742808][ T8974] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22
[ 1264.490002][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1264.697607][T12927] usb 1-1: USB disconnect, device number 86
[ 1264.716180][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1264.829892][ T9452] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1264.910787][ T9452] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1264.921832][ T9452] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1264.958357][ T9452] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1264.959259][ T9452] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1265.164221][T12927] usb 3-1: USB disconnect, device number 97
[ 1265.293753][T17023] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3564'.
[ 1265.351334][T17015] lo speed is unknown, defaulting to 1000
[ 1265.500208][T17015] lo speed is unknown, defaulting to 1000
[ 1265.754223][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1265.842310][T12927] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[ 1265.881849][T17039] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1265.916169][T17041] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3572'.
[ 1265.951102][ T1169] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1265.951891][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1265.954100][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1265.995461][T12927] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1265.995524][T12927] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1265.995549][T12927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1266.066056][T12927] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1266.368771][T17046] tipc: Started in network mode
[ 1266.368798][T17046] tipc: Node identity 722a3b98e934, cluster identity 4711
[ 1266.369174][T17046] tipc: Enabled bearer <eth:bond_slave_1>, priority 10
[ 1266.742812][T17015] chnl_net:caif_netlink_parms(): no params data found
[ 1266.945770][ T8974] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 1266.968184][T17060] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3577'.
[ 1267.034240][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1267.042632][T17015] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1267.042817][T17015] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1267.043153][T17015] bridge_slave_0: entered allmulticast mode
[ 1267.059264][T17015] bridge_slave_0: entered promiscuous mode
[ 1267.115286][ T8974] usb 4-1: Using ep0 maxpacket: 16
[ 1267.130894][T12927] stv0680 1-1:4.0: STV(e): camera ping failed!!
[ 1267.133200][ T5800] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[ 1267.158392][ T8974] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1267.158422][ T8974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1267.203865][T13402] Bluetooth: hci3: command tx timeout
[ 1267.205951][ T8974] usb 4-1: config 0 descriptor??
[ 1267.250809][ T8974] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1267.351660][T12927] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[ 1267.351687][T12927] stv0680 1-1:4.0: last error: 119,  command = 0x4d
[ 1267.364293][T12927] usb 1-1: USB disconnect, device number 87
[ 1267.401912][ T5800] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1267.401948][ T5800] usb 6-1: config 0 has no interface number 0
[ 1267.577748][ T5800] usb 6-1: New USB device found, idVendor=0b48, idProduct=1003, bcdDevice=7b.54
[ 1267.577903][ T5800] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1267.577928][ T5800] usb 6-1: Product: syz
[ 1267.577944][ T5800] usb 6-1: Manufacturer: syz
[ 1267.578024][ T5800] usb 6-1: SerialNumber: syz
[ 1267.653990][ T8974] gspca_sonixj: reg_r err -71
[ 1267.654107][ T8974] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[ 1267.659980][ T8974] usb 4-1: USB disconnect, device number 73
[ 1267.725855][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1267.907456][T17065] binder: 17061:17065 ioctl c0306201 200000000000 returned -22
[ 1268.564794][ T5800] usb 6-1: config 0 descriptor??
[ 1268.576168][ T5800] usb 6-1: selecting invalid altsetting 1
[ 1268.578910][ T5800] dvb_ttusb_budget: ttusb_init_controller: error
[ 1268.578945][ T5800] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1268.654335][   T36] kauditd_printk_skb: 22 callbacks suppressed
[ 1268.654356][   T36] audit: type=1326 audit(1776335389.978:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.654414][   T36] audit: type=1326 audit(1776335389.978:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.655398][   T36] audit: type=1326 audit(1776335389.978:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.660207][   T36] audit: type=1326 audit(1776335389.978:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.660255][   T36] audit: type=1326 audit(1776335389.978:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.663552][   T36] audit: type=1326 audit(1776335389.978:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.664828][   T36] audit: type=1326 audit(1776335389.978:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.664876][   T36] audit: type=1326 audit(1776335389.978:1285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.667220][   T36] audit: type=1326 audit(1776335389.978:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.667264][   T36] audit: type=1326 audit(1776335389.978:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17070 comm="syz.0.3579" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3f070bc819 code=0x7ffc0000
[ 1268.690174][ T5800] DVB: Unable to find symbol stv0299_attach()
[ 1269.006279][ T1169] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1269.101774][ T5800] DVB: Unable to find symbol tda8083_attach()
[ 1269.101792][ T5800] dvb_ttusb_budget: no frontend driver found for device [0b48:1003]
[ 1269.224638][T17015] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1269.224728][T17015] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1269.224955][T17015] bridge_slave_1: entered allmulticast mode
[ 1269.226988][T17015] bridge_slave_1: entered promiscuous mode
[ 1269.249002][ T5800] usb 6-1: USB disconnect, device number 3
[ 1269.283549][T13402] Bluetooth: hci3: command tx timeout
[ 1269.340409][ T6042] tipc: Node number set to 2602449816
[ 1269.617381][ T6144] net_ratelimit: 1 callbacks suppressed
[ 1269.617405][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1269.897493][T17081] evm: overlay not supported
[ 1270.842833][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1270.843135][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1270.940756][T17015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1270.979295][T17083] FAULT_INJECTION: forcing a failure.
[ 1270.979295][T17083] name failslab, interval 1, probability 0, space 0, times 0
[ 1270.979328][T17083] CPU: 0 UID: 0 PID: 17083 Comm: syz.5.3582 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1270.979353][T17083] Tainted: [L]=SOFTLOCKUP
[ 1270.979360][T17083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1270.979371][T17083] Call Trace:
[ 1270.979378][T17083]  <TASK>
[ 1270.979386][T17083]  dump_stack_lvl+0xe8/0x150
[ 1270.979419][T17083]  should_fail_ex+0x46b/0x600
[ 1270.979452][T17083]  should_failslab+0xa8/0x100
[ 1270.979478][T17083]  __kmalloc_noprof+0xdf/0x7b0
[ 1270.979500][T17083]  ? rcu_is_watching+0x15/0xb0
[ 1270.979520][T17083]  ? snd_interval_refine+0x602/0xa50
[ 1270.979548][T17083]  ? snd_pcm_hw_refine+0x9b1/0x1710
[ 1270.979579][T17083]  snd_pcm_hw_refine+0x9b1/0x1710
[ 1270.979618][T17083]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[ 1270.979675][T17083]  ? __asan_memset+0x22/0x50
[ 1270.979693][T17083]  ? snd_pcm_oss_change_params_locked+0x6e5/0x3e00
[ 1270.979717][T17083]  ? snd_pcm_oss_change_params_locked+0x744/0x3e00
[ 1270.979743][T17083]  snd_pcm_oss_change_params_locked+0x851/0x3e00
[ 1270.979774][T17083]  ? __lock_acquire+0x6b5/0x2cf0
[ 1270.979797][T17083]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1270.979838][T17083]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1270.979879][T17083]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1270.979909][T17083]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1270.979936][T17083]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1270.979963][T17083]  ? mutex_lock_interruptible_nested+0x152/0x1d0
[ 1270.979988][T17083]  ? snd_pcm_oss_read+0x204/0x8e0
[ 1270.980010][T17083]  snd_pcm_oss_read+0x276/0x8e0
[ 1270.980036][T17083]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[ 1270.980055][T17083]  vfs_read+0x212/0xa80
[ 1270.980081][T17083]  ? __pfx_vfs_read+0x10/0x10
[ 1270.980102][T17083]  ? __fget_files+0x2a/0x420
[ 1270.980122][T17083]  ? __fget_files+0x2a/0x420
[ 1270.980139][T17083]  ? __fget_files+0x3a6/0x420
[ 1270.980154][T17083]  ? __fget_files+0x2a/0x420
[ 1270.980177][T17083]  ksys_read+0x156/0x270
[ 1270.980199][T17083]  ? __pfx_ksys_read+0x10/0x10
[ 1270.980225][T17083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1270.980245][T17083]  do_syscall_64+0x15f/0xf80
[ 1270.980272][T17083]  ? clear_bhb_loop+0x40/0x90
[ 1270.980295][T17083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1270.980313][T17083] RIP: 0033:0x7fea451ec819
[ 1270.980332][T17083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1270.980349][T17083] RSP: 002b:00007fea4343e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1270.980370][T17083] RAX: ffffffffffffffda RBX: 00007fea45465fa0 RCX: 00007fea451ec819
[ 1270.980385][T17083] RDX: 0000000000001000 RSI: 00002000000002c0 RDI: 0000000000000004
[ 1270.980397][T17083] RBP: 00007fea4343e090 R08: 0000000000000000 R09: 0000000000000000
[ 1270.980409][T17083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1270.980420][T17083] R13: 00007fea45466038 R14: 00007fea45465fa0 R15: 00007ffc16b17f98
[ 1270.980447][T17083]  </TASK>
[ 1271.240352][T12927] usb 4-1: new full-speed USB device number 74 using dummy_hcd
[ 1271.352429][T13402] Bluetooth: hci3: command tx timeout
[ 1271.448929][T12927] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1271.448966][T12927] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1271.448995][T12927] usb 4-1: Product: syz
[ 1271.449011][T12927] usb 4-1: Manufacturer: syz
[ 1271.449028][T12927] usb 4-1: SerialNumber: syz
[ 1271.488977][T12927] usb 4-1: config 0 descriptor??
[ 1272.107323][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1272.320993][ T1169] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1272.460408][T17015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1272.955162][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1272.962504][ T8974] usb 4-1: USB disconnect, device number 74
[ 1273.124522][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1273.198028][ T1169] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1273.213972][ T5800] usb 3-1: new full-speed USB device number 98 using dummy_hcd
[ 1273.278422][T17102] FAULT_INJECTION: forcing a failure.
[ 1273.278422][T17102] name failslab, interval 1, probability 0, space 0, times 0
[ 1273.278463][T17102] CPU: 1 UID: 0 PID: 17102 Comm: syz.3.3588 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1273.278495][T17102] Tainted: [L]=SOFTLOCKUP
[ 1273.278504][T17102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1273.278519][T17102] Call Trace:
[ 1273.278528][T17102]  <TASK>
[ 1273.278538][T17102]  dump_stack_lvl+0xe8/0x150
[ 1273.278574][T17102]  should_fail_ex+0x46b/0x600
[ 1273.278618][T17102]  should_failslab+0xa8/0x100
[ 1273.278644][T17102]  __kmalloc_noprof+0xdf/0x7b0
[ 1273.278665][T17102]  ? tomoyo_encode+0x28b/0x550
[ 1273.278694][T17102]  tomoyo_encode+0x28b/0x550
[ 1273.278722][T17102]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1273.278749][T17102]  ? tomoyo_domain+0xd8/0x130
[ 1273.278779][T17102]  ? tomoyo_path_number_perm+0x219/0x630
[ 1273.278800][T17102]  tomoyo_path_number_perm+0x246/0x630
[ 1273.278823][T17102]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1273.278843][T17102]  ? __lock_acquire+0x6b5/0x2cf0
[ 1273.278865][T17102]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1273.278914][T17102]  ? __fget_files+0x2a/0x420
[ 1273.278932][T17102]  ? __fget_files+0x2a/0x420
[ 1273.278947][T17102]  ? __fget_files+0x3a6/0x420
[ 1273.278963][T17102]  ? __fget_files+0x2a/0x420
[ 1273.278982][T17102]  security_file_ioctl+0xc3/0x2a0
[ 1273.279006][T17102]  __se_sys_ioctl+0x47/0x170
[ 1273.279027][T17102]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1273.279047][T17102]  do_syscall_64+0x15f/0xf80
[ 1273.279072][T17102]  ? trace_irq_disable+0x3b/0x140
[ 1273.279096][T17102]  ? clear_bhb_loop+0x40/0x90
[ 1273.279118][T17102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1273.279135][T17102] RIP: 0033:0x7fabf32ac819
[ 1273.279153][T17102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1273.279169][T17102] RSP: 002b:00007fabf1506028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1273.279188][T17102] RAX: ffffffffffffffda RBX: 00007fabf3525fa0 RCX: 00007fabf32ac819
[ 1273.279201][T17102] RDX: 0000200000000080 RSI: 00000000c020aa07 RDI: 0000000000000003
[ 1273.279213][T17102] RBP: 00007fabf1506090 R08: 0000000000000000 R09: 0000000000000000
[ 1273.279224][T17102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1273.279235][T17102] R13: 00007fabf3526038 R14: 00007fabf3525fa0 R15: 00007ffc846e4888
[ 1273.279262][T17102]  </TASK>
[ 1273.279307][T17102] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1273.491890][ T5800] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1273.492447][ T5800] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1273.492478][ T5800] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1273.492508][ T5800] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1273.492533][ T5800] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1273.498111][T13402] Bluetooth: hci3: command tx timeout
[ 1273.614493][ T5800] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1273.614529][ T5800] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1273.614546][ T5800] usb 3-1: Product: syz
[ 1273.614557][ T5800] usb 3-1: Manufacturer: syz
[ 1273.614570][ T5800] usb 3-1: SerialNumber: syz
[ 1273.696851][ T5800] usb 3-1: config 0 descriptor??
[ 1273.974385][T16708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1274.194508][T17109] hub 8-0:1.0: USB hub found
[ 1274.209065][T17109] hub 8-0:1.0: 1 port detected
[ 1275.028591][ T5800] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -110
[ 1275.028903][ T5800] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5
[ 1275.085776][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1275.279780][T17015] team0: Port device team_slave_0 added
[ 1275.466660][T17015] team0: Port device team_slave_1 added
[ 1275.567106][T17116] netem: change failed
[ 1275.806494][T17117] 9p: Bad value for 'rfdno'
[ 1275.911268][T17122] pimreg: entered allmulticast mode
[ 1275.924483][T17015] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1275.924504][T17015] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1275.924535][T17015] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1276.034695][T17015] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1276.034721][T17015] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1276.034755][T17015] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1276.156772][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1276.769961][ T1169] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1276.900723][T17139] netlink: 'syz.5.3596': attribute type 13 has an invalid length.
[ 1276.900753][T17139] netlink: 'syz.5.3596': attribute type 17 has an invalid length.
[ 1277.043850][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1277.193679][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1277.382709][T17139] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1277.494329][T17015] hsr_slave_0: entered promiscuous mode
[ 1277.495747][T17015] hsr_slave_1: entered promiscuous mode
[ 1277.519292][T17015] debugfs: 'hsr0' already exists in 'hsr'
[ 1277.519324][T17015] Cannot create hsr debugfs directory
[ 1277.850293][T17151] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3599'.
[ 1277.850508][T17151] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3599'.
[ 1277.850529][T17151] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1277.857915][T16459] usb 3-1: USB disconnect, device number 98
[ 1278.103825][T17159] FAULT_INJECTION: forcing a failure.
[ 1278.103825][T17159] name failslab, interval 1, probability 0, space 0, times 0
[ 1278.103865][T17159] CPU: 1 UID: 0 PID: 17159 Comm: syz.2.3602 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1278.103895][T17159] Tainted: [L]=SOFTLOCKUP
[ 1278.103902][T17159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1278.103914][T17159] Call Trace:
[ 1278.103921][T17159]  <TASK>
[ 1278.103929][T17159]  dump_stack_lvl+0xe8/0x150
[ 1278.103962][T17159]  should_fail_ex+0x46b/0x600
[ 1278.103993][T17159]  should_failslab+0xa8/0x100
[ 1278.104019][T17159]  kmem_cache_alloc_noprof+0x87/0x680
[ 1278.104039][T17159]  ? __netlink_lookup+0xc6/0x8b0
[ 1278.104068][T17159]  ? skb_clone+0x212/0x3a0
[ 1278.104096][T17159]  skb_clone+0x212/0x3a0
[ 1278.104121][T17159]  __netlink_deliver_tap+0x404/0x850
[ 1278.104151][T17159]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1278.104173][T17159]  netlink_deliver_tap+0x19c/0x1b0
[ 1278.104194][T17159]  netlink_unicast+0x754/0x920
[ 1278.104231][T17159]  netlink_sendmsg+0x813/0xb40
[ 1278.104264][T17159]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1278.104287][T17159]  ? unwind_get_return_address+0x4d/0x90
[ 1278.104316][T17159]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1278.104341][T17159]  ____sys_sendmsg+0x94c/0x9c0
[ 1278.104370][T17159]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1278.104400][T17159]  ? import_iovec+0x73/0xa0
[ 1278.104422][T17159]  ___sys_sendmsg+0x2a5/0x360
[ 1278.104444][T17159]  ? __lock_acquire+0x6b5/0x2cf0
[ 1278.104465][T17159]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1278.104521][T17159]  ? __fget_files+0x2a/0x420
[ 1278.104537][T17159]  ? __fget_files+0x3a6/0x420
[ 1278.104562][T17159]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1278.104587][T17159]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1278.104618][T17159]  ? __pfx_ksys_write+0x10/0x10
[ 1278.104646][T17159]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.104666][T17159]  do_syscall_64+0x15f/0xf80
[ 1278.104692][T17159]  ? trace_irq_disable+0x3b/0x140
[ 1278.104716][T17159]  ? clear_bhb_loop+0x40/0x90
[ 1278.104738][T17159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1278.104756][T17159] RIP: 0033:0x7ff4f433c819
[ 1278.104774][T17159] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1278.104790][T17159] RSP: 002b:00007ff4f258e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1278.104809][T17159] RAX: ffffffffffffffda RBX: 00007ff4f45b5fa0 RCX: 00007ff4f433c819
[ 1278.104823][T17159] RDX: 0000000000000010 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1278.104834][T17159] RBP: 00007ff4f258e090 R08: 0000000000000000 R09: 0000000000000000
[ 1278.104846][T17159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1278.104857][T17159] R13: 00007ff4f45b6038 R14: 00007ff4f45b5fa0 R15: 00007ffe455f6e98
[ 1278.104884][T17159]  </TASK>
[ 1278.287603][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1278.863370][ T6042] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 1279.018324][ T6042] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1279.020709][ T6042] usb 3-1: config 63 has an invalid interface number: 66 but max is 0
[ 1279.020736][ T6042] usb 3-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config
[ 1279.020755][ T6042] usb 3-1: config 63 has no interface number 0
[ 1279.020783][ T6042] usb 3-1: config 63 interface 66 has no altsetting 0
[ 1279.072860][ T6042] usb 3-1: string descriptor 0 read error: -22
[ 1279.073048][ T6042] usb 3-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4
[ 1279.073075][ T6042] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1279.125367][ T6042] uvcvideo 3-1:63.66: Found UVC 0.07 device <unnamed> (174f:8acf)
[ 1279.125484][ T6042] uvcvideo 3-1:63.66: No valid video chain found.
[ 1279.132332][ T8974] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[ 1279.286325][ T8974] usb 1-1: Using ep0 maxpacket: 32
[ 1279.320187][ T8974] usb 1-1: config 0 has an invalid interface number: 74 but max is 0
[ 1279.320222][ T8974] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1279.320243][ T8974] usb 1-1: config 0 has no interface number 0
[ 1279.320291][ T8974] usb 1-1: config 0 interface 74 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1279.320309][ T8974] usb 1-1: config 0 interface 74 has no altsetting 0
[ 1279.352828][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1279.387737][ T8974] usb 1-1: New USB device found, idVendor=1ae7, idProduct=9003, bcdDevice=44.08
[ 1279.387772][ T8974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1279.387821][ T8974] usb 1-1: Product: syz
[ 1279.387839][ T8974] usb 1-1: Manufacturer: syz
[ 1279.387855][ T8974] usb 1-1: SerialNumber: syz
[ 1279.471773][ T8974] usb 1-1: config 0 descriptor??
[ 1279.489018][ T8974] em28xx 1-1:0.74: New device syz syz @ 480 Mbps (1ae7:9003, interface 74, class 74)
[ 1279.489055][ T8974] em28xx 1-1:0.74: Video interface 74 found:
[ 1280.076132][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1280.154098][ T8974] em28xx 1-1:0.74: unknown em28xx chip ID (0)
[ 1280.322399][ T8974] em28xx 1-1:0.74: reading from i2c device at 0xa0 failed (error=-5)
[ 1280.322432][ T8974] em28xx 1-1:0.74: board has no eeprom
[ 1280.372987][ T8974] em28xx 1-1:0.74: writing to i2c device at 0xb8 failed (error=-5)
[ 1280.373015][ T8974] em28xx 1-1:0.74: couldn't read from i2c device 0xb8: error -5
[ 1280.373392][ T8974] em28xx 1-1:0.74: writing to i2c device at 0xba failed (error=-5)
[ 1280.373410][ T8974] em28xx 1-1:0.74: couldn't read from i2c device 0xba: error -5
[ 1280.373810][ T8974] em28xx 1-1:0.74: writing to i2c device at 0x90 failed (error=-5)
[ 1280.373828][ T8974] em28xx 1-1:0.74: couldn't read from i2c device 0x90: error -5
[ 1280.375378][ T8974] em28xx 1-1:0.74: writing to i2c device at 0x42 failed (error=-5)
[ 1280.375401][ T8974] em28xx 1-1:0.74: couldn't read from i2c device 0x42: error -5
[ 1280.375775][ T8974] em28xx 1-1:0.74: writing to i2c device at 0x60 failed (error=-5)
[ 1280.375793][ T8974] em28xx 1-1:0.74: couldn't read from i2c device 0x60: error -5
[ 1280.375807][ T8974] em28xx 1-1:0.74: No sensor detected
[ 1280.396724][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1280.425983][T12927] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[ 1280.434708][ T8974] em28xx 1-1:0.74: Identified as SpeedLink Vicious And Devine Laplace webcam (card=91)
[ 1280.434794][ T8974] em28xx 1-1:0.74: Currently, V4L2 is not supported on this model
[ 1280.435778][ T5800] em28xx 1-1:0.74: Registering snapshot button...
[ 1280.620168][T12927] usb 4-1: Using ep0 maxpacket: 16
[ 1280.633571][T12927] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1280.633609][T12927] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1280.686686][T12927] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1280.686721][T12927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1280.686744][T12927] usb 4-1: Product: syz
[ 1280.686761][T12927] usb 4-1: Manufacturer: syz
[ 1280.686776][T12927] usb 4-1: SerialNumber: syz
[ 1280.702445][ T6042] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[ 1280.814283][T12927] usb 4-1: config 0 descriptor??
[ 1280.841219][ T8974] usb 1-1: USB disconnect, device number 88
[ 1280.868992][ T8974] em28xx 1-1:0.74: Disconnecting em28xx
[ 1280.908524][ T6042] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1280.908589][ T6042] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1280.908620][ T6042] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1280.908649][ T6042] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1280.908675][ T6042] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1280.921240][ T6042] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1280.921270][ T6042] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1280.921288][ T6042] usb 6-1: Product: syz
[ 1280.921301][ T6042] usb 6-1: Manufacturer: syz
[ 1280.921314][ T6042] usb 6-1: SerialNumber: syz
[ 1281.111210][ T6042] usb 6-1: config 0 descriptor??
[ 1281.145567][ T5800] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.74/input/input20
[ 1281.246555][ T5800] em28xx 1-1:0.74: Remote control support is not available for this card.
[ 1281.246645][ T8974] em28xx 1-1:0.74: Closing input extension
[ 1281.246668][ T8974] em28xx 1-1:0.74: Deregistering snapshot button
[ 1281.336754][ T6042] radio-si470x 6-1:0.0: DeviceID=0x0000 ChipID=0x0000
[ 1281.336784][ T6042] radio-si470x 6-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 1281.433381][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1281.842528][ T6042] radio-si470x 6-1:0.0: si470x_get_report: usb_control_msg returned -110
[ 1281.842558][ T6042] radio-si470x 6-1:0.0: si470x_get_scratch: si470x_get_report returned -110
[ 1281.876504][ T6042] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -5
[ 1282.151094][T17198] netem: change failed
[ 1282.319602][ T6042] usb 6-1: USB disconnect, device number 4
[ 1282.321224][T16708] usb 3-1: USB disconnect, device number 99
[ 1282.474269][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1282.474343][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1282.680116][ T1169] bridge_slave_1: left allmulticast mode
[ 1282.680147][ T1169] bridge_slave_1: left promiscuous mode
[ 1282.680389][ T1169] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1283.130770][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1283.215606][ T1169] bridge_slave_0: left allmulticast mode
[ 1283.215640][ T1169] bridge_slave_0: left promiscuous mode
[ 1283.251571][T16708] usb 4-1: USB disconnect, device number 75
[ 1283.286235][ T8974] em28xx 1-1:0.74: Freeing device
[ 1283.286858][ T1169] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1283.512795][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1284.342546][ T6042] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1284.492376][ T6042] usb 6-1: Using ep0 maxpacket: 32
[ 1284.497602][ T6042] usb 6-1: config 8 has an invalid interface number: 111 but max is 0
[ 1284.497626][ T6042] usb 6-1: config 8 has no interface number 0
[ 1284.497664][ T6042] usb 6-1: config 8 interface 111 altsetting 0 endpoint 0xB has invalid maxpacket 2007, setting to 1024
[ 1284.497685][ T6042] usb 6-1: config 8 interface 111 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[ 1284.501154][ T6042] usb 6-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=4b.99
[ 1284.501187][ T6042] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1284.501203][ T6042] usb 6-1: Product: syz
[ 1284.501215][ T6042] usb 6-1: Manufacturer: syz
[ 1284.501226][ T6042] usb 6-1: SerialNumber: syz
[ 1284.575626][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1284.585857][T17242] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1284.994052][ T1169] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1285.073701][ T1169] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1285.096787][ T1169] bond0 (unregistering): Released all slaves
[ 1285.317395][ T5457] 8021q: adding VLAN 0 to HW filter on device eth1
[ 1285.598205][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1286.058149][ T6042] aircable 6-1:8.111: aircable converter detected
[ 1286.100788][ T6042] usb 6-1: aircable converter now attached to ttyUSB0
[ 1286.245852][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1286.294631][ T6042] usb 6-1: USB disconnect, device number 5
[ 1286.397074][ T6042] aircable ttyUSB0: aircable converter now disconnected from ttyUSB0
[ 1286.423581][ T6042] aircable 6-1:8.111: device disconnected
[ 1286.642358][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1286.662813][   T43] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1286.812511][   T43] usb 3-1: Using ep0 maxpacket: 16
[ 1286.816260][   T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1286.816293][   T43] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1286.819055][   T43] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[ 1286.819082][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1286.819097][   T43] usb 3-1: Product: syz
[ 1286.819109][   T43] usb 3-1: Manufacturer: syz
[ 1286.819121][   T43] usb 3-1: SerialNumber: syz
[ 1286.854389][   T43] usb 3-1: config 0 descriptor??
[ 1287.024308][T17256] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3628'.
[ 1287.324370][T17260] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3630'.
[ 1287.331721][T17260] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3630'.
[ 1287.626374][T17273] FAULT_INJECTION: forcing a failure.
[ 1287.626374][T17273] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1287.626416][T17273] CPU: 1 UID: 0 PID: 17273 Comm: syz.5.3635 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1287.626447][T17273] Tainted: [L]=SOFTLOCKUP
[ 1287.626456][T17273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1287.626471][T17273] Call Trace:
[ 1287.626481][T17273]  <TASK>
[ 1287.626491][T17273]  dump_stack_lvl+0xe8/0x150
[ 1287.626537][T17273]  should_fail_ex+0x46b/0x600
[ 1287.626578][T17273]  _copy_to_user+0x31/0xb0
[ 1287.626605][T17273]  simple_read_from_buffer+0xe1/0x170
[ 1287.626647][T17273]  proc_fail_nth_read+0x1be/0x230
[ 1287.626688][T17273]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1287.626728][T17273]  ? rw_verify_area+0x2ac/0x4e0
[ 1287.626754][T17273]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1287.626792][T17273]  vfs_read+0x212/0xa80
[ 1287.626828][T17273]  ? __pfx_vfs_read+0x10/0x10
[ 1287.626858][T17273]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1287.626894][T17273]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1287.626925][T17273]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1287.626958][T17273]  ? mutex_lock_nested+0x152/0x1d0
[ 1287.626983][T17273]  ? fdget_pos+0x252/0x320
[ 1287.627015][T17273]  ksys_read+0x156/0x270
[ 1287.627045][T17273]  ? __pfx_ksys_read+0x10/0x10
[ 1287.627081][T17273]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1287.627107][T17273]  do_syscall_64+0x15f/0xf80
[ 1287.627140][T17273]  ? trace_irq_disable+0x3b/0x140
[ 1287.627172][T17273]  ? clear_bhb_loop+0x40/0x90
[ 1287.627207][T17273]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1287.627232][T17273] RIP: 0033:0x7fea451ad04e
[ 1287.627254][T17273] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1287.627282][T17273] RSP: 002b:00007fea4343dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1287.627308][T17273] RAX: ffffffffffffffda RBX: 00007fea4343e6c0 RCX: 00007fea451ad04e
[ 1287.627325][T17273] RDX: 000000000000000f RSI: 00007fea4343e0a0 RDI: 0000000000000005
[ 1287.627340][T17273] RBP: 00007fea4343e090 R08: 0000000000000000 R09: 0000000000000000
[ 1287.627354][T17273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1287.627368][T17273] R13: 00007fea45466038 R14: 00007fea45465fa0 R15: 00007ffc16b17f98
[ 1287.627403][T17273]  </TASK>
[ 1287.678739][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1288.086098][T17283] FAULT_INJECTION: forcing a failure.
[ 1288.086098][T17283] name failslab, interval 1, probability 0, space 0, times 0
[ 1288.086141][T17283] CPU: 1 UID: 0 PID: 17283 Comm: syz.0.3638 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1288.086171][T17283] Tainted: [L]=SOFTLOCKUP
[ 1288.086181][T17283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1288.086195][T17283] Call Trace:
[ 1288.086204][T17283]  <TASK>
[ 1288.086215][T17283]  dump_stack_lvl+0xe8/0x150
[ 1288.086253][T17283]  should_fail_ex+0x46b/0x600
[ 1288.086294][T17283]  should_failslab+0xa8/0x100
[ 1288.086326][T17283]  __kmalloc_noprof+0xdf/0x7b0
[ 1288.086354][T17283]  ? is_bpf_text_address+0x26/0x2b0
[ 1288.086388][T17283]  ? genl_family_rcv_msg_attrs_parse+0xd0/0x2f0
[ 1288.086430][T17283]  genl_family_rcv_msg_attrs_parse+0xd0/0x2f0
[ 1288.086473][T17283]  genl_family_rcv_msg_doit+0xd9/0x330
[ 1288.086514][T17283]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1288.086545][T17283]  ? rcu_is_watching+0x15/0xb0
[ 1288.086572][T17283]  ? rcu_is_watching+0x15/0xb0
[ 1288.086598][T17283]  ? cap_capable+0x123/0x460
[ 1288.086626][T17283]  ? safesetid_security_capable+0xa9/0x1a0
[ 1288.086656][T17283]  ? bpf_lsm_capable+0x9/0x20
[ 1288.086688][T17283]  ? security_capable+0x7e/0x2c0
[ 1288.086725][T17283]  genl_rcv_msg+0x61c/0x7a0
[ 1288.086764][T17283]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1288.086796][T17283]  ? __pfx_ovs_flow_cmd_del+0x10/0x10
[ 1288.086842][T17283]  netlink_rcv_skb+0x232/0x4b0
[ 1288.086879][T17283]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1288.086914][T17283]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1288.086954][T17283]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1288.086979][T17283]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1288.087010][T17283]  genl_rcv+0x28/0x40
[ 1288.087039][T17283]  netlink_unicast+0x780/0x920
[ 1288.087090][T17283]  netlink_sendmsg+0x813/0xb40
[ 1288.087127][T17283]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1288.087157][T17283]  ? unwind_get_return_address+0x4d/0x90
[ 1288.087188][T17283]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1288.087219][T17283]  ____sys_sendmsg+0x94c/0x9c0
[ 1288.087254][T17283]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1288.087295][T17283]  ? import_iovec+0x73/0xa0
[ 1288.087325][T17283]  ___sys_sendmsg+0x2a5/0x360
[ 1288.087352][T17283]  ? __lock_acquire+0x6b5/0x2cf0
[ 1288.087379][T17283]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1288.087445][T17283]  ? __fget_files+0x2a/0x420
[ 1288.087466][T17283]  ? __fget_files+0x3a6/0x420
[ 1288.087499][T17283]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1288.087532][T17283]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1288.087573][T17283]  ? __pfx_ksys_write+0x10/0x10
[ 1288.087609][T17283]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1288.087634][T17283]  do_syscall_64+0x15f/0xf80
[ 1288.087668][T17283]  ? trace_irq_disable+0x3b/0x140
[ 1288.087699][T17283]  ? clear_bhb_loop+0x40/0x90
[ 1288.087728][T17283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1288.087751][T17283] RIP: 0033:0x7f3f070bc819
[ 1288.087774][T17283] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1288.087794][T17283] RSP: 002b:00007f3f0530e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1288.087819][T17283] RAX: ffffffffffffffda RBX: 00007f3f07335fa0 RCX: 00007f3f070bc819
[ 1288.087836][T17283] RDX: 0000000000040004 RSI: 0000200000000000 RDI: 0000000000000003
[ 1288.087864][T17283] RBP: 00007f3f0530e090 R08: 0000000000000000 R09: 0000000000000000
[ 1288.087879][T17283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1288.087893][T17283] R13: 00007f3f07336038 R14: 00007f3f07335fa0 R15: 00007ffc41c81fa8
[ 1288.087929][T17283]  </TASK>
[ 1288.713880][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1289.272816][T16708] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1289.351842][T16459] usb 3-1: USB disconnect, device number 100
[ 1289.600937][T17308] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3644'.
[ 1289.601176][T17308] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3644'.
[ 1289.809289][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1290.382422][T17321] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3648'.
[ 1291.003995][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1291.994250][T17336] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3654'.
[ 1292.074667][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1292.110203][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1292.167346][ T1169] hsr_slave_0: left promiscuous mode
[ 1292.292505][ T6042] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 1292.324803][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1292.342923][ T1169] hsr_slave_1: left promiscuous mode
[ 1292.344110][ T1169] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1292.344140][ T1169] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1292.403751][ T1169] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1292.403782][ T1169] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1292.442264][ T6042] usb 4-1: Using ep0 maxpacket: 32
[ 1292.444692][ T6042] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[ 1292.444720][ T6042] usb 4-1: config 0 has no interface number 0
[ 1292.451724][ T6042] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1292.451758][ T6042] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1292.451779][ T6042] usb 4-1: Product: syz
[ 1292.451793][ T6042] usb 4-1: Manufacturer: syz
[ 1292.451810][ T6042] usb 4-1: SerialNumber: syz
[ 1292.516907][ T6042] usb 4-1: config 0 descriptor??
[ 1292.535561][ T6042] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1292.776822][ T6042] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1292.806398][ T6042] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1293.152610][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1293.237728][ T1169] veth1_macvtap: left promiscuous mode
[ 1293.237843][ T1169] veth0_macvtap: left promiscuous mode
[ 1293.238112][ T1169] veth1_vlan: left promiscuous mode
[ 1293.238293][ T1169] veth0_vlan: left promiscuous mode
[ 1294.641267][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1295.353602][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1295.513742][ T1169] team0 (unregistering): Port device team_slave_1 removed
[ 1295.564418][ T1169] team0 (unregistering): Port device team_slave_0 removed
[ 1295.702455][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1296.056231][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1296.107707][ T8974] usb 4-1: USB disconnect, device number 76
[ 1296.143566][ T8974] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1296.355887][ T8974] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1296.361412][ T8974] quatech2 4-1:0.51: device disconnected
[ 1296.542748][T17365] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3662'.
[ 1296.641686][T17368] FAULT_INJECTION: forcing a failure.
[ 1296.641686][T17368] name failslab, interval 1, probability 0, space 0, times 0
[ 1296.641722][T17368] CPU: 0 UID: 0 PID: 17368 Comm: syz.3.3663 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1296.641750][T17368] Tainted: [L]=SOFTLOCKUP
[ 1296.641757][T17368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1296.641774][T17368] Call Trace:
[ 1296.641784][T17368]  <TASK>
[ 1296.641793][T17368]  dump_stack_lvl+0xe8/0x150
[ 1296.641826][T17368]  should_fail_ex+0x46b/0x600
[ 1296.641859][T17368]  should_failslab+0xa8/0x100
[ 1296.641884][T17368]  kmem_cache_alloc_noprof+0x87/0x680
[ 1296.641915][T17368]  ? __netlink_lookup+0xc6/0x8b0
[ 1296.641937][T17368]  ? skb_clone+0x212/0x3a0
[ 1296.641965][T17368]  skb_clone+0x212/0x3a0
[ 1296.641992][T17368]  __netlink_deliver_tap+0x404/0x850
[ 1296.642024][T17368]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1296.642046][T17368]  netlink_deliver_tap+0x19c/0x1b0
[ 1296.642068][T17368]  netlink_unicast+0x754/0x920
[ 1296.642108][T17368]  netlink_sendmsg+0x813/0xb40
[ 1296.642138][T17368]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1296.642162][T17368]  ? unwind_get_return_address+0x4d/0x90
[ 1296.642185][T17368]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1296.642210][T17368]  ____sys_sendmsg+0x94c/0x9c0
[ 1296.642239][T17368]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1296.642270][T17368]  ? import_iovec+0x73/0xa0
[ 1296.642292][T17368]  ___sys_sendmsg+0x2a5/0x360
[ 1296.642314][T17368]  ? __lock_acquire+0x6b5/0x2cf0
[ 1296.642335][T17368]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1296.642388][T17368]  ? __fget_files+0x2a/0x420
[ 1296.642405][T17368]  ? __fget_files+0x3a6/0x420
[ 1296.642431][T17368]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1296.642456][T17368]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1296.642487][T17368]  ? __pfx_ksys_write+0x10/0x10
[ 1296.642517][T17368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1296.642540][T17368]  do_syscall_64+0x15f/0xf80
[ 1296.642570][T17368]  ? trace_irq_disable+0x3b/0x140
[ 1296.642598][T17368]  ? clear_bhb_loop+0x40/0x90
[ 1296.642626][T17368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1296.642648][T17368] RIP: 0033:0x7fabf32ac819
[ 1296.642669][T17368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1296.642688][T17368] RSP: 002b:00007fabf1506028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1296.642711][T17368] RAX: ffffffffffffffda RBX: 00007fabf3525fa0 RCX: 00007fabf32ac819
[ 1296.642727][T17368] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1296.642742][T17368] RBP: 00007fabf1506090 R08: 0000000000000000 R09: 0000000000000000
[ 1296.642755][T17368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1296.642767][T17368] R13: 00007fabf3526038 R14: 00007fabf3525fa0 R15: 00007ffc846e4888
[ 1296.642801][T17368]  </TASK>
[ 1296.675262][T17368] netlink: 'syz.3.3663': attribute type 9 has an invalid length.
[ 1296.675342][T17368] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3663'.
[ 1296.713221][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1298.234530][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1299.617732][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1299.617955][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1300.194627][T17407] FAULT_INJECTION: forcing a failure.
[ 1300.194627][T17407] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1300.194674][T17407] CPU: 1 UID: 0 PID: 17407 Comm: syz.3.3672 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1300.194705][T17407] Tainted: [L]=SOFTLOCKUP
[ 1300.194715][T17407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1300.194730][T17407] Call Trace:
[ 1300.194740][T17407]  <TASK>
[ 1300.194751][T17407]  dump_stack_lvl+0xe8/0x150
[ 1300.194795][T17407]  should_fail_ex+0x46b/0x600
[ 1300.194847][T17407]  prepare_alloc_pages+0x22a/0x6b0
[ 1300.194888][T17407]  __alloc_frozen_pages_noprof+0x12f/0x380
[ 1300.194924][T17407]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1300.194961][T17407]  ? __pfx_policy_nodemask+0x10/0x10
[ 1300.195001][T17407]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1300.195036][T17407]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1300.195071][T17407]  alloc_pages_mpol+0xd1/0x380
[ 1300.195103][T17407]  alloc_pages_noprof+0xd2/0x2f0
[ 1300.195135][T17407]  get_free_pages_noprof+0xf/0x80
[ 1300.195166][T17407]  __kasan_populate_vmalloc+0x38/0x1d0
[ 1300.195191][T17407]  ? rt_spin_unlock+0x160/0x200
[ 1300.195217][T17407]  alloc_vmap_area+0xd47/0x1480
[ 1300.195258][T17407]  ? __pfx_alloc_vmap_area+0x10/0x10
[ 1300.195285][T17407]  ? __kmalloc_cache_node_noprof+0x27d/0x6c0
[ 1300.195316][T17407]  ? __get_vm_area_node+0x171/0x350
[ 1300.195342][T17407]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.195377][T17407]  __get_vm_area_node+0x226/0x350
[ 1300.195410][T17407]  __vmalloc_node_range_noprof+0x36a/0x1750
[ 1300.195440][T17407]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.195472][T17407]  ? rcu_is_watching+0x15/0xb0
[ 1300.195529][T17407]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1300.195561][T17407]  ? __pfx_clockevents_program_event+0x10/0x10
[ 1300.195615][T17407]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.195645][T17407]  __vmalloc_noprof+0xd2/0x120
[ 1300.195671][T17407]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.195707][T17407]  bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.195744][T17407]  bpf_prog_alloc+0x3c/0x1a0
[ 1300.195779][T17407]  bpf_prog_load+0x7ba/0x1ae0
[ 1300.195845][T17407]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1300.195877][T17407]  ? __might_fault+0xaf/0x130
[ 1300.195927][T17407]  ? bpf_lsm_bpf+0x9/0x20
[ 1300.195956][T17407]  ? security_bpf+0x7e/0x2d0
[ 1300.195991][T17407]  __sys_bpf+0x618/0x950
[ 1300.196024][T17407]  ? __pfx___sys_bpf+0x10/0x10
[ 1300.196052][T17407]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1300.196093][T17407]  ? ksys_write+0x248/0x270
[ 1300.196121][T17407]  ? __pfx_ksys_write+0x10/0x10
[ 1300.196150][T17407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1300.196174][T17407]  __x64_sys_bpf+0x7c/0x90
[ 1300.196201][T17407]  do_syscall_64+0x15f/0xf80
[ 1300.196233][T17407]  ? trace_irq_disable+0x3b/0x140
[ 1300.196262][T17407]  ? clear_bhb_loop+0x40/0x90
[ 1300.196289][T17407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1300.196311][T17407] RIP: 0033:0x7fabf32ac819
[ 1300.196334][T17407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1300.196355][T17407] RSP: 002b:00007fabf1506028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1300.196380][T17407] RAX: ffffffffffffffda RBX: 00007fabf3525fa0 RCX: 00007fabf32ac819
[ 1300.196397][T17407] RDX: 0000000000000078 RSI: 0000200000000440 RDI: 0000000000000005
[ 1300.196412][T17407] RBP: 00007fabf1506090 R08: 0000000000000000 R09: 0000000000000000
[ 1300.196426][T17407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1300.196440][T17407] R13: 00007fabf3526038 R14: 00007fabf3525fa0 R15: 00007ffc846e4888
[ 1300.196474][T17407]  </TASK>
[ 1300.234866][T17407] syz.3.3672: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[ 1300.235116][T17407] CPU: 0 UID: 0 PID: 17407 Comm: syz.3.3672 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1300.235198][T17407] Tainted: [L]=SOFTLOCKUP
[ 1300.235229][T17407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1300.235264][T17407] Call Trace:
[ 1300.235288][T17407]  <TASK>
[ 1300.235320][T17407]  dump_stack_lvl+0xe8/0x150
[ 1300.235438][T17407]  warn_alloc+0x263/0x3e0
[ 1300.235527][T17407]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1300.235616][T17407]  ? __pfx_warn_alloc+0x10/0x10
[ 1300.235823][T17407]  ? __get_vm_area_node+0x23f/0x350
[ 1300.235865][T17407]  ? __get_vm_area_node+0x171/0x350
[ 1300.235890][T17407]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.235925][T17407]  ? __get_vm_area_node+0x23f/0x350
[ 1300.236005][T17407]  __vmalloc_node_range_noprof+0x38f/0x1750
[ 1300.236093][T17407]  ? rcu_is_watching+0x15/0xb0
[ 1300.236263][T17407]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1300.236349][T17407]  ? __pfx_clockevents_program_event+0x10/0x10
[ 1300.236457][T17407]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.236536][T17407]  __vmalloc_noprof+0xd2/0x120
[ 1300.236849][T17407]  ? bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.236974][T17407]  bpf_prog_alloc_no_stats+0x4a/0x4f0
[ 1300.237077][T17407]  bpf_prog_alloc+0x3c/0x1a0
[ 1300.237170][T17407]  bpf_prog_load+0x7ba/0x1ae0
[ 1300.237293][T17407]  ? __pfx_bpf_prog_load+0x10/0x10
[ 1300.237359][T17407]  ? __might_fault+0xaf/0x130
[ 1300.237401][T17407]  ? bpf_lsm_bpf+0x9/0x20
[ 1300.237430][T17407]  ? security_bpf+0x7e/0x2d0
[ 1300.237519][T17407]  __sys_bpf+0x618/0x950
[ 1300.237638][T17407]  ? __pfx___sys_bpf+0x10/0x10
[ 1300.237709][T17407]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1300.237843][T17407]  ? ksys_write+0x248/0x270
[ 1300.238057][T17407]  ? __pfx_ksys_write+0x10/0x10
[ 1300.238157][T17407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1300.238232][T17407]  __x64_sys_bpf+0x7c/0x90
[ 1300.238319][T17407]  do_syscall_64+0x15f/0xf80
[ 1300.238407][T17407]  ? trace_irq_disable+0x3b/0x140
[ 1300.238494][T17407]  ? clear_bhb_loop+0x40/0x90
[ 1300.238593][T17407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1300.238666][T17407] RIP: 0033:0x7fabf32ac819
[ 1300.238750][T17407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1300.238825][T17407] RSP: 002b:00007fabf1506028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1300.238884][T17407] RAX: ffffffffffffffda RBX: 00007fabf3525fa0 RCX: 00007fabf32ac819
[ 1300.238900][T17407] RDX: 0000000000000078 RSI: 0000200000000440 RDI: 0000000000000005
[ 1300.238915][T17407] RBP: 00007fabf1506090 R08: 0000000000000000 R09: 0000000000000000
[ 1300.238957][T17407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1300.238999][T17407] R13: 00007fabf3526038 R14: 00007fabf3525fa0 R15: 00007ffc846e4888
[ 1300.239096][T17407]  </TASK>
[ 1300.241561][T17407] Mem-Info:
[ 1300.241609][T17407] active_anon:285 inactive_anon:6035 isolated_anon:0
[ 1300.241609][T17407]  active_file:26271 inactive_file:36499 isolated_file:0
[ 1300.241609][T17407]  unevictable:768 dirty:230 writeback:0
[ 1300.241609][T17407]  slab_reclaimable:12587 slab_unreclaimable:126439
[ 1300.241609][T17407]  mapped:31146 shmem:1384 pagetables:1463
[ 1300.241609][T17407]  sec_pagetables:0 bounce:0
[ 1300.241609][T17407]  kernel_misc_reclaimable:0
[ 1300.241609][T17407]  free:1275978 free_pcp:3971 free_cma:0
[ 1300.241783][T17407] Node 0 active_anon:1140kB inactive_anon:24140kB active_file:104740kB inactive_file:145996kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124452kB dirty:888kB writeback:0kB shmem:4000kB kernel_stack:13580kB pagetables:5696kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[ 1300.241935][T17407] Node 1 active_anon:0kB inactive_anon:0kB active_file:344kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132kB dirty:32kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[ 1300.242339][T17407] Node 0 DMA free:15328kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1300.242407][T17407] lowmem_reserve[]: 0 2505 2505 2505 2505
[ 1300.242445][T17407] Node 0 DMA32 free:1152832kB boost:0kB min:3928kB low:6464kB high:9000kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1140kB inactive_anon:24140kB active_file:104740kB inactive_file:145996kB unevictable:1536kB writepending:888kB zspages:0kB present:3129332kB managed:2565444kB mlocked:0kB bounce:0kB free_pcp:15884kB local_pcp:6600kB free_cma:0kB
[ 1300.242518][T17407] lowmem_reserve[]: 0 0 0 0 0
[ 1300.242555][T17407] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:148kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1300.242617][T17407] lowmem_reserve[]: 0 0 0 0 0
[ 1300.242653][T17407] Node 1 Normal free:3935752kB boost:0kB min:6368kB low:10476kB high:14584kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:344kB inactive_file:0kB unevictable:1536kB writepending:32kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1300.242841][T17407] lowmem_reserve[]: 0 0 0 0 0
[ 1300.242947][T17407] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB
[ 1300.256213][T17407] Node 0 DMA32: 3950*4kB (UM) 2697*8kB (UME) 2262*16kB (UME) 539*32kB (UME) 469*64kB (UM) 418*128kB (UME) 346*256kB (UM) 216*512kB (UME) 135*1024kB (UME) 37*2048kB (UM) 138*4096kB (M) = 1152768kB
[ 1300.256688][T17407] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1300.256997][T17407] Node 1 Normal: 4*4kB (U) 7*8kB (U) 8*16kB (UM) 8*32kB (UM) 3*64kB (UM) 3*128kB (UM) 2*256kB (UM) 2*512kB (M) 1*1024kB (M) 4*2048kB (M) 958*4096kB (UM) = 3935752kB
[ 1300.257487][T17407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1300.257536][T17407] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1300.257591][T17407] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1300.269169][T17407] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1300.269247][T17407] 64150 total pagecache pages
[ 1300.269280][T17407] 0 pages in swap cache
[ 1300.269296][T17407] Free swap  = 124996kB
[ 1300.269327][T17407] Total swap = 124996kB
[ 1300.269361][T17407] 2097051 pages RAM
[ 1300.269425][T17407] 0 pages HighMem/MovableOnly
[ 1300.269450][T17407] 424038 pages reserved
[ 1300.269493][T17407] 0 pages cma reserved
[ 1300.397455][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.397517][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.633112][  T993] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[ 1300.633726][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1300.826392][  T993] usb 1-1: Using ep0 maxpacket: 8
[ 1300.874228][  T993] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[ 1300.874328][  T993] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1301.421369][T17415] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3675'.
[ 1301.490739][  T993] pvrusb2: Hardware description: Terratec Grabster AV400
[ 1301.490759][  T993] pvrusb2: **********
[ 1301.490764][  T993] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[ 1301.490774][  T993] pvrusb2: Important functionality might not be entirely working.
[ 1301.490781][  T993] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[ 1301.501406][  T993] pvrusb2: **********
[ 1301.690270][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1301.691160][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1301.742896][T17419] netlink: 'syz.3.3676': attribute type 1 has an invalid length.
[ 1301.892048][ T2373] pvrusb2: Invalid write control endpoint
[ 1302.267417][T17015] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1302.505470][T17015] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1302.508230][T17015] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1303.457264][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1303.668305][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1303.671010][T17015] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1303.752020][T17015] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1303.944141][T17443] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3682'.
[ 1304.561251][T12927] usb 1-1: USB disconnect, device number 89
[ 1304.946959][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1305.181820][T17015] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1305.283690][T17015] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1305.422665][T17015] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1305.993167][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1306.055313][T17471] netlink: 'syz.0.3686': attribute type 12 has an invalid length.
[ 1306.174450][T17474] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3687'.
[ 1306.717113][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1306.805169][ T2373] pvrusb2: Invalid write control endpoint
[ 1306.805188][ T2373] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[ 1306.805201][ T2373] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[ 1306.805211][ T2373] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[ 1306.805223][ T2373] pvrusb2: Device being rendered inoperable
[ 1306.881127][ T2373] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[ 1306.881529][ T2373] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[ 1306.928814][ T2373] pvrusb2: Attached sub-driver cx25840
[ 1306.928846][ T2373] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[ 1306.928859][ T2373] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[ 1307.029264][T17487] netlink: 'syz.5.3689': attribute type 4 has an invalid length.
[ 1307.054846][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1308.243731][T16459] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1308.337066][ T9452] Bluetooth: hci1: command 0x0406 tx timeout
[ 1308.900945][T17506] netlink: 37 bytes leftover after parsing attributes in process `syz.5.3694'.
[ 1308.967118][T17510] FAULT_INJECTION: forcing a failure.
[ 1308.967118][T17510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1308.967156][T17510] CPU: 0 UID: 0 PID: 17510 Comm: syz.0.3695 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1308.967185][T17510] Tainted: [L]=SOFTLOCKUP
[ 1308.967192][T17510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1308.967203][T17510] Call Trace:
[ 1308.967210][T17510]  <TASK>
[ 1308.967218][T17510]  dump_stack_lvl+0xe8/0x150
[ 1308.967252][T17510]  should_fail_ex+0x46b/0x600
[ 1308.967287][T17510]  _copy_to_user+0x31/0xb0
[ 1308.967308][T17510]  simple_read_from_buffer+0xe1/0x170
[ 1308.967343][T17510]  proc_fail_nth_read+0x1be/0x230
[ 1308.967377][T17510]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1308.967410][T17510]  ? rw_verify_area+0x2ac/0x4e0
[ 1308.967430][T17510]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1308.967471][T17510]  vfs_read+0x212/0xa80
[ 1308.967501][T17510]  ? __pfx_vfs_read+0x10/0x10
[ 1308.967525][T17510]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1308.967553][T17510]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1308.967583][T17510]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1308.967612][T17510]  ? mutex_lock_nested+0x152/0x1d0
[ 1308.967633][T17510]  ? fdget_pos+0x252/0x320
[ 1308.967662][T17510]  ksys_read+0x156/0x270
[ 1308.967687][T17510]  ? __pfx_ksys_read+0x10/0x10
[ 1308.967717][T17510]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1308.967746][T17510]  do_syscall_64+0x15f/0xf80
[ 1308.967774][T17510]  ? trace_irq_disable+0x3b/0x140
[ 1308.967802][T17510]  ? clear_bhb_loop+0x40/0x90
[ 1308.967825][T17510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1308.967844][T17510] RIP: 0033:0x7f3f0707d04e
[ 1308.967864][T17510] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1308.967883][T17510] RSP: 002b:00007f3f0530dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1308.967907][T17510] RAX: ffffffffffffffda RBX: 00007f3f0530e6c0 RCX: 00007f3f0707d04e
[ 1308.967920][T17510] RDX: 000000000000000f RSI: 00007f3f0530e0a0 RDI: 0000000000000005
[ 1308.967931][T17510] RBP: 00007f3f0530e090 R08: 0000000000000000 R09: 0000000000000000
[ 1308.967942][T17510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1308.967953][T17510] R13: 00007f3f07336038 R14: 00007f3f07335fa0 R15: 00007ffc41c81fa8
[ 1308.967980][T17510]  </TASK>
[ 1309.285932][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1309.504787][T17516] FAULT_INJECTION: forcing a failure.
[ 1309.504787][T17516] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1309.504829][T17516] CPU: 0 UID: 0 PID: 17516 Comm: syz.5.3697 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1309.504861][T17516] Tainted: [L]=SOFTLOCKUP
[ 1309.504870][T17516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1309.504884][T17516] Call Trace:
[ 1309.504894][T17516]  <TASK>
[ 1309.504904][T17516]  dump_stack_lvl+0xe8/0x150
[ 1309.504944][T17516]  should_fail_ex+0x46b/0x600
[ 1309.504985][T17516]  _copy_from_iter+0x1d3/0x1670
[ 1309.505029][T17516]  ? trace_kmem_cache_alloc+0x29/0xe0
[ 1309.505055][T17516]  ? __alloc_skb+0x27d/0x7d0
[ 1309.505082][T17516]  ? __pfx__copy_from_iter+0x10/0x10
[ 1309.505116][T17516]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[ 1309.505144][T17516]  ? __alloc_skb+0x27d/0x7d0
[ 1309.505175][T17516]  ? netlink_sendmsg+0x650/0xb40
[ 1309.505202][T17516]  ? skb_put+0x11b/0x210
[ 1309.505231][T17516]  netlink_sendmsg+0x6c0/0xb40
[ 1309.505266][T17516]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1309.505294][T17516]  ? unwind_get_return_address+0x4d/0x90
[ 1309.505322][T17516]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1309.505351][T17516]  ____sys_sendmsg+0x94c/0x9c0
[ 1309.505386][T17516]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1309.505424][T17516]  ? import_iovec+0x73/0xa0
[ 1309.505467][T17516]  ___sys_sendmsg+0x2a5/0x360
[ 1309.505495][T17516]  ? __lock_acquire+0x6b5/0x2cf0
[ 1309.505521][T17516]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1309.505587][T17516]  ? __fget_files+0x2a/0x420
[ 1309.505609][T17516]  ? __fget_files+0x3a6/0x420
[ 1309.505641][T17516]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1309.505673][T17516]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1309.505712][T17516]  ? __pfx_ksys_write+0x10/0x10
[ 1309.505749][T17516]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.505776][T17516]  do_syscall_64+0x15f/0xf80
[ 1309.505809][T17516]  ? trace_irq_disable+0x3b/0x140
[ 1309.505840][T17516]  ? clear_bhb_loop+0x40/0x90
[ 1309.505868][T17516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1309.505890][T17516] RIP: 0033:0x7fea451ec819
[ 1309.505912][T17516] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1309.505933][T17516] RSP: 002b:00007fea4343e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1309.505958][T17516] RAX: ffffffffffffffda RBX: 00007fea45465fa0 RCX: 00007fea451ec819
[ 1309.505975][T17516] RDX: 0000000004000052 RSI: 0000200000000100 RDI: 0000000000000003
[ 1309.505990][T17516] RBP: 00007fea4343e090 R08: 0000000000000000 R09: 0000000000000000
[ 1309.506005][T17516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1309.506018][T17516] R13: 00007fea45466038 R14: 00007fea45465fa0 R15: 00007ffc16b17f98
[ 1309.506053][T17516]  </TASK>
[ 1309.730295][T17505] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1309.744425][T17509] syzkaller0: entered promiscuous mode
[ 1309.744540][T17509] syzkaller0: entered allmulticast mode
[ 1309.802411][T12927] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[ 1309.941258][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1309.953236][T12927] usb 1-1: too many configurations: 49, using maximum allowed: 8
[ 1309.958224][T12927] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1309.958357][T12927] usb 1-1: can't read configurations, error -61
[ 1310.146981][T12927] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[ 1310.293714][T12927] usb 1-1: too many configurations: 49, using maximum allowed: 8
[ 1310.311121][T12927] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1310.311165][T12927] usb 1-1: can't read configurations, error -61
[ 1310.330439][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1310.365952][T12927] usb usb1-port1: attempt power cycle
[ 1310.431804][T17505] tipc: Resetting bearer <eth:syzkaller0>
[ 1310.486551][T17531] FAULT_INJECTION: forcing a failure.
[ 1310.486551][T17531] name failslab, interval 1, probability 0, space 0, times 0
[ 1310.486592][T17531] CPU: 1 UID: 0 PID: 17531 Comm: syz.5.3701 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1310.486624][T17531] Tainted: [L]=SOFTLOCKUP
[ 1310.486632][T17531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1310.486648][T17531] Call Trace:
[ 1310.486657][T17531]  <TASK>
[ 1310.486668][T17531]  dump_stack_lvl+0xe8/0x150
[ 1310.486708][T17531]  should_fail_ex+0x46b/0x600
[ 1310.486748][T17531]  should_failslab+0xa8/0x100
[ 1310.486781][T17531]  kmem_cache_alloc_noprof+0x87/0x680
[ 1310.486809][T17531]  ? skb_clone+0x212/0x3a0
[ 1310.486845][T17531]  skb_clone+0x212/0x3a0
[ 1310.486873][T17531]  ? dev_queue_xmit_nit+0x268/0xad0
[ 1310.486905][T17531]  dev_queue_xmit_nit+0x29a/0xad0
[ 1310.486933][T17531]  ? dev_queue_xmit_nit+0x2d/0xad0
[ 1310.486972][T17531]  dev_hard_start_xmit+0x1b3/0x860
[ 1310.487004][T17531]  ? netdev_pick_tx+0xd1c/0xf30
[ 1310.487052][T17531]  __dev_queue_xmit+0x1428/0x3900
[ 1310.487082][T17531]  ? __netlink_deliver_tap+0x404/0x850
[ 1310.487107][T17531]  ? netlink_deliver_tap+0x19c/0x1b0
[ 1310.487132][T17531]  ? netlink_unicast+0x754/0x920
[ 1310.487180][T17531]  ? __dev_queue_xmit+0x2b3/0x3900
[ 1310.487231][T17531]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1310.487399][T17531]  ? __copy_skb_header+0xa3/0x4a0
[ 1310.487440][T17531]  ? __asan_memcpy+0x40/0x70
[ 1310.487463][T17531]  ? __skb_clone+0x63/0x7a0
[ 1310.487534][T17531]  ? __skb_clone+0x483/0x7a0
[ 1310.487574][T17531]  ? skb_clone+0x246/0x3a0
[ 1310.487610][T17531]  __netlink_deliver_tap+0x5ad/0x850
[ 1310.487653][T17531]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1310.487682][T17531]  netlink_deliver_tap+0x19c/0x1b0
[ 1310.487711][T17531]  netlink_unicast+0x754/0x920
[ 1310.487762][T17531]  netlink_sendmsg+0x813/0xb40
[ 1310.487802][T17531]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1310.487834][T17531]  ? unwind_get_return_address+0x4d/0x90
[ 1310.487865][T17531]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1310.487898][T17531]  ____sys_sendmsg+0x94c/0x9c0
[ 1310.487935][T17531]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1310.487978][T17531]  ? import_iovec+0x73/0xa0
[ 1310.488010][T17531]  ___sys_sendmsg+0x2a5/0x360
[ 1310.488039][T17531]  ? __lock_acquire+0x6b5/0x2cf0
[ 1310.488069][T17531]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1310.488147][T17531]  ? __fget_files+0x2a/0x420
[ 1310.488172][T17531]  ? __fget_files+0x3a6/0x420
[ 1310.488209][T17531]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1310.488243][T17531]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1310.488288][T17531]  ? __pfx_ksys_write+0x10/0x10
[ 1310.488329][T17531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1310.488356][T17531]  do_syscall_64+0x15f/0xf80
[ 1310.488391][T17531]  ? trace_irq_disable+0x3b/0x140
[ 1310.488423][T17531]  ? clear_bhb_loop+0x40/0x90
[ 1310.488453][T17531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1310.488485][T17531] RIP: 0033:0x7fea451ec819
[ 1310.488511][T17531] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1310.488531][T17531] RSP: 002b:00007fea4343e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1310.488561][T17531] RAX: ffffffffffffffda RBX: 00007fea45465fa0 RCX: 00007fea451ec819
[ 1310.488579][T17531] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000012
[ 1310.488595][T17531] RBP: 00007fea4343e090 R08: 0000000000000000 R09: 0000000000000000
[ 1310.488610][T17531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1310.488624][T17531] R13: 00007fea45466038 R14: 00007fea45465fa0 R15: 00007ffc16b17f98
[ 1310.488664][T17531]  </TASK>
[ 1310.879217][T17501] tipc: Resetting bearer <eth:syzkaller0>
[ 1310.889255][   T36] kauditd_printk_skb: 3 callbacks suppressed
[ 1310.889275][   T36] audit: type=1326 audit(1776335432.228:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.889328][   T36] audit: type=1326 audit(1776335432.228:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.889374][   T36] audit: type=1326 audit(1776335432.228:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.889822][   T36] audit: type=1326 audit(1776335432.228:1294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.889871][   T36] audit: type=1326 audit(1776335432.228:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.890593][   T36] audit: type=1326 audit(1776335432.228:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.891017][   T36] audit: type=1326 audit(1776335432.228:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.892429][T12927] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[ 1310.896057][   T36] audit: type=1326 audit(1776335432.228:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.900088][   T36] audit: type=1326 audit(1776335432.238:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.900473][   T36] audit: type=1326 audit(1776335432.238:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17525 comm="syz.3.3700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fabf32ac819 code=0x7ffc0000
[ 1310.919833][T12927] usb 1-1: too many configurations: 49, using maximum allowed: 8
[ 1311.002836][T12927] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1311.002878][T12927] usb 1-1: can't read configurations, error -61
[ 1311.224207][T12927] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 1311.226908][T17533] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3700'.
[ 1311.250661][T12927] usb 1-1: too many configurations: 49, using maximum allowed: 8
[ 1311.268427][T12927] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1311.268468][T12927] usb 1-1: can't read configurations, error -61
[ 1311.268899][T12927] usb usb1-port1: unable to enumerate USB device
[ 1311.283440][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1311.354626][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1311.516760][T17501] tipc: Disabling bearer <eth:syzkaller0>
[ 1311.699938][T17531] dummy0: entered promiscuous mode
[ 1311.700143][T17531] vlan2: entered promiscuous mode
[ 1312.419072][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1312.943624][T17015] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1312.967076][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1313.030899][T17015] 8021q: adding VLAN 0 to HW filter on device team0
[ 1313.159738][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1313.159994][ T5931] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1313.193075][  T993] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1313.233769][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1313.233891][ T5931] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1313.388623][  T993] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[ 1313.427163][T17557] netlink: 37 bytes leftover after parsing attributes in process `syz.5.3706'.
[ 1313.475634][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1313.491592][  T993] usb 3-1: New USB device found, idVendor=0582, idProduct=0114, bcdDevice= 0.40
[ 1313.491624][  T993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1313.491645][  T993] usb 3-1: Product: 
[ 1313.491661][  T993] usb 3-1: Manufacturer: 揸赢ﰴ褱럖䂝쿉鈯ꧡᓗ
[ 1313.768568][  T993] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found
[ 1313.769794][  T993] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1313.867265][  T993] usb 3-1: USB disconnect, device number 101
[ 1314.008715][T17566] FAULT_INJECTION: forcing a failure.
[ 1314.008715][T17566] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1314.008756][T17566] CPU: 0 UID: 0 PID: 17566 Comm: syz.3.3711 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1314.008786][T17566] Tainted: [L]=SOFTLOCKUP
[ 1314.008795][T17566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1314.008809][T17566] Call Trace:
[ 1314.008818][T17566]  <TASK>
[ 1314.008828][T17566]  dump_stack_lvl+0xe8/0x150
[ 1314.008868][T17566]  should_fail_ex+0x46b/0x600
[ 1314.008907][T17566]  _copy_from_iter+0x1d3/0x1670
[ 1314.008948][T17566]  ? trace_kmem_cache_alloc+0x29/0xe0
[ 1314.008974][T17566]  ? __alloc_skb+0x27d/0x7d0
[ 1314.008999][T17566]  ? __pfx__copy_from_iter+0x10/0x10
[ 1314.009031][T17566]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[ 1314.009058][T17566]  ? __alloc_skb+0x27d/0x7d0
[ 1314.009087][T17566]  ? netlink_sendmsg+0x650/0xb40
[ 1314.009112][T17566]  ? skb_put+0x11b/0x210
[ 1314.009140][T17566]  netlink_sendmsg+0x6c0/0xb40
[ 1314.009188][T17566]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1314.009215][T17566]  ? unwind_get_return_address+0x4d/0x90
[ 1314.009245][T17566]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1314.009276][T17566]  ____sys_sendmsg+0x94c/0x9c0
[ 1314.009311][T17566]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1314.009349][T17566]  ? import_iovec+0x73/0xa0
[ 1314.009377][T17566]  ___sys_sendmsg+0x2a5/0x360
[ 1314.009405][T17566]  ? __lock_acquire+0x6b5/0x2cf0
[ 1314.009430][T17566]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1314.009500][T17566]  ? __fget_files+0x2a/0x420
[ 1314.009521][T17566]  ? __fget_files+0x3a6/0x420
[ 1314.009554][T17566]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1314.009585][T17566]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1314.009625][T17566]  ? __pfx_ksys_write+0x10/0x10
[ 1314.009662][T17566]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1314.009688][T17566]  do_syscall_64+0x15f/0xf80
[ 1314.009721][T17566]  ? trace_irq_disable+0x3b/0x140
[ 1314.009751][T17566]  ? clear_bhb_loop+0x40/0x90
[ 1314.009780][T17566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1314.009804][T17566] RIP: 0033:0x7fabf32ac819
[ 1314.009827][T17566] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1314.009848][T17566] RSP: 002b:00007fabf1506028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1314.009873][T17566] RAX: ffffffffffffffda RBX: 00007fabf3525fa0 RCX: 00007fabf32ac819
[ 1314.009890][T17566] RDX: 0000000000000000 RSI: 0000200000000f00 RDI: 0000000000000003
[ 1314.009904][T17566] RBP: 00007fabf1506090 R08: 0000000000000000 R09: 0000000000000000
[ 1314.009918][T17566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1314.009931][T17566] R13: 00007fabf3526038 R14: 00007fabf3525fa0 R15: 00007ffc846e4888
[ 1314.009965][T17566]  </TASK>
[ 1314.414958][T16491] udevd[16491]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1314.552953][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1314.802257][ T8974] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[ 1314.957640][ T8974] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1314.957692][ T8974] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1314.959668][ T8974] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[ 1314.959708][ T8974] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1314.959734][ T8974] usb 6-1: SerialNumber: syz
[ 1315.025467][ T8974] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[ 1315.045602][ T8974] usb-storage 6-1:1.0: USB Mass Storage device detected
[ 1315.063660][ T8974] usb-storage 6-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[ 1315.067149][ T8974] scsi host1: usb-storage 6-1:1.0
[ 1315.479080][T17015] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1315.592713][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1315.992786][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1317.892673][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1318.345174][  T993] usb 6-1: USB disconnect, device number 7
[ 1318.790690][T17613] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3719'.
[ 1319.000507][T17015] veth0_vlan: entered promiscuous mode
[ 1319.028669][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1319.034039][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1319.108028][T17015] veth1_vlan: entered promiscuous mode
[ 1320.465621][T17015] veth0_macvtap: entered promiscuous mode
[ 1320.630218][T17015] veth1_macvtap: entered promiscuous mode
[ 1320.674102][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1320.868125][T17015] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1320.885154][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1320.911748][T17015] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1321.003922][T12927] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1321.055978][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1321.056046][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1321.056087][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1321.056127][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1321.154461][T12927] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1321.154492][T12927] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1321.155876][T12927] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1321.155909][T12927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1321.155950][T12927] usb 3-1: SerialNumber: syz
[ 1322.425282][T17637] FAULT_INJECTION: forcing a failure.
[ 1322.425282][T17637] name failslab, interval 1, probability 0, space 0, times 0
[ 1322.425317][T17637] CPU: 0 UID: 0 PID: 17637 Comm: syz.0.3729 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1322.425343][T17637] Tainted: [L]=SOFTLOCKUP
[ 1322.425350][T17637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1322.425372][T17637] Call Trace:
[ 1322.425380][T17637]  <TASK>
[ 1322.425388][T17637]  dump_stack_lvl+0xe8/0x150
[ 1322.425421][T17637]  should_fail_ex+0x46b/0x600
[ 1322.425454][T17637]  should_failslab+0xa8/0x100
[ 1322.425491][T17637]  __kmalloc_node_track_caller_noprof+0xe2/0x7e0
[ 1322.425518][T17637]  ? xfrm_do_migrate+0x7a0/0xaa0
[ 1322.425541][T17637]  kmemdup_noprof+0x2b/0x70
[ 1322.425563][T17637]  xfrm_do_migrate+0x7a0/0xaa0
[ 1322.425594][T17637]  ? __pfx_xfrm_do_migrate+0x10/0x10
[ 1322.425652][T17637]  ? rcu_is_watching+0x15/0xb0
[ 1322.425682][T17637]  ? __nla_parse+0x40/0x60
[ 1322.425705][T17637]  xfrm_user_rcv_msg+0x7ae/0xc40
[ 1322.425738][T17637]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 1322.425795][T17637]  ? __lock_acquire+0x6b5/0x2cf0
[ 1322.425819][T17637]  ? __lock_acquire+0x6b5/0x2cf0
[ 1322.425843][T17637]  netlink_rcv_skb+0x232/0x4b0
[ 1322.425866][T17637]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 1322.425895][T17637]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1322.425926][T17637]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1322.425957][T17637]  ? mutex_lock_nested+0x152/0x1d0
[ 1322.425977][T17637]  ? xfrm_netlink_rcv+0x6a/0x90
[ 1322.426007][T17637]  xfrm_netlink_rcv+0x79/0x90
[ 1322.426036][T17637]  netlink_unicast+0x780/0x920
[ 1322.426076][T17637]  netlink_sendmsg+0x813/0xb40
[ 1322.426105][T17637]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1322.426128][T17637]  ? unwind_get_return_address+0x4d/0x90
[ 1322.426153][T17637]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1322.426189][T17637]  ____sys_sendmsg+0x94c/0x9c0
[ 1322.426220][T17637]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1322.426254][T17637]  ? import_iovec+0x73/0xa0
[ 1322.426280][T17637]  ___sys_sendmsg+0x2a5/0x360
[ 1322.426305][T17637]  ? __lock_acquire+0x6b5/0x2cf0
[ 1322.426325][T17637]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1322.426377][T17637]  ? __fget_files+0x2a/0x420
[ 1322.426393][T17637]  ? __fget_files+0x3a6/0x420
[ 1322.426418][T17637]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1322.426443][T17637]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1322.426474][T17637]  ? __pfx_ksys_write+0x10/0x10
[ 1322.426501][T17637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1322.426521][T17637]  do_syscall_64+0x15f/0xf80
[ 1322.426546][T17637]  ? trace_irq_disable+0x3b/0x140
[ 1322.426571][T17637]  ? clear_bhb_loop+0x40/0x90
[ 1322.426592][T17637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1322.426611][T17637] RIP: 0033:0x7f3f070bc819
[ 1322.426629][T17637] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1322.426645][T17637] RSP: 002b:00007f3f0530e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1322.426666][T17637] RAX: ffffffffffffffda RBX: 00007f3f07335fa0 RCX: 00007f3f070bc819
[ 1322.426680][T17637] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1322.426692][T17637] RBP: 00007f3f0530e090 R08: 0000000000000000 R09: 0000000000000000
[ 1322.426703][T17637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1322.426714][T17637] R13: 00007f3f07336038 R14: 00007f3f07335fa0 R15: 00007ffc41c81fa8
[ 1322.426742][T17637]  </TASK>
[ 1322.636904][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1322.831268][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1322.959147][T12927] usb 3-1: invalid UAC_HEADER (v1)
[ 1323.594376][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1324.134257][T12927] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1324.172435][T12927] usb 3-1: USB disconnect, device number 102
[ 1324.286289][T17652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1324.370007][T17652] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1324.382232][ T5780] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 1324.551855][ T5780] usb 4-1: config 1 has an invalid interface number: 7 but max is 0
[ 1324.551888][ T5780] usb 4-1: config 1 has no interface number 0
[ 1324.551937][ T5780] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 64
[ 1324.551967][ T5780] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1324.596620][ T5780] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 1324.596659][ T5780] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1324.596685][ T5780] usb 4-1: Product: syz
[ 1324.596697][ T5780] usb 4-1: Manufacturer: syz
[ 1324.596709][ T5780] usb 4-1: SerialNumber: syz
[ 1324.635305][ T6144] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1324.661087][T17650] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1324.693510][T16491] udevd[16491]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1324.856276][ T5780] usb 4-1: Error in usbnet_get_endpoints (-22)
[ 1324.951130][ T9452] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1325.030900][ T9452] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1325.046063][ T5780] usb 4-1: USB disconnect, device number 77
[ 1325.058436][ T9452] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1325.087459][ T9452] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1325.100458][ T9452] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1325.457062][T17655] lo speed is unknown, defaulting to 1000
[ 1325.462039][T17655] lo speed is unknown, defaulting to 1000
[ 1325.998295][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1326.303679][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1327.277911][ T9452] Bluetooth: hci2: command tx timeout
[ 1327.611270][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1327.971370][T17676] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1328.692655][ T6042] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1328.875855][T17687] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3742'.
[ 1328.922289][ T5780] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1329.175625][ T5780] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[ 1329.175659][ T5780] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1329.175683][ T5780] usb 6-1: config 220 has no interface number 2
[ 1329.175757][ T5780] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1329.175789][ T5780] usb 6-1: config 220 interface 0 has no altsetting 0
[ 1329.175809][ T5780] usb 6-1: config 220 interface 76 has no altsetting 0
[ 1329.175829][ T5780] usb 6-1: config 220 interface 1 has no altsetting 0
[ 1329.181342][ T5780] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1329.181376][ T5780] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1329.181399][ T5780] usb 6-1: Product: syz
[ 1329.181416][ T5780] usb 6-1: Manufacturer: syz
[ 1329.181434][ T5780] usb 6-1: SerialNumber: syz
[ 1330.155078][ T9452] Bluetooth: hci2: command tx timeout
[ 1330.254724][T17692] bond2: option lacp_rate: invalid value (4)
[ 1330.286671][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1330.483724][ T5800] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1330.562445][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1330.600569][T17692] bond2 (unregistering): Released all slaves
[ 1330.771167][ T5780] usb 6-1: selecting invalid altsetting 0
[ 1330.844836][ T5780] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1330.844873][ T5780] uvcvideo 6-1:220.0: No valid video chain found.
[ 1330.853662][ T5780] usb 6-1: selecting invalid altsetting 0
[ 1330.855034][ T5780] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[ 1330.931009][ T5780] usb 6-1: USB disconnect, device number 8
[ 1331.129338][T17655] chnl_net:caif_netlink_parms(): no params data found
[ 1331.386364][T17712] FAULT_INJECTION: forcing a failure.
[ 1331.386364][T17712] name failslab, interval 1, probability 0, space 0, times 0
[ 1331.386406][T17712] CPU: 1 UID: 0 PID: 17712 Comm: syz.2.3748 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1331.386438][T17712] Tainted: [L]=SOFTLOCKUP
[ 1331.386448][T17712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1331.386464][T17712] Call Trace:
[ 1331.386473][T17712]  <TASK>
[ 1331.386485][T17712]  dump_stack_lvl+0xe8/0x150
[ 1331.386526][T17712]  should_fail_ex+0x46b/0x600
[ 1331.386569][T17712]  should_failslab+0xa8/0x100
[ 1331.386603][T17712]  kmem_cache_alloc_noprof+0x87/0x680
[ 1331.386632][T17712]  ? sk_prot_alloc+0x57/0x210
[ 1331.386667][T17712]  sk_prot_alloc+0x57/0x210
[ 1331.386692][T17712]  ? sk_alloc+0x27/0x390
[ 1331.386723][T17712]  sk_alloc+0x3a/0x390
[ 1331.386755][T17712]  inet6_create+0x7f0/0x1270
[ 1331.386779][T17712]  ? inet6_create+0x83/0x1270
[ 1331.386810][T17712]  __sock_create+0x4b2/0x9d0
[ 1331.386845][T17712]  mptcp_subflow_create_socket+0xfb/0x800
[ 1331.386877][T17712]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[ 1331.386904][T17712]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1331.386940][T17712]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1331.386972][T17712]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1331.387011][T17712]  __mptcp_nmpc_sk+0x14e/0x790
[ 1331.387039][T17712]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[ 1331.387079][T17712]  mptcp_sendmsg_fastopen+0xd4/0x580
[ 1331.387123][T17712]  mptcp_sendmsg+0x1b0c/0x1dc0
[ 1331.387168][T17712]  ? smack_socket_sendmsg+0x4b4/0x590
[ 1331.387201][T17712]  ? __pfx_smack_socket_sendmsg+0x10/0x10
[ 1331.387238][T17712]  ? __lock_acquire+0x6b5/0x2cf0
[ 1331.387268][T17712]  ? __pfx_mptcp_sendmsg+0x10/0x10
[ 1331.387306][T17712]  ? inet6_sendmsg+0x101/0x120
[ 1331.387343][T17712]  ____sys_sendmsg+0x5aa/0x9c0
[ 1331.387378][T17712]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1331.387418][T17712]  ? import_iovec+0x73/0xa0
[ 1331.387446][T17712]  ___sys_sendmsg+0x2a5/0x360
[ 1331.387473][T17712]  ? __lock_acquire+0x6b5/0x2cf0
[ 1331.387499][T17712]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1331.387566][T17712]  ? __fget_files+0x2a/0x420
[ 1331.387588][T17712]  ? __fget_files+0x3a6/0x420
[ 1331.387622][T17712]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1331.387655][T17712]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1331.387694][T17712]  ? __pfx_ksys_write+0x10/0x10
[ 1331.387747][T17712]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1331.387773][T17712]  do_syscall_64+0x15f/0xf80
[ 1331.387807][T17712]  ? trace_irq_disable+0x3b/0x140
[ 1331.387837][T17712]  ? clear_bhb_loop+0x40/0x90
[ 1331.387866][T17712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1331.387890][T17712] RIP: 0033:0x7ff4f433c819
[ 1331.387913][T17712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1331.387933][T17712] RSP: 002b:00007ff4f256d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1331.387958][T17712] RAX: ffffffffffffffda RBX: 00007ff4f45b6090 RCX: 00007ff4f433c819
[ 1331.387975][T17712] RDX: 0000000020000081 RSI: 0000200000000780 RDI: 0000000000000005
[ 1331.387989][T17712] RBP: 00007ff4f256d090 R08: 0000000000000000 R09: 0000000000000000
[ 1331.388003][T17712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1331.388016][T17712] R13: 00007ff4f45b6128 R14: 00007ff4f45b6090 R15: 00007ffe455f6e98
[ 1331.388052][T17712]  </TASK>
[ 1331.594153][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1332.259115][ T9452] Bluetooth: hci2: command tx timeout
[ 1332.643951][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1332.865076][T17704] lo speed is unknown, defaulting to 1000
[ 1333.085363][T17704] lo speed is unknown, defaulting to 1000
[ 1333.131682][   T36] kauditd_printk_skb: 15 callbacks suppressed
[ 1333.131703][   T36] audit: type=1326 audit(1776335454.468:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17749 comm="syz.2.3750" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff4f433c819 code=0x0
[ 1333.357200][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1333.673548][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1334.313248][ T9452] Bluetooth: hci2: command tx timeout
[ 1334.718015][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1335.812755][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1336.395032][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1337.261219][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1337.572800][T17828] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3764'.
[ 1337.580506][ T6572] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1338.750764][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1338.800202][T17833] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1339.310826][T17655] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1339.310966][T17655] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1339.311223][T17655] bridge_slave_0: entered allmulticast mode
[ 1339.357170][T17655] bridge_slave_0: entered promiscuous mode
[ 1339.444763][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1339.754365][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1340.418715][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1340.643960][T17655] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1340.644205][T17655] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1340.644492][T17655] bridge_slave_1: entered allmulticast mode
[ 1340.647939][T17655] bridge_slave_1: entered promiscuous mode
[ 1340.649736][T17849] netlink: 'syz.2.3772': attribute type 10 has an invalid length.
[ 1340.791375][T17858] FAULT_INJECTION: forcing a failure.
[ 1340.791375][T17858] name failslab, interval 1, probability 0, space 0, times 0
[ 1340.791405][T17858] CPU: 0 UID: 0 PID: 17858 Comm: syz.5.3775 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1340.791428][T17858] Tainted: [L]=SOFTLOCKUP
[ 1340.791435][T17858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1340.791446][T17858] Call Trace:
[ 1340.791452][T17858]  <TASK>
[ 1340.791459][T17858]  dump_stack_lvl+0xe8/0x150
[ 1340.791489][T17858]  should_fail_ex+0x46b/0x600
[ 1340.791519][T17858]  should_failslab+0xa8/0x100
[ 1340.791545][T17858]  kmem_cache_alloc_noprof+0x87/0x680
[ 1340.791565][T17858]  ? __netlink_lookup+0xc6/0x8b0
[ 1340.791584][T17858]  ? skb_clone+0x212/0x3a0
[ 1340.791609][T17858]  skb_clone+0x212/0x3a0
[ 1340.791633][T17858]  __netlink_deliver_tap+0x404/0x850
[ 1340.791661][T17858]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1340.791680][T17858]  netlink_deliver_tap+0x19c/0x1b0
[ 1340.791699][T17858]  netlink_unicast+0x754/0x920
[ 1340.791734][T17858]  netlink_sendmsg+0x813/0xb40
[ 1340.791759][T17858]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1340.791779][T17858]  ? unwind_get_return_address+0x4d/0x90
[ 1340.791800][T17858]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1340.791823][T17858]  ____sys_sendmsg+0x94c/0x9c0
[ 1340.791850][T17858]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1340.791877][T17858]  ? import_iovec+0x73/0xa0
[ 1340.791897][T17858]  ___sys_sendmsg+0x2a5/0x360
[ 1340.791917][T17858]  ? __lock_acquire+0x6b5/0x2cf0
[ 1340.791936][T17858]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1340.791982][T17858]  ? __fget_files+0x2a/0x420
[ 1340.791997][T17858]  ? __fget_files+0x3a6/0x420
[ 1340.792020][T17858]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1340.792043][T17858]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1340.792110][T17858]  ? __pfx_ksys_write+0x10/0x10
[ 1340.792144][T17858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1340.792168][T17858]  do_syscall_64+0x15f/0xf80
[ 1340.792199][T17858]  ? trace_irq_disable+0x3b/0x140
[ 1340.792229][T17858]  ? clear_bhb_loop+0x40/0x90
[ 1340.792256][T17858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1340.792277][T17858] RIP: 0033:0x7fea451ec819
[ 1340.792299][T17858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1340.792317][T17858] RSP: 002b:00007fea4343e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1340.792340][T17858] RAX: ffffffffffffffda RBX: 00007fea45465fa0 RCX: 00007fea451ec819
[ 1340.792357][T17858] RDX: 0000000020008000 RSI: 0000200000000480 RDI: 0000000000000003
[ 1340.792371][T17858] RBP: 00007fea4343e090 R08: 0000000000000000 R09: 0000000000000000
[ 1340.792385][T17858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1340.792398][T17858] R13: 00007fea45466038 R14: 00007fea45465fa0 R15: 00007ffc16b17f98
[ 1340.792434][T17858]  </TASK>
[ 1340.793413][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1340.892249][ T5780] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[ 1341.106513][ T5780] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1341.106555][ T5780] usb 4-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[ 1341.106570][ T5780] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1341.106613][ T5780] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1
[ 1341.106636][ T5780] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64
[ 1341.108908][ T5780] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1341.108947][ T5780] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1341.108972][ T5780] usb 4-1: Product: syz
[ 1341.108988][ T5780] usb 4-1: Manufacturer: syz
[ 1341.211968][ T5780] cdc_wdm 4-1:1.0: skipping garbage
[ 1341.211990][ T5780] cdc_wdm 4-1:1.0: skipping garbage
[ 1341.255335][ T5780] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1341.531206][T17859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1341.531934][T17859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1341.550430][T17862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1341.556616][T17862] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1341.617528][    T9] usb 4-1: USB disconnect, device number 78
[ 1341.819278][ T6572] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1341.832603][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1341.857167][T17865] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3777'.
[ 1341.857196][T17865] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3777'.
[ 1342.063483][T17655] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1342.067430][T17655] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1342.474991][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1343.091146][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1344.603788][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1344.703983][ T6572] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1344.738109][T17867] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 1344.739151][T17876] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1344.753612][T17655] team0: Port device team_slave_0 added
[ 1345.675454][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1346.206356][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1346.326406][T17655] team0: Port device team_slave_1 added
[ 1346.383404][T17897] f2fs: Unknown parameter 'discardr '
[ 1346.712870][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1347.814268][ T5780] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1348.888886][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1348.931239][T13402] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1349.016710][T13402] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1349.021401][T13402] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1349.102899][T17911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3791'.
[ 1349.182819][T13402] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1349.186875][T13402] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1349.234800][ T6572] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1349.283319][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1349.923845][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1350.573013][ T8974] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1350.577921][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1350.736166][ T8974] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1350.736197][ T8974] usb 6-1: config 0 has no interface number 0
[ 1350.736246][ T8974] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1350.736276][ T8974] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1350.736317][ T8974] usb 6-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[ 1350.736343][ T8974] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1350.812712][T17655] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1350.812733][T17655] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1350.812770][T17655] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1350.821908][T17655] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1350.821928][T17655] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1350.821960][T17655] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1350.913639][ T8974] usb 6-1: config 0 descriptor??
[ 1350.966776][ T8974] usbhid 6-1:0.1: fixing wrong optional hid class descriptors count
[ 1350.966800][ T8974] usbhid 6-1:0.1: can't add hid device: -22
[ 1350.966916][ T8974] usbhid 6-1:0.1: probe with driver usbhid failed with error -22
[ 1350.994563][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1351.304528][ T5780] usb 6-1: USB disconnect, device number 9
[ 1351.427683][T17926] openvswitch: netlink: IP tunnel dst address not specified
[ 1351.439854][T17655] hsr_slave_0: entered promiscuous mode
[ 1351.461749][T17655] hsr_slave_1: entered promiscuous mode
[ 1351.512440][ T9452] Bluetooth: hci3: command tx timeout
[ 1351.533179][T17908] lo speed is unknown, defaulting to 1000
[ 1351.861768][T17908] lo speed is unknown, defaulting to 1000
[ 1352.092442][ T5911] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1352.437334][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1353.114782][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1353.592539][ T9452] Bluetooth: hci3: command tx timeout
[ 1354.435865][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1355.982430][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1356.009589][ T9452] Bluetooth: hci3: command tx timeout
[ 1356.093093][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1356.655594][T17965] openvswitch: netlink: IP tunnel dst address not specified
[ 1356.840744][T17959] input: syz1 as /devices/virtual/input/input21
[ 1356.841065][T17959] input: failed to attach handler leds to device input21, error: -6
[ 1357.100588][T17704] syz_tun (unregistering): left allmulticast mode
[ 1357.100621][T17704] syz_tun (unregistering): left promiscuous mode
[ 1357.100745][T17704] bridge0: port 3(syz_tun) entered disabled state
[ 1357.135292][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1357.303299][ T8974] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1357.583004][ T8974] usb 6-1: Using ep0 maxpacket: 32
[ 1357.585446][ T8974] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1357.589438][ T8974] usb 6-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[ 1357.589476][ T8974] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1357.589499][ T8974] usb 6-1: Product: syz
[ 1357.589516][ T8974] usb 6-1: Manufacturer: syz
[ 1357.589533][ T8974] usb 6-1: SerialNumber: syz
[ 1357.749275][ T8974] snd-ua101 6-1:1.1: sample format descriptor not found
[ 1357.749309][ T8974] snd-ua101 6-1:1.0: invalid num_altsetting
[ 1357.914065][T17970] binder: 17968:17970 ioctl c0306201 0 returned -14
[ 1357.960343][T17970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1357.976743][T17970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1358.075423][ T9452] Bluetooth: hci3: command tx timeout
[ 1358.390503][T17980] FAULT_INJECTION: forcing a failure.
[ 1358.390503][T17980] name failslab, interval 1, probability 0, space 0, times 0
[ 1358.390545][T17980] CPU: 1 UID: 0 PID: 17980 Comm: syz.2.3812 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1358.390578][T17980] Tainted: [L]=SOFTLOCKUP
[ 1358.390587][T17980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1358.390601][T17980] Call Trace:
[ 1358.390611][T17980]  <TASK>
[ 1358.390621][T17980]  dump_stack_lvl+0xe8/0x150
[ 1358.390663][T17980]  should_fail_ex+0x46b/0x600
[ 1358.390709][T17980]  should_failslab+0xa8/0x100
[ 1358.390742][T17980]  kmem_cache_alloc_noprof+0x87/0x680
[ 1358.390778][T17980]  ? __netlink_lookup+0xc6/0x8b0
[ 1358.390805][T17980]  ? skb_clone+0x212/0x3a0
[ 1358.390841][T17980]  skb_clone+0x212/0x3a0
[ 1358.390876][T17980]  __netlink_deliver_tap+0x404/0x850
[ 1358.390916][T17980]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1358.390945][T17980]  netlink_deliver_tap+0x19c/0x1b0
[ 1358.390973][T17980]  netlink_unicast+0x754/0x920
[ 1358.391022][T17980]  netlink_sendmsg+0x813/0xb40
[ 1358.391058][T17980]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1358.391087][T17980]  ? unwind_get_return_address+0x4d/0x90
[ 1358.391117][T17980]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1358.391156][T17980]  ____sys_sendmsg+0x94c/0x9c0
[ 1358.391191][T17980]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1358.391232][T17980]  ? import_iovec+0x73/0xa0
[ 1358.391261][T17980]  ___sys_sendmsg+0x2a5/0x360
[ 1358.391290][T17980]  ? __lock_acquire+0x6b5/0x2cf0
[ 1358.391318][T17980]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1358.391387][T17980]  ? __fget_files+0x2a/0x420
[ 1358.391409][T17980]  ? __fget_files+0x3a6/0x420
[ 1358.391443][T17980]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1358.391476][T17980]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1358.391517][T17980]  ? __pfx_ksys_write+0x10/0x10
[ 1358.391560][T17980]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1358.391587][T17980]  do_syscall_64+0x15f/0xf80
[ 1358.391620][T17980]  ? trace_irq_disable+0x3b/0x140
[ 1358.391651][T17980]  ? clear_bhb_loop+0x40/0x90
[ 1358.391680][T17980]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1358.391704][T17980] RIP: 0033:0x7ff4f433c819
[ 1358.391727][T17980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1358.391747][T17980] RSP: 002b:00007ff4f258e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1358.391779][T17980] RAX: ffffffffffffffda RBX: 00007ff4f45b5fa0 RCX: 00007ff4f433c819
[ 1358.391798][T17980] RDX: 0000000000004800 RSI: 0000200000000000 RDI: 0000000000000003
[ 1358.391812][T17980] RBP: 00007ff4f258e090 R08: 0000000000000000 R09: 0000000000000000
[ 1358.391827][T17980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1358.391841][T17980] R13: 00007ff4f45b6038 R14: 00007ff4f45b5fa0 R15: 00007ffe455f6e98
[ 1358.391878][T17980]  </TASK>
[ 1358.708598][   T31] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1358.722373][   T43] usb 6-1: USB disconnect, device number 10
[ 1359.033920][ T8974] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1359.322574][T17996] openvswitch: netlink: IP tunnel dst address not specified
[ 1359.642835][ T6572] bridge_slave_1: left allmulticast mode
[ 1359.642867][ T6572] bridge_slave_1: left promiscuous mode
[ 1359.643142][ T6572] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1359.837705][T12927] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1360.219326][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1361.034451][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1361.065580][ T6572] bridge_slave_0: left allmulticast mode
[ 1361.065614][ T6572] bridge_slave_0: left promiscuous mode
[ 1361.065870][ T6572] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1361.838297][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.838382][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1362.097180][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1362.099515][  T993] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1362.363598][ T6572] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1362.453555][ T6572] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1362.479764][ T6572] bond0 (unregistering): Released all slaves
[ 1362.551401][T18011] netlink: 13 bytes leftover after parsing attributes in process `syz.5.3823'.
[ 1363.188684][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1364.173314][T18044] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1364.248369][   T43] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1364.632975][T17908] chnl_net:caif_netlink_parms(): no params data found
[ 1365.135114][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing u[ 1365.135114][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1365.841095][T18074] ==================================================================
[ 1365.841117][T18074] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60
[ 1365.841160][T18074] Read of size 1 at addr ffff888064a00068 by task syz.5.3842/18074
[ 1365.841179][T18074] 
[ 1365.841195][T18074] CPU: 1 UID: 0 PID: 18074 Comm: syz.5.3842 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1365.841224][T18074] Tainted: [L]=SOFTLOCKUP
[ 1365.841233][T18074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1365.841247][T18074] Call Trace:
[ 1365.841255][T18074]  <TASK>
[ 1365.841264][T18074]  dump_stack_lvl+0xe8/0x150
[ 1365.841298][T18074]  print_address_description+0x55/0x1e0
[ 1365.841327][T18074]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1365.841354][T18074]  print_report+0x58/0x70
[ 1365.841379][T18074]  kasan_report+0x117/0x150
[ 1365.841407][T18074]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1365.841437][T18074]  ? rt_mutex_slowunlock+0xbf/0x8b0
[ 1365.841460][T18074]  __kasan_check_byte+0x2a/0x40
[ 1365.841483][T18074]  lock_acquire+0x84/0x350
[ 1365.841524][T18074]  ? rcu_is_watching+0x15/0xb0
[ 1365.841547][T18074]  _raw_spin_lock_irqsave+0x40/0x60
[ 1365.841573][T18074]  ? rt_mutex_slowunlock+0xbf/0x8b0
[ 1365.841595][T18074]  rt_mutex_slowunlock+0xbf/0x8b0
[ 1365.841621][T18074]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1365.841646][T18074]  ? __rcu_read_unlock+0x83/0xe0
[ 1365.841672][T18074]  ? rt_spin_unlock+0x160/0x200
[ 1365.841695][T18074]  dma_buf_fd+0x178/0x330
[ 1365.841718][T18074]  udmabuf_create+0xf26/0xfe0
[ 1365.841757][T18074]  ? __pfx_udmabuf_create+0x10/0x10
[ 1365.841793][T18074]  udmabuf_ioctl+0x1f6/0x310
[ 1365.841830][T18074]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1365.841852][T18074]  ? __pfx_udmabuf_ioctl+0x10/0x10
[ 1365.841886][T18074]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1365.841917][T18074]  ? __pfx_udmabuf_ioctl+0x10/0x10
[ 1365.841942][T18074]  __se_sys_ioctl+0xff/0x170
[ 1365.841967][T18074]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1365.841989][T18074]  do_syscall_64+0x15f/0xf80
[ 1365.842017][T18074]  ? clear_bhb_loop+0x40/0x90
[ 1365.842039][T18074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1365.842060][T18074] RIP: 0033:0x7fea451ec819
[ 1365.842081][T18074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1365.842100][T18074] RSP: 002b:00007fea433fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1365.842124][T18074] RAX: ffffffffffffffda RBX: 00007fea45466180 RCX: 00007fea451ec819
[ 1365.842141][T18074] RDX: 0000200000000000 RSI: 0000000040187542 RDI: 0000000000000007
[ 1365.842155][T18074] RBP: 00007fea45282c91 R08: 0000000000000000 R09: 0000000000000000
[ 1365.842169][T18074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1365.842181][T18074] R13: 00007fea45466218 R14: 00007fea45466180 R15: 00007ffc16b17f98
[ 1365.842207][T18074]  </TASK>
[ 1365.842215][T18074] 
[ 1365.842220][T18074] Allocated by task 18074:
[ 1365.842231][T18074]  kasan_save_track+0x3e/0x80
[ 1365.842250][T18074]  __kasan_kmalloc+0x93/0xb0
[ 1365.842270][T18074]  __kmalloc_noprof+0x3e7/0x7b0
[ 1365.842291][T18074]  dma_buf_export+0x3ba/0xad0
[ 1365.842309][T18074]  udmabuf_create+0xee5/0xfe0
[ 1365.842332][T18074]  udmabuf_ioctl+0x1f6/0x310
[ 1365.842355][T18074]  __se_sys_ioctl+0xff/0x170
[ 1365.842376][T18074]  do_syscall_64+0x15f/0xf80
[ 1365.842400][T18074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1365.842417][T18074] 
[ 1365.842422][T18074] Freed by task 18072:
[ 1365.842431][T18074]  kasan_save_track+0x3e/0x80
[ 1365.842450][T18074]  kasan_save_free_info+0x46/0x50
[ 1365.842475][T18074]  __kasan_slab_free+0x5c/0x80
[ 1365.842494][T18074]  kfree+0x1c5/0x6c0
[ 1365.842510][T18074]  __dentry_kill+0x211/0x5e0
[ 1365.842538][T18074]  finish_dput+0xc9/0x480
[ 1365.842553][T18074]  __fput+0x6a3/0xa70
[ 1365.842568][T18074]  task_work_run+0x1d9/0x270
[ 1365.842588][T18074]  exit_to_user_mode_loop+0xed/0x480
[ 1365.842614][T18074]  do_syscall_64+0x33e/0xf80
[ 1365.842639][T18074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1365.842658][T18074] 
[ 1365.842663][T18074] The buggy address belongs to the object at ffff888064a00000
[ 1365.842663][T18074]  which belongs to the cache kmalloc-1k of size 1024
[ 1365.842681][T18074] The buggy address is located 104 bytes inside of
[ 1365.842681][T18074]  freed 1024-byte region [ffff888064a00000, ffff888064a00400)
[ 1365.842702][T18074] 
[ 1365.842707][T18074] The buggy address belongs to the physical page:
[ 1365.842728][T18074] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64a00
[ 1365.842748][T18074] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1365.842765][T18074] flags: 0x80000000000040(head|node=0|zone=1)
[ 1365.842782][T18074] page_type: f5(slab)
[ 1365.842801][T18074] raw: 0080000000000040 ffff88801a020dc0 dead000000000100 dead000000000122
[ 1365.842829][T18074] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 1365.842849][T18074] head: 0080000000000040 ffff88801a020dc0 dead000000000100 dead000000000122
[ 1365.842866][T18074] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000
[ 1365.842883][T18074] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[ 1365.842900][T18074] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 1365.842911][T18074] page dumped because: kasan: bad access detected
[ 1365.842927][T18074] page_owner tracks the page as allocated
[ 1365.842936][T18074] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6572, tgid 6572 (kworker/u8:16), ts 212836225085, free_ts 212699822459
[ 1365.842972][T18074]  post_alloc_hook+0x231/0x280
[ 1365.842993][T18074]  get_page_from_freelist+0x27c8/0x2840
[ 1365.843020][T18074]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1365.843045][T18074]  allocate_slab+0x77/0x660
[ 1365.843072][T18074]  refill_objects+0x33c/0x3d0
[ 1365.843096][T18074]  __pcs_replace_empty_main+0x373/0x720
[ 1365.843124][T18074]  __kmalloc_noprof+0x530/0x7b0
[ 1365.843145][T18074]  ieee802_11_parse_elems_full+0x159/0x2ab0
[ 1365.843165][T18074]  ieee80211_ibss_rx_queued_mgmt+0x4ca/0x2cb0
[ 1365.843193][T18074]  ieee80211_iface_work+0x845/0x1390
[ 1365.843209][T18074]  cfg80211_wiphy_work+0x2cf/0x460
[ 1365.843232][T18074]  process_scheduled_works+0xb5d/0x1860
[ 1365.843257][T18074]  worker_thread+0xa53/0xfc0
[ 1365.843280][T18074]  kthread+0x388/0x470
[ 1365.843296][T18074]  ret_from_fork+0x514/0xb70
[ 1365.843322][T18074]  ret_from_fork_asm+0x1a/0x30
[ 1365.843340][T18074] page last free pid 6746 tgid 6743 stack trace:
[ 1365.843352][T18074]  __free_frozen_pages+0xfa6/0x10f0
[ 1365.843373][T18074]  __slab_free+0x252/0x2a0
[ 1365.843394][T18074]  qlist_free_all+0x99/0x100
[ 1365.843411][T18074]  kasan_quarantine_reduce+0x148/0x160
[ 1365.843429][T18074]  __kasan_slab_alloc+0x22/0x80
[ 1365.843450][T18074]  kmem_cache_alloc_noprof+0x33b/0x680
[ 1365.843470][T18074]  ptlock_alloc+0x20/0x70
[ 1365.843490][T18074]  pte_alloc_one+0x7e/0x380
[ 1365.843507][T18074]  __pte_alloc+0x25/0x1a0
[ 1365.843531][T18074]  copy_pmd_range+0x4c75/0x5550
[ 1365.843553][T18074]  copy_page_range+0xaf4/0x1120
[ 1365.843580][T18074]  dup_mmap+0xf4c/0x1d50
[ 1365.843601][T18074]  copy_mm+0x13b/0x4a0
[ 1365.843624][T18074]  copy_process+0x1f24/0x4460
[ 1365.843648][T18074]  kernel_clone+0x283/0x870
[ 1365.843673][T18074]  __x64_sys_clone+0x1b6/0x230
[ 1365.843701][T18074] 
[ 1365.843706][T18074] Memory state around the buggy address:
[ 1365.843717][T18074]  ffff8880649fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1365.843731][T18074]  ffff8880649fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 1365.843745][T18074] >ffff888064a00000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1365.843755][T18074]                                                           ^
[ 1365.843767][T18074]  ffff888064a00080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1365.843780][T18074]  ffff888064a00100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1365.843790][T18074] ==================================================================
[ 1365.843827][T18074] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1365.843847][T18074] CPU: 1 UID: 0 PID: 18074 Comm: syz.5.3842 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1365.843876][T18074] Tainted: [L]=SOFTLOCKUP
[ 1365.843884][T18074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1365.843897][T18074] Call Trace:
[ 1365.843907][T18074]  <TASK>
[ 1365.843916][T18074]  vpanic+0x56c/0xa60
[ 1365.843939][T18074]  ? __pfx_vpanic+0x10/0x10
[ 1365.843961][T18074]  panic+0xc5/0xd0
[ 1365.843978][T18074]  ? __pfx_panic+0x10/0x10
[ 1365.843996][T18074]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1365.844023][T18074]  ? rcu_is_watching+0x15/0xb0
[ 1365.844045][T18074]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1365.844073][T18074]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1365.844099][T18074]  check_panic_on_warn+0x89/0xb0
[ 1365.844120][T18074]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1365.844146][T18074]  end_report+0x73/0x170
[ 1365.844169][T18074]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1365.844194][T18074]  kasan_report+0x128/0x150
[ 1365.844218][T18074]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1365.844248][T18074]  ? rt_mutex_slowunlock+0xbf/0x8b0
[ 1365.844270][T18074]  __kasan_check_byte+0x2a/0x40
[ 1365.844292][T18074]  lock_acquire+0x84/0x350
[ 1365.844324][T18074]  ? rcu_is_watching+0x15/0xb0
[ 1365.844345][T18074]  _raw_spin_lock_irqsave+0x40/0x60
[ 1365.844372][T18074]  ? rt_mutex_slowunlock+0xbf/0x8b0
[ 1365.844395][T18074]  rt_mutex_slowunlock+0xbf/0x8b0
[ 1365.844420][T18074]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1365.844445][T18074]  ? __rcu_read_unlock+0x83/0xe0
[ 1365.844472][T18074]  ? rt_spin_unlock+0x160/0x200
[ 1365.844496][T18074]  dma_buf_fd+0x178/0x330
[ 1365.844518][T18074]  udmabuf_create+0xf26/0xfe0
[ 1365.844557][T18074]  ? __pfx_udmabuf_create+0x10/0x10
[ 1365.844594][T18074]  udmabuf_ioctl+0x1f6/0x310
[ 1365.844621][T18074]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1365.844643][T18074]  ? __pfx_udmabuf_ioctl+0x10/0x10
[ 1365.844677][T18074]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1365.844702][T18074]  ? __pfx_udmabuf_ioctl+0x10/0x10
[ 1365.844730][T18074]  __se_sys_ioctl+0xff/0x170
[ 1365.844755][T18074]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1365.844776][T18074]  do_syscall_64+0x15f/0xf80
[ 1365.844804][T18074]  ? clear_bhb_loop+0x40/0x90
[ 1365.844835][T18074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1365.844856][T18074] RIP: 0033:0x7fea451ec819
[ 1365.844874][T18074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1365.844893][T18074] RSP: 002b:00007fea433fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1365.844917][T18074] RAX: ffffffffffffffda RBX: 00007fea45466180 RCX: 00007fea451ec819
[ 1365.844934][T18074] RDX: 0000200000000000 RSI: 0000000040187542 RDI: 0000000000000007
[ 1365.844949][T18074] RBP: 00007fea45282c91 R08: 0000000000000000 R09: 0000000000000000
[ 1365.844963][T18074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1365.844976][T18074] R13: 00007fea45466218 R14: 00007fea45466180 R15: 00007ffc16b17f98
[ 1365.845000][T18074]  </TASK>
[ 1365.845733][T18074] Kernel Offset: disabled