last executing test programs:

5m19.615019199s ago: executing program 0 (id=69):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000000)="24000000010006", 0x7)

5m19.075688889s ago: executing program 0 (id=73):
r0 = socket(0x2, 0x2, 0x0)
connect$unix(r0, &(0x7f0000000000)=@file={0x1}, 0x2)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0)
mq_getsetattr(r1, &(0x7f0000000400)={0x2, 0x4, 0x9, 0x8}, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, r2, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}]}, 0x20}, 0x1, 0x0, 0x0, 0x48000}, 0xc0005)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff}, 0x6)
write(r3, &(0x7f0000000040)="01000bf987a9833a3646554e5ced2d4d8bd64e0000a40e421b00"/35, 0x1a)

5m17.822829475s ago: executing program 0 (id=76):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r0)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x70bd24, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x81}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x84)

5m15.779387294s ago: executing program 0 (id=79):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000240)=0x4)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x8, 0x100000b, 0x9, 0x0, 0x1, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x6, 0x1, 0x3], 0x0, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x6600)

5m11.821141259s ago: executing program 0 (id=86):
r0 = openat(0xffffffffffffffff, 0x0, 0x4002, 0x140)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000180)='./file5\x00', 0x20, 0x81)
landlock_create_ruleset(0x0, 0x0, 0x0)
r1 = getpgrp(0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x42, 0x40, 0xc2, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r2, &(0x7f0000000080), 0x0}, 0x20)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(r1, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
bind$packet(0xffffffffffffffff, 0x0, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010101}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x42}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @rand_addr=0xdea}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x8, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0x4}]}]}, 0x6c}}, 0x0)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000000c0)={&(0x7f00007ad000/0x3000)=nil, 0x3000})
linkat(0xffffffffffffff9c, &(0x7f0000000a80)='./file5\x00', 0xffffffffffffff9c, &(0x7f0000000ac0)='./file7\x00', 0x0)

5m10.032229363s ago: executing program 0 (id=89):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000280)={0xaa, 0x30e})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x800, 0x2, 0x4}, 0x1c)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b318e2ec0e1a00897a74a0091ff110026e6d2ef831ab7ea0c34f17efd36ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0cb82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e1019c12a73748b049604fa72c64ed858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6e97180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c972780870014601c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f19afc91b47683db01a469398685211bbae0e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bde792c88c5b8dcdcc22ee17476d738992533ac2a9b5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffffd7917f23837a6b24db0e067345560942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b94f50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2498d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d4a3e1a9e90d76c1993e0799d4894ee7f8249dc1e342892129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90501b0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355b17402a500587b603306a5af8d867d80a07f10b854b1c8c768c001496fa99ce5b5040be9194123e918914a71ad5a8521fb956dbc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c6775e19f0b7e70803000000b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989172a1bcd1e30280bc5867dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2d7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aa0000000000000000532ff181c985f54b7ae20aa5e63055b4d6a36fa98a44e379d2bccf977c3e88538f406b598307c9912fb097601f3f88a2ea6fd1f9320cfe7f09aed4d1e72d26e5c7a93854c8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eafeffffffffffffff000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bd91fc105dddd77ab929b95032d3717fa9fbdc2bdc0e98ae2c3f23a6131e2879f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63956995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99a40b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758763f0000009c927da38d83314480b15e23eb8c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab602000000000000000000113a3065a478d1de98be3a66f6fbf68f2f5693050fa56db62e2f99cf916059ee36cdad078fc88d17cbde37a2270f90a60afe8548d4c579b09c333382c6e7a316ac03aa23d379836b96173a5541fa96c27e7fb6d2585d828aa330f3438d8487912bb7742be1502e706644f7a937451beb7a5f6ca3ef21e8cb8f841af6d54334d82a8b816b6daccf0c66162f897623ee325d714f9f10636a7573582ff31c7f9c6f767c806ef4af486cc19a5355bdc814cb5557c6fa6404179c865980b0815b907a7f268e97828c196f5ac033d395a217b4e1e45663023a0292003c36a3b7461fc2c8566e0f3f693bfacae26aa2b7d17962989ccb943633c080aacc9b7d311c251686fc66aa80bf41a5bf6cd72d5aa995820fb318fad61a79a61d0a969fd6018ac9f131fe02fe31d565723cbf9b63841e21417fc29a3e7a03886d80566ae001861799a4aad91c72139e681ced8625b675dfbd6d458d4b2d9e6d565430248172ad942cdb41639f4113896827c8806e049218cd1eef89d6b9b14dd707da40705c07f878263ff9b71ccf28ec50178c7aac83bef7bd10459e2f2e267f82bafd5b4c7b481ea5e4bcb6cfe05e2ac3e17c1f8f12ddf5b6770ce0da8cb3aba3a935a6b737b6d3ebf2c715dcc11c5759bd0acdecf333f2b77c52fb2251336bbd92f73ad1a30bb9162bd9d699c49d824b827f3e7c1096354946e09922db25904c83262c6dcb87457e4abefa0e9dcb17d79c173895b74aae2ed4419662690a16494e7b27d0d2688c69b4be3d21b783195f6a5e5dc5c07c73f0d0f0670db10ac9ef5b8295ff88df734e3c6ab8555c0390f962cbf559bce9c42e1034dba78997b2877b485d9d4ae2fcd3e757b84319879d0337785773c940af6e57d162f4606d101def01199325c8676a32e26303560271b720216d95e0013265a45b02bd2414bebda89b7b5e71e70e0000000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xfe, 0x10000000, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bff88a800008100630677fbac141442e934a0a662079f4b4dfe87e5feca6aab845013f288a81a3908020b098da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x6}, 0x2c)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000})

4m54.664974565s ago: executing program 32 (id=89):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000280)={0xaa, 0x30e})
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x800, 0x2, 0x4}, 0x1c)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000400)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff9ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcd0cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b24df41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b318e2ec0e1a00897a74a0091ff110026e6d2ef831ab7ea0c34f17efd36ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0cb82d2789cb132b8667c21476619f28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e1019c12a73748b049604fa72c64ed858e8327ef01fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6e97180aabc18cae2ed4b4390af9a9ceafd07ed00b0000002cab154ad029a119ca3c972780870014601c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f4b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f19afc91b47683db01a469398685211bbae0e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bde792c88c5b8dcdcc22ee17476d738992533ac2a9b5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffffd7917f23837a6b24db0e067345560942fa629fbef2461c96a08707671315c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e48455b588b90dfae158b94f50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859ac8e3c177b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2498d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d4a3e1a9e90d76c1993e0799d4894ee7f8249dc1e342892129369ee1b85afa1a5be5f6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90501b0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d009a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355b17402a500587b603306a5af8d867d80a07f10b854b1c8c768c001496fa99ce5b5040be9194123e918914a71ad5a8521fb956dbc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c6775e19f0b7e70803000000b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989172a1bcd1e30280bc5867dd4e27b6ef206660090bb2164474cef378f97ca33fccf363361dcdba10c1547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf6be45d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2d7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aa0000000000000000532ff181c985f54b7ae20aa5e63055b4d6a36fa98a44e379d2bccf977c3e88538f406b598307c9912fb097601f3f88a2ea6fd1f9320cfe7f09aed4d1e72d26e5c7a93854c8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eafeffffffffffffff000000070000000000000000000000005333c6199c12dcd92689192727a7267c47cf897853d160100b39b613faefe16bd91fc105dddd77ab929b95032d3717fa9fbdc2bdc0e98ae2c3f23a6131e2879f0484ee3bfe30b92dd493be66c2242f8184733b80ba28e824910844df31f3d4bb2f89049c5f6d63956995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99a40b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc1758763f0000009c927da38d83314480b15e23eb8c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab602000000000000000000113a3065a478d1de98be3a66f6fbf68f2f5693050fa56db62e2f99cf916059ee36cdad078fc88d17cbde37a2270f90a60afe8548d4c579b09c333382c6e7a316ac03aa23d379836b96173a5541fa96c27e7fb6d2585d828aa330f3438d8487912bb7742be1502e706644f7a937451beb7a5f6ca3ef21e8cb8f841af6d54334d82a8b816b6daccf0c66162f897623ee325d714f9f10636a7573582ff31c7f9c6f767c806ef4af486cc19a5355bdc814cb5557c6fa6404179c865980b0815b907a7f268e97828c196f5ac033d395a217b4e1e45663023a0292003c36a3b7461fc2c8566e0f3f693bfacae26aa2b7d17962989ccb943633c080aacc9b7d311c251686fc66aa80bf41a5bf6cd72d5aa995820fb318fad61a79a61d0a969fd6018ac9f131fe02fe31d565723cbf9b63841e21417fc29a3e7a03886d80566ae001861799a4aad91c72139e681ced8625b675dfbd6d458d4b2d9e6d565430248172ad942cdb41639f4113896827c8806e049218cd1eef89d6b9b14dd707da40705c07f878263ff9b71ccf28ec50178c7aac83bef7bd10459e2f2e267f82bafd5b4c7b481ea5e4bcb6cfe05e2ac3e17c1f8f12ddf5b6770ce0da8cb3aba3a935a6b737b6d3ebf2c715dcc11c5759bd0acdecf333f2b77c52fb2251336bbd92f73ad1a30bb9162bd9d699c49d824b827f3e7c1096354946e09922db25904c83262c6dcb87457e4abefa0e9dcb17d79c173895b74aae2ed4419662690a16494e7b27d0d2688c69b4be3d21b783195f6a5e5dc5c07c73f0d0f0670db10ac9ef5b8295ff88df734e3c6ab8555c0390f962cbf559bce9c42e1034dba78997b2877b485d9d4ae2fcd3e757b84319879d0337785773c940af6e57d162f4606d101def01199325c8676a32e26303560271b720216d95e0013265a45b02bd2414bebda89b7b5e71e70e0000000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xfe, 0x10000000, &(0x7f0000000100)="b9ff03006044238cb89e14f088a81bff88a800008100630677fbac141442e934a0a662079f4b4dfe87e5feca6aab845013f288a81a3908020b098da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x6}, 0x2c)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000ff9000/0x4000)=nil, 0x4000})

4m33.716543728s ago: executing program 1 (id=220):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
sendmsg$inet(r0, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x4000080)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0xd00, 0x0)
ioctl$TIOCPKT(r1, 0x5420, &(0x7f0000000040)=0xffffffff)
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000000)=0x27000)
syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[], 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x8898, @mcast2, 0x7}, 0x1c)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="03c90000cf47d16331aef6ee13ff7f266e13da7be839b35e9ae1a333f2d8fd8e1983903166f4d8f3d5e043b8eb3a4dd0a04b39df97c82009b793cd734558a268aac6cea0ca6aa40899810bc164d8ad6b2ce23bf4b88d9b72991218c6c68e9a992582d217f639c8ad76405b511163edb9ca95e8123830003ab82fc86a517ac2aff77866914ebb9aca4a6e530d80f19ee31eeb1e5b8139b72264f8fceb54ee9980e771c5f11155b69e12e65e6a3699d1b80648dd949081f1a612b7b5950f41554c9b832f7cf9efa4987bd88887917199318d28808204e7638ca5932c066d2a662e600ac0a8f27b86c066f2bceabd1b3af66c12fefa311c5afe0821a14432925187a05476e0a972e85f26a24832c357d70d354ade966e6963234e4956658ac9ece3780485fcb3decb69a029ffbeda1c7b27bb020f4137624286d8a2d22221028b3efd3433e7fd3ba291446947a274a748f45bb347fa49e295cfa305f5dd46b662afde61cfee33ea823d23f46a662146886c6e3c30e660d765f46dcc14914b3e342e44436410fedeb6594f37ac94cd336dea463e0541daadbe70b5b925741db16240afc85f391539569ac14e5dccb9ca5790c33f8a6cdd7abc1cb762972634968ecb9f1dff8b6b6cd6f5f56db31c24ac5b2b1bed2efea1f4e67f686a8abfa41f297a165b9fcb4800230ed07af34727fe6c2cc6daf796cc38e8f03ee4fb786a92fabfbded442086d657dec598edb21ba428d4bb28ac974c38218bcf08ad3b4f6698ae05855769dbe5693eac83a223b76a5f452195795d3d485e5c0a18caf2315c3a21acb4bb661082b1c4fccfff8f0c52c353dedd3b9e575b800cfec557e43527228abf820e16411b45c77e99f308dcc5dcd1c3b8ddb828e6481c1fc6275c3e1ed4a1f0fe6d97db39cb3ad5b08400cc990ed5797e23fcd81ee76eed1caaf2ec709c18b014dfcfac7eb658f1c07a894dca1d8e23ebbc18c7b0acefacd915235a54637d13965681a6a527325d13b4a88a21505860873038bc6ca68e25bed80496e65b53a4817e7dba3cbe31eebb770ab04202486634b7210500238707cd664735c07e539e8ccb09ec82d7fad69c4f31113b4a01089a81d4a1787d69957a2dfcf371f0c357eba5a587f0d09d64588f3fade99726d786085b513e720fd1d889104e1d98bf4fe23d6bd8c408c44fc702880e6c53a733aaafec836a80b9e69d1432225dda63a755bde5103fbba7af46f81b3b0c3457d49e187c7fa53e9410d4ff7dd1c9a954d549b49197f350e8451e850279ba4690a4ff3fa4f91ebfa4dda7d2a60257d70c09ad6520387baf2cd734bf1f993565f7ccf80f29b1414e595de79ec03faf7afbeff3daf0034aeecfe41640366ae3c1d1b9437cb7580b9a94fe71a5ffe7be4f959cc5972e1672c5f5c5d252a63804d1a292aac2582b78ac73ea143095bc1283b210c66ecc5b5b9be4d6649920118d51429328f8a983a89f8f5d6ec383c89f07e91e0726ed40776d72d7499652a84f9d0bb086e9479a6d703907ee17345ed763ae817751515c744d428ac51fb10eba495f9a477809a4c1b447a94a3f6d1a092b109478ca36c3da494552d34f30d74a32958c53ec091e32ca8aaf5c814881d4bb3add2b07f362e9e4ea17b3f8b6e7310fcbea4ea6f2d9f5505b011011b75eb4dbf2455f665027abe2bb73dd37dff9c6aab6e9454bbd7bb887aef12f19f446bcbf257ada0e5144f708ccf350f07b861b813eb4cdab02d74b660d960c737f553f84b2d027da58f02345704583717199f693c913bfc2704cfde1b31270c43f17d51c82b672796fd6e1d09e34659d7e5fd9a1a69dcdde367c074b47beeb88f374740a64d9e9a99f4fabdbfca311174da518f868704e3fe259e6069330b04d2d3804a3428d2e04a483599f5ff47ff8c877601fcae33999575180fb540ff00c55728d0ee8eb6550658c7cbc8be4f87b50a9650a33aa164c6bae4044dfc080cf43a1c80e8a8132f973faefcf2ee23f9c2f3119fa93c0e5875832d4f8b6c2a1c347d480f15ead27ba7fb6e2ba9f2204982023b15b0f9df44ce9bba765c9598810593dd32a520ba72a5bfc375f36f4ea4a55017b1494c392568ef6828c18a1f2cec1442f705687695e42f62734ac2c1b0fed399ccf29b20fccd476afc72217182a73c970029c7679dffaebfc2ab9e8d18f5e757ccde87ac69b2bb0243b2e86d225dd2edad4919977bde1806bd6305eff22f2d63646c3a856a002aaea40d96e4811fe0cf5ad942e087c55551fdccc65835686320aa635ec50872f1c30cd8a732515b4dbfa132f905205f4b2ec64d1b9a9101ee2c3d0a110e40fd40d2c0b19f9a77b43f0b14e283ad1038de31cb21c2857d278933fd4bf106a7a93e16b28d71dfa73fa0695c77c0b1236e4cc7f17837be252d1011edf8ba626315e416b2963e96172b3294ec1f087672b0fc404edb79ca9b8e7a46f69b7a6f8b0488ec6c10f937632cc29bdb6f2c0ca86b978db6ca3cb9aa9b5f253fb5ba52e5b3738468236bd3ed26da1158e14881860f37f586b3b004ff7233a7427ece1c1365bb273aa1ce801c6d61b35a247c38917df23b9f12f7e764dabf9af18885e447a952de7796c3dd27e77325be816eb82ae9026ef5a855ddfb9aaf4a0bfc153f079c95337d2ee3c2ac36e5b4e8c5da765bf5d11edcf01ef11a3748d7ca0b1fd6f8882fbfd3423bd429c8592ec28a98bba845e7fe829ae2b11f5215ce819bf777ab45d73e9afe3cc76840b7d368161ee140efdec81ca1d5716c2ea5b255fabb5a4698864c8d427738837c45f1006cbf1f68bbedbfdf70e5b65b21b1934826c06d4d3da4f08e3ad376cec5aafb2f9eae9a06cab375ef5a44f30a563e5245077d84823b88d71912f458fe17d36e4b2a88260ad121af2e5a43a555ef61ffd242c09d5011b9be422c4c310a834f664c732930c1d329212aa9f063356c85130c965d919180e62afd193224d3792db6a069ff2bc8770bd6294a6884cbfb71301859a26b7572440ee12719e8753831bf73d353a33ea64c57df0bac0cc8938ea28370724439170824d1b55d415eed14f620d3a28bb5009edd12e9322df3573bbd9b0d0ff2cbd2e48c0c297f63c100116097c48c8f4cf0a7c4fb5156723fcb615236b6db175442b2db90c3e426cca9de56f55effdbb981c75c99a8dd084a619882fb216b000cb99eae616f0b5d7a8a2cc675cbd3e0a61b6f602250b040ae57f998471095563334e165f35139ec22aabf8ada15b890e2cf038a4f40d129760e39b166f58cfb4bfee7d4455ce06ad098745e0edac9434e4c61f889cbe6d7cf74da35f1b6d2b4455abf954223d1638ff808508228a3060d390e9ce539d2dcb032ae5d6c5abcd4df4bfb63f9851e45bb961cca2150eb386abd67dab2a12c096aa8df742e41ff7718f9dd77099d9bc87a2a46d8d6ffb903b23b429747c9acb21c0e88067eb6c7fa2507ef0673e6b65a15767cfa4ef9b52adbce41ea3461f77b0e705a2d5cbcf3841bd22414f3ef2402a915705a18113d370d35619fdbbfb4fe6e1581a8520525e863d931aaaed58d06d093905b0d83dd1345f4b8213954102abf8048be627d437f267d4a0a6e6f181891562b61be55f1e646120cfe17d8d2961ad86d1575856fff39791b90ccc6895495cc0f3a1e2604f5b729aec7452b133b9c822bbc74df480670f34cf0335d42b5ad6a7009c49050d97ef8c09eff8716dbb9ce5a5d67ffad2541860017bfe982c0e48390f987f470c7b600fb29be4d3a74251d85ef1cf1fe3b5a146bb9f6fee2369cba1f2be75782b14a422b0820fa00c1250f4d437f24914a94a8564fa079fe803b39c528707dd2906120d53020000b725596b68553f1653aad2fdd23114e4a7ca3402fcdf0b060323a683a03109ffbec9627c803da8a55665e156a335528f113eb730bb28c0480daf8f2b65483d0f3805e1c512b680d8698e63a80b45aa8c7e12ad0f0e072eefc806fde42455bc4d157e402a86218896d5638f8fdadb1fbffaf4fe92f526475612980f0c5a539a9cec3c63e4efa5b893611af45c8003650888dc5b958a18848cffe11e0636f40e3ade10da702b71a69e6941e506ec3f0297349867949246310909ff445005f68910308df1e44f7ef04efbcb6ade53086aeb80b0ca96b94c9e6353c77bc1ce575edd6a1ab76e000d2ca0bc80c09d76d2bf25d90c93d5fcf6c123a9e83a3354b798356aeb2e99721732d52b1ec6c84d79d6f1237186260e7e63f29cfe8050a8fd44d57b52582b45e1fe027792c07ef33a0ac686606dd009ef3839e179190aca20d01db1d2263898a6953feb5d2e8093a4b4a2b18f6cb06a0251d3862672814b5165213c65174fe5dad7673186293e336348fc77a6d545cc07355c07a8b9a98c95d76fa5dc4c19181578a6dc4f2b29b647ab6a09f6756994c8e389c7c165766f154468b380e1e67cb2edbc7f67b6bfad1de690c3f472908b11d1c502ca61b5e869cd2cf8e11e39eceb9d31fca090fd5dd15e1f5a8c4de58531df3fa96d655653a5b99ea449d3865e07401ecb63fb4ac4042c893841c2b70b4a133937ac0dca8d6f442de175f138ab7cf19477c2483caf524fc443b3243d31f15f3f518b2d7964314d7d34754ae417dd9d46a83e443cef18eb673f46f34aeaba592a171bb4710002da17d9d6554208fc384de22bff7e05d2bfb821656e78bfa084be46fe6b0f04a06c6bc80afbd406a918a57d582345b260360cec7168142ef0e0da8ad70ac9703d6206c6da23558374ad8bc1e8fe5cdede25e8ad5d0d0741d85e86566b7b9172f457e36feabb881f14a04d182b6971bb1aa1c37a608ff0eeaba1b6c37c4bdb15696afb0e031ef8b214a7a72892593c910829c820f773135f3441afc90cadeb50f76d4a5bbd713c8b3dc441599dcae659b9ad417affde5d9ee3933f00ea69323fd33e0b9a12b1ee29b2e97c7b1db3fa0a900678c6490a847fdd85fa93bb134e3239638052359774bc22405a0abb698081ce1dce2dfe0c0430b641f00d230013944df65581f6b5f458165b16aad8b92b44bf28b3236cac5239c91fe2351c5f53359d072aa34ffee18ff275afdc0dc7b889da928fdd4e300a52699cb5a4fea8cc42f636b15e449daef52df3586d4b55fd047b04e96734aa2c45bcad8f05dbf3c97daefcd6bad396a6aed71849e484eb0e3526970973db9b268b71e726748aacb5c2203cde2992af74cac612d33cecba7f3e5d66e2a2e449eb00e770af4fe13be6d16877cfa46c108c29d8db1efff5356433fc627741d12605056ec78c02bf143afc9e2161c15ce65a0f8c9f13a6b7a9164f256301ff0ca23dfffb77ec46"], 0x1004)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

4m33.543147706s ago: executing program 1 (id=221):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
socket(0x1e, 0x4, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r4 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x40282, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x80044940, &(0x7f0000001b00))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000440)={@flat=@weak_binder={0x77622a85, 0x1000, 0x2}, @flat=@binder={0x73622a85, 0xa, 0x3}, @flat=@binder={0x73622a85, 0x1000}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
read$FUSE(0xffffffffffffffff, &(0x7f00000034c0)={0x2020}, 0xcac)

4m33.318763143s ago: executing program 1 (id=223):
r0 = socket$netlink(0x10, 0x3, 0x13)
r1 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x2, 0x0, @empty}, 0x10, 0x0}, 0x40)
bind$netlink(r0, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000000}, 0xc)
r2 = socket$netlink(0x10, 0x3, 0x4)
writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f9cc3f4ff7f4e32f61bcdf1e422000000000100804824cabecc4b381eaadc28f23457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1)

4m33.209736951s ago: executing program 1 (id=224):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000100)=@v={0x93, 0x1, 0x20, 0x1a, @generic=0xa, 0x64, 0x3})

4m32.934808557s ago: executing program 1 (id=226):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2040, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, 0x0, 0x8a241, 0x0)
pwritev(r1, 0x0, 0x0, 0x3, 0x401)
iopl(0x3)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x1c, 0x52, 0x1, 0x70bd2a, 0x0, {0xa}, [@typed={0x8, 0x1, 0x0, 0x0, @fd=r2}]}, 0x1c}}, 0x0)
ioctl$TCSETSF(r0, 0x5457, &(0x7f0000000000)={0x0, 0x629, 0xffffffff, 0x0, 0x7, "7a58bea88a00"})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f00000001c0)={0x0, 0x101, 0xfffffc00, 0x400, 0x10, "54d208457f0b000000000000000000001600"})

4m32.804853458s ago: executing program 1 (id=227):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0x9, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x5, 0x3, 0xc14}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x6, 0x8, 0x20000000, 0xfffffff0, 0x4}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000002}, 0x4)
r3 = syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x161200)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3)
syz_usb_disconnect(r0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
r5 = syz_io_uring_setup(0x24e1, &(0x7f0000000000)={0x0, 0xebc5, 0x80}, &(0x7f0000000200)=<r6=>0x0, &(0x7f0000000240)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000540)=@l2tp6={0xa, 0x0, 0x7, @mcast1, 0xbf6b}})
io_uring_enter(r5, 0x5b43, 0x3, 0x4d, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xb3, 0xb8, 0xd4, 0x40, 0x11ba, 0x1001, 0xec57, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x19, 0xb0, 0x13, [{{0x9, 0x4, 0x4e, 0x3, 0x1, 0x4d, 0x6b, 0xe7, 0xca, [], [{{0x9, 0x5, 0x1, 0x2, 0x8, 0x7, 0x7, 0x2}}]}}]}}]}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) (async)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0x9, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x5, 0x3, 0xc14}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x6, 0x8, 0x20000000, 0xfffffff0, 0x4}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000002}, 0x4) (async)
syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x161200) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3) (async)
syz_usb_disconnect(r0) (async)
socket$l2tp6(0xa, 0x2, 0x73) (async)
syz_io_uring_setup(0x24e1, &(0x7f0000000000)={0x0, 0xebc5, 0x80}, &(0x7f0000000200), &(0x7f0000000240)) (async)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000540)=@l2tp6={0xa, 0x0, 0x7, @mcast1, 0xbf6b}}) (async)
io_uring_enter(r5, 0x5b43, 0x3, 0x4d, 0x0, 0x0) (async)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xb3, 0xb8, 0xd4, 0x40, 0x11ba, 0x1001, 0xec57, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x19, 0xb0, 0x13, [{{0x9, 0x4, 0x4e, 0x3, 0x1, 0x4d, 0x6b, 0xe7, 0xca, [], [{{0x9, 0x5, 0x1, 0x2, 0x8, 0x7, 0x7, 0x2}}]}}]}}]}}, 0x0) (async)

4m17.39221623s ago: executing program 33 (id=227):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0x9, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x5, 0x3, 0xc14}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x6, 0x8, 0x20000000, 0xfffffff0, 0x4}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000002}, 0x4)
r3 = syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x161200)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3)
syz_usb_disconnect(r0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
r5 = syz_io_uring_setup(0x24e1, &(0x7f0000000000)={0x0, 0xebc5, 0x80}, &(0x7f0000000200)=<r6=>0x0, &(0x7f0000000240)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000540)=@l2tp6={0xa, 0x0, 0x7, @mcast1, 0xbf6b}})
io_uring_enter(r5, 0x5b43, 0x3, 0x4d, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xb3, 0xb8, 0xd4, 0x40, 0x11ba, 0x1001, 0xec57, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x19, 0xb0, 0x13, [{{0x9, 0x4, 0x4e, 0x3, 0x1, 0x4d, 0x6b, 0xe7, 0xca, [], [{{0x9, 0x5, 0x1, 0x2, 0x8, 0x7, 0x7, 0x2}}]}}]}}]}}, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) (async)
syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async)
read$char_usb(r1, &(0x7f0000000000)=""/172, 0xac) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0x9, 0x70bd28, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x5, 0x3, 0xc14}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x6, 0x8, 0x20000000, 0xfffffff0, 0x4}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000002}, 0x4) (async)
syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x161200) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r3) (async)
syz_usb_disconnect(r0) (async)
socket$l2tp6(0xa, 0x2, 0x73) (async)
syz_io_uring_setup(0x24e1, &(0x7f0000000000)={0x0, 0xebc5, 0x80}, &(0x7f0000000200), &(0x7f0000000240)) (async)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r4, 0x80, &(0x7f0000000540)=@l2tp6={0xa, 0x0, 0x7, @mcast1, 0xbf6b}}) (async)
io_uring_enter(r5, 0x5b43, 0x3, 0x4d, 0x0, 0x0) (async)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xb3, 0xb8, 0xd4, 0x40, 0x11ba, 0x1001, 0xec57, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x19, 0xb0, 0x13, [{{0x9, 0x4, 0x4e, 0x3, 0x1, 0x4d, 0x6b, 0xe7, 0xca, [], [{{0x9, 0x5, 0x1, 0x2, 0x8, 0x7, 0x7, 0x2}}]}}]}}]}}, 0x0) (async)

9.238844547s ago: executing program 6 (id=1140):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000440), 0x10)
listen(r0, 0x5)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
sendto$packet(r1, &(0x7f0000000600)="5f0efc3e1792a50972d2eb21bdff9ca4ac804c2847fe7bf05ddc63ff512d4074687760a5fbd1fc97772c6f5027dcea15b6658de3b024a6ea22baafb445bf8427c8055d00", 0xffffff3d, 0x0, 0x0, 0x0)
close(0x3)
r2 = socket$packet(0x11, 0x3, 0x300)
close_range(r2, 0xffffffffffffffff, 0x0)
ptrace(0x10, 0x0)
r3 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$nfc_raw(r3, 0x0, 0x0)
ptrace$getregset(0x4204, 0x0, 0x201, &(0x7f0000000000)={0x0, 0x300})
close_range(r3, r3, 0x2)

8.950185675s ago: executing program 6 (id=1144):
openat$kvm(0xffffffffffffff9c, 0x0, 0x521043, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000300)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000540)=<r2=>0x0)
sched_setattr(r2, &(0x7f0000000680)={0x38, 0x0, 0x6a, 0x10, 0x1, 0xca, 0x1, 0xa, 0xfb48, 0x6}, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000000000010711e09200000000000010902240001000000000904000901030001000921050000012205000905810300"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r4 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
read$FUSE(r4, 0x0, 0x0)
syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x4, &(0x7f0000000080)=[{0x25, 0x2, 0x2, 0xffffffff}, {0x6, 0x2, 0x9, 0xfffffff7}, {0x0, 0x9, 0xff, 0x4}, {0x6, 0x1, 0x4, 0x4}]}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000200)={0x1, &(0x7f0000000380)=[{0x7, 0xff, 0x4, 0x2}]})
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000002c00400095b33b3d4423f8bc1a14bb5bb47c8ecc2dfd41c9b3f801b36bd803ab6b5f89aad46dca185f79fe7bc4b086ab0ba62d7eaaecd7df43f26c8320b9c778fb91439821ef567a7d6206151ac3eec85d5ceebb0a5c9312aaa9a1ab8ec918c4c6704ee3eca6e925b41772679461e4fd5c1669fcfa39606b"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syzkaller1\x00'})
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x183341, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
io_uring_setup(0x56ab, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x8000000, &(0x7f0000001080))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)

7.236974669s ago: executing program 5 (id=1163):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x2404c8c0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xe, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x39, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x3, 0x200028, 0x5, 0x1ffff}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x20010000)

6.267890838s ago: executing program 5 (id=1166):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x78d7, 0x20}, &(0x7f0000000040)=0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r4, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
ioctl$IOMMU_IOAS_UNMAP$ALL(r3, 0x3b86, 0x0)
socket$rxrpc(0x21, 0x2, 0x0)
syz_io_uring_setup(0x4bfb, &(0x7f0000000280)={0x0, 0xb89f, 0x800, 0x0, 0x200004}, 0x0, 0x0)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000001140)=0x30000)
connect$inet6(r5, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0xd4ba2000)
mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000bff000/0x400000)=nil)
mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
socket$nl_netfilter(0x10, 0x3, 0xc)

4.907092759s ago: executing program 6 (id=1168):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x30, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r1)
sendmsg$NLBL_CALIPSO_C_ADD(r1, 0x0, 0x20020000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x20000010)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000080000000850000002b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x20400)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x801, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r3, &(0x7f0000000080)="d3", 0x1, 0x20000050, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x3b, &(0x7f0000000100)=""/2, &(0x7f0000000140)=0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x1e}, &(0x7f0000000100), &(0x7f00000000c0))
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0xa10991ced96e3055)
write$P9_RVERSION(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x15)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mount$9p_rdma(&(0x7f0000000180), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x2004800, &(0x7f0000000280)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@rq={'rq', 0x3d, 0x9}}, {@common=@debug={'debug', 0x3d, 0x9}}], [{@obj_type={'obj_type', 0x3d, '&#-)'}}, {@permit_directio}]}})

3.893026643s ago: executing program 6 (id=1170):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sendmsg$NFC_CMD_SE_IO(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="a576baab", @ANYRES16=0x0, @ANYBLOB="000029bd7000fddbdf251b0000004d0019008a562cb6ab8f30a5463a820e2e0ff5f212c89d26b329bc91ee5a6f2cea72f81320023239e71eb6fdd5bbb9c925a3dd2808cd920388394593a2d95a52dfdfbfc55de338686bd1500a6000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08001500000000000800150002000000fd00190057138c0423f14e2e8f41160e336be8f241185687e25854e172c8d57fa89c16de74a2154961612216a55047e782162988720f9c1ff9573b21e49e88bfb59b0f7e58d7c1fc81603cd023858c89c71f54025b9b19432d56c0f1b5135e310c75380b6767030cc7929617a44b94d76a66239f0be13faafdd9c6562fd11c11ac61c455088ea259def1897880603a49045667233b30182fd2fdf663e2dd71e9bd459a13e43f4d6a9655c8cedbaa198cee4629198a2e8f53cb4b8d4caeb72ec99b9b5740dfbca2a2e21283937cdcaed1d6d658dfa00b2c92dc2d5ea323a66da91df069b87b830fda04a12e04437354983dda765619a4222147c7b27243000000f700190097970144c997a18bd2b54d5a5d8c0c75bf28b43d87b579503e803f83da463a7dbe4b32a08514148b7cfb21e287dfc3aecfbae1f39b583193a26ff53eb47daad063279f31f480019b7c5d414762cb615bd5173bd0ec181d30865132df20460e5486debb6bb42018b5a24139b9bfd1b1c1880c0e94aad142319b4e6045765dad7d9e3e94572b05347a1b74b4f64ca105a4add85c8e98eeab94c9c0ce44e737934b93b7b98c6454093fb91c8138d38b46a4aacf119b3f11b23391626705595d4e1cf6d0d95897b4c92fde1d9252ad77c9cdf32a5725cc42269d7cfab8a3e600304c5f0f5dd58be9380dea2016897a253920ea187d0008000100", @ANYRES32=0x0, @ANYBLOB], 0x284}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYRES16=r0], &(0x7f0000000200)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r2, 0xffffffffffffffff, 0x1e, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x8001, 0x0, 0x1}}, 0x40)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000580)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x78)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0, @ib={0x1b, 0x0, 0xd1, {"4a6283a42360950cd7ea344af627e140"}, 0x0, 0x7, 0x4}, @in6={0xa, 0x4e22, 0xfc2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xa48}}}, 0x118)
sendmmsg$unix(r4, &(0x7f0000000000), 0x0, 0x4010)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = socket(0xa, 0x3, 0x3a)
getsockopt$MRT6(r5, 0x29, 0xcf, 0x0, &(0x7f0000000540))
setsockopt(r0, 0x65, 0x5, 0x0, 0x0)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYRES16=r0], 0x0)
syz_usb_control_io$uac1(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0})
syz_usb_control_io$rtl8150(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, &(0x7f0000000980)={0x44, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r6, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaa06fffc010000000000000010000000000002ff010000000000000000000000000060a820e1fa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="3002000090780000fe04384f"], 0x0)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000000)=[{{0x1, 0x1, 0x1, 0x1}, {0x3, 0x0, 0x1, 0x1}}, {{0x3, 0x0, 0x1}, {0x4, 0x1, 0x1}}, {{0x0, 0x0, 0x1, 0x1}, {0x4}}, {{0x3}, {0x3, 0x1}}, {{0x2, 0x1, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}], 0x28)

3.728309315s ago: executing program 3 (id=1171):
r0 = socket$alg(0x26, 0x5, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @meta={0x58583444, 0xcf35d09, 0xeeb6, 0x9913, 0x177b15ca}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0b000000080000000c0000000300000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000fdffffffffffffff000057e5ea665defd18c28f9b6049e801d32a4f0d97aa37ec42a4ea9c4b069bda95558d5bcd53b6ca46eb06f77b84c8a9634e0475d49ef840d9f0d1a2e621bded7001155cf7aee8d78"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x3, r2}, 0x38)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000021c0)=@newtaction={0x78, 0x30, 0x9, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbedit={0x60, 0x1, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x6, 0x6, 0x200ff4c, 0x2738}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x5}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x207}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x2}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x78}}, 0x0)
r4 = accept4(r0, 0x0, 0x0, 0x80000)
r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
r6 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0)='net_cls.classid\x00', 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001600)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x8, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@uname={'uname', 0x3d, '+*'}}, {@mmap}, {@debug={'debug', 0x3d, 0x8}}], [{@fowner_gt={'fowner>', r7}}, {@measure}]}})
io_setup(0x5, &(0x7f0000000000)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f00000003c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xe, r5, 0x0, 0x0, 0xfffffffffffffae7, 0x0, 0x4}])
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r9, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x1, 0x7fffffff, 0x2e}}, 0x30)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r4)

2.781244269s ago: executing program 2 (id=1176):
ioperm(0x7, 0x4, 0x7)
r0 = syz_clone(0x1002200, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$getregset(0x4204, r0, 0x201, &(0x7f0000000000)={0x0, 0x300})

2.675517043s ago: executing program 3 (id=1178):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000002c00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x90)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r1, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0x10e80, &(0x7f00000000c0)=ANY=[], 0x0)

2.581963944s ago: executing program 2 (id=1179):
r0 = inotify_init1(0x80000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000780)=<r2=>0x0)
syz_clone3(&(0x7f0000000a00)={0x250000000, &(0x7f00000007c0), &(0x7f0000000800), &(0x7f0000000840)=<r3=>0x0, {0x10}, &(0x7f0000000880)=""/69, 0x45, &(0x7f0000000900)=""/144, &(0x7f00000009c0)=[0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0], 0x6}, 0x58)
kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r1, &(0x7f0000000a80)={0xffffffffffffffff, r1, 0xfffffffe})
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r4=>r1, {0x48}}, './file0\x00'})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r9)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000280)={'wlan1\x00', <r11=>0x0})
execveat(r4, &(0x7f0000000380)='./file0\x00', &(0x7f00000005c0)={[&(0x7f00000003c0)='syz2\x00', &(0x7f0000000400)='wlan1\x00', &(0x7f0000000440)='syz2\x00', &(0x7f0000000480)='$\x00', &(0x7f0000000500)='wlan1\x00', &(0x7f0000000540)='syz2\x00', &(0x7f0000000580)='#@^\xd2\x00']}, &(0x7f0000000740)={[&(0x7f0000000600)='exthdr\x00', &(0x7f0000000640)='-#,&!)\x00', &(0x7f0000000680)=':+[/][$:\x00', &(0x7f00000006c0)='^]/[*%&\x00', &(0x7f0000000700)=':\x00']}, 0x100)
sendmsg$NL80211_CMD_SET_INTERFACE(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)={0x2c, r10, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}, @NL80211_ATTR_4ADDR={0x5}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r4, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, r6, 0x100, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r11}, @val={0xc, 0x99, {0x4, 0x4a}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x4000005)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_BITWISE_DATA={0x8, 0x7, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x108}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0xfc6, &(0x7f0000000e80)=ANY=[@ANYRES32=0x0], 0x0)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000040))

2.443349274s ago: executing program 3 (id=1181):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000001c0)={@map, 0xffffffffffffffff, 0x9, 0x20}, 0x20)
setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000002340)={{0x11, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e23, 0x3, 'fo\x00', 0x1, 0x9, 0x27}, {@rand_addr=0x64010100, 0x4e22, 0x2, 0x2, 0x3c, 0x4}}, 0x44)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000000c0)=@RTM_DELMDB={0x78, 0x55, 0x1, 0x70bd30, 0x25dddbfe, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x1, 0x3, {@ip4=@local, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x2, 0x0, {@ip4=@empty, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x2, 0x4, {@ip4=@rand_addr=0x64010102, 0x8edd}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x48005}, 0x4008800)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280), 0x0)
r3 = accept4(r0, 0x0, 0x0, 0x800)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb01001800000000000000140000001400000007000000050001000006040000030000001200000000612e5f2e2e000000"], &(0x7f0000000000)=""/150, 0x33, 0x96, 0x1, 0x6}, 0x28)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ea9f667b34635693282c2543682898891cd00e7d36093b66e0b0b155a1ec3a1d041e7470bf2a06d559cd1836e8c494585f79e0786d99deafe7859b5291bf76be8ecd81f4eecfa436881d7fa8cf4a860fa4d80182f2e0dd56886a7b79487cfbc096f27989d0ab17b440a0db88e517fa8a2210a6bfdf59c34d84374b0a37ba4c4f97fc9a37", 0x84)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x209804, 0x0)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000280)={0x1, 0x3, 0x8080000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
unshare(0x2a020400)
execveat(r4, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0xe00)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0xba813, 0xffffffffffffffff, 0x1000)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="40000000111401002dbd70000000001f080001000000000008004b001300"], 0x40}, 0x1, 0x0, 0x0, 0x40880}, 0x24040800)
madvise(&(0x7f000038b000/0x3000)=nil, 0x3000, 0xf)

2.381576818s ago: executing program 5 (id=1182):
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000002380)=[{&(0x7f0000001380)="d66121e1324a0e3a2fdaed7081403a1299278b06883d079d43235fd86f70871bb3dd5ff0396873a4edf2ca0566d682d56389d8cf748501cb39f01d815f3b64d4fdd13f39c8284b8ebdea91ff6b91fbe08abba5e4ef96d2773c9335b5c74e754ff66e17981ad5fe9877ef17ce73e4980ded85d7dc8b2310f5f9e80ca45bb7e127f7ef2d3f38a0906d68a5b4d2bb4bc7b892fc23e0c1e845745d9bcecc193b8b6d863fad6d16b4c0117f571053ed7e43b8abd9be7765327d09d2075eac372a899f650b3b18b9814942f98c40c300c5feae05006904434bfb4c4c009d79e584e03b696d9d6cd95ffc76e4001f873b313e6b242b5f2760ebf16d3c53664069aa17f00ef39e8d2825e9105a57cc1424778ced2069e28659e15c38febd1283b840a6167f3e170eecbd64a3306614bda7b33b9e0a4b17ba7b255f972447b9fa2324cf40bf059c47fc12c9c894db55c552f5a4fa7a4e5f43765055034bb9b3e885c38c577920a9ae898ce2820a3abf9caa93f7c678c87a27c11a6fe337ef2795e059b8271e23ee5983034a7818102a1db2e28d8756fadc022b91c450b3ca9b054d31661b1855016c106cb9292218b497099d185ebdd7cc6a3c496ac0d7a5897fc57182f3b5461545c83a000b794b846ef771f8987c617ae297cce27eb92c7420a6b919fe818bdec0651dcd2356f189d61cc189271dff8762890da5653417d825c70ee5e053bcd24acb3738f63a3d9492f9e553cd4788f3da0ddf162eeebe176946678da65df3ea780d133070f42ea4c7645a649ce1a0bd3f1c8c2127fbc4c89996e2ce56ead79b1fd086c1b9f2f53a19cc916a91a728c8e70a551fba313865240617fe7b5c9b30918d858b84de38293528bfd6267e052732ec912925a56a132f0d32aeaba4d7b8b49034be5cd601f58e6b632e1cb0f7f363de84cf836936918a5917b78a589533a42b771f823b45ca07964912f1d6be39f103e2e4f5bc57ce7ce67eec0fcdd570e73f3ae2e2b0ee73fc635e7e70788d23a168d830faf386efdf26d998ef87aaa0b382283a4a236eff2f6c6e71acfba56ba0a8aa912abe24bea212a72f0f67cb6d9d17491e25bc456ac5a40bc791ba1234387c49400afd99eacbbc8384b9d983a0ac5c56220fba2e81172f441593a7c7f82dc309607d7191a88a4b4595cd097e0c969f190206271a4c03cad44ef2824afefc0ac2f4fd0d5836a4c3e381788546b5f00df4667912fe4c899c92041ee43e228a73e9bd8a42f0bce275cfd65565961314ef50355a8cb927bae348d0b8f6bc9234daefcbe2a490fb18b33ba3ee224d3ef076a74d645ebefce47ffd1231d9b8d8aaf5817b6a3b", 0x3b9}], 0x1)
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000680)=[{{&(0x7f0000000000)={0xa, 0x0, 0xee, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000023c0)="ba", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000017c0)={0x0, 0x0, 0x10001, 0x9}, 0x10)

2.238492722s ago: executing program 5 (id=1184):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0)
request_key(&(0x7f00000010c0)='dns_resolver\x00', 0x0, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x541b, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0xfffffff2, 0x800000000006, 0x0, 0x0, 0x0, 0x2)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000b00)="86cf8445f4ba1d9f20174688f169e58c", 0x10)
r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x200000000000000, 0x1}}, 0x40)
mount(&(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ntfs3\x00', 0x418, &(0x7f0000000100)='barrier')
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_uring_enter(r4, 0x23f, 0x5f72, 0x48, &(0x7f0000000040)={[0x2]}, 0x8)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x48002)

2.131421772s ago: executing program 2 (id=1187):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, 0x0)

1.993476114s ago: executing program 2 (id=1188):
syz_io_uring_setup(0xcf, &(0x7f0000000480)={0x0, 0x69d, 0x0, 0xfffffffc, 0x10000}, &(0x7f0000000000), 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000), 0x8)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="620ac4ff00180000691014000000000095"], &(0x7f0000000480)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0xa}, 0x94)
r2 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000001b40)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000000), 0x10, 0x4c0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2)

1.514904196s ago: executing program 4 (id=1193):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x30, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r1)
sendmsg$NLBL_CALIPSO_C_ADD(r1, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004810}, 0x20020000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x20000010)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000080000000850000002b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x20400)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x801, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r3, &(0x7f0000000080)="d3", 0x1, 0x20000050, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x3b, &(0x7f0000000100)=""/2, &(0x7f0000000140)=0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x1e}, &(0x7f0000000100), &(0x7f00000000c0))
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0xa10991ced96e3055)
write$P9_RVERSION(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x15)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mount$9p_rdma(&(0x7f0000000180), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x2004800, &(0x7f0000000280)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@rq={'rq', 0x3d, 0x9}}, {@common=@debug={'debug', 0x3d, 0x9}}], [{@obj_type={'obj_type', 0x3d, '&#-)'}}, {@permit_directio}]}})

1.486009302s ago: executing program 3 (id=1194):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x439, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r2, 0x21801, 0x6536d5ef40a93735}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x81}, @IFLA_GRE_ENCAP_TYPE={0x6}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x410c0}, 0x4000020)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9, 0x0, 0x0, 0x4000000}, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4}, 0x4)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r5}, 0xc)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)="a6", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x3, @loopback, 0x9}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='veno', 0x4)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32=r7, @ANYBLOB="00005200060005000100000008000800", @ANYRES16=r6], 0x2c}}, 0x20008000)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r6, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, r8, 0x400, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x6b}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x4000814}, 0x10)
shutdown(r0, 0x1)

1.477512812s ago: executing program 2 (id=1195):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
setresgid(0x0, 0xee00, 0x0)
r0 = semget$private(0x0, 0x4, 0x29b)
semop(r0, &(0x7f0000000180)=[{0x0, 0x203}, {}], 0x2)
semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000240)={{0x0, 0xee00, 0x0, 0x0, 0x0, 0x68, 0xd49}, 0xfffffffffffffffc, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x1})
semctl$GETVAL(r0, 0x3, 0xc, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
close(0x3)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r2, &(0x7f0000000300)={{0x6, @rose, 0x8}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x48)
r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r4, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
setpgid(0x0, r4)
chdir(&(0x7f0000000140)='./bus\x00')
bind$netrom(r3, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r3, 0x80)
accept$netrom(r3, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x806000)
write$tun(r1, 0x0, 0xfdef)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup(r5)
creat(&(0x7f00000000c0)='./file0\x00', 0x2)

1.334985253s ago: executing program 4 (id=1196):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x20040010)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000ef00)=@newtaction={0x68, 0x30, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [{0x54, 0x1, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0x2, 0x6, 0x3, 0x1}, 0x9}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x68}}, 0x4)
sendmmsg(r0, 0x0, 0x0, 0x0)

1.305527788s ago: executing program 4 (id=1197):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(&(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000000c0)='ntfs3\x00', 0x418, &(0x7f0000000100)='barrier')

1.235334778s ago: executing program 3 (id=1198):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080), 0x2000, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040))
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, 0x0)

1.229078839s ago: executing program 5 (id=1199):
r0 = socket$alg(0x26, 0x5, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @meta={0x58583444, 0xcf35d09, 0xeeb6, 0x9913, 0x177b15ca}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0b000000080000000c0000000300000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000fdffffffffffffff000057e5ea665defd18c28f9b6049e801d32a4f0d97aa37ec42a4ea9c4b069bda95558d5bcd53b6ca46eb06f77b84c8a9634e0475d49ef840d9f0d1a2e621bded7001155cf7aee8d78"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000200)={&(0x7f0000000180), 0x0, 0x0, 0x0, 0x3, r2}, 0x38)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000021c0)=@newtaction={0x78, 0x30, 0x9, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbedit={0x60, 0x1, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x6, 0x6, 0x200ff4c, 0x2738}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x5}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x207}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x2}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0x3b}}}}]}]}, 0x78}}, 0x0)
r4 = accept4(r0, 0x0, 0x0, 0x80000)
r5 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
r6 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000001c0)='net_cls.classid\x00', 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001600)={0x2020, 0x0, 0x0, <r7=>0x0}, 0x2020)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x8, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@uname={'uname', 0x3d, '+*'}}, {@mmap}, {@debug={'debug', 0x3d, 0x8}}], [{@fowner_gt={'fowner>', r7}}, {@measure}]}})
io_setup(0x5, &(0x7f0000000000)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f00000003c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0xe, r5, 0x0, 0x0, 0xfffffffffffffae7, 0x0, 0x4}])
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r9, &(0x7f0000000240)={0x30, 0x5, 0x0, {0x0, 0x1, 0x7fffffff, 0x2e}}, 0x30)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r4)

1.106875262s ago: executing program 4 (id=1200):
socket$netlink(0x10, 0x3, 0x10)
pselect6(0x40, &(0x7f0000000140)={0x6, 0x0, 0x0, 0x3, 0x5, 0x2, 0x5, 0x3}, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48)
io_uring_enter(r0, 0x2218, 0x7721, 0x16, 0x0, 0x0) (fail_nth: 2)

638.501961ms ago: executing program 3 (id=1201):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = syz_io_uring_setup(0x1d22, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x3, 0x3a9}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffff4, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f0000000080)=@l2tp={0x2, 0x0, @local}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'veth0_vlan\x00', <r5=>0x0})
r6 = gettid()
r7 = socket(0x10, 0x803, 0x0)
shutdown(0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r5, 0x59808, 0x55007}, [@IFLA_NET_NS_PID={0x8, 0x13, r6}, @IFLA_ALT_IFNAME={0x14, 0x35, 'veth0_macvtap\x00'}, @IFLA_IFNAME={0x14, 0x3, 'veth1_macvtap\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x4802}, 0x4000010)
io_uring_enter(r1, 0x3532, 0x32c9, 0x45, 0x0, 0x0)

560.091105ms ago: executing program 6 (id=1202):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0xe00, 0x18, 0x18, 0xa, [@struct={0x8, 0x1, 0x0, 0xf, 0x0, 0xffffffff, [{0xe, 0x0, 0x80003}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x2e]}}, &(0x7f0000000040)=""/249, 0x3a, 0xf9, 0xa}, 0x28)

426.825039ms ago: executing program 6 (id=1203):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x78d7, 0x20}, &(0x7f0000000040)=0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r4, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
ioctl$IOMMU_IOAS_UNMAP$ALL(r3, 0x3b86, 0x0)
socket$rxrpc(0x21, 0x2, 0x0)
syz_io_uring_setup(0x4bfb, &(0x7f0000000280)={0x0, 0xb89f, 0x800, 0x0, 0x200004}, 0x0, 0x0)
migrate_pages(0x0, 0x5, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000001140)=0x30000)
connect$inet6(r5, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0xd4ba2000)
mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000bff000/0x400000)=nil)
mremap(&(0x7f000040b000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f00004b3000/0x4000)=nil)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)
socket$nl_netfilter(0x10, 0x3, 0xc)

403.514793ms ago: executing program 2 (id=1204):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) (async)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
pread64(r1, &(0x7f0000001580)=""/4096, 0x1000, 0xd)
r2 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000000280)={0x0, 0x10, 0x6, &(0x7f0000000240)={0x13, "c2ba2cdddf96c2d905bd4296ce341591ddc08dbe750690648bd79a7fbf3d4cefc6"}})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000480)={0x0, 0x18, 0x2, "359f"}, 0x0, 0x0, 0x0, 0x0})

388.923258ms ago: executing program 4 (id=1205):
r0 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
r2 = inotify_init1(0x80000)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000000)=0x7956, 0x4)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000180)={0xa, 0x4e20, 0xffffffff, @loopback, 0xbf}, 0x1c)
recvmmsg(r3, &(0x7f0000000100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4102, 0x1006}, 0xadd}], 0x1, 0x40002000, 0x0)
inotify_add_watch(r2, &(0x7f0000000240)='.\x00', 0x60000726)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)=@generic={&(0x7f0000000140)='./file0\x00', r4}, 0x18)

300.006266ms ago: executing program 4 (id=1206):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x30, 0x0, 0x0, 0x8000}, {0x6}]}, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000ac0), r1)
sendmsg$NLBL_CALIPSO_C_ADD(r1, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24004810}, 0x20020000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x20000010)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000080000000850000002b000000b70000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="180000000000000000000000000000001802"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
unshare(0x20400)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x801, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r3, &(0x7f0000000080)="d3", 0x1, 0x20000050, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10)
getsockopt$sock_buf(r0, 0x1, 0x3b, &(0x7f0000000100)=""/2, &(0x7f0000000140)=0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x108)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x1e}, &(0x7f0000000100), &(0x7f00000000c0))
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0xa10991ced96e3055)
write$P9_RVERSION(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x15)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mount$9p_rdma(&(0x7f0000000180), &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x2004800, &(0x7f0000000280)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@rq={'rq', 0x3d, 0x9}}, {@common=@debug={'debug', 0x3d, 0x9}}], [{@obj_type={'obj_type', 0x3d, '&#-)'}}, {@permit_directio}]}})

0s ago: executing program 5 (id=1207):
socket$nl_route(0x10, 0x3, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x6, 0x0, 0xffffffffffffffff, 0xfffffffdffffffff)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
ppoll(&(0x7f00000000c0)=[{r0, 0x60}], 0x1, 0x0, 0x0, 0x0)
r1 = memfd_create(0x0, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x8001a0)
splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x200002, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fff7ff3}]})
close_range(r2, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9"], 0x11)
r3 = add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000500007111370000000000851000000200ffff840000000500000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0xc, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6}, 0x70)
keyctl$KEYCTL_WATCH_KEY(0x20, r3, 0xffffffffffffffff, 0x100000000000f7)
r4 = socket(0x2c, 0xa, 0x300)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x27, 0x0, 0x1, 0x0, 0x0, 0x20004045}, 0x24008088)
ioprio_set$pid(0x2, 0x0, 0x0)
openat$kvm(0xffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
r5 = io_uring_setup(0x5, &(0x7f0000000500)={0x0, 0x30bd, 0x200, 0x8, 0x400001c3})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000000}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000a0000000060a010400000000000000000100000408000b40000000007800048060000180080001006475700054000280080002400000000e080002400000000a08000240000000080800024000000012080002400000001108000140000000040800c54000000012080002400000001b08000140001b884ee5aa9b87091c11b8000002080001400000000d140001800c0001196269747769736500040002800900010073797a3000000000140000001100010000"], 0x114}}, 0x1)

kernel console output (not intermixed with test programs):

T3575] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  244.236079][ T6312] kaweth 3-1:0.182: probe with driver kaweth failed with error -5
[  244.295905][ T6312] usb 3-1: USB disconnect, device number 17
[  244.444526][ T5991] usb 4-1: USB disconnect, device number 14
[  244.811884][ T5117] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  244.816755][ T5117] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  244.817970][ T5117] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  244.822432][ T5117] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  244.823421][ T5117] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  245.668043][ T6950] 8021q: adding VLAN 0 to HW filter on device batadv0
[  245.766914][ T7340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  246.055646][ T7340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  246.090768][ T7340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  246.264249][ T5811] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  246.416729][ T5811] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  246.416758][ T5811] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  246.419854][ T5811] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  246.419884][ T5811] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.419904][ T5811] usb 3-1: Product: syz
[  246.419926][ T5811] usb 3-1: Manufacturer: syz
[  246.419941][ T5811] usb 3-1: SerialNumber: syz
[  246.496098][ T5811] usb 3-1: config 0 descriptor??
[  246.976606][ T5117] Bluetooth: hci5: command tx timeout
[  248.305571][ T7357] netlink: 'syz.4.395': attribute type 3 has an invalid length.
[  248.674970][ T5915] usb 3-1: USB disconnect, device number 18
[  248.676043][ T5991] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  248.801993][   T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.804218][ T5991] usb 4-1: device descriptor read/64, error -71
[  248.887117][ T7322] chnl_net:caif_netlink_parms(): no params data found
[  249.124002][ T5117] Bluetooth: hci5: command tx timeout
[  249.209935][ T7389] netlink: 12 bytes leftover after parsing attributes in process `syz.4.401'.
[  249.285646][ T7389] vlan2: entered promiscuous mode
[  249.285664][ T7389] bridge0: entered promiscuous mode
[  249.305492][ T5991] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  249.444136][ T5991] usb 4-1: device descriptor read/64, error -71
[  249.554527][ T5991] usb usb4-port1: attempt power cycle
[  249.559934][   T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.614217][ T7397] netlink: 80 bytes leftover after parsing attributes in process `syz.2.402'.
[  249.904166][ T5991] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  249.934731][ T5991] usb 4-1: device descriptor read/8, error -71
[  250.014890][   T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.126293][ T7322] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.126501][ T7322] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.126718][ T7322] bridge_slave_0: entered allmulticast mode
[  250.184788][ T5991] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  250.225230][ T7322] bridge_slave_0: entered promiscuous mode
[  250.579912][ T5991] usb 4-1: device descriptor read/8, error -71
[  250.736713][ T5991] usb usb4-port1: unable to enumerate USB device
[  250.797175][ T7322] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.797296][ T7322] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.797459][ T7322] bridge_slave_1: entered allmulticast mode
[  250.798971][ T7322] bridge_slave_1: entered promiscuous mode
[  251.036062][   T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.154079][ T5117] Bluetooth: hci5: command tx timeout
[  251.200903][ T7322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  251.236583][ T7322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  251.426117][ T7322] team0: Port device team_slave_0 added
[  251.440258][ T6950] veth0_vlan: entered promiscuous mode
[  251.453776][ T7322] team0: Port device team_slave_1 added
[  251.525388][    T9] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  251.695515][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  251.695542][    T9] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  251.700421][ T7322] batman_adv: batadv0: Adding interface: batadv_slave_0
[  251.700437][ T7322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  251.701762][ T7322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  251.731226][    T9] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  251.731246][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.731267][    T9] usb 3-1: Product: syz
[  251.731279][    T9] usb 3-1: Manufacturer: syz
[  251.731286][    T9] usb 3-1: SerialNumber: syz
[  251.808301][    T9] usb 3-1: config 0 descriptor??
[  251.963261][ T7322] batman_adv: batadv0: Adding interface: batadv_slave_1
[  251.963277][ T7322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  251.963301][ T7322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  252.029479][ T6950] veth1_vlan: entered promiscuous mode
[  252.860614][   T13] bridge_slave_1: left allmulticast mode
[  252.860642][   T13] bridge_slave_1: left promiscuous mode
[  252.860883][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  252.948603][   T13] bridge_slave_0: left allmulticast mode
[  252.948625][   T13] bridge_slave_0: left promiscuous mode
[  252.948778][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.164802][ T6312] usb 3-1: USB disconnect, device number 19
[  253.234791][ T5117] Bluetooth: hci5: command tx timeout
[  253.444842][ T7450] delete_channel: no stack
[  254.824874][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  254.884709][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  254.926472][   T13] bond0 (unregistering): Released all slaves
[  255.120648][ T7322] hsr_slave_0: entered promiscuous mode
[  255.132408][ T7322] hsr_slave_1: entered promiscuous mode
[  255.142432][ T7322] debugfs: 'hsr0' already exists in 'hsr'
[  255.142457][ T7322] Cannot create hsr debugfs directory
[  255.407007][ T7461] binder: BINDER_SET_CONTEXT_MGR already set
[  255.407023][ T7461] binder: 7460:7461 ioctl 4018620d 200000000040 returned -16
[  257.067555][ T7475] 9p: Bad value for 'rfdno'
[  257.208918][   T37] audit: type=1326 audit(1771063555.967:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7478 comm="syz.4.425" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f100811bf79 code=0x0
[  257.357359][ T7481] netlink: 'syz.4.425': attribute type 1 has an invalid length.
[  257.357376][ T7481] netlink: 96 bytes leftover after parsing attributes in process `syz.4.425'.
[  257.357398][ T7481] netlink: 1 bytes leftover after parsing attributes in process `syz.4.425'.
[  257.357405][ T7481] netlink: 658 bytes leftover after parsing attributes in process `syz.4.425'.
[  257.447753][ T6950] veth0_macvtap: entered promiscuous mode
[  257.598502][ T6950] veth1_macvtap: entered promiscuous mode
[  257.734127][ T6312] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  257.751826][   T13] hsr_slave_0: left promiscuous mode
[  257.788243][   T13] hsr_slave_1: left promiscuous mode
[  257.789000][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  257.789016][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  257.827694][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  257.827719][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  257.888828][ T6312] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  257.888845][ T6312] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  257.899521][ T6312] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  257.899552][ T6312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.899572][ T6312] usb 4-1: Product: syz
[  257.899585][ T6312] usb 4-1: Manufacturer: syz
[  257.899604][ T6312] usb 4-1: SerialNumber: syz
[  257.915694][ T6312] usb 4-1: config 0 descriptor??
[  258.029508][   T13] veth1_macvtap: left promiscuous mode
[  258.031251][   T13] veth0_macvtap: left promiscuous mode
[  258.031411][   T13] veth1_vlan: left promiscuous mode
[  258.031507][   T13] veth0_vlan: left promiscuous mode
[  259.324468][ T5915] usb 4-1: USB disconnect, device number 19
[  261.931480][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  261.931551][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  262.840733][ T7511] netlink: 4 bytes leftover after parsing attributes in process `syz.3.432'.
[  267.131140][ T7541] program syz.2.441 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  270.002604][ T5813] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  270.024298][ T5813] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  270.026448][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  270.027483][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  270.028483][ T5813] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  270.449866][   T13] team0 (unregistering): Port device team_slave_1 removed
[  270.786181][   T13] team0 (unregistering): Port device team_slave_0 removed
[  272.331634][ T5813] Bluetooth: hci4: command tx timeout
[  272.674063][ T5915] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  272.847748][ T5915] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  272.847776][ T5915] usb 3-1: config 0 has no interface number 0
[  272.847800][ T5915] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  272.847827][ T5915] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  272.847842][ T5915] usb 3-1: config 0 interface 255 has no altsetting 0
[  272.864755][ T5915] usb 3-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  272.864784][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.864804][ T5915] usb 3-1: Product: syz
[  272.864817][ T5915] usb 3-1: Manufacturer: syz
[  272.864830][ T5915] usb 3-1: SerialNumber: syz
[  272.869786][ T5915] usb 3-1: config 0 descriptor??
[  274.355047][ T5813] Bluetooth: hci4: command tx timeout
[  274.784272][ T5991] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  274.944151][ T5991] usb 4-1: Using ep0 maxpacket: 16
[  274.951428][ T5991] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11
[  274.951829][ T5991] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  274.951855][ T5991] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  274.951875][ T5991] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  274.951898][ T5991] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  274.986601][ T5991] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  274.986781][ T5991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  274.986848][ T5991] usb 4-1: SerialNumber: syz
[  275.033442][ T7577] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  275.120574][ T5991] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  275.328836][ T5915] usb 3-1: USB disconnect, device number 20
[  276.488461][ T5117] Bluetooth: hci4: command tx timeout
[  276.857892][ T6312] usb 4-1: USB disconnect, device number 20
[  278.533479][ T5813] Bluetooth: hci4: command tx timeout
[  282.154137][ T5816] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  282.186469][ T7552] chnl_net:caif_netlink_parms(): no params data found
[  282.301717][ T7322] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  282.319177][ T5816] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  282.319208][ T5816] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  282.319226][ T5816] usb 4-1: config 0 has no interface number 0
[  282.351548][ T5816] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  282.351586][ T5816] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.351606][ T5816] usb 4-1: Product: syz
[  282.351620][ T5816] usb 4-1: Manufacturer: syz
[  282.351634][ T5816] usb 4-1: SerialNumber: syz
[  282.396150][ T5816] usb 4-1: config 0 descriptor??
[  282.417693][ T5816] ims_pcu 4-1:0.41: Missing CDC union descriptor
[  282.417761][ T5816] ims_pcu 4-1:0.41: probe with driver ims_pcu failed with error -22
[  282.623593][ T5811] usb 4-1: USB disconnect, device number 21
[  283.914465][ T7322] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  284.064361][ T7322] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  284.157719][ T7322] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  285.434318][ T7552] bridge0: port 1(bridge_slave_0) entered blocking state
[  285.434433][ T7552] bridge0: port 1(bridge_slave_0) entered disabled state
[  285.434648][ T7552] bridge_slave_0: entered allmulticast mode
[  285.436704][ T7552] bridge_slave_0: entered promiscuous mode
[  285.589332][ T7552] bridge0: port 2(bridge_slave_1) entered blocking state
[  285.589448][ T7552] bridge0: port 2(bridge_slave_1) entered disabled state
[  285.589616][ T7552] bridge_slave_1: entered allmulticast mode
[  285.591040][ T7552] bridge_slave_1: entered promiscuous mode
[  285.957688][ T7715] ubi31: attaching mtd0
[  285.988642][ T7715] ubi31: scanning is finished
[  286.643172][ T7552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  286.747618][ T7552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  286.777745][ T7715] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  287.048873][ T7552] team0: Port device team_slave_0 added
[  287.062461][ T7552] team0: Port device team_slave_1 added
[  287.160071][   T13] bridge_slave_1: left allmulticast mode
[  287.160098][   T13] bridge_slave_1: left promiscuous mode
[  287.160341][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  287.248615][    T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  287.284917][   T13] bridge_slave_0: left allmulticast mode
[  287.284945][   T13] bridge_slave_0: left promiscuous mode
[  287.285186][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  287.422042][    T9] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  287.422071][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  287.422089][    T9] usb 4-1: config 0 has no interface number 0
[  287.439046][    T9] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  287.439076][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.439095][    T9] usb 4-1: Product: syz
[  287.439108][    T9] usb 4-1: Manufacturer: syz
[  287.439122][    T9] usb 4-1: SerialNumber: syz
[  287.450387][    T9] usb 4-1: config 0 descriptor??
[  287.472504][    T9] ims_pcu 4-1:0.41: Missing CDC union descriptor
[  287.472563][    T9] ims_pcu 4-1:0.41: probe with driver ims_pcu failed with error -22
[  287.784457][    T9] usb 4-1: USB disconnect, device number 22
[  288.328109][   T13] ODEBUG: Out of memory. ODEBUG disabled
[  289.669572][ T7749] libceph: resolve '0' (ret=-3): failed
[  290.284134][    T9] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  290.504133][    T9] usb 4-1: Using ep0 maxpacket: 32
[  290.506557][    T9] usb 4-1: config 0 has an invalid interface number: 182 but max is 0
[  290.506585][    T9] usb 4-1: config 0 has no interface number 0
[  290.506617][    T9] usb 4-1: config 0 interface 182 has no altsetting 0
[  290.513757][    T9] usb 4-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db
[  290.513788][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.513817][    T9] usb 4-1: Product: syz
[  290.513831][    T9] usb 4-1: Manufacturer: syz
[  290.513844][    T9] usb 4-1: SerialNumber: syz
[  290.582368][    T9] usb 4-1: config 0 descriptor??
[  290.614076][    T9] hub 4-1:0.182: bad descriptor, ignoring hub
[  290.614114][    T9] hub 4-1:0.182: probe with driver hub failed with error -5
[  290.813245][    T9] kaweth 4-1:0.182: Firmware present in device.
[  290.994915][    T9] kaweth 4-1:0.182: Statistics collection: 0
[  290.994938][    T9] kaweth 4-1:0.182: Multicast filter limit: 0
[  290.994950][    T9] kaweth 4-1:0.182: MTU: 0
[  290.994962][    T9] kaweth 4-1:0.182: Read MAC address 00:00:00:00:00:00
[  291.988035][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  292.077085][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  292.145994][   T13] bond0 (unregistering): Released all slaves
[  292.211130][ T7552] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.211142][ T7552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.211157][ T7552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.437315][ T7552] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.437332][ T7552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  292.437562][ T7552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.752519][    T9] kaweth 4-1:0.182: probe with driver kaweth failed with error -5
[  292.817524][    T9] usb 4-1: USB disconnect, device number 23
[  292.896858][   T13] hsr_slave_0: left promiscuous mode
[  292.949931][   T13] hsr_slave_1: left promiscuous mode
[  292.950851][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  292.991030][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  293.151534][   T13] veth1_macvtap: left promiscuous mode
[  293.151645][   T13] veth0_macvtap: left promiscuous mode
[  293.151887][   T13] veth1_vlan: left promiscuous mode
[  293.152043][   T13] veth0_vlan: left promiscuous mode
[  293.535767][ T6312] kernel write not supported for file bpf-prog (pid: 6312 comm: kworker/1:8)
[  296.406702][ T5813] Bluetooth: hci3: unexpected event for opcode 0x040d
[  298.331784][ T7857] netlink: 8 bytes leftover after parsing attributes in process `syz.4.519'.
[  298.512452][   T13] team0 (unregistering): Port device team_slave_1 removed
[  298.874971][   T13] team0 (unregistering): Port device team_slave_0 removed
[  299.916780][ T7864] IPVS: length: 528 != 632
[  301.004320][ T7872] FAULT_INJECTION: forcing a failure.
[  301.004320][ T7872] name failslab, interval 1, probability 0, space 0, times 0
[  301.004353][ T7872] CPU: 0 UID: 0 PID: 7872 Comm: syz.2.524 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  301.004374][ T7872] Tainted: [L]=SOFTLOCKUP
[  301.004380][ T7872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  301.004388][ T7872] Call Trace:
[  301.004394][ T7872]  <TASK>
[  301.004402][ T7872]  dump_stack_lvl+0xe8/0x150
[  301.004426][ T7872]  should_fail_ex+0x46b/0x600
[  301.004450][ T7872]  should_failslab+0xa8/0x100
[  301.004471][ T7872]  __kmalloc_noprof+0xdf/0x7b0
[  301.004486][ T7872]  ? kfree+0x4d/0x690
[  301.004498][ T7872]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  301.004518][ T7872]  tomoyo_realpath_from_path+0xe3/0x5d0
[  301.004534][ T7872]  ? tomoyo_domain+0xd8/0x130
[  301.004556][ T7872]  ? tomoyo_path_number_perm+0x219/0x630
[  301.004577][ T7872]  tomoyo_path_number_perm+0x246/0x630
[  301.004602][ T7872]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  301.004625][ T7872]  ? __lock_acquire+0x6b5/0x2cf0
[  301.004661][ T7872]  ? do_raw_spin_lock+0x12b/0x2f0
[  301.004708][ T7872]  ? __fget_files+0x2a/0x420
[  301.004732][ T7872]  ? __fget_files+0x2a/0x420
[  301.004750][ T7872]  ? __fget_files+0x3a6/0x420
[  301.004769][ T7872]  ? __fget_files+0x2a/0x420
[  301.004793][ T7872]  security_file_ioctl+0xc3/0x2a0
[  301.004820][ T7872]  __se_sys_ioctl+0x47/0x170
[  301.004842][ T7872]  do_syscall_64+0x14d/0xf80
[  301.004865][ T7872]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.004882][ T7872]  ? trace_irq_disable+0x37/0x100
[  301.004896][ T7872]  ? clear_bhb_loop+0x40/0x90
[  301.004918][ T7872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.004935][ T7872] RIP: 0033:0x7fde0986bf79
[  301.004953][ T7872] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  301.004969][ T7872] RSP: 002b:00007fde07a9d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  301.004989][ T7872] RAX: ffffffffffffffda RBX: 00007fde09ae6090 RCX: 00007fde0986bf79
[  301.005002][ T7872] RDX: 0000000000000000 RSI: 0000000000005437 RDI: 0000000000000003
[  301.005014][ T7872] RBP: 00007fde07a9d090 R08: 0000000000000000 R09: 0000000000000000
[  301.005025][ T7872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.005036][ T7872] R13: 00007fde09ae6128 R14: 00007fde09ae6090 R15: 00007ffd2402df88
[  301.005067][ T7872]  </TASK>
[  301.005075][ T7872] ERROR: Out of memory at tomoyo_realpath_from_path.
[  302.945699][   T37] audit: type=1326 audit(1771063601.697:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.945751][   T37] audit: type=1326 audit(1771063601.697:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.945788][   T37] audit: type=1326 audit(1771063601.697:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.945826][   T37] audit: type=1326 audit(1771063601.697:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.945862][   T37] audit: type=1326 audit(1771063601.697:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.945898][   T37] audit: type=1326 audit(1771063601.697:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.945935][   T37] audit: type=1326 audit(1771063601.697:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.945972][   T37] audit: type=1326 audit(1771063601.697:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.946008][   T37] audit: type=1326 audit(1771063601.697:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.946045][   T37] audit: type=1326 audit(1771063601.697:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7886 comm="syz.3.528" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e9c18bf79 code=0x7ffc0000
[  302.958933][ T7889] futex_wake_op: syz.3.528 tries to shift op by -1; fix this program
[  302.974562][ T7888] futex_wake_op: syz.3.528 tries to shift op by -1; fix this program
[  303.015419][ T7552] hsr_slave_0: entered promiscuous mode
[  303.016672][ T7552] hsr_slave_1: entered promiscuous mode
[  303.020786][ T7552] debugfs: 'hsr0' already exists in 'hsr'
[  303.020813][ T7552] Cannot create hsr debugfs directory
[  303.374079][ T7894] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  304.032093][ T7322] 8021q: adding VLAN 0 to HW filter on device bond0
[  304.751684][ T7933] netlink: 12 bytes leftover after parsing attributes in process `syz.2.535'.
[  304.867669][ T5117] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  304.871399][ T5117] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  304.872577][ T5117] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  304.873786][ T5117] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  304.906478][ T5117] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  305.212797][ T7950] sctp: [Deprecated]: syz.2.540 (pid 7950) Use of int in max_burst socket option deprecated.
[  305.212797][ T7950] Use struct sctp_assoc_value instead
[  305.474517][ T5816] usb 3-1: new low-speed USB device number 21 using dummy_hcd
[  305.688223][ T5816] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  305.688279][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  305.688306][ T5816] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  305.688333][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  305.688354][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  305.691694][ T5816] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  305.691748][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  305.691774][ T5816] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  305.691799][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  305.691825][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  305.804936][ T5816] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  305.804992][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  305.805018][ T5816] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  305.805044][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  305.805068][ T5816] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  305.810852][ T5816] usb 3-1: string descriptor 0 read error: -22
[  305.810980][ T5816] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  305.811006][ T5816] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.956988][ T5816] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  306.994626][ T5813] Bluetooth: hci1: command tx timeout
[  308.048453][ T8004] netlink: 12 bytes leftover after parsing attributes in process `syz.4.546'.
[  308.694968][ T5959] usb 3-1: USB disconnect, device number 21
[  309.074168][ T5813] Bluetooth: hci1: command tx timeout
[  309.364517][ T7934] chnl_net:caif_netlink_parms(): no params data found
[  309.387374][ T7552] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  309.904119][   T31] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  310.026070][ T7552] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  310.082274][ T7552] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  310.093057][   T31] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  310.093085][   T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  310.093105][   T31] usb 3-1: config 0 has no interface number 0
[  310.121166][   T31] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  310.121197][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.121218][   T31] usb 3-1: Product: syz
[  310.121232][   T31] usb 3-1: Manufacturer: syz
[  310.121246][   T31] usb 3-1: SerialNumber: syz
[  310.166332][   T31] usb 3-1: config 0 descriptor??
[  310.179796][   T31] ims_pcu 3-1:0.41: Missing CDC union descriptor
[  310.179850][   T31] ims_pcu 3-1:0.41: probe with driver ims_pcu failed with error -22
[  310.240600][ T7552] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  310.454881][ T7934] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.455051][ T7934] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.455251][ T7934] bridge_slave_0: entered allmulticast mode
[  310.457849][ T7934] bridge_slave_0: entered promiscuous mode
[  310.514506][ T7934] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.514650][ T7934] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.514973][ T7934] bridge_slave_1: entered allmulticast mode
[  310.583059][ T7934] bridge_slave_1: entered promiscuous mode
[  310.601025][ T5816] usb 3-1: USB disconnect, device number 22
[  310.889984][ T7934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  310.945476][ T7934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  310.998487][ T7934] team0: Port device team_slave_0 added
[  311.001854][ T7934] team0: Port device team_slave_1 added
[  311.065399][ T7934] batman_adv: batadv0: Adding interface: batadv_slave_0
[  311.065414][ T7934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  311.065428][ T7934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  311.067932][ T7934] batman_adv: batadv0: Adding interface: batadv_slave_1
[  311.067943][ T7934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  311.067957][ T7934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  311.178327][ T5813] Bluetooth: hci1: command tx timeout
[  311.615675][ T8053] netlink: 12 bytes leftover after parsing attributes in process `syz.2.555'.
[  312.406982][   T69] bridge_slave_1: left allmulticast mode
[  312.407009][   T69] bridge_slave_1: left promiscuous mode
[  312.407228][   T69] bridge0: port 2(bridge_slave_1) entered disabled state
[  312.585529][   T69] bridge_slave_0: left allmulticast mode
[  312.585550][   T69] bridge_slave_0: left promiscuous mode
[  312.585731][   T69] bridge0: port 1(bridge_slave_0) entered disabled state
[  313.373643][ T5813] Bluetooth: hci1: command tx timeout
[  314.374830][   T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  314.454980][   T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  314.516404][   T69] bond0 (unregistering): Released all slaves
[  314.718967][ T7934] hsr_slave_0: entered promiscuous mode
[  314.721480][ T7934] hsr_slave_1: entered promiscuous mode
[  314.723556][ T7934] debugfs: 'hsr0' already exists in 'hsr'
[  314.726972][ T7934] Cannot create hsr debugfs directory
[  315.414162][   T69] hsr_slave_0: left promiscuous mode
[  315.454216][   T69] hsr_slave_1: left promiscuous mode
[  315.457051][   T69] batman_adv: batadv0: Removing interface: batadv_slave_0
[  315.497295][   T69] batman_adv: batadv0: Removing interface: batadv_slave_1
[  317.214737][ T8117] netlink: 12 bytes leftover after parsing attributes in process `syz.4.565'.
[  317.365309][   T69] team0 (unregistering): Port device team_slave_1 removed
[  317.538657][   T69] team0 (unregistering): Port device team_slave_0 removed
[  317.714134][ T5915] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  317.884760][ T5915] usb 3-1: no configurations
[  317.884773][ T5915] usb 3-1: can't read configurations, error -22
[  317.893454][ T8125] overlayfs: failed to clone lowerpath
[  317.936415][ T8125] overlayfs: failed to clone lowerpath
[  318.020391][ T5915] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  318.184921][ T5915] usb 3-1: no configurations
[  318.184934][ T5915] usb 3-1: can't read configurations, error -22
[  318.185137][ T5915] usb usb3-port1: attempt power cycle
[  319.457987][ T7552] 8021q: adding VLAN 0 to HW filter on device bond0
[  319.614117][ T5915] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  319.635359][ T5915] usb 3-1: no configurations
[  319.635377][ T5915] usb 3-1: can't read configurations, error -22
[  319.748703][ T7552] 8021q: adding VLAN 0 to HW filter on device team0
[  319.764265][ T5915] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  319.798052][ T5915] usb 3-1: no configurations
[  319.798065][ T5915] usb 3-1: can't read configurations, error -22
[  319.798368][ T5915] usb usb3-port1: unable to enumerate USB device
[  319.885866][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  319.885956][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  319.912878][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  319.912953][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.176983][ T8169] FAULT_INJECTION: forcing a failure.
[  321.176983][ T8169] name failslab, interval 1, probability 0, space 0, times 0
[  321.177020][ T8169] CPU: 1 UID: 0 PID: 8169 Comm: syz.3.580 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  321.177045][ T8169] Tainted: [L]=SOFTLOCKUP
[  321.177051][ T8169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  321.177062][ T8169] Call Trace:
[  321.177069][ T8169]  <TASK>
[  321.177077][ T8169]  dump_stack_lvl+0xe8/0x150
[  321.177105][ T8169]  should_fail_ex+0x46b/0x600
[  321.177133][ T8169]  should_failslab+0xa8/0x100
[  321.177155][ T8169]  __kmalloc_noprof+0xdf/0x7b0
[  321.177173][ T8169]  ? kfree+0x4d/0x690
[  321.177188][ T8169]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  321.177214][ T8169]  tomoyo_realpath_from_path+0xe3/0x5d0
[  321.177236][ T8169]  ? tomoyo_domain+0xd8/0x130
[  321.177260][ T8169]  ? tomoyo_path_number_perm+0x219/0x630
[  321.177284][ T8169]  tomoyo_path_number_perm+0x246/0x630
[  321.177311][ T8169]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  321.177333][ T8169]  ? __lock_acquire+0x6b5/0x2cf0
[  321.177358][ T8169]  ? do_raw_spin_lock+0x12b/0x2f0
[  321.177410][ T8169]  ? __fget_files+0x2a/0x420
[  321.177435][ T8169]  ? __fget_files+0x2a/0x420
[  321.177453][ T8169]  ? __fget_files+0x3a6/0x420
[  321.177472][ T8169]  ? __fget_files+0x2a/0x420
[  321.177497][ T8169]  security_file_ioctl+0xc3/0x2a0
[  321.177523][ T8169]  __se_sys_ioctl+0x47/0x170
[  321.177544][ T8169]  do_syscall_64+0x14d/0xf80
[  321.177565][ T8169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.177582][ T8169]  ? trace_irq_disable+0x37/0x100
[  321.177596][ T8169]  ? clear_bhb_loop+0x40/0x90
[  321.177617][ T8169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.177634][ T8169] RIP: 0033:0x7f8e9c18bf79
[  321.177650][ T8169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  321.177667][ T8169] RSP: 002b:00007f8e9a3e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  321.177687][ T8169] RAX: ffffffffffffffda RBX: 00007f8e9c405fa0 RCX: 00007f8e9c18bf79
[  321.177699][ T8169] RDX: 0000200000000580 RSI: 00000000c06864a2 RDI: 0000000000000003
[  321.177711][ T8169] RBP: 00007f8e9a3e6090 R08: 0000000000000000 R09: 0000000000000000
[  321.177722][ T8169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.177741][ T8169] R13: 00007f8e9c406038 R14: 00007f8e9c405fa0 R15: 00007ffc812e68f8
[  321.177771][ T8169]  </TASK>
[  321.177778][ T8169] ERROR: Out of memory at tomoyo_realpath_from_path.
[  321.257239][ T7552] 8021q: adding VLAN 0 to HW filter on device batadv0
[  322.179996][ T8185] netlink: 12 bytes leftover after parsing attributes in process `syz.2.576'.
[  322.373258][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  322.373322][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  322.649854][ T7934] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  322.683940][ T7934] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  322.722978][ T7934] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  322.786379][ T7934] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  322.993761][ T7552] veth0_vlan: entered promiscuous mode
[  323.087448][ T7552] veth1_vlan: entered promiscuous mode
[  323.277485][ T7552] veth0_macvtap: entered promiscuous mode
[  323.303690][ T7552] veth1_macvtap: entered promiscuous mode
[  323.339599][ T7934] 8021q: adding VLAN 0 to HW filter on device bond0
[  323.444362][ T7552] batman_adv: batadv0: Interface activated: batadv_slave_0
[  323.448940][ T7934] 8021q: adding VLAN 0 to HW filter on device team0
[  323.496629][ T7552] batman_adv: batadv0: Interface activated: batadv_slave_1
[  323.522719][   T69] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.526079][   T69] bridge0: port 1(bridge_slave_0) entered forwarding state
[  323.560845][   T69] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  323.570411][ T1612] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.570531][ T1612] bridge0: port 2(bridge_slave_1) entered forwarding state
[  323.585081][   T69] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  323.590567][   T69] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  323.600953][   T69] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  324.107903][ T1612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.107926][ T1612] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.313915][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  324.313939][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  324.557655][ T8248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.589'.
[  326.050358][ T7934] 8021q: adding VLAN 0 to HW filter on device batadv0
[  326.184096][ T5915] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  326.352493][ T8268] netlink: 8 bytes leftover after parsing attributes in process `syz.4.591'.
[  326.352523][ T8268] netlink: 8 bytes leftover after parsing attributes in process `syz.4.591'.
[  326.353748][ T8268] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  326.362259][ T5915] usb 6-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea
[  326.362290][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.378685][ T5915] usb 6-1: config 0 descriptor??
[  326.388766][ T5915] usb 6-1: Invalid firmware size=18.
[  326.600730][ T5915] usb 6-1: USB disconnect, device number 2
[  326.863251][ T7934] veth0_vlan: entered promiscuous mode
[  326.884124][ T6312] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  326.889121][ T7934] veth1_vlan: entered promiscuous mode
[  326.965163][ T7934] veth0_macvtap: entered promiscuous mode
[  326.970617][ T7934] veth1_macvtap: entered promiscuous mode
[  327.004476][ T7934] batman_adv: batadv0: Interface activated: batadv_slave_0
[  327.026819][ T7934] batman_adv: batadv0: Interface activated: batadv_slave_1
[  327.045802][ T3575] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  327.047600][   T69] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  327.047956][ T6312] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  327.047977][ T6312] usb 4-1: config 0 has no interfaces?
[  327.048004][ T6312] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  327.048026][ T6312] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.059223][ T3575] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  327.067330][ T6312] usb 4-1: config 0 descriptor??
[  327.077621][ T3575] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  327.231940][ T5813] Bluetooth: hci3: unexpected event for opcode 0x080f
[  327.232171][ T8284] netlink: 'syz.2.590': attribute type 4 has an invalid length.
[  327.240372][ T8288] netlink: 'syz.2.590': attribute type 4 has an invalid length.
[  327.694531][   T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.694550][   T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.809976][  T159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.809997][  T159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.884139][ T5966] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  328.034476][ T5966] usb 3-1: Using ep0 maxpacket: 16
[  328.036778][ T5966] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  328.036831][ T5966] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  328.036860][ T5966] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  328.036883][ T5966] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  328.036906][ T5966] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  328.038187][ T5966] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  328.038214][ T5966] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  328.038234][ T5966] usb 3-1: Manufacturer: syz
[  328.130244][ T5966] usb 3-1: config 0 descriptor??
[  328.436216][ T8319] netlink: 12 bytes leftover after parsing attributes in process `syz.4.595'.
[  328.604091][ T5966] rc_core: IR keymap rc-hauppauge not found
[  328.604111][ T5966] Registered IR keymap rc-empty
[  328.604778][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.624278][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.649751][ T5966] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  328.651855][ T5966] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input7
[  328.746228][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.764313][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.794279][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.821277][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.837855][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.854193][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.874215][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.894133][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.924227][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.944184][ T5966] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  328.987970][ T5966] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  328.987999][ T5966] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  329.398187][ T8332] netlink: 8 bytes leftover after parsing attributes in process `syz.5.598'.
[  329.442041][ T5966] usb 3-1: USB disconnect, device number 27
[  329.633133][ T8332] bond1: option arp_missed_max: mode dependency failed, not supported in mode 802.3ad(4)
[  329.691495][ T8332] bond1 (unregistering): Released all slaves
[  329.858682][ T5811] usb 4-1: USB disconnect, device number 24
[  331.118519][ T5813] Bluetooth: hci2: unexpected event for opcode 0x1004
[  334.074167][   T31] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  335.309335][ T5813] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  335.309518][ T5813] Bluetooth: hci2: Injecting HCI hardware error event
[  335.311647][ T5813] Bluetooth: hci2: hardware error 0x00
[  335.335570][   T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  335.335596][   T31] usb 3-1: config 0 has no interfaces?
[  335.335624][   T31] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  335.335648][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.448411][   T31] usb 3-1: config 0 descriptor??
[  337.605330][ T5966] usb 3-1: USB disconnect, device number 28
[  337.922389][ T8437] FAULT_INJECTION: forcing a failure.
[  337.922389][ T8437] name failslab, interval 1, probability 0, space 0, times 0
[  337.922423][ T8437] CPU: 1 UID: 0 PID: 8437 Comm: syz.2.621 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  337.922445][ T8437] Tainted: [L]=SOFTLOCKUP
[  337.922450][ T8437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  337.922461][ T8437] Call Trace:
[  337.922472][ T8437]  <TASK>
[  337.922479][ T8437]  dump_stack_lvl+0xe8/0x150
[  337.922507][ T8437]  should_fail_ex+0x46b/0x600
[  337.922534][ T8437]  should_failslab+0xa8/0x100
[  337.922557][ T8437]  kmem_cache_alloc_noprof+0x87/0x680
[  337.922576][ T8437]  ? sctp_chunkify+0x5a/0x260
[  337.922601][ T8437]  sctp_chunkify+0x5a/0x260
[  337.922623][ T8437]  _sctp_make_chunk+0x122/0x290
[  337.922646][ T8437]  sctp_make_init+0x5e3/0xe00
[  337.922675][ T8437]  ? __pfx_sctp_make_init+0x10/0x10
[  337.922696][ T8437]  ? arch_stack_walk+0xfb/0x150
[  337.922732][ T8437]  ? stack_trace_save+0xa9/0x100
[  337.922755][ T8437]  sctp_sf_do_prm_asoc+0xd2/0x3f0
[  337.922783][ T8437]  sctp_do_sm+0x238/0x5cf0
[  337.922800][ T8437]  ? __pfx_sctp_pname+0x10/0x10
[  337.922823][ T8437]  ? kasan_save_track+0x3e/0x80
[  337.922841][ T8437]  ? sctp_stream_init_ext+0x57/0x180
[  337.922858][ T8437]  ? sctp_sendmsg+0x170d/0x2990
[  337.922878][ T8437]  ? __sys_sendto+0x643/0x7d0
[  337.922900][ T8437]  ? __x64_sys_sendto+0xde/0x100
[  337.922921][ T8437]  ? do_syscall_64+0x14d/0xf80
[  337.922941][ T8437]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.922964][ T8437]  ? __pfx_sctp_do_sm+0x10/0x10
[  337.923018][ T8437]  ? __sk_mem_raise_allocated+0x290/0x12f0
[  337.923039][ T8437]  ? __genradix_ptr+0x1e1/0x220
[  337.923069][ T8437]  sctp_primitive_ASSOCIATE+0x95/0xc0
[  337.923097][ T8437]  sctp_sendmsg_to_asoc+0x143d/0x1900
[  337.923128][ T8437]  ? sctp_assoc_add_peer+0xce1/0x13b0
[  337.923166][ T8437]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  337.923195][ T8437]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  337.923219][ T8437]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  337.923241][ T8437]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  337.923262][ T8437]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  337.923284][ T8437]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  337.923305][ T8437]  ? security_sctp_bind_connect+0x7e/0x2c0
[  337.923334][ T8437]  sctp_sendmsg+0x170d/0x2990
[  337.923371][ T8437]  ? __pfx_sctp_sendmsg+0x10/0x10
[  337.923399][ T8437]  ? __might_fault+0xaf/0x130
[  337.923420][ T8437]  ? __might_fault+0xaf/0x130
[  337.923447][ T8437]  ? sock_rps_record_flow+0x19/0x400
[  337.923473][ T8437]  ? inet_sendmsg+0x2f4/0x370
[  337.923494][ T8437]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  337.923514][ T8437]  __sys_sendto+0x643/0x7d0
[  337.923541][ T8437]  ? __pfx___sys_sendto+0x10/0x10
[  337.923584][ T8437]  ? ksys_write+0x248/0x270
[  337.923604][ T8437]  ? __pfx_ksys_write+0x10/0x10
[  337.923626][ T8437]  __x64_sys_sendto+0xde/0x100
[  337.923651][ T8437]  do_syscall_64+0x14d/0xf80
[  337.923671][ T8437]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.923687][ T8437]  ? trace_irq_disable+0x37/0x100
[  337.923701][ T8437]  ? clear_bhb_loop+0x40/0x90
[  337.923722][ T8437]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.923739][ T8437] RIP: 0033:0x7fde0986bf79
[  337.923756][ T8437] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  337.923770][ T8437] RSP: 002b:00007fde07abe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  337.923790][ T8437] RAX: ffffffffffffffda RBX: 00007fde09ae5fa0 RCX: 00007fde0986bf79
[  337.923802][ T8437] RDX: 0000000000020a00 RSI: 0000200000000040 RDI: 0000000000000003
[  337.923813][ T8437] RBP: 00007fde07abe090 R08: 0000200000000100 R09: 000000000000001c
[  337.923824][ T8437] R10: 0000000000044004 R11: 0000000000000246 R12: 0000000000000002
[  337.923834][ T8437] R13: 00007fde09ae6038 R14: 00007fde09ae5fa0 R15: 00007ffd2402df88
[  337.923864][ T8437]  </TASK>
[  338.011785][ T8441] 9p: Bad value for 'rfdno'
[  338.264089][ T5816] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  339.368774][ T5813] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  339.434135][ T5915] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  339.466024][ T5816] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  339.466065][ T5816] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.475881][ T5816] usb 7-1: config 0 descriptor??
[  339.497460][ T5816] cp210x 7-1:0.0: cp210x converter detected
[  339.573772][ T8450] FAULT_INJECTION: forcing a failure.
[  339.573772][ T8450] name failslab, interval 1, probability 0, space 0, times 0
[  339.573888][ T8450] CPU: 0 UID: 0 PID: 8450 Comm: syz.5.615 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  339.573916][ T8450] Tainted: [L]=SOFTLOCKUP
[  339.573922][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  339.573933][ T8450] Call Trace:
[  339.573940][ T8450]  <TASK>
[  339.573949][ T8450]  dump_stack_lvl+0xe8/0x150
[  339.573979][ T8450]  should_fail_ex+0x46b/0x600
[  339.574004][ T8450]  should_failslab+0xa8/0x100
[  339.574025][ T8450]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  339.574043][ T8450]  ? __alloc_skb+0x1d7/0x390
[  339.574064][ T8450]  ? lockdep_hardirqs_on+0x7a/0x110
[  339.574086][ T8450]  ? __alloc_skb+0x193/0x390
[  339.574108][ T8450]  __alloc_skb+0x1d7/0x390
[  339.574134][ T8450]  netlink_sendmsg+0x5d4/0xb40
[  339.574164][ T8450]  ? __pfx_netlink_sendmsg+0x10/0x10
[  339.574193][ T8450]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  339.574225][ T8450]  ____sys_sendmsg+0xa4e/0xac0
[  339.574243][ T8450]  ? __might_fault+0xaf/0x130
[  339.574269][ T8450]  ? __pfx_____sys_sendmsg+0x10/0x10
[  339.574296][ T8450]  ? import_iovec+0x73/0xa0
[  339.574321][ T8450]  ___sys_sendmsg+0x2a5/0x360
[  339.574339][ T8450]  ? __lock_acquire+0x6b5/0x2cf0
[  339.574365][ T8450]  ? __pfx____sys_sendmsg+0x10/0x10
[  339.574415][ T8450]  ? __fget_files+0x2a/0x420
[  339.574437][ T8450]  ? __fget_files+0x3a6/0x420
[  339.574468][ T8450]  __x64_sys_sendmsg+0x1c3/0x2a0
[  339.574489][ T8450]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  339.574516][ T8450]  ? __pfx_ksys_write+0x10/0x10
[  339.574543][ T8450]  do_syscall_64+0x14d/0xf80
[  339.574561][ T8450]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.574576][ T8450]  ? trace_irq_disable+0x37/0x100
[  339.574590][ T8450]  ? clear_bhb_loop+0x40/0x90
[  339.574610][ T8450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.574628][ T8450] RIP: 0033:0x7fd72884bf79
[  339.574644][ T8450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  339.574659][ T8450] RSP: 002b:00007fd726aa6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  339.574679][ T8450] RAX: ffffffffffffffda RBX: 00007fd728ac5fa0 RCX: 00007fd72884bf79
[  339.574693][ T8450] RDX: 000000000004c840 RSI: 0000200000000140 RDI: 0000000000000003
[  339.574704][ T8450] RBP: 00007fd726aa6090 R08: 0000000000000000 R09: 0000000000000000
[  339.574716][ T8450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.574728][ T8450] R13: 00007fd728ac6038 R14: 00007fd728ac5fa0 R15: 00007ffdaccffa28
[  339.574757][ T8450]  </TASK>
[  339.586872][ T5915] usb 3-1: config 0 has no interfaces?
[  339.590069][ T5915] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  339.590098][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.590165][ T5915] usb 3-1: Product: syz
[  339.590179][ T5915] usb 3-1: Manufacturer: syz
[  339.590192][ T5915] usb 3-1: SerialNumber: syz
[  339.645622][ T5915] usb 3-1: config 0 descriptor??
[  339.886002][ T5915] usb 3-1: USB disconnect, device number 29
[  339.897650][ T5816] cp210x 7-1:0.0: failed to get vendor val 0x000e size 3: -32
[  339.967980][ T5816] usb 7-1: cp210x converter now attached to ttyUSB0
[  340.185516][ T5131] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  340.314162][ T5131] usb 6-1: device descriptor read/64, error -71
[  340.576521][ T5131] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  340.663835][ T8459] loop2: detected capacity change from 0 to 7
[  340.694608][ T8461] netlink: 'syz.2.630': attribute type 5 has an invalid length.
[  340.711583][ T8459] Dev loop2: unable to read RDB block 7
[  340.711637][ T8459]  loop2: unable to read partition table
[  340.711851][ T8459] loop2: partition table beyond EOD, truncated
[  340.711883][ T8459] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  340.714159][ T5131] usb 6-1: device descriptor read/64, error -71
[  340.824403][ T5131] usb usb6-port1: attempt power cycle
[  341.414261][    T9] usb 7-1: USB disconnect, device number 2
[  341.435148][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  341.574425][    T9] cp210x 7-1:0.0: device disconnected
[  341.593197][ T5131] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  341.604757][ T5131] usb 6-1: device descriptor read/8, error -71
[  341.765750][ T5991] usb 3-1: new low-speed USB device number 30 using dummy_hcd
[  341.995446][ T5991] usb 3-1: device descriptor read/64, error -71
[  342.515189][ T5131] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  342.606921][ T5131] usb 6-1: device descriptor read/8, error -71
[  342.651157][ T5991] usb 3-1: new low-speed USB device number 31 using dummy_hcd
[  342.714551][ T5131] usb usb6-port1: unable to enumerate USB device
[  342.844102][ T5991] usb 3-1: device descriptor read/64, error -71
[  342.959884][ T5991] usb usb3-port1: attempt power cycle
[  343.344204][ T5991] usb 3-1: new low-speed USB device number 32 using dummy_hcd
[  343.364787][ T5991] usb 3-1: device descriptor read/8, error -71
[  344.382679][ T8509] FAULT_INJECTION: forcing a failure.
[  344.382679][ T8509] name failslab, interval 1, probability 0, space 0, times 0
[  344.382712][ T8509] CPU: 1 UID: 0 PID: 8509 Comm: syz.6.645 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  344.382736][ T8509] Tainted: [L]=SOFTLOCKUP
[  344.382743][ T8509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  344.382753][ T8509] Call Trace:
[  344.382760][ T8509]  <TASK>
[  344.382769][ T8509]  dump_stack_lvl+0xe8/0x150
[  344.382797][ T8509]  should_fail_ex+0x46b/0x600
[  344.382822][ T8509]  should_failslab+0xa8/0x100
[  344.382849][ T8509]  kmem_cache_alloc_noprof+0x87/0x680
[  344.382867][ T8509]  ? security_inode_alloc+0x39/0x310
[  344.382891][ T8509]  security_inode_alloc+0x39/0x310
[  344.382912][ T8509]  inode_init_always_gfp+0x9bf/0xd70
[  344.382941][ T8509]  ? __pfx_proc_alloc_inode+0x10/0x10
[  344.382960][ T8509]  alloc_inode+0x82/0x1b0
[  344.382981][ T8509]  new_inode+0x22/0x170
[  344.383007][ T8509]  proc_pid_make_inode+0x21/0x130
[  344.383031][ T8509]  proc_pident_instantiate+0x6d/0x2b0
[  344.383059][ T8509]  proc_pident_lookup+0x1b7/0x270
[  344.383087][ T8509]  __lookup_slow+0x2d2/0x440
[  344.383113][ T8509]  ? __pfx___lookup_slow+0x10/0x10
[  344.383148][ T8509]  ? down_read+0x156/0x200
[  344.383171][ T8509]  ? __pfx_down_read+0x10/0x10
[  344.383196][ T8509]  ? lookup_fast+0x192/0x5b0
[  344.383221][ T8509]  lookup_slow+0x53/0x70
[  344.383243][ T8509]  link_path_walk+0xd1e/0x18d0
[  344.383282][ T8509]  path_openat+0x2d5/0x38a0
[  344.383330][ T8509]  ? __pfx_path_openat+0x10/0x10
[  344.383350][ T8509]  ? kasan_save_track+0x4f/0x80
[  344.383364][ T8509]  ? kasan_save_track+0x3e/0x80
[  344.383379][ T8509]  ? __kasan_slab_alloc+0x6c/0x80
[  344.383394][ T8509]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  344.383419][ T8509]  ? do_raw_spin_lock+0x12b/0x2f0
[  344.383449][ T8509]  do_file_open+0x23e/0x4a0
[  344.383466][ T8509]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  344.383491][ T8509]  ? __pfx_do_file_open+0x10/0x10
[  344.383504][ T8509]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  344.383529][ T8509]  ? __pfx_kfree_link+0x10/0x10
[  344.383562][ T8509]  ? alloc_fd+0x64e/0x6c0
[  344.383593][ T8509]  do_sys_openat2+0x113/0x200
[  344.383618][ T8509]  ? __pfx_do_sys_openat2+0x10/0x10
[  344.383641][ T8509]  ? ksys_write+0x248/0x270
[  344.383661][ T8509]  ? __pfx_ksys_write+0x10/0x10
[  344.383683][ T8509]  __x64_sys_openat+0x138/0x170
[  344.383710][ T8509]  do_syscall_64+0x14d/0xf80
[  344.383731][ T8509]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.383748][ T8509]  ? trace_irq_disable+0x37/0x100
[  344.383765][ T8509]  ? clear_bhb_loop+0x40/0x90
[  344.383786][ T8509]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.383803][ T8509] RIP: 0033:0x7f94f2c5c84e
[  344.383821][ T8509] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  344.383842][ T8509] RSP: 002b:00007f94f0eedf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  344.383863][ T8509] RAX: ffffffffffffffda RBX: 00007f94f0eee6c0 RCX: 00007f94f2c5c84e
[  344.383876][ T8509] RDX: 0000000000000000 RSI: 00007f94f2d31f1b RDI: ffffffffffffff9c
[  344.383889][ T8509] RBP: 00007f94f0eee090 R08: 0000000000000000 R09: 0000000000000000
[  344.383900][ T8509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  344.383911][ T8509] R13: 00007f94f2f16038 R14: 00007f94f2f15fa0 R15: 00007ffe72122938
[  344.383943][ T8509]  </TASK>
[  344.988416][ T8524] binder: 8523:8524 ioctl c0306201 0 returned -14
[  345.296977][ T8542] netlink: 52 bytes leftover after parsing attributes in process `syz.6.658'.
[  345.374153][ T5811] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  346.274118][ T5811] usb 3-1: Using ep0 maxpacket: 32
[  346.276509][ T5811] usb 3-1: config 5 has an invalid interface number: 242 but max is 0
[  346.276536][ T5811] usb 3-1: config 5 has no interface number 0
[  346.276566][ T5811] usb 3-1: config 5 interface 242 has no altsetting 0
[  346.278777][ T5811] usb 3-1: New USB device found, idVendor=05ac, idProduct=120a, bcdDevice=7b.2d
[  346.278806][ T5811] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.278826][ T5811] usb 3-1: Product: syz
[  346.278839][ T5811] usb 3-1: Manufacturer: syz
[  346.278854][ T5811] usb 3-1: SerialNumber: syz
[  346.582795][ T5811] usb-storage 3-1:5.242: USB Mass Storage device detected
[  346.617540][ T5811] usb-storage 3-1:5.242: Quirks match for vid 05ac pid 120a: 10
[  346.847681][ T5811] apple-mfi-fastcharge 3-1: USB disconnect, device number 34
[  347.079929][ T8555] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  347.313009][ T8574] i2c i2c-0: Invalid block write size 34
[  347.324119][ T5811] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  347.367200][ T8574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.670'.
[  347.425928][ T8574] bridge_slave_1: left allmulticast mode
[  347.425956][ T8574] bridge_slave_1: left promiscuous mode
[  347.429478][ T8574] bridge0: port 2(bridge_slave_1) entered disabled state
[  347.479897][ T8584] 9p: Bad value for 'rfdno'
[  347.492575][ T5811] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  347.492600][ T5811] usb 6-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  347.492611][ T5811] usb 6-1: Product: syz
[  347.492618][ T5811] usb 6-1: Manufacturer: syz
[  347.492625][ T5811] usb 6-1: SerialNumber: syz
[  347.534821][ T5811] usb 6-1: config 0 descriptor??
[  347.549919][ T5811] ch341 6-1:0.0: ch341-uart converter detected
[  347.563861][ T8574] bridge_slave_0: left allmulticast mode
[  347.563886][ T8574] bridge_slave_0: left promiscuous mode
[  347.569943][ T8574] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.747247][ T5811] usb 6-1: failed to receive control message: -121
[  347.747305][ T5811] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121
[  348.817128][ T8609] binder: 8608:8609 ioctl c0306201 0 returned -14
[  349.893808][ T8628] openvswitch: netlink: nsh attr 0 has unexpected len 1 expected 0
[  351.219630][ T5816] usb 6-1: USB disconnect, device number 7
[  351.222012][ T5816] ch341 6-1:0.0: device disconnected
[  351.745705][ T8648] vlan2: entered allmulticast mode
[  351.745731][ T8648] macsec0: entered allmulticast mode
[  351.745744][ T8648] veth1_macvtap: entered allmulticast mode
[  356.310876][ T8700] binder: BINDER_SET_CONTEXT_MGR already set
[  356.310892][ T8700] binder: 8698:8700 ioctl 4018620d 2000000000c0 returned -16
[  356.313604][ T8700] binder: BINDER_SET_CONTEXT_MGR already set
[  356.313620][ T8700] binder: 8698:8700 ioctl 4018620d 200000000040 returned -16
[  356.314745][ T8700] binder: 8698:8700 ioctl c0306201 2000000003c0 returned -14
[  357.424107][ T5915] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  357.574094][ T5915] usb 7-1: Using ep0 maxpacket: 8
[  357.629723][ T5915] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  357.629754][ T5915] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.629773][ T5915] usb 7-1: Product: syz
[  357.629787][ T5915] usb 7-1: Manufacturer: syz
[  357.629801][ T5915] usb 7-1: SerialNumber: syz
[  357.667109][ T5915] usb 7-1: config 0 descriptor??
[  358.015815][ T5915] usb 7-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  358.569030][ T8737] netlink: 88 bytes leftover after parsing attributes in process `syz.3.732'.
[  359.616551][ T5811] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  359.776220][ T5811] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  359.776268][ T5811] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  359.783664][ T5811] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  359.783694][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.783713][ T5811] usb 4-1: Product: syz
[  359.783727][ T5811] usb 4-1: Manufacturer: syz
[  359.783740][ T5811] usb 4-1: SerialNumber: syz
[  359.853466][ T5811] cdc_mbim 4-1:1.0: skipping garbage
[  360.053450][ T8738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  360.053847][ T8738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  360.113688][ T8755] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  360.129611][ T5915] usb write operation failed. (-71)
[  360.167931][ T5915] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  360.168752][ T5915] dvbdev: DVB: registering new adapter (Terratec H7)
[  360.168839][ T5915] usb 7-1: media controller created
[  360.170003][ T5915] usb read operation failed. (-71)
[  360.170961][ T5915] usb write operation failed. (-71)
[  360.214343][ T5915] dvb_usb_az6007 7-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  360.223501][ T5915] usb 7-1: USB disconnect, device number 3
[  360.755753][ T8741] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  360.805633][ T5811] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device
[  360.857596][ T5811] wwan wwan0: port wwan0mbim0 attached
[  360.985582][ T5811] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 9a:67:4c:89:12:b4
[  361.072032][ T5811] usb 4-1: USB disconnect, device number 25
[  361.077298][ T5811] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  361.440967][ T5811] wwan wwan0: port wwan0mbim0 disconnected
[  362.207136][ T8795] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  362.207708][ T8795] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  363.377480][ T5811] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  364.469374][ T5811] usb 4-1: unable to get BOS descriptor or descriptor too short
[  364.471728][ T5811] usb 4-1: not running at top speed; connect to a high speed hub
[  364.473047][ T5811] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  364.473147][ T5811] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  364.473189][ T5811] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  364.541425][ T5811] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  364.541453][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.541467][ T5811] usb 4-1: Product: syz
[  364.541475][ T5811] usb 4-1: Manufacturer: syz
[  364.541483][ T5811] usb 4-1: SerialNumber: syz
[  365.640046][ T5811] usb 4-1: USB disconnect, device number 26
[  365.778707][ T8121] udevd[8121]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  366.064150][ T5811] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  366.374461][ T5811] usb 4-1: Using ep0 maxpacket: 32
[  366.376269][ T5811] usb 4-1: config 0 has an invalid interface number: 182 but max is 0
[  366.376378][ T5811] usb 4-1: config 0 has no interface number 0
[  366.376411][ T5811] usb 4-1: config 0 interface 182 has no altsetting 0
[  366.378672][ T5811] usb 4-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db
[  366.378702][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.378722][ T5811] usb 4-1: Product: syz
[  366.378736][ T5811] usb 4-1: Manufacturer: syz
[  366.378750][ T5811] usb 4-1: SerialNumber: syz
[  366.472797][ T5811] usb 4-1: config 0 descriptor??
[  366.535759][ T5811] hub 4-1:0.182: bad descriptor, ignoring hub
[  366.535784][ T5811] hub 4-1:0.182: probe with driver hub failed with error -5
[  366.748706][ T5811] kaweth 4-1:0.182: Firmware present in device.
[  366.951423][ T5811] kaweth 4-1:0.182: Statistics collection: 0
[  366.951505][ T5811] kaweth 4-1:0.182: Multicast filter limit: 0
[  366.951522][ T5811] kaweth 4-1:0.182: MTU: 0
[  366.951535][ T5811] kaweth 4-1:0.182: Read MAC address 00:00:00:00:00:00
[  367.114941][ T8867] IPVS: sync thread started: state = MASTER, mcast_ifn = sit0, syncid = 4, id = 0
[  367.624213][    T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  367.806164][    T9] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  367.806196][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.873658][    T9] usb 3-1: config 0 descriptor??
[  368.092193][    T9] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  368.292840][    T9] [drm:udl_init] *ERROR* Selecting channel failed
[  369.552922][ T5991] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[  369.581350][    T9] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  369.581376][    T9] [drm] Initialized udl on minor 2
[  370.013612][    T9] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  370.019766][    T9] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  370.086241][ T5991] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  370.086269][ T5991] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  370.086318][ T5991] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8
[  370.086359][ T5991] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  370.086381][ T5991] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.111984][    T9] usb 3-1: USB disconnect, device number 35
[  370.124802][ T5131] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  370.145365][ T5131] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  370.165465][ T8882] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  370.168341][ T5991] hub 6-1:1.0: bad descriptor, ignoring hub
[  370.168380][ T5991] hub 6-1:1.0: probe with driver hub failed with error -5
[  370.169353][ T5991] cdc_wdm 6-1:1.0: skipping garbage
[  370.169369][ T5991] cdc_wdm 6-1:1.0: skipping garbage
[  370.173013][ T5131] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  370.327188][ T5991] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  370.327212][ T5991] cdc_wdm 6-1:1.0: Unknown control protocol
[  370.458315][ T8895] FAULT_INJECTION: forcing a failure.
[  370.458315][ T8895] name failslab, interval 1, probability 0, space 0, times 0
[  370.458371][ T8895] CPU: 0 UID: 0 PID: 8895 Comm: syz.6.791 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  370.458396][ T8895] Tainted: [L]=SOFTLOCKUP
[  370.458401][ T8895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  370.458415][ T8895] Call Trace:
[  370.458424][ T8895]  <TASK>
[  370.458431][ T8895]  dump_stack_lvl+0xe8/0x150
[  370.458459][ T8895]  should_fail_ex+0x46b/0x600
[  370.458479][ T8895]  should_failslab+0xa8/0x100
[  370.458496][ T8895]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  370.458511][ T8895]  ? __alloc_skb+0x1d7/0x390
[  370.458528][ T8895]  ? lockdep_hardirqs_on+0x7a/0x110
[  370.458546][ T8895]  ? __alloc_skb+0x193/0x390
[  370.458564][ T8895]  __alloc_skb+0x1d7/0x390
[  370.458585][ T8895]  netlink_sendmsg+0x5d4/0xb40
[  370.458609][ T8895]  ? __pfx_netlink_sendmsg+0x10/0x10
[  370.458628][ T8895]  ? __lock_acquire+0x6b5/0x2cf0
[  370.458649][ T8895]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  370.458667][ T8895]  ____sys_sendmsg+0xa4e/0xac0
[  370.458682][ T8895]  ? __might_fault+0xaf/0x130
[  370.458702][ T8895]  ? __pfx_____sys_sendmsg+0x10/0x10
[  370.458724][ T8895]  ? import_iovec+0x73/0xa0
[  370.458745][ T8895]  ___sys_sendmsg+0x2a5/0x360
[  370.458758][ T8895]  ? __lock_acquire+0x6b5/0x2cf0
[  370.458779][ T8895]  ? __pfx____sys_sendmsg+0x10/0x10
[  370.458797][ T8895]  ? __schedule+0x14f4/0x5210
[  370.458839][ T8895]  ? __fget_files+0x2a/0x420
[  370.458856][ T8895]  ? __fget_files+0x3a6/0x420
[  370.458882][ T8895]  __x64_sys_sendmsg+0x1c3/0x2a0
[  370.458899][ T8895]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  370.458933][ T8895]  do_syscall_64+0x14d/0xf80
[  370.458950][ T8895]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.458965][ T8895]  ? clear_bhb_loop+0x40/0x90
[  370.458985][ T8895]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.459001][ T8895] RIP: 0033:0x7f94f2c9bf79
[  370.459017][ T8895] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  370.459030][ T8895] RSP: 002b:00007f94f0eee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  370.459047][ T8895] RAX: ffffffffffffffda RBX: 00007f94f2f15fa0 RCX: 00007f94f2c9bf79
[  370.459059][ T8895] RDX: 0000000000000814 RSI: 0000200000000980 RDI: 0000000000000003
[  370.459067][ T8895] RBP: 00007f94f0eee090 R08: 0000000000000000 R09: 0000000000000000
[  370.459075][ T8895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  370.459083][ T8895] R13: 00007f94f2f16038 R14: 00007f94f2f15fa0 R15: 00007ffe72122938
[  370.459105][ T8895]  </TASK>
[  370.743936][ T5991] usb 6-1: USB disconnect, device number 8
[  370.853252][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853291][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853315][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853337][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853375][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853400][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853424][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853447][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853470][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.853494][ T5816] hid-generic 00A0:000C:0003.0001: unknown main item tag 0x0
[  370.980717][ T5816] hid-generic 00A0:000C:0003.0001: hidraw0: <UNKNOWN> HID v0.08 Device [syz0] on syz0
[  371.224152][   T31] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  371.406943][   T31] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 65535, setting to 64
[  371.406975][   T31] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  371.406993][   T31] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  371.447981][   T31] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  371.448010][   T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.448030][   T31] usb 7-1: Product: syz
[  371.448044][   T31] usb 7-1: Manufacturer: syz
[  371.448057][   T31] usb 7-1: SerialNumber: syz
[  371.510709][   T31] cdc_mbim 7-1:1.0: skipping garbage
[  371.619047][ T5811] kaweth 4-1:0.182: probe with driver kaweth failed with error -5
[  371.688899][ T5811] usb 4-1: USB disconnect, device number 27
[  371.713886][ T8902] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  371.741028][ T8902] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  372.713545][ T8902] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  372.713717][ T8902] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  372.741631][   T31] cdc_mbim 7-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  372.741647][   T31] cdc_mbim 7-1:1.0: setting rx_max = 2048
[  372.921511][   T31] cdc_mbim 7-1:1.0: setting tx_max = 60
[  373.980796][ T8897] netlink: 'syz.2.788': attribute type 11 has an invalid length.
[  374.031319][   T31] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71
[  374.032138][   T31] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71
[  374.068311][   T31] usbtest 7-1:1.1: probe with driver usbtest failed with error -71
[  374.200375][   T31] usb 7-1: USB disconnect, device number 4
[  374.874150][   T31] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  375.024218][   T31] usb 7-1: Using ep0 maxpacket: 32
[  375.026085][   T31] usb 7-1: config 0 has an invalid interface number: 182 but max is 0
[  375.026110][   T31] usb 7-1: config 0 has no interface number 0
[  375.026138][   T31] usb 7-1: config 0 interface 182 has no altsetting 0
[  375.029625][   T31] usb 7-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db
[  375.029649][   T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.029659][   T31] usb 7-1: Product: syz
[  375.029667][   T31] usb 7-1: Manufacturer: syz
[  375.029674][   T31] usb 7-1: SerialNumber: syz
[  375.056335][   T31] usb 7-1: config 0 descriptor??
[  375.096896][   T31] hub 7-1:0.182: bad descriptor, ignoring hub
[  375.096939][   T31] hub 7-1:0.182: probe with driver hub failed with error -5
[  375.186440][ T8875] cdc_wdm 6-1:1.0: Error autopm - -16
[  375.333951][   T31] kaweth 7-1:0.182: Firmware present in device.
[  375.449502][ T8955] netlink: zone id is out of range
[  375.449518][ T8955] netlink: zone id is out of range
[  375.449527][ T8955] netlink: zone id is out of range
[  375.449535][ T8955] netlink: zone id is out of range
[  375.449543][ T8955] netlink: zone id is out of range
[  375.449550][ T8955] netlink: zone id is out of range
[  375.449558][ T8955] netlink: zone id is out of range
[  375.449566][ T8955] netlink: zone id is out of range
[  375.449573][ T8955] netlink: zone id is out of range
[  375.449634][ T8955] netlink: zone id is out of range
[  375.497078][   T31] kaweth 7-1:0.182: Statistics collection: 0
[  375.497100][   T31] kaweth 7-1:0.182: Multicast filter limit: 0
[  375.497114][   T31] kaweth 7-1:0.182: MTU: 0
[  375.497126][   T31] kaweth 7-1:0.182: Read MAC address 00:00:00:00:00:00
[  375.784207][ T5991] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  376.773662][ T5991] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  376.773694][ T5991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.790798][ T5991] usb 4-1: config 0 descriptor??
[  376.974126][ T5131] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  377.003663][ T5991] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  377.135423][ T5131] usb 3-1: Using ep0 maxpacket: 32
[  377.138021][ T5131] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  377.138047][ T5131] usb 3-1: config 0 has no interface number 0
[  377.138110][ T5131] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  377.138137][ T5131] usb 3-1: config 0 interface 85 has no altsetting 0
[  377.140500][ T5131] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  377.140529][ T5131] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.140549][ T5131] usb 3-1: Product: syz
[  377.140563][ T5131] usb 3-1: Manufacturer: syz
[  377.140577][ T5131] usb 3-1: SerialNumber: syz
[  377.228367][ T5131] usb 3-1: config 0 descriptor??
[  377.481072][ T5131] appletouch 3-1:0.85: Failed to read mode from device.
[  377.481289][ T5131] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  377.663915][ T5991] [drm:udl_init] *ERROR* Selecting channel failed
[  378.121722][ T5991] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  378.121755][ T5991] [drm] Initialized udl on minor 2
[  378.144590][ T5991] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  378.150315][ T5991] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  378.163366][ T5816] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  378.332054][ T5991] usb 4-1: USB disconnect, device number 28
[  378.332976][ T5816] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed
[  378.352437][ T5816] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  378.956527][ T5131] usb 3-1: USB disconnect, device number 36
[  379.531198][   T31] kaweth 7-1:0.182: probe with driver kaweth failed with error -5
[  380.047447][   T31] usb 7-1: reset high-speed USB device number 5 using dummy_hcd
[  380.061138][   T31] usb 7-1: device reset changed ep0 maxpacket size!
[  380.202542][   T31] usb 7-1: USB disconnect, device number 5
[  380.564180][   T31] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  380.767762][   T31] usb 7-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  380.767781][   T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.767792][   T31] usb 7-1: Product: syz
[  380.767800][   T31] usb 7-1: Manufacturer: syz
[  380.767807][   T31] usb 7-1: SerialNumber: syz
[  380.785984][   T31] usb 7-1: config 0 descriptor??
[  381.316643][ T9032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  381.356498][ T9032] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  381.922421][ T5131] hid_parser_main: 5 callbacks suppressed
[  381.922438][ T5131] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  381.998859][ T5131] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  382.364088][ T5131] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  382.535026][ T5131] usb 6-1: Using ep0 maxpacket: 32
[  382.553771][ T5131] usb 6-1: config 0 has an invalid interface number: 182 but max is 0
[  382.553801][ T5131] usb 6-1: config 0 has no interface number 0
[  382.553833][ T5131] usb 6-1: config 0 interface 182 has no altsetting 0
[  382.585736][ T5131] usb 6-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db
[  382.585768][ T5131] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.585787][ T5131] usb 6-1: Product: syz
[  382.585800][ T5131] usb 6-1: Manufacturer: syz
[  382.585813][ T5131] usb 6-1: SerialNumber: syz
[  382.647159][ T5131] usb 6-1: config 0 descriptor??
[  382.662626][ T5131] hub 6-1:0.182: bad descriptor, ignoring hub
[  382.662665][ T5131] hub 6-1:0.182: probe with driver hub failed with error -5
[  382.884438][ T5131] kaweth 6-1:0.182: Firmware present in device.
[  382.919145][   T31] usb 7-1: f81604_read: reg: 105 failed: -ETIMEDOUT
[  382.919164][   T31] f81604 7-1:0.0: Setting termination of CH#0 failed: -ETIMEDOUT
[  382.919188][   T31] f81604 7-1:0.0: probe with driver f81604 failed with error -110
[  383.116250][ T5131] kaweth 6-1:0.182: Statistics collection: 0
[  383.116275][ T5131] kaweth 6-1:0.182: Multicast filter limit: 0
[  383.116290][ T5131] kaweth 6-1:0.182: MTU: 0
[  383.116303][ T5131] kaweth 6-1:0.182: Read MAC address 00:00:00:00:00:00
[  383.428104][ T5991] usb 7-1: USB disconnect, device number 6
[  383.807384][ T1318] ieee802154 phy0 wpan0: encryption failed: -22
[  383.807459][ T1318] ieee802154 phy1 wpan1: encryption failed: -22
[  385.020276][ T5131] kaweth 6-1:0.182: probe with driver kaweth failed with error -5
[  385.055052][ T5131] usb 6-1: USB disconnect, device number 9
[  385.103411][ T9093] FAULT_INJECTION: forcing a failure.
[  385.103411][ T9093] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  385.103443][ T9093] CPU: 0 UID: 0 PID: 9093 Comm: syz.5.857 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  385.103462][ T9093] Tainted: [L]=SOFTLOCKUP
[  385.103467][ T9093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  385.103476][ T9093] Call Trace:
[  385.103481][ T9093]  <TASK>
[  385.103488][ T9093]  dump_stack_lvl+0xe8/0x150
[  385.103517][ T9093]  should_fail_ex+0x46b/0x600
[  385.103540][ T9093]  _copy_from_user+0x2d/0xb0
[  385.103559][ T9093]  sctp_setsockopt+0x1c4/0x12c0
[  385.103577][ T9093]  ? sock_common_setsockopt+0x36/0xc0
[  385.103594][ T9093]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  385.103613][ T9093]  do_sock_setsockopt+0x17c/0x1b0
[  385.103636][ T9093]  __x64_sys_setsockopt+0x143/0x1b0
[  385.103660][ T9093]  do_syscall_64+0x14d/0xf80
[  385.103677][ T9093]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.103691][ T9093]  ? trace_irq_disable+0x37/0x100
[  385.103704][ T9093]  ? clear_bhb_loop+0x40/0x90
[  385.103721][ T9093]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.103735][ T9093] RIP: 0033:0x7fd72884bf79
[  385.103748][ T9093] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  385.103761][ T9093] RSP: 002b:00007fd726aa6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  385.103777][ T9093] RAX: ffffffffffffffda RBX: 00007fd728ac5fa0 RCX: 00007fd72884bf79
[  385.103786][ T9093] RDX: 0000000000000018 RSI: 0000000000000084 RDI: 0000000000000003
[  385.103797][ T9093] RBP: 00007fd726aa6090 R08: 0000000000000008 R09: 0000000000000000
[  385.103807][ T9093] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001
[  385.103815][ T9093] R13: 00007fd728ac6038 R14: 00007fd728ac5fa0 R15: 00007ffdaccffa28
[  385.103836][ T9093]  </TASK>
[  385.634125][ T5816] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  385.904616][ T5816] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  385.904668][ T5816] usb 3-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.00
[  385.904692][ T5816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.978057][ T5816] usb 3-1: config 0 descriptor??
[  387.768654][ T5816] logitech 0003:046D:C626.0003: collection stack underflow
[  387.768688][ T5816] logitech 0003:046D:C626.0003: item 0 4 0 12 parsing failed
[  387.769499][ T5816] logitech 0003:046D:C626.0003: parse failed
[  387.769602][ T5816] logitech 0003:046D:C626.0003: probe with driver logitech failed with error -22
[  388.206534][ T5129] usb 3-1: USB disconnect, device number 37
[  388.555103][ T9146] FAULT_INJECTION: forcing a failure.
[  388.555103][ T9146] name failslab, interval 1, probability 0, space 0, times 0
[  388.555140][ T9146] CPU: 0 UID: 60928 PID: 9146 Comm: syz.3.874 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  388.555166][ T9146] Tainted: [L]=SOFTLOCKUP
[  388.555173][ T9146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  388.555184][ T9146] Call Trace:
[  388.555191][ T9146]  <TASK>
[  388.555198][ T9146]  dump_stack_lvl+0xe8/0x150
[  388.555227][ T9146]  should_fail_ex+0x46b/0x600
[  388.555253][ T9146]  should_failslab+0xa8/0x100
[  388.555274][ T9146]  __kmalloc_node_noprof+0xe7/0x7f0
[  388.555294][ T9146]  ? __vmalloc_node_range_noprof+0x5d5/0x1730
[  388.555319][ T9146]  __vmalloc_node_range_noprof+0x5d5/0x1730
[  388.555344][ T9146]  ? percpu_ref_get_many+0x19/0x140
[  388.555382][ T9146]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  388.555408][ T9146]  ? memcpy_and_pad+0x48/0x80
[  388.555429][ T9146]  __vmalloc_node_noprof+0xc2/0x100
[  388.555448][ T9146]  ? copy_process+0x508/0x3d00
[  388.555466][ T9146]  ? copy_process+0x508/0x3d00
[  388.555488][ T9146]  dup_task_struct+0x228/0x9a0
[  388.555511][ T9146]  ? rt_spin_unlock+0x160/0x200
[  388.555531][ T9146]  copy_process+0x508/0x3d00
[  388.555553][ T9146]  ? __lock_acquire+0x6b5/0x2cf0
[  388.555582][ T9146]  ? __might_fault+0xaf/0x130
[  388.555613][ T9146]  ? __pfx_copy_process+0x10/0x10
[  388.555646][ T9146]  ? __asan_memset+0x22/0x50
[  388.555674][ T9146]  kernel_clone+0x249/0x7f0
[  388.555698][ T9146]  ? __pfx_kernel_clone+0x10/0x10
[  388.555738][ T9146]  __se_sys_clone3+0x33c/0x360
[  388.555763][ T9146]  ? __pfx___se_sys_clone3+0x10/0x10
[  388.555813][ T9146]  ? __pfx_ksys_write+0x10/0x10
[  388.555842][ T9146]  do_syscall_64+0x14d/0xf80
[  388.555862][ T9146]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.555878][ T9146]  ? trace_irq_disable+0x37/0x100
[  388.555894][ T9146]  ? clear_bhb_loop+0x40/0x90
[  388.555913][ T9146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.555929][ T9146] RIP: 0033:0x7f8e9c18bf79
[  388.555945][ T9146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  388.555960][ T9146] RSP: 002b:00007f8e9a3e5ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  388.555980][ T9146] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f8e9c18bf79
[  388.555993][ T9146] RDX: 00007f8e9a3e5f10 RSI: 0000000000000058 RDI: 00007f8e9a3e5f10
[  388.556004][ T9146] RBP: 00007f8e9a3e6090 R08: 0000000000000000 R09: 0000000000000058
[  388.556014][ T9146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.556025][ T9146] R13: 00007f8e9c406038 R14: 00007f8e9c405fa0 R15: 00007ffc812e68f8
[  388.556053][ T9146]  </TASK>
[  388.556309][ T9146] syz.3.874: vmalloc error: size 32768, failed to allocated page array size 64, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  388.556650][ T9146] CPU: 0 UID: 60928 PID: 9146 Comm: syz.3.874 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  388.556675][ T9146] Tainted: [L]=SOFTLOCKUP
[  388.556681][ T9146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  388.556690][ T9146] Call Trace:
[  388.556697][ T9146]  <TASK>
[  388.556704][ T9146]  dump_stack_lvl+0xe8/0x150
[  388.556729][ T9146]  warn_alloc+0x263/0x3e0
[  388.556749][ T9146]  ? dump_stack_lvl+0x103/0x150
[  388.556770][ T9146]  ? lockdep_hardirqs_on+0x7a/0x110
[  388.556794][ T9146]  ? __pfx_warn_alloc+0x10/0x10
[  388.556816][ T9146]  ? rcu_is_watching+0x15/0xb0
[  388.556840][ T9146]  ? trace_kmalloc+0x1f/0xb0
[  388.556856][ T9146]  ? __kmalloc_node_noprof+0x395/0x7f0
[  388.556874][ T9146]  ? __vmalloc_node_range_noprof+0x5d5/0x1730
[  388.556896][ T9146]  __vmalloc_node_range_noprof+0x98f/0x1730
[  388.556920][ T9146]  ? percpu_ref_get_many+0x19/0x140
[  388.556959][ T9146]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  388.556985][ T9146]  ? memcpy_and_pad+0x48/0x80
[  388.557006][ T9146]  __vmalloc_node_noprof+0xc2/0x100
[  388.557025][ T9146]  ? copy_process+0x508/0x3d00
[  388.557043][ T9146]  ? copy_process+0x508/0x3d00
[  388.557066][ T9146]  dup_task_struct+0x228/0x9a0
[  388.557089][ T9146]  ? rt_spin_unlock+0x160/0x200
[  388.557110][ T9146]  copy_process+0x508/0x3d00
[  388.557132][ T9146]  ? __lock_acquire+0x6b5/0x2cf0
[  388.557161][ T9146]  ? __might_fault+0xaf/0x130
[  388.557191][ T9146]  ? __pfx_copy_process+0x10/0x10
[  388.557214][ T9146]  ? __asan_memset+0x22/0x50
[  388.557242][ T9146]  kernel_clone+0x249/0x7f0
[  388.557266][ T9146]  ? __pfx_kernel_clone+0x10/0x10
[  388.557306][ T9146]  __se_sys_clone3+0x33c/0x360
[  388.557331][ T9146]  ? __pfx___se_sys_clone3+0x10/0x10
[  388.557379][ T9146]  ? __pfx_ksys_write+0x10/0x10
[  388.557409][ T9146]  do_syscall_64+0x14d/0xf80
[  388.557428][ T9146]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.557444][ T9146]  ? trace_irq_disable+0x37/0x100
[  388.557459][ T9146]  ? clear_bhb_loop+0x40/0x90
[  388.557479][ T9146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.557496][ T9146] RIP: 0033:0x7f8e9c18bf79
[  388.557512][ T9146] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  388.557527][ T9146] RSP: 002b:00007f8e9a3e5ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  388.557545][ T9146] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f8e9c18bf79
[  388.557558][ T9146] RDX: 00007f8e9a3e5f10 RSI: 0000000000000058 RDI: 00007f8e9a3e5f10
[  388.557569][ T9146] RBP: 00007f8e9a3e6090 R08: 0000000000000000 R09: 0000000000000058
[  388.557580][ T9146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.557591][ T9146] R13: 00007f8e9c406038 R14: 00007f8e9c405fa0 R15: 00007ffc812e68f8
[  388.557628][ T9146]  </TASK>
[  388.557644][ T9146] Mem-Info:
[  388.557657][ T9146] active_anon:263 inactive_anon:8448 isolated_anon:27
[  388.557657][ T9146]  active_file:25704 inactive_file:39137 isolated_file:0
[  388.557657][ T9146]  unevictable:768 dirty:161 writeback:0
[  388.557657][ T9146]  slab_reclaimable:12349 slab_unreclaimable:103815
[  388.557657][ T9146]  mapped:32647 shmem:2680 pagetables:1579
[  388.557657][ T9146]  sec_pagetables:0 bounce:0
[  388.557657][ T9146]  kernel_misc_reclaimable:0
[  388.557657][ T9146]  free:1283793 free_pcp:18404 free_cma:0
[  388.557709][ T9146] Node 0 active_anon:1052kB inactive_anon:33692kB active_file:102484kB inactive_file:156548kB unevictable:1536kB isolated(anon):108kB isolated(file):0kB mapped:130472kB dirty:644kB writeback:0kB shmem:9184kB kernel_stack:13824kB pagetables:6168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  388.557753][ T9146] Node 1 active_anon:0kB inactive_anon:100kB active_file:332kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  388.557793][ T9146] Node 0 DMA free:15356kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  388.557849][ T9146] lowmem_reserve[]: 0 2507 2508 2508 2508
[  388.557880][ T9146] Node 0 DMA32 free:1186848kB boost:0kB min:3936kB low:6476kB high:9016kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1052kB inactive_anon:33692kB active_file:102484kB inactive_file:156548kB unevictable:1536kB writepending:644kB zspages:0kB present:3129332kB managed:2567896kB mlocked:0kB bounce:0kB free_pcp:72748kB local_pcp:61124kB free_cma:0kB
[  388.557939][ T9146] lowmem_reserve[]: 0 0 0 0 0
[  388.557967][ T9146] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:720kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  388.558019][ T9146] lowmem_reserve[]: 0 0 0 0 0
[  388.558048][ T9146] Node 1 Normal free:3932968kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:100kB active_file:332kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:860kB local_pcp:400kB free_cma:0kB
[  388.558105][ T9146] lowmem_reserve[]: 0 0 0 0 0
[  388.558139][ T9146] Node 0 DMA: 1*4kB (U) 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15356kB
[  388.558273][ T9146] Node 0 DMA32: 2282*4kB (UME) 1676*8kB (UME) 1091*16kB (UME) 153*32kB (UME) 214*64kB (UME) 308*128kB (UME) 238*256kB (UME) 96*512kB (UME) 78*1024kB (UM) 33*2048kB (UME) 203*4096kB (M) = 1187032kB
[  388.558404][ T9146] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  388.558495][ T9146] Node 1 Normal: 4*4kB (UM) 7*8kB (UME) 16*16kB (UME) 13*32kB (UME) 9*64kB (UME) 6*128kB (UM) 3*256kB (UME) 4*512kB (UME) 2*1024kB (M) 3*2048kB (UME) 957*4096kB (M) = 3932968kB
[  388.558647][ T9146] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  388.558663][ T9146] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  388.558679][ T9146] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  388.558694][ T9146] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  388.558708][ T9146] 64667 total pagecache pages
[  388.558719][ T9146] 0 pages in swap cache
[  388.558725][ T9146] Free swap  = 124996kB
[  388.558732][ T9146] Total swap = 124996kB
[  388.558739][ T9146] 2097051 pages RAM
[  388.558745][ T9146] 0 pages HighMem/MovableOnly
[  388.558751][ T9146] 423282 pages reserved
[  388.558757][ T9146] 0 pages cma reserved
[  390.817746][ T9166] net_ratelimit: 6 callbacks suppressed
[  390.817766][ T9166] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  396.122544][ T5813] Bluetooth: hci4: command 0x0406 tx timeout
[  397.874122][ T5129] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  398.142927][ T9306] netlink: 16 bytes leftover after parsing attributes in process `syz.6.918'.
[  398.145575][ T9306] tracefs: Bad value for 'uid'
[  398.145593][ T9306] tracefs: Bad value for 'uid'
[  398.275408][ T5129] usb 6-1: Using ep0 maxpacket: 16
[  398.277787][ T5129] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11
[  398.277818][ T5129] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  398.277839][ T5129] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  398.279036][ T5129] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  398.279063][ T5129] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  398.279081][ T5129] usb 6-1: SerialNumber: syz
[  398.286112][ T9294] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  398.984086][ T5991] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  399.049730][ T5129] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[  399.088758][ T5129] usb 6-1: USB disconnect, device number 10
[  399.114086][ T5991] usb 7-1: device descriptor read/64, error -71
[  399.354263][ T5991] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  399.494145][ T5991] usb 7-1: device descriptor read/64, error -71
[  399.605111][ T5991] usb usb7-port1: attempt power cycle
[  399.994174][ T5991] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  400.020988][ T5991] usb 7-1: device descriptor read/8, error -71
[  400.262381][ T5991] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  400.275371][ T5991] usb 7-1: device descriptor read/8, error -71
[  400.384599][ T5991] usb usb7-port1: unable to enumerate USB device
[  401.074491][ T5131] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  401.226786][ T5131] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  401.226853][ T5131] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  401.227885][ T5131] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  401.227912][ T5131] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  401.227929][ T5131] usb 4-1: Manufacturer: syz
[  401.233919][ T5131] usb 4-1: config 0 descriptor??
[  401.454285][ T5131] rc_core: IR keymap rc-hauppauge not found
[  401.454307][ T5131] Registered IR keymap rc-empty
[  401.455947][ T5131] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  401.457902][ T5131] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input9
[  402.090813][  T808] usb 4-1: USB disconnect, device number 29
[  402.579860][ T9411] ntfs3: Unknown parameter 'barrier'
[  404.149763][ T9417] ieee802154 phy0 wpan0: encryption failed: -22
[  409.339729][ T9473] overlay: Unknown parameter 'aaaaaaaaaaaaaaaaaaa./file0'
[  409.735680][ T9498] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1006'.
[  409.794143][ T5959] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  409.817751][ T9501] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1009'.
[  409.949063][ T9501] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1009'.
[  409.956213][ T5959] usb 6-1: device descriptor read/64, error -71
[  410.376466][ T5959] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  410.504456][ T5959] usb 6-1: device descriptor read/64, error -71
[  410.621862][ T5959] usb usb6-port1: attempt power cycle
[  410.987293][ T5959] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  411.024709][ T5959] usb 6-1: device descriptor read/8, error -71
[  412.110687][ T5813] Bluetooth: hci5: command 0x1003 tx timeout
[  412.110870][ T5117] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  412.124462][ T5959] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  412.145063][ T5959] usb 6-1: device descriptor read/8, error -71
[  412.264432][ T5959] usb usb6-port1: unable to enumerate USB device
[  412.944096][ T5129] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  412.950116][ T9564] FAULT_INJECTION: forcing a failure.
[  412.950116][ T9564] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.950151][ T9564] CPU: 0 UID: 0 PID: 9564 Comm: syz.2.1039 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  412.950176][ T9564] Tainted: [L]=SOFTLOCKUP
[  412.950183][ T9564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  412.950192][ T9564] Call Trace:
[  412.950199][ T9564]  <TASK>
[  412.950207][ T9564]  dump_stack_lvl+0xe8/0x150
[  412.950235][ T9564]  should_fail_ex+0x46b/0x600
[  412.950259][ T9564]  _copy_from_user+0x2d/0xb0
[  412.950282][ T9564]  ___sys_sendmsg+0x1c6/0x360
[  412.950299][ T9564]  ? __lock_acquire+0x6b5/0x2cf0
[  412.950324][ T9564]  ? __pfx____sys_sendmsg+0x10/0x10
[  412.950338][ T9564]  ? __lock_acquire+0x6b5/0x2cf0
[  412.950363][ T9564]  ? kstrtouint+0x6e/0xe0
[  412.950418][ T9564]  __sys_sendmmsg+0x282/0x4e0
[  412.950441][ T9564]  ? __pfx___sys_sendmmsg+0x10/0x10
[  412.950466][ T9564]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  412.950498][ T9564]  ? ksys_write+0x248/0x270
[  412.950517][ T9564]  ? __pfx_ksys_write+0x10/0x10
[  412.950539][ T9564]  __x64_sys_sendmmsg+0xa0/0xc0
[  412.950558][ T9564]  do_syscall_64+0x14d/0xf80
[  412.950579][ T9564]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.950596][ T9564]  ? trace_irq_disable+0x37/0x100
[  412.950611][ T9564]  ? clear_bhb_loop+0x40/0x90
[  412.950631][ T9564]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.950648][ T9564] RIP: 0033:0x7fde0986bf79
[  412.950665][ T9564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  412.950680][ T9564] RSP: 002b:00007fde07abe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  412.950700][ T9564] RAX: ffffffffffffffda RBX: 00007fde09ae5fa0 RCX: 00007fde0986bf79
[  412.950713][ T9564] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  412.950726][ T9564] RBP: 00007fde07abe090 R08: 0000000000000000 R09: 0000000000000000
[  412.950736][ T9564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  412.950746][ T9564] R13: 00007fde09ae6038 R14: 00007fde09ae5fa0 R15: 00007ffd2402df88
[  412.950774][ T9564]  </TASK>
[  413.110127][ T5129] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.110161][ T5129] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  413.110183][ T5129] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  413.110224][ T5129] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  413.110246][ T5129] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.123937][ T5129] usb 6-1: config 0 descriptor??
[  414.004436][ T9571] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1041'.
[  415.045099][ T5129] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  415.966608][ T9591] ip6gretap1: entered promiscuous mode
[  416.526404][ T5959] usb 6-1: reset high-speed USB device number 15 using dummy_hcd
[  416.551766][ T5816] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  416.704300][ T5816] usb 3-1: Using ep0 maxpacket: 8
[  416.707810][ T5816] usb 3-1: config 1 has an invalid interface number: 89 but max is 0
[  416.707838][ T5816] usb 3-1: config 1 has no interface number 0
[  416.707869][ T5816] usb 3-1: config 1 interface 89 has no altsetting 0
[  416.710284][ T5816] usb 3-1: New USB device found, idVendor=2c7c, idProduct=0800, bcdDevice=50.bb
[  416.710314][ T5816] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.710334][ T5816] usb 3-1: Product: syz
[  416.710347][ T5816] usb 3-1: Manufacturer: syz
[  416.710361][ T5816] usb 3-1: SerialNumber: syz
[  416.768529][ T5959] usb 6-1: device descriptor read/64, error -32
[  418.755619][ T5816] qmi_wwan 3-1:1.89: More than one union descriptor, skipping ...
[  418.760307][ T5816] qmi_wwan 3-1:1.89: probe with driver qmi_wwan failed with error -22
[  418.784680][ T5816] usb 3-1: USB disconnect, device number 38
[  419.011941][ T9620] openvswitch: netlink: Key type 248 is out of range max 32
[  419.394088][ T5959] usb 6-1: reset high-speed USB device number 15 using dummy_hcd
[  419.615273][ T5959] usb 6-1: device firmware changed
[  419.681343][ T5129] usb 6-1: USB disconnect, device number 15
[  421.144128][ T5129] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  421.234232][ T5816] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  421.298056][ T5129] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  421.298085][ T5129] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.311874][ T5129] usb 6-1: config 0 descriptor??
[  421.337235][ T5129] cp210x 6-1:0.0: cp210x converter detected
[  421.408118][ T5816] usb 3-1: config 0 has an invalid interface number: 92 but max is 0
[  421.408275][ T5816] usb 3-1: config 0 has no interface number 0
[  421.408589][ T5816] usb 3-1: too many endpoints for config 0 interface 92 altsetting 69: 240, using maximum allowed: 30
[  421.408626][ T5816] usb 3-1: config 0 interface 92 altsetting 69 has 0 endpoint descriptors, different from the interface descriptor's value: 240
[  421.408652][ T5816] usb 3-1: config 0 interface 92 has no altsetting 0
[  421.412542][ T5816] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  421.412572][ T5816] usb 3-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  421.412592][ T5816] usb 3-1: Product: syz
[  421.412606][ T5816] usb 3-1: Manufacturer: syz
[  421.412620][ T5816] usb 3-1: SerialNumber: syz
[  421.509568][ T5816] usb 3-1: config 0 descriptor??
[  421.553152][ T5129] cp210x 6-1:0.0: failed to get vendor val 0x370b size 1: -121
[  421.553184][ T5129] cp210x 6-1:0.0: querying part number failed
[  421.588622][ T5129] usb 6-1: cp210x converter now attached to ttyUSB0
[  421.723631][ T9651] FAULT_INJECTION: forcing a failure.
[  421.723631][ T9651] name failslab, interval 1, probability 0, space 0, times 0
[  421.723667][ T9651] CPU: 0 UID: 0 PID: 9651 Comm: syz.3.1071 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  421.723686][ T9651] Tainted: [L]=SOFTLOCKUP
[  421.723690][ T9651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  421.723696][ T9651] Call Trace:
[  421.723700][ T9651]  <TASK>
[  421.723705][ T9651]  dump_stack_lvl+0xe8/0x150
[  421.723725][ T9651]  should_fail_ex+0x46b/0x600
[  421.723750][ T9651]  should_failslab+0xa8/0x100
[  421.723773][ T9651]  __kmalloc_noprof+0xdf/0x7b0
[  421.723793][ T9651]  ? percpu_ref_get_many+0x21/0x1e0
[  421.723814][ T9651]  ? io_cache_alloc_new+0x40/0x100
[  421.723842][ T9651]  io_cache_alloc_new+0x40/0x100
[  421.723859][ T9651]  __io_prep_rw+0x2bf/0xed0
[  421.723879][ T9651]  ? __pfx___io_prep_rw+0x10/0x10
[  421.723895][ T9651]  ? __pfx___io_alloc_req_refill+0x10/0x10
[  421.723927][ T9651]  io_prep_write+0x36/0x110
[  421.723949][ T9651]  ? blk_start_plug_nr_ios+0x7e/0x1c0
[  421.723975][ T9651]  io_submit_sqes+0xb20/0x22f0
[  421.724027][ T9651]  __se_sys_io_uring_enter+0x2d2/0x18c0
[  421.724049][ T9651]  ? lockdep_hardirqs_on+0x7a/0x110
[  421.724074][ T9651]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  421.724117][ T9651]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  421.724142][ T9651]  ? fput+0xa0/0xd0
[  421.724164][ T9651]  ? ksys_write+0x248/0x270
[  421.724183][ T9651]  ? __pfx_ksys_write+0x10/0x10
[  421.724206][ T9651]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  421.724233][ T9651]  do_syscall_64+0x14d/0xf80
[  421.724254][ T9651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.724270][ T9651]  ? trace_irq_disable+0x37/0x100
[  421.724286][ T9651]  ? clear_bhb_loop+0x40/0x90
[  421.724313][ T9651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.724330][ T9651] RIP: 0033:0x7f8e9c18bf79
[  421.724347][ T9651] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  421.724361][ T9651] RSP: 002b:00007f8e9a3e6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  421.724380][ T9651] RAX: ffffffffffffffda RBX: 00007f8e9c405fa0 RCX: 00007f8e9c18bf79
[  421.724393][ T9651] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[  421.724405][ T9651] RBP: 00007f8e9a3e6090 R08: 0000000000000000 R09: 0000000000000000
[  421.724416][ T9651] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001
[  421.724428][ T9651] R13: 00007f8e9c406038 R14: 00007f8e9c405fa0 R15: 00007ffc812e68f8
[  421.724458][ T9651]  </TASK>
[  422.069397][ T9656] ntfs3: Unknown parameter 'barrier'
[  422.296563][ T5816] ch341 3-1:0.92: ch341-uart converter detected
[  422.320687][ T5816] usb 3-1: failed to receive control message: -71
[  422.320722][ T5816] ch341-uart ttyUSB1: probe with driver ch341-uart failed with error -71
[  422.330837][ T5816] usb 3-1: USB disconnect, device number 39
[  422.357077][ T5816] ch341 3-1:0.92: device disconnected
[  423.944202][ T5129] usb 6-1: USB disconnect, device number 16
[  423.981440][ T5129] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  423.982050][ T5129] cp210x 6-1:0.0: device disconnected
[  424.259656][ T9692] FAULT_INJECTION: forcing a failure.
[  424.259656][ T9692] name failslab, interval 1, probability 0, space 0, times 0
[  424.259714][ T9692] CPU: 1 UID: 0 PID: 9692 Comm: syz.5.1085 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  424.259741][ T9692] Tainted: [L]=SOFTLOCKUP
[  424.259747][ T9692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  424.259758][ T9692] Call Trace:
[  424.259765][ T9692]  <TASK>
[  424.259773][ T9692]  dump_stack_lvl+0xe8/0x150
[  424.259802][ T9692]  should_fail_ex+0x46b/0x600
[  424.259829][ T9692]  should_failslab+0xa8/0x100
[  424.259851][ T9692]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  424.259871][ T9692]  ? __alloc_skb+0x1d7/0x390
[  424.259893][ T9692]  ? lockdep_hardirqs_on+0x7a/0x110
[  424.259916][ T9692]  ? __alloc_skb+0x193/0x390
[  424.259939][ T9692]  __alloc_skb+0x1d7/0x390
[  424.259966][ T9692]  netlink_sendmsg+0x5d4/0xb40
[  424.259989][ T9692]  ? __pfx___schedule+0x10/0x10
[  424.260016][ T9692]  ? __pfx_netlink_sendmsg+0x10/0x10
[  424.260045][ T9692]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  424.260068][ T9692]  ____sys_sendmsg+0xa4e/0xac0
[  424.260102][ T9692]  ? __pfx_____sys_sendmsg+0x10/0x10
[  424.260129][ T9692]  ? import_iovec+0x73/0xa0
[  424.260155][ T9692]  ___sys_sendmsg+0x2a5/0x360
[  424.260171][ T9692]  ? __lock_acquire+0x6b5/0x2cf0
[  424.260197][ T9692]  ? __pfx____sys_sendmsg+0x10/0x10
[  424.260251][ T9692]  ? __fget_files+0x2a/0x420
[  424.260272][ T9692]  ? __fget_files+0x3a6/0x420
[  424.260303][ T9692]  __x64_sys_sendmsg+0x1c3/0x2a0
[  424.260324][ T9692]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  424.260351][ T9692]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  424.260384][ T9692]  do_syscall_64+0x14d/0xf80
[  424.260405][ T9692]  ? rcu_is_watching+0x15/0xb0
[  424.260427][ T9692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.260445][ T9692]  ? clear_bhb_loop+0x40/0x90
[  424.260467][ T9692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.260484][ T9692] RIP: 0033:0x7fd72884bf79
[  424.260500][ T9692] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  424.260516][ T9692] RSP: 002b:00007fd726a64028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  424.260535][ T9692] RAX: ffffffffffffffda RBX: 00007fd728ac6180 RCX: 00007fd72884bf79
[  424.260548][ T9692] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000008
[  424.260560][ T9692] RBP: 00007fd726a64090 R08: 0000000000000000 R09: 0000000000000000
[  424.260572][ T9692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  424.260583][ T9692] R13: 00007fd728ac6218 R14: 00007fd728ac6180 R15: 00007ffdaccffa28
[  424.260614][ T9692]  </TASK>
[  425.204758][ T5129] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  425.376911][ T5129] usb 6-1: Using ep0 maxpacket: 32
[  425.378838][ T5129] usb 6-1: config 0 has an invalid interface number: 64 but max is 0
[  425.378856][ T5129] usb 6-1: config 0 has an invalid descriptor of length 245, skipping remainder of the config
[  425.378867][ T5129] usb 6-1: config 0 has no interface number 0
[  425.381097][ T5129] usb 6-1: New USB device found, idVendor=1546, idProduct=1313, bcdDevice=8c.e5
[  425.381126][ T5129] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.381144][ T5129] usb 6-1: Product: syz
[  425.381153][ T5129] usb 6-1: Manufacturer: syz
[  425.381161][ T5129] usb 6-1: SerialNumber: syz
[  425.386594][ T5129] usb 6-1: config 0 descriptor??
[  425.504599][ T5966] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  425.666158][ T5966] usb 3-1: Using ep0 maxpacket: 16
[  425.669411][ T5966] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11
[  425.669445][ T5966] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  425.669527][ T5966] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  425.676045][ T5966] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  425.676075][ T5966] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  425.676095][ T5966] usb 3-1: SerialNumber: syz
[  425.707911][ T9695] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  426.728532][ T5966] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  426.854350][ T5966] usb 3-1: USB disconnect, device number 40
[  427.343693][ T5129] usb 6-1: USB disconnect, device number 17
[  427.391347][ T9720] ntfs3: Unknown parameter 'barrier'
[  427.894198][ T5816] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  428.097769][ T5816] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  428.097800][ T5816] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.124426][ T5816] usb 7-1: config 0 descriptor??
[  428.150248][ T5816] cp210x 7-1:0.0: cp210x converter detected
[  428.806949][ T5816] cp210x 7-1:0.0: failed to get vendor val 0x000e size 678: -71
[  428.806982][ T5816] cp210x 7-1:0.0: GPIO initialisation failed: -71
[  428.848020][ T5816] usb 7-1: cp210x converter now attached to ttyUSB0
[  428.851294][ T5816] usb 7-1: USB disconnect, device number 11
[  428.870218][ T5816] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  428.870943][ T5816] cp210x 7-1:0.0: device disconnected
[  429.741216][ T9773] FAULT_INJECTION: forcing a failure.
[  429.741216][ T9773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  429.741250][ T9773] CPU: 0 UID: 0 PID: 9773 Comm: syz.2.1121 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  429.741274][ T9773] Tainted: [L]=SOFTLOCKUP
[  429.741280][ T9773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  429.741290][ T9773] Call Trace:
[  429.741298][ T9773]  <TASK>
[  429.741305][ T9773]  dump_stack_lvl+0xe8/0x150
[  429.741334][ T9773]  should_fail_ex+0x46b/0x600
[  429.741360][ T9773]  _copy_to_user+0x31/0xb0
[  429.741385][ T9773]  simple_read_from_buffer+0xe1/0x170
[  429.741413][ T9773]  proc_fail_nth_read+0x1be/0x230
[  429.741434][ T9773]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  429.741455][ T9773]  ? rw_verify_area+0x2ac/0x4e0
[  429.741478][ T9773]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  429.741499][ T9773]  vfs_read+0x212/0xa70
[  429.741524][ T9773]  ? __pfx_vfs_read+0x10/0x10
[  429.741543][ T9773]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  429.741565][ T9773]  ? lockdep_hardirqs_on+0x7a/0x110
[  429.741583][ T9773]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  429.741604][ T9773]  ? mutex_lock_nested+0x152/0x1d0
[  429.741620][ T9773]  ? fdget_pos+0x252/0x320
[  429.741647][ T9773]  ksys_read+0x156/0x270
[  429.741666][ T9773]  ? __pfx_ksys_read+0x10/0x10
[  429.741693][ T9773]  do_syscall_64+0x14d/0xf80
[  429.741714][ T9773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.741731][ T9773]  ? trace_irq_disable+0x37/0x100
[  429.741746][ T9773]  ? clear_bhb_loop+0x40/0x90
[  429.741767][ T9773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.741785][ T9773] RIP: 0033:0x7fde0982c84e
[  429.741801][ T9773] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  429.741825][ T9773] RSP: 002b:00007fde07abdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  429.741846][ T9773] RAX: ffffffffffffffda RBX: 00007fde07abe6c0 RCX: 00007fde0982c84e
[  429.741859][ T9773] RDX: 000000000000000f RSI: 00007fde07abe0a0 RDI: 0000000000000004
[  429.741871][ T9773] RBP: 00007fde07abe090 R08: 0000000000000000 R09: 0000000000000000
[  429.741883][ T9773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  429.741894][ T9773] R13: 00007fde09ae6038 R14: 00007fde09ae5fa0 R15: 00007ffd2402df88
[  429.741926][ T9773]  </TASK>
[  430.461677][ T9794] FAULT_INJECTION: forcing a failure.
[  430.461677][ T9794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  430.461712][ T9794] CPU: 0 UID: 0 PID: 9794 Comm: syz.6.1131 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  430.461737][ T9794] Tainted: [L]=SOFTLOCKUP
[  430.461744][ T9794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  430.461755][ T9794] Call Trace:
[  430.461762][ T9794]  <TASK>
[  430.461770][ T9794]  dump_stack_lvl+0xe8/0x150
[  430.461799][ T9794]  should_fail_ex+0x46b/0x600
[  430.461825][ T9794]  _copy_to_user+0x31/0xb0
[  430.461851][ T9794]  simple_read_from_buffer+0xe1/0x170
[  430.461878][ T9794]  proc_fail_nth_read+0x1be/0x230
[  430.461901][ T9794]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  430.461923][ T9794]  ? rw_verify_area+0x2ac/0x4e0
[  430.461948][ T9794]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  430.461968][ T9794]  vfs_read+0x212/0xa70
[  430.461993][ T9794]  ? __pfx_vfs_read+0x10/0x10
[  430.462013][ T9794]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  430.462036][ T9794]  ? lockdep_hardirqs_on+0x7a/0x110
[  430.462057][ T9794]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  430.462078][ T9794]  ? mutex_lock_nested+0x152/0x1d0
[  430.462095][ T9794]  ? fdget_pos+0x252/0x320
[  430.462124][ T9794]  ksys_read+0x156/0x270
[  430.462144][ T9794]  ? __pfx_ksys_read+0x10/0x10
[  430.462172][ T9794]  do_syscall_64+0x14d/0xf80
[  430.462194][ T9794]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.462211][ T9794]  ? trace_irq_disable+0x37/0x100
[  430.462227][ T9794]  ? clear_bhb_loop+0x40/0x90
[  430.462248][ T9794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.462265][ T9794] RIP: 0033:0x7f94f2c5c84e
[  430.462282][ T9794] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  430.462297][ T9794] RSP: 002b:00007f94f0eedfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  430.462316][ T9794] RAX: ffffffffffffffda RBX: 00007f94f0eee6c0 RCX: 00007f94f2c5c84e
[  430.462329][ T9794] RDX: 000000000000000f RSI: 00007f94f0eee0a0 RDI: 0000000000000006
[  430.462341][ T9794] RBP: 00007f94f0eee090 R08: 0000000000000000 R09: 0000000000000000
[  430.462352][ T9794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.462364][ T9794] R13: 00007f94f2f16038 R14: 00007f94f2f15fa0 R15: 00007ffe72122938
[  430.462396][ T9794]  </TASK>
[  430.734122][ T5991] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  431.477004][ T9802] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1132'.
[  431.549988][ T5991] usb 4-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=5e.ad
[  431.550019][ T5991] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.612640][ T5991] usb 4-1: config 0 descriptor??
[  432.132726][ T5991] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -22
[  432.396981][ T9787] 9pnet_fd: Insufficient options for proto=fd
[  432.436496][ T5129] usb 4-1: USB disconnect, device number 30
[  432.844216][   T31] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  432.994176][ T5991] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  433.026023][   T31] usb 7-1: Using ep0 maxpacket: 16
[  433.028647][   T31] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  433.028680][   T31] usb 7-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  433.028702][   T31] usb 7-1: config 0 interface 0 has no altsetting 0
[  433.028732][   T31] usb 7-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  433.028754][   T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.042356][   T31] usb 7-1: config 0 descriptor??
[  433.154615][ T5991] usb 3-1: device descriptor read/64, error -71
[  433.404139][ T5991] usb 3-1: new full-speed USB device number 42 using dummy_hcd
[  433.512884][   T31] nzxt-smart2 0003:1E71:2009.0005: unknown main item tag 0x0
[  433.512922][   T31] nzxt-smart2 0003:1E71:2009.0005: unknown main item tag 0x0
[  433.512949][   T31] nzxt-smart2 0003:1E71:2009.0005: unknown main item tag 0x0
[  433.512976][   T31] nzxt-smart2 0003:1E71:2009.0005: unknown main item tag 0x0
[  433.513002][   T31] nzxt-smart2 0003:1E71:2009.0005: unknown main item tag 0x0
[  433.566163][ T5991] usb 3-1: device descriptor read/64, error -71
[  433.594726][   T31] nzxt-smart2 0003:1E71:2009.0005: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.6-1/input0
[  433.674501][ T5991] usb usb3-port1: attempt power cycle
[  433.725185][ T9868] ntfs3: Unknown parameter 'barrier'
[  434.034165][ T5991] usb 3-1: new full-speed USB device number 43 using dummy_hcd
[  434.054792][ T5991] usb 3-1: device descriptor read/8, error -71
[  434.493085][ T5991] usb 3-1: new full-speed USB device number 44 using dummy_hcd
[  435.053857][ T5991] usb 3-1: device descriptor read/8, error -71
[  435.124130][  T808] usb 7-1: reset high-speed USB device number 12 using dummy_hcd
[  435.156918][ T5991] usb usb3-port1: unable to enumerate USB device
[  436.554307][   T31] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  436.712934][   T31] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  436.712967][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.772102][   T31] usb 4-1: config 0 descriptor??
[  436.777508][   T31] cp210x 4-1:0.0: cp210x converter detected
[  436.990724][   T31] usb 4-1: cp210x converter now attached to ttyUSB0
[  437.313284][  T808] usb 4-1: USB disconnect, device number 31
[  437.324064][ T6312] usb 7-1: USB disconnect, device number 12
[  437.383127][  T808] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  437.451080][  T808] cp210x 4-1:0.0: device disconnected
[  438.409271][ T6312] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  438.554141][ T6312] usb 7-1: device descriptor read/64, error -71
[  438.794436][ T6312] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  438.924094][ T6312] usb 7-1: device descriptor read/64, error -71
[  439.039971][ T6312] usb usb7-port1: attempt power cycle
[  439.388491][ T6312] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  439.404782][ T6312] usb 7-1: device descriptor read/8, error -71
[  439.445947][ T9934] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1181'.
[  439.664148][ T6312] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  439.691825][ T6312] usb 7-1: device descriptor read/8, error -71
[  439.724974][ T9951] ntfs3: Unknown parameter 'barrier'
[  439.794751][ T6312] usb usb7-port1: unable to enumerate USB device
[  441.574150][ T5966] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  441.577717][ T5117] sysfs: ca[  441.577717][ T5117] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  441.577754][ T5117] CPU: 1 UID: 0 PID: 5117 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  441.577783][ T5117] Tainted: [L]=SOFTLOCKUP
[  441.577791][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  441.577805][ T5117] Workqueue: hci4 hci_rx_work
[  441.577837][ T5117] Call Trace:
[  441.577845][ T5117]  <TASK>
[  441.577854][ T5117]  dump_stack_lvl+0xe8/0x150
[  441.577885][ T5117]  sysfs_create_dir_ns+0x271/0x2a0
[  441.577906][ T5117]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  441.577929][ T5117]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  441.577954][ T5117]  ? rt_spin_unlock+0x160/0x200
[  441.577977][ T5117]  kobject_add_internal+0x631/0xd10
[  441.578014][ T5117]  kobject_add+0x163/0x240
[  441.578046][ T5117]  ? __pfx_kobject_add+0x10/0x10
[  441.578081][ T5117]  ? get_device_parent+0x370/0x3a0
[  441.578113][ T5117]  device_add+0x408/0xb80
[  441.578145][ T5117]  hci_conn_add_sysfs+0xd5/0x210
[  441.578174][ T5117]  le_conn_complete_evt+0xf1d/0x1430
[  441.578203][ T5117]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  441.578226][ T5117]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  441.578250][ T5117]  ? lockdep_hardirqs_on+0x7a/0x110
[  441.578272][ T5117]  ? skb_pull_data+0xfb/0x200
[  441.578297][ T5117]  hci_le_conn_complete_evt+0x187/0x470
[  441.578320][ T5117]  hci_event_packet+0x7af/0x12c0
[  441.578339][ T5117]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  441.578350][ T5117]  ? __pfx_hci_event_packet+0x10/0x10
[  441.578363][ T5117]  ? rt_spin_unlock+0x14f/0x200
[  441.578378][ T5117]  ? hci_send_to_monitor+0xe2/0x590
[  441.578392][ T5117]  hci_rx_work+0x3ee/0x1030
[  441.578411][ T5117]  ? process_scheduled_works+0xa0f/0x17a0
[  441.578424][ T5117]  process_scheduled_works+0xaec/0x17a0
[  441.578451][ T5117]  ? __pfx_process_scheduled_works+0x10/0x10
[  441.578466][ T5117]  ? assign_work+0x3d5/0x5e0
[  441.578486][ T5117]  worker_thread+0xa50/0xfc0
[  441.578513][ T5117]  kthread+0x388/0x470
[  441.578527][ T5117]  ? __pfx_worker_thread+0x10/0x10
[  441.578538][ T5117]  ? __pfx_kthread+0x10/0x10
[  441.578553][ T5117]  ret_from_fork+0x51e/0xb90
[  441.578569][ T5117]  ? __pfx_ret_from_fork+0x10/0x10
[  441.578580][ T5117]  ? __switch_to+0xc7d/0x1400
[  441.578594][ T5117]  ? __pfx_kthread+0x10/0x10
[  441.578608][ T5117]  ret_from_fork_asm+0x1a/0x30
[  441.578632][ T5117]  </TASK>
[  441.579797][ T5117] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  441.579825][ T5117] Bluetooth: hci4: failed to register connection device
[  441.624853][ T5117] ==================================================================
[  441.624875][ T5117] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x87d/0x13e0
[  441.624908][ T5117] Read of size 8 at addr ffff88801e6af500 by task kworker/u9:1/5117
[  441.624926][ T5117] 
[  441.624940][ T5117] CPU: 1 UID: 0 PID: 5117 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  441.624970][ T5117] Tainted: [L]=SOFTLOCKUP
[  441.624978][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  441.624992][ T5117] Workqueue: hci4 hci_rx_work
[  441.625020][ T5117] Call Trace:
[  441.625028][ T5117]  <TASK>
[  441.625036][ T5117]  dump_stack_lvl+0xe8/0x150
[  441.625065][ T5117]  print_report+0xba/0x230
[  441.625089][ T5117]  ? l2cap_connect_cfm+0x87d/0x13e0
[  441.625111][ T5117]  kasan_report+0x117/0x150
[  441.625134][ T5117]  ? l2cap_connect_cfm+0x87d/0x13e0
[  441.625160][ T5117]  l2cap_connect_cfm+0x87d/0x13e0
[  441.625187][ T5117]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  441.625210][ T5117]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  441.625236][ T5117]  ? lockdep_hardirqs_on+0x7a/0x110
[  441.625259][ T5117]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  441.625283][ T5117]  ? mutex_lock_nested+0x152/0x1d0
[  441.625302][ T5117]  ? hci_connect_cfm+0x2c/0x140
[  441.625319][ T5117]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  441.625342][ T5117]  hci_connect_cfm+0x95/0x140
[  441.625363][ T5117]  le_conn_complete_evt+0xf65/0x1430
[  441.625389][ T5117]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  441.625411][ T5117]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  441.625435][ T5117]  ? lockdep_hardirqs_on+0x7a/0x110
[  441.625459][ T5117]  ? skb_pull_data+0xfb/0x200
[  441.625481][ T5117]  hci_le_conn_complete_evt+0x187/0x470
[  441.625505][ T5117]  hci_event_packet+0x7af/0x12c0
[  441.625535][ T5117]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  441.625554][ T5117]  ? __pfx_hci_event_packet+0x10/0x10
[  441.625580][ T5117]  ? rt_spin_unlock+0x14f/0x200
[  441.625603][ T5117]  ? hci_send_to_monitor+0xe2/0x590
[  441.625627][ T5117]  hci_rx_work+0x3ee/0x1030
[  441.625657][ T5117]  ? process_scheduled_works+0xa0f/0x17a0
[  441.625681][ T5117]  process_scheduled_works+0xaec/0x17a0
[  441.625716][ T5117]  ? __pfx_process_scheduled_works+0x10/0x10
[  441.625748][ T5117]  ? assign_work+0x3d5/0x5e0
[  441.625771][ T5117]  worker_thread+0xa50/0xfc0
[  441.625807][ T5117]  kthread+0x388/0x470
[  441.625832][ T5117]  ? __pfx_worker_thread+0x10/0x10
[  441.625854][ T5117]  ? __pfx_kthread+0x10/0x10
[  441.625885][ T5117]  ret_from_fork+0x51e/0xb90
[  441.625909][ T5117]  ? __pfx_ret_from_fork+0x10/0x10
[  441.625931][ T5117]  ? __switch_to+0xc7d/0x1400
[  441.625952][ T5117]  ? __pfx_kthread+0x10/0x10
[  441.625978][ T5117]  ret_from_fork_asm+0x1a/0x30
[  441.626013][ T5117]  </TASK>
[  441.626021][ T5117] 
[  441.626025][ T5117] Allocated by task 5117:
[  441.626042][ T5117]  kasan_save_track+0x3e/0x80
[  441.626059][ T5117]  __kasan_kmalloc+0x93/0xb0
[  441.626076][ T5117]  __kmalloc_cache_noprof+0x3a6/0x690
[  441.626096][ T5117]  l2cap_chan_create+0x51/0x7a0
[  441.626119][ T5117]  l2cap_sock_new_connection_cb+0x182/0x2e0
[  441.626143][ T5117]  l2cap_connect_cfm+0x368/0x13e0
[  441.626163][ T5117]  hci_connect_cfm+0x95/0x140
[  441.626180][ T5117]  le_conn_complete_evt+0xf65/0x1430
[  441.626199][ T5117]  hci_le_conn_complete_evt+0x187/0x470
[  441.626217][ T5117]  hci_event_packet+0x7af/0x12c0
[  441.626240][ T5117]  hci_rx_work+0x3ee/0x1030
[  441.626263][ T5117]  process_scheduled_works+0xaec/0x17a0
[  441.626282][ T5117]  worker_thread+0xa50/0xfc0
[  441.626301][ T5117]  kthread+0x388/0x470
[  441.626323][ T5117]  ret_from_fork+0x51e/0xb90
[  441.626343][ T5117]  ret_from_fork_asm+0x1a/0x30
[  441.626366][ T5117] 
[  441.626372][ T5117] Freed by task 10002:
[  441.626380][ T5117]  kasan_save_track+0x3e/0x80
[  441.626396][ T5117]  kasan_save_free_info+0x46/0x50
[  441.626418][ T5117]  __kasan_slab_free+0x5c/0x80
[  441.626434][ T5117]  kfree+0x1c1/0x690
[  441.626449][ T5117]  l2cap_sock_cleanup_listen+0xf0/0x440
[  441.626470][ T5117]  l2cap_sock_release+0x6e/0x270
[  441.626491][ T5117]  sock_close+0xc3/0x240
[  441.626509][ T5117]  __fput+0x45e/0xa80
[  441.626530][ T5117]  task_work_run+0x1d9/0x270
[  441.626545][ T5117]  exit_to_user_mode_loop+0xed/0x480
[  441.626566][ T5117]  do_syscall_64+0x32d/0xf80
[  441.626586][ T5117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.626603][ T5117] 
[  441.626607][ T5117] The buggy address belongs to the object at ffff88801e6af000
[  441.626607][ T5117]  which belongs to the cache kmalloc-2k of size 2048
[  441.626625][ T5117] The buggy address is located 1280 bytes inside of
[  441.626625][ T5117]  freed 2048-byte region [ffff88801e6af000, ffff88801e6af800)
[  441.626646][ T5117] 
[  441.626651][ T5117] The buggy address belongs to the physical page:
[  441.626660][ T5117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e6a8
[  441.626685][ T5117] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  441.626702][ T5117] flags: 0x80000000000040(head|node=0|zone=1)
[  441.626724][ T5117] page_type: f5(slab)
[  441.626743][ T5117] raw: 0080000000000040 ffff88813fe0e000 dead000000000100 dead000000000122
[  441.626761][ T5117] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  441.626780][ T5117] head: 0080000000000040 ffff88813fe0e000 dead000000000100 dead000000000122
[  441.626797][ T5117] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  441.626815][ T5117] head: 0080000000000003 ffffea000079aa01 00000000ffffffff 00000000ffffffff
[  441.626832][ T5117] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  441.626843][ T5117] page dumped because: kasan: bad access detected
[  441.626857][ T5117] page_owner tracks the page as allocated
[  441.626865][ T5117] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 2500892687, free_ts 0
[  441.626899][ T5117]  post_alloc_hook+0x228/0x280
[  441.626917][ T5117]  get_page_from_freelist+0x28bb/0x2950
[  441.626939][ T5117]  __alloc_frozen_pages_noprof+0x18d/0x380
[  441.626961][ T5117]  allocate_slab+0x77/0x660
[  441.626984][ T5117]  refill_objects+0x334/0x3c0
[  441.627005][ T5117]  __pcs_replace_empty_main+0x328/0x5f0
[  441.627029][ T5117]  __kmalloc_cache_noprof+0x44e/0x690
[  441.627047][ T5117]  bus_register+0x58/0x490
[  441.627069][ T5117]  subsys_register+0x24/0x300
[  441.627091][ T5117]  cpu_dev_init+0x17/0x40
[  441.627114][ T5117]  driver_init+0x4c/0x60
[  441.627136][ T5117]  do_basic_setup+0xf/0x70
[  441.627154][ T5117]  kernel_init_freeable+0x2a6/0x3d0
[  441.627173][ T5117]  kernel_init+0x1d/0x1d0
[  441.627188][ T5117]  ret_from_fork+0x51e/0xb90
[  441.627207][ T5117]  ret_from_fork_asm+0x1a/0x30
[  441.627232][ T5117] page_owner free stack trace missing
[  441.627238][ T5117] 
[  441.627243][ T5117] Memory state around the buggy address:
[  441.627253][ T5117]  ffff88801e6af400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.627267][ T5117]  ffff88801e6af480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.627280][ T5117] >ffff88801e6af500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.627291][ T5117]                    ^
[  441.627300][ T5117]  ffff88801e6af580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.627314][ T5117]  ffff88801e6af600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  441.627324][ T5117] ==================================================================
[  441.631909][ T5117] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  441.631934][ T5117] CPU: 1 UID: 0 PID: 5117 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  441.631958][ T5117] Tainted: [L]=SOFTLOCKUP
[  441.631965][ T5117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  441.631977][ T5117] Workqueue: hci4 hci_rx_work
[  441.632005][ T5117] Call Trace:
[  441.632014][ T5117]  <TASK>
[  441.632020][ T5117]  vpanic+0x1e0/0x670
[  441.632047][ T5117]  panic+0xc5/0xd0
[  441.632069][ T5117]  ? __pfx_panic+0x10/0x10
[  441.632091][ T5117]  ? preempt_schedule_thunk+0x16/0x30
[  441.632113][ T5117]  ? l2cap_connect_cfm+0x87d/0x13e0
[  441.632134][ T5117]  check_panic_on_warn+0x89/0xb0
[  441.632151][ T5117]  ? l2cap_connect_cfm+0x87d/0x13e0
[  441.632171][ T5117]  end_report+0x6f/0x140
[  441.632190][ T5117]  kasan_report+0x128/0x150
[  441.632207][ T5117]  ? l2cap_connect_cfm+0x87d/0x13e0
[  441.632229][ T5117]  l2cap_connect_cfm+0x87d/0x13e0
[  441.632252][ T5117]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  441.632272][ T5117]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  441.632295][ T5117]  ? lockdep_hardirqs_on+0x7a/0x110
[  441.632314][ T5117]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  441.632334][ T5117]  ? mutex_lock_nested+0x152/0x1d0
[  441.632349][ T5117]  ? hci_connect_cfm+0x2c/0x140
[  441.632365][ T5117]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  441.632384][ T5117]  hci_connect_cfm+0x95/0x140
[  441.632400][ T5117]  le_conn_complete_evt+0xf65/0x1430
[  441.632424][ T5117]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  441.632443][ T5117]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  441.632464][ T5117]  ? lockdep_hardirqs_on+0x7a/0x110
[  441.632485][ T5117]  ? skb_pull_data+0xfb/0x200
[  441.632506][ T5117]  hci_le_conn_complete_evt+0x187/0x470
[  441.632528][ T5117]  hci_event_packet+0x7af/0x12c0
[  441.632557][ T5117]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  441.632575][ T5117]  ? __pfx_hci_event_packet+0x10/0x10
[  441.632597][ T5117]  ? rt_spin_unlock+0x14f/0x200
[  441.632618][ T5117]  ? hci_send_to_monitor+0xe2/0x590
[  441.632639][ T5117]  hci_rx_work+0x3ee/0x1030
[  441.632664][ T5117]  ? process_scheduled_works+0xa0f/0x17a0
[  441.632684][ T5117]  process_scheduled_works+0xaec/0x17a0
[  441.632713][ T5117]  ? __pfx_process_scheduled_works+0x10/0x10
[  441.632742][ T5117]  ? assign_work+0x3d5/0x5e0
[  441.632762][ T5117]  worker_thread+0xa50/0xfc0
[  441.632791][ T5117]  kthread+0x388/0x470
[  441.632813][ T5117]  ? __pfx_worker_thread+0x10/0x10
[  441.632830][ T5117]  ? __pfx_kthread+0x10/0x10
[  441.632851][ T5117]  ret_from_fork+0x51e/0xb90
[  441.632870][ T5117]  ? __pfx_ret_from_fork+0x10/0x10
[  441.632886][ T5117]  ? __switch_to+0xc7d/0x1400
[  441.632904][ T5117]  ? __pfx_kthread+0x10/0x10
[  441.632931][ T5117]  ret_from_fork_asm+0x1a/0x30
[  441.632962][ T5117]  </TASK>
[  441.633766][ T5117] Kernel Offset: disabled