last executing test programs:

4m51.093189898s ago: executing program 4 (id=469):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
r2 = io_uring_setup(0x136a, &(0x7f0000000240)={0x0, 0xc517, 0x80, 0xfffffffc, 0x2000028c})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x2d, 0x20040040)
io_setup(0x3ff, &(0x7f0000000500)=<r5=>0x0)
write(r4, 0x0, 0x0)
io_submit(r5, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0xffff, r4, 0x0}])
close_range(r2, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x401, 0x30, 0x9, 0x6}, &(0x7f0000000180)=0x18)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x25, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18e4ffbe8b0b285d00000000000000000007000000950000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$SIOCPNDELRESOURCE(r6, 0x89ef, &(0x7f0000000080)=0xa)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
uname(0xfffffffffffffffc)
socket$kcm(0x2, 0xa, 0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYRES8=r1, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

4m50.183281297s ago: executing program 4 (id=479):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x2f00020b, 0xd, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b9", 0x0, 0x7515, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="220000000400000010000000"], 0x48)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x2200)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r1, 0x40045402, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r2}, 0x4)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000640)={r0, <r3=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x7, 0x1c, &(0x7f0000000680)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xb6cb}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x3}}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94)

4m49.958770658s ago: executing program 4 (id=480):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001500)=ANY=[@ANYBLOB="b702000010000000bfa300000000000007030000f0ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847db97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ccfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000000000000000000003ba34b611569a451564d3a5400f9097ffe7a37e765be352be71ee24250d6828562c7e24cb763062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89a0000bde05c114e7a020fc1a5fd3eeeb822008b2d7d1cc062b51b0aca4956b557e51a1385cc572b0074b0950fb1437de2590bf99ec7ceb69e1fe2465fce099c992d57b804a22e148ae3411523814aee03ee2df877edfabf4aa94f07c6fdd127e57a8bf7975f2e606c25a299980a6e52fcf7849d45bb38573fbba8afef1aa7a24c805f7aee3e39a3000000000000000000000000000000000000878f88c4742ac490951c36c610a0d266588ec6a0bd300cf160b5a5d9e9fafa49ecc8430832d795e727b7fc2b76e7fc4141fdbb82f45d3cdd3fb8d4b443ab4954fdf5c1b9a6ab3e457f098329307ccb0a1989b6c37509692e952e7244f48bc12569ff8eb30d0f887b85b5ef44fb9a7571319190be0c226ed72f346cc4aa071ae0c72fa8bd00d5590c4f4ba65d0c8e1f4870fe3c414681e41b40163eb1aa2a7429a2208cd6e69c7d959e87da3fd0101159a03ab7fe78881ee7a1ee7a2edff75fb18a181e0c54352be2b7a5b5273198291c28d9141deeb3cdba5d414ae4b0000000000000000000000000009eacd83458d8a606be71970497a4fd4ca3b48ca482ab3804e2fac216b3ba613608b1a465456a33fd08491d337d7344c01cfc9e73"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000a00), 0x10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0xe0, &(0x7f0000000640)={0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff9a, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)={r1}, 0x4)
r3 = memfd_create(&(0x7f00000003c0)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x00\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x17?&^\xe1Ob\xe1Y\xd6\xeb\x91\x83;\xeb\xf1\xd0\xe3\xe5\x19T\xff\x01\x00\x00\xe2\x9f\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\xaa\xe6\x05\xe4\xc3\x90\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4\x84$&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\x97.A\x84\x1d\xc2\x86\x89{\xba\xe3J\xc2t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e/\x85c\xae\x9c\xe9\xc4\xd2\xf3\x9f\n-k\x12\xdf\xb9q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xba\xce\xb3%QF\x03\x12\x00\x00\x00\x00\x00\x00\x00[\xf9\r\t\xef{h\xb0\xc0\x00\x00\x00\x00\x06\xf8\x83\x87+nM\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?\x87\x84\\/y\xed\x01#?\xab\x1c\x11\x00\xc5\x8d\x82\x9c\xd6B[\xc9\x00\xf5]\x81\xf3\xfd\x06M\xbe\xf9\xba\x9em\xe9\"\x03\x933P\xa3\xcc\x9b\f\xa7\x8f\x91O\xc9\xb9\x10M\x8b\xd0\xc0\xb8Fb\x1c4\xb59\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xdc\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10D\xb9\xe6\xff\x04K%yH\xe5W\xfb\x82\xac\x19,\\D\x91T\xfd\x9c\xb8\x8b\x88\xa5O\x8fI\x00\xf0\xc9%\n\xa7\x0f:\xb0\xf5?\xc3\x88\x1e\xbb-\xa6\xecA\x92\xaf\xa4Xl\v\xa5\xca\v|\xe2N\xac\x80\xc7\x15\x96fh\x83\x15\xc7\xea\xd5\xe8\x89W\x11\xd7oC\xe4\x06\xa8[O\xe6\x1d=\x87\x93\x0f\x87I\xdf\xb1\xeb\x89\x11.\x01\x00\r`\x1e8\x94\xb7\xbc\xc3\xad\xf1\x92\xaf(A=A\x8b\xa5\xb0\x89\x9e5\x12\xa4\x9a\va\xdf\xf4\xea\xc6\xc7\x10g\x1d\xd5\xb0\x9d\xd2\xfc]fC\x8d\x0f\xa6q\x0f\xef\x90\xfe\x94k\xf1\xb8\xfa\xbbb\xb1\x00\x99\xf7\xfd\'\xae\x906\xe0\xaa\xdbtWWH\xa4L\xb5pe,\xdfN\x0f\x00\x01\x00\x00_H\xd4\xe3\xb2,oj\xac\xd7\xbd\xd0\xadW\x1f<\xd0s\xa8\x1f(\x00/ \xe4]@\xf7mA\xe8\xd1\xf4:\xb3\xeb\x81\xb9\x018\x1c\x95%o\x05x\x1a\x90\xf4\x03\xe7\xe9\xa9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x84\xe38\xac>\xbbqJ\x8f\x8cmu\x12\x1d\x9a\xd7\x1c}\x8a]1\x8a\x84\xedo\t*77\xbb0\x8b\xe5R\xc8\t\x94\xbc\x95\xc0\x92\xfc^e\x15\x10\x96\x18\'\xfa\x8e\x81\x03)3\xbf\xa6|\x88\x1f\xfb\xf0\xa3\xd2\x99\x06\xb1\x15\xc4\xe9\x80\xfb\xcfD\xe3\xff\xc1V\x00\xc4\xd1\xa1\xa6\xba\x9a\x91\xdb\x0f\xb6\xb9&\xf5\x05\x9b_\xde\xc6\xc4P\xf9,\xab\x13\xd0+*\xa3\x002\x19Z\x0e\xa7\xb9\xf2\xed\xd7#\b0\xba\xaa\x93\xf6\xef-\x1fL\xc6\xdc\xa7?\xf9\xbcdI\xca_\xa3\xbd\xe6,\xe6\x87$\xe8W8\xa6Zb\x1a7\xd7\x86\xe5\v\xa5\xaf\x8b\xd8t\x9fk\xee#\"\xa4\x96\xd5m\xdb\xb0\xdf\xa8\xb9{\xca\xea\nD|+;\x14\xc4\xe5\x9c\xebDJ\xf4\x19PFi\xce\xd6E9\x18\x1d~\x17\x06\xe9iDu:ou\a<\xaf\x8f0v\x81\xb1HC\xf3\x96\x96]bp\a\xdf7\xcb\x10x\xff\x17L\xde\xff\b\fm\a\x1b\x13\xe2[\xea,\xfc\x8ep<\xa4gq\xf4\xb4\xd7\x1d\'\xd6\xb5\xa3\x90\xf9\xf2\x1a\xaa\xb0\b\x7f\x89\xf7\x9e\x89\x85O\xe6U\x9fO\xa5\x8dfO\x11S\x00\xb6\x809\r\x96\xf2\xb8,\xe1N\xa1\xfd\xaa\x99\xe9\xb4\t\xf1(>\xf8fLBQ\xcf\x9c\xd4\x88\x96\xbc\xf0\xa4\xeb\x92\xd7\xc1\xef\x13\xc7U\x9b\xa8r\xc1_\x11<\x19?)\xb3\xfdf\xc3\xba\x1e\xbaY\xea|~^\x00\x1e\xea/\x1e\xd2&1Z@\xa50\x06s\xf2PP\xf9\xdcv\xc6\xaf\x12M\x8b\x12\xdbf\xb2r\x1a\x84\b\xde\b5\xdb[ruJ\xa0\xa9Nj\xd5<\xcc\xdeA4|1Ye\xd7\xf3\x1b\xedq)\xab_\xc1\aR\xef%\xfb\x9c\x18<\xa3\x133T\x89\xff\x99S\xb7n\xe3%\x05g*X\xe5\xfc\x97\x01\xec\xeb\xd6\rf\xbdl\xee\xca\x1c\xa2{\x98v\xcc\x8a\xcc\xa1\xf1\xb4\xf6\xe1\xc0\x96\xc8\x1c\x05C\x93\x1c\x89e\xc1~\xf3\xc8\xe8\xe6]S\xbd\xbe\xb3M\xc1\x9b\x05\x12\xe9C\x11\xbb\x03U\x80KRd\x14c3I\xa0\xc7\x8a\xba9\xfeH\x94\xb2\xe7h\xb1\x02\xf6\x0f\x02\xb0\xc3\xd8\x02\r\v\xfa\xc7\xbdE\xf6b\xde\xbeJ\x9509\xe8\x18\x05\x15zi\xba\tf7\x9b,\xa3\xa5\xa1\xc1|\xd2:D3z\x8f\x19\xa8\xe1d\xedk\xe8\xa2/\x95`$\x81\xc2g\x04u\x16\xbc{\xb7\x90\xbe\xeb\x85 \f ^I\xd5\x0e\r\xdf4\xd0\x95d\xe4\xaf\x83\x88\xd8l\xae\"\xef\xe5\xfc\x01\x15\xb5\x99U\x1c\xb1\x9c \xe7\xa6\x8fv\xfe\xea\x9a\x11\xe2-', 0x4)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000000740)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000004680)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000002bc0)=[{&(0x7f0000001900)=""/135, 0x87}, {0xfffffffffffffffe}], 0x2}}], 0x48}, 0x0)
ioctl$FS_IOC_RESVSP(r3, 0x4030582b, &(0x7f0000000080)={0x0, 0x2, 0x9, 0x5})
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00')
pread64(r5, &(0x7f0000001240)=""/102400, 0x19000, 0xffffffff8)
write$RDMA_USER_CM_CMD_DESTROY_ID(r5, &(0x7f0000000280)={0x1, 0x10, 0xfa00, {&(0x7f0000000240)}}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2f00020b, 0x822, 0x2f000000, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
r8 = socket$key(0xf, 0x3, 0x2)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r9, 0x0, 0x24044010)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)={0x20, 0x7, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040010}, 0x4004)
sendmsg$key(r8, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="021800001c000000000000000000000005000600000000000a00000000000000000000000000000000000000000000000000000000000000020012000000000000000000fcffffff0600ff0000000000000000000000000000000000000000000000000001000000fe8000000000002100000000000000bb050005002b0000000a00000000000000fc010000000200000002000000000000000000000000000008001900000000000a"], 0xe0}}, 0x0)
setsockopt$sock_int(r7, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
r11 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="b7000000ecffffff0c0000000000000095000000000000005e0c83dfb64a3eb1cdfa541cd3957aa8a96b9fa4591c1eb556e38defc504b011face5a06294c2115a9ad943bac350e8d7961537181f79ead9176dc7c3ed2d45004deb987fa0d"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000bc0)=ANY=[@ANYBLOB="ddc30000000000000a004e240000020000000000000000000000000000000001000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000060000000a004e2300000007fc00000000000000000000000000000001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e23000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2300000001fe8000000000000000000000000000aa0f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2100000003fc01000000000000000000000000000101000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2400008000fe8000000000000000000000000000aa02000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e24000007ff000000000000000000000000000000010100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000"/912], 0x390)
r12 = dup2(r11, r6)
setsockopt$sock_attach_bpf(r7, 0x1, 0x34, &(0x7f00000000c0)=r12, 0x4)

4m49.60762778s ago: executing program 4 (id=483):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000240)={'ip_vti0\x00', &(0x7f00000001c0)={'ip_vti0\x00', <r1=>0x0, 0x40, 0x7, 0x2, 0x1, {{0x12, 0x4, 0x1, 0x3, 0x48, 0x67, 0x0, 0x31, 0x4, 0x0, @remote, @rand_addr=0x64010101, {[@cipso={0x86, 0x31, 0x2, [{0x2, 0xe, "1dd4b0d76e244323b82f3e03"}, {0x4, 0x4, "e1ef"}, {0x2, 0x4, "80e1"}, {0x5, 0x8, "6613f7ce24be"}, {0x6, 0x7, "ae3f788c2c"}, {0x6, 0x6, "b01958ec"}]}]}}}}})
sendmsg$nl_route_sched_retired(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=@newqdisc={0x164, 0x24, 0x4, 0x70bd2c, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x8, 0x8}, {0xb, 0xffff}, {0x4, 0x3}}, [@q_dsmark={{0xb}, {0x1c, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x6}]}}, @q_dsmark={{0xb}, {0x40, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}, @TCA_DSMARK_DEFAULT_INDEX={0x6}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x5}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x98c}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1ff}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x10}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x9}]}}, @q_dsmark={{0xb}, {0x14, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x14}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xfd1b}]}}, @q_dsmark={{0xb}, {0x38, 0x2, [@TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8001}, @TCA_DSMARK_INDICES={0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x16}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xfff}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x39}]}}, @q_dsmark={{0xb}, {0x44, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x13}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x9}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x20}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x18}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xc123}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xa}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x26}]}}]}, 0x164}}, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r2, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e24, @rand_addr=0x5}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='^', 0x1}], 0x1, 0x0, 0x0, 0x20004811}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000000)={@my=0x1, 0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @any, 0x0, 0x0, 0x5f, 0x20001fffffff, 0x100000000000006, 0x10000000})
ioctl$IOCTL_VMCI_SET_NOTIFY(r3, 0x7cb, &(0x7f0000000540)={0x3, 0x7, 0x8})
r4 = socket$packet(0x11, 0x2, 0x300)
socket$netlink(0x10, 0x3, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = creat(&(0x7f0000000180)='./file0\x00', 0xf0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r4, @ANYRES64=r5], 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="660a01000000000061116a000000000085000000cc00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x33}, 0x94)
mount$bind(0x0, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x219d88b, 0x0)
mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x10a78c0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0)='proc\x00', 0x0, 0x0)
r6 = dup(r2)
shutdown(r2, 0x1)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x1}, &(0x7f0000000080)=0x8)

4m47.809846085s ago: executing program 4 (id=501):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=@base={0xa, 0x4, 0x8, 0xc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000c976840210383020b9901e402010902"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$unix(0x1, 0x1, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x80000020, 0x0, 0x40000000}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

4m47.26009653s ago: executing program 3 (id=504):
pipe(0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000010000100"/18], 0x1e4}, 0x1, 0x0, 0x0, 0x4040004}, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xfffffecc)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x7fff, 0x0)

4m46.863117449s ago: executing program 3 (id=509):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[], 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000200)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

4m46.64406239s ago: executing program 4 (id=513):
r0 = syz_open_dev$loop(&(0x7f0000000040), 0xa60f, 0x84081)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x1, 0x13, r1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_REG(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x7b}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x4010)
ioctl$BLKFRAGET(r0, 0x1265, &(0x7f0000000080))
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109021b00010000000009040000014b34ef000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x8382)
ioctl$EVIOCGKEYCODE_V2(r3, 0x80284504, &(0x7f0000000040)=""/95)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r4], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELRULE={0x7c, 0x8, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_USERDATA={0x40, 0x7, 0x1, 0x0, "403440f63164331fbf9c1a566c20594109e1d7c76870b34efc33739175159cf5efb1821ed84710f79167775e49437d30672351c8344a1968006ae89a"}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xe0}, 0x1, 0x0, 0x0, 0x8890}, 0x24000000)

4m46.43333988s ago: executing program 32 (id=513):
r0 = syz_open_dev$loop(&(0x7f0000000040), 0xa60f, 0x84081)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x1, 0x13, r1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_REG(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x0, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x7b}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x4010)
ioctl$BLKFRAGET(r0, 0x1265, &(0x7f0000000080))
syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109021b00010000000009040000014b34ef000905", @ANYRES16, @ANYRESHEX=0x0], 0x0)
r3 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x8382)
ioctl$EVIOCGKEYCODE_V2(r3, 0x80284504, &(0x7f0000000040)=""/95)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r4], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELRULE={0x7c, 0x8, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x1}, @NFTA_RULE_USERDATA={0x40, 0x7, 0x1, 0x0, "403440f63164331fbf9c1a566c20594109e1d7c76870b34efc33739175159cf5efb1821ed84710f79167775e49437d30672351c8344a1968006ae89a"}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xe0}, 0x1, 0x0, 0x0, 0x8890}, 0x24000000)

4m43.717439385s ago: executing program 3 (id=543):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x28}, [@ldst={0x6, 0x3, 0x2, 0x0, 0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffe3a}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r1, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r1, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000dc0)=@newqdisc={0x30, 0x24, 0xf0b, 0x70bd2c, 0x0, {0x0, 0x0, 0x12, r2, {0x0, 0x3}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x4000010)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'tunl0\x00', &(0x7f0000000140)={'erspan0\x00', r2, 0x40, 0x7800, 0x401, 0x5e, {{0x3d, 0x4, 0x3, 0x29, 0xf4, 0x64, 0x0, 0x5, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, {[@timestamp_addr={0x44, 0x34, 0x17, 0x1, 0x4, [{@empty, 0x3}, {@local, 0x1}, {@private=0xa010102, 0x7}, {@empty, 0xffffffff}, {@local, 0x54}, {@remote, 0x7ff}]}, @cipso={0x86, 0x74, 0x2, [{0x6, 0x3, "bd"}, {0x1, 0x12, "28a08607c03d48e5611786e05fe16a13"}, {0x5, 0x10, "b561eb4a4732580185d5d621ed9c"}, {0x5, 0x5, "98d2f2"}, {0x6, 0x9, "2d3b9f9359b32f"}, {0x5, 0x10, "964075d7deb5c596628e96d78940"}, {0x0, 0x11, "df91eb28e44e55aba22ce62601c6d3"}, {0x6, 0xe, "8af086a4fdf1ed2f3766f171"}, {0x7, 0xc, "e17b3e2c0562000d5fc7"}]}, @generic={0x82, 0x11, "b3d5e760b40ef398901057a45c928b"}, @lsrr={0x83, 0x1f, 0x8d, [@multicast2, @loopback, @dev={0xac, 0x14, 0x14, 0x35}, @private=0xa010101, @multicast1, @remote, @loopback]}, @generic={0x86, 0x5, "8ead82"}]}}}}})
r3 = socket$can_raw(0x1d, 0x3, 0x1)
getsockopt$CAN_RAW_JOIN_FILTERS(r3, 0x65, 0x6, 0x0, &(0x7f0000000100))

4m43.461547412s ago: executing program 3 (id=546):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) (async)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000140)={'dvmrp0\x00', {0x2, 0x4e22, @local}}) (async)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000140)={'dvmrp0\x00', {0x2, 0x4e22, @local}})
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) (async)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0)
umount2(&(0x7f00000010c0)='./file0/file0\x00', 0x8)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2263804, 0x0) (async)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2263804, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(0xffffffffffffffff, 0x627, 0x4c1, 0x43, 0x0, 0x30)

4m43.344975266s ago: executing program 3 (id=547):
r0 = socket(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x18080, 0x0)
ioctl$XFS_IOC_FSGEOMETRY_V4(r0, 0x8070587c, &(0x7f0000000100))
epoll_create(0x7)
epoll_create1(0x0)
epoll_create(0x7)
epoll_create1(0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x32, &(0x7f0000000f00), 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
write$P9_RVERSION(r4, &(0x7f0000000040)={0x13, 0x65, 0xffff, 0xffdffffe, 0x6, '9P2000'}, 0x13)
epoll_create1(0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x15, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r5, &(0x7f0000001d40)=[{{&(0x7f00000016c0)={0xa, 0x4e24, 0x4b0, @loopback, 0xc98}, 0x1c, &(0x7f0000001a80)=[{&(0x7f0000001700)='X', 0x1}], 0x1}}], 0x1, 0x4000054)
sendto$inet6(r5, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)

4m41.930666175s ago: executing program 3 (id=558):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000280), 0x140, 0x0)
r0 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, 0x18)
connect$inet6(r0, 0x0, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@fadd={0x58, 0x114, 0x6, {{0x5, 0x6}, 0x0, 0x0, 0xf, 0x4, 0x9, 0xfffffffffffffff9, 0x22, 0x7}}, @fadd={0x58, 0x114, 0x6, {{0x4, 0xffff}, 0x0, 0x0, 0x200, 0xffffffffffff0000, 0xf1, 0x6, 0x12, 0x7}}], 0xb0, 0x8000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
writev(r2, &(0x7f0000000200)=[{&(0x7f00000003c0)='n', 0xfdef}], 0x1)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000000)=0x50d, 0xfffffffffffffd4d)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r5, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000d40)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}, {0x2}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x9, 0x5, 0x9, 0x1, 0xffffffff, 0x2}}, {0x4}}]}, @qdisc_kind_options=@q_codel={{0xa}, {0x24, 0x2, [@TCA_CODEL_ECN={0x8}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0xffffffff}, @TCA_CODEL_TARGET={0x8, 0x1, 0xfffff801}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x2}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x8004001}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000000027106b1d01014000010203010902a20003010070000904000000010100000a24010d00000201020d2406000003080000000000000c2402d59d000008f70010000c24020800000300000000000924060506010100020924030000000005000c240206"], 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="06000000793d25983036608a4921390baca0e36da510a6e00700"/41, @ANYRES32, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020205d0af8ff00000000bea100000000000007010000f8ffffffb702000008000000b7030000ffee0000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x74, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x28}}, 0x40000)
syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
capset(0x0, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
ioctl$TCXONC(0xffffffffffffffff, 0x4b3a, 0x0)

4m41.645952863s ago: executing program 33 (id=558):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000280), 0x140, 0x0)
r0 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, 0x18)
connect$inet6(r0, 0x0, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@fadd={0x58, 0x114, 0x6, {{0x5, 0x6}, 0x0, 0x0, 0xf, 0x4, 0x9, 0xfffffffffffffff9, 0x22, 0x7}}, @fadd={0x58, 0x114, 0x6, {{0x4, 0xffff}, 0x0, 0x0, 0x200, 0xffffffffffff0000, 0xf1, 0x6, 0x12, 0x7}}], 0xb0, 0x8000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
writev(r2, &(0x7f0000000200)=[{&(0x7f00000003c0)='n', 0xfdef}], 0x1)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000000)=0x50d, 0xfffffffffffffd4d)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r5, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000d40)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd2e, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}, {0x2}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x9, 0x5, 0x9, 0x1, 0xffffffff, 0x2}}, {0x4}}]}, @qdisc_kind_options=@q_codel={{0xa}, {0x24, 0x2, [@TCA_CODEL_ECN={0x8}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0xffffffff}, @TCA_CODEL_TARGET={0x8, 0x1, 0xfffff801}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x2}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x8004001}, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000000027106b1d01014000010203010902a20003010070000904000000010100000a24010d00000201020d2406000003080000000000000c2402d59d000008f70010000c24020800000300000000000924060506010100020924030000000005000c240206"], 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="06000000793d25983036608a4921390baca0e36da510a6e00700"/41, @ANYRES32, @ANYBLOB="ffffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020205d0af8ff00000000bea100000000000007010000f8ffffffb702000008000000b7030000ffee0000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x74, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x28}}, 0x40000)
syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
capset(0x0, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
ioctl$TCXONC(0xffffffffffffffff, 0x4b3a, 0x0)

38.586234187s ago: executing program 6 (id=2048):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c0000001000010029bd7000fadbdf2500000000", @ANYRES32=r1, @ANYBLOB="1380000023b201001c00128009000100626f6e64000000000c000280080007b93cdaf405a29323bcf91701e27745f33ccada27d889be79f5788745bec630a46a11d0f7e9a63b82ab8002975401b9fbdf82ce686364ec"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0xc094)
r2 = socket(0xa, 0x5, 0x0)
ioctl$sock_SIOCGIFBR(r2, 0x8940, &(0x7f0000000100)=@add_del={0x2, &(0x7f00000000c0)='syzkaller1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8}, [@ldst={0x3, 0x2, 0x3, 0xa, 0x0, 0xff0e}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x2d)

38.377501952s ago: executing program 6 (id=2050):
mkdir(&(0x7f00000000c0)='./file0\x00', 0xeb)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="b0000000130a05"], 0xb0}, 0x1, 0x0, 0x0, 0x40}, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendto$x25(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x4000040, &(0x7f0000000040), 0x12)
renameat2(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x2)

38.226235467s ago: executing program 6 (id=2051):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x60}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0c003920"], 0xf)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, 0x0, 0x400, 0x70bd26, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xd93e, 0x23}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x2c}}, 0x4090)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = syz_io_uring_setup(0x13ad, &(0x7f0000000000)={0x0, 0x6409, 0x3100, 0x2, 0x2d2}, &(0x7f0000000240), &(0x7f00000000c0))
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
recvfrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
r4 = accept$alg(r3, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000002cc0)="099ccccf84f531d9ec214606c11430c1", 0x10)
socket$netlink(0x10, 0x3, 0x10)
sendmmsg$alg(r4, &(0x7f0000000b40)=[{0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000001c00)="5985d20392a438a118753a61ccd1d0e83101f02653a3db12a8785d9bcc59b58251f9ae571dc6a2", 0x27}], 0x1, 0x0, 0x0, 0x20000010}], 0x1, 0x20049001)
poll(&(0x7f0000000100)=[{r1, 0x4008}], 0x1, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_BIND_IP(r5, &(0x7f0000000500)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x8, @mcast2, 0x2}}}, 0x30)

38.114954818s ago: executing program 6 (id=2052):
r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0)
write$binfmt_register(r0, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0xd, 0x3a, 'syzkaller\x00', 0x3a, 'syzkaller\x00', 0x3a, './file0'}, 0x3b)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f00000007c0)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x7fffffff, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}, @in6={0xa, 0x4e23, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9e65}}}, 0x118)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_netfilter(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)={0x1c, 0x0, 0x3, 0x201, 0x70bd2b, 0x25dfdbfc, {0x2, 0x0, 0x5}, [@generic="a5e6ba6564ec"]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x840)
mount(0x0, &(0x7f0000000380)='./file1/file0\x00', &(0x7f0000000780)='devpts\x00', 0x0, 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r4 = openat$incfs(0xffffffffffffff9c, &(0x7f00000001c0)='.pending_reads\x00', 0x400, 0x4)
renameat2(r4, &(0x7f0000000200)='./file0\x00', r1, &(0x7f0000000240)='./file1\x00', 0x4) (async)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async, rerun: 64)
r7 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000050400"/20, @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c00028006000100"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0) (async)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f0000000340)="ffed2c3a", 0x4, 0xfffffffffffffffe) (async)
pipe2(&(0x7f0000001cc0)={<r10=>0xffffffffffffffff}, 0x80000)
keyctl$KEYCTL_WATCH_KEY(0x20, r9, r10, 0x48)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r5, 0xc0506617, &(0x7f0000000280)={@id={0x2, 0x0, @a}, 0x40, r9, '\x00', @a}) (async)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r8, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a00"], 0x24}, 0x1, 0x0, 0x0, 0x4090}, 0x4) (async)
write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0x1c, 0x0, @ib={0x1b, 0x3, 0x5, {"d67310f076cf681b9b64172fe5da9426"}, 0x800, 0x5, 0x6}}}, 0x90) (async, rerun: 64)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000), 0x111, 0x8}}, 0x20) (async, rerun: 64)
syz_open_dev$vim2m(&(0x7f0000000100), 0x2, 0x2) (async)
pipe2$9p(&(0x7f0000000040), 0x0)

37.861744601s ago: executing program 6 (id=2054):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
write$cgroup_subtree(r0, 0x0, 0xfe33)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x400}}, &(0x7f00000001c0)='GPL\x00', 0x6, 0x1000, &(0x7f0000000780)=""/4096, 0x40f00, 0x75, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x44, 0x20}, 0x50)
r2 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff)
r3 = add_key$user(&(0x7f0000000140), &(0x7f0000002840)={'syz', 0x0}, &(0x7f0000002880)="f40fc24077021c9b084c60ffc26f26db12b9e78d629870bb26edb4a5e1cc0942ed8c58ca4fe84b94a0e31ea64089ee9ca1efb52945ffebbfea11dd3d0df936a10285eccab940ab5c96cb5d81dac1ad2243d878dde6cfd6ea08d5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4ddc1f2ab58762b3494250b9557f5b606a43e50874c90143034142cd5f7bd9b4dd876b97b7feb75b9138dde818a3c6b96dd80", 0xc0, 0xfffffffffffffffb)
r4 = add_key$user(&(0x7f00000000c0), &(0x7f0000001180)={'syz', 0x3}, &(0x7f0000001240)='%8', 0x2, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000001340)={r2, r3, r4}, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000740), &(0x7f0000000140), 0x1003, r1, 0x0, 0x2000000}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000280)={0x0, &(0x7f0000000140)=""/83, &(0x7f0000000080), &(0x7f0000000080), 0x6, r1}, 0x38)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1}, 0x4)

36.858903808s ago: executing program 6 (id=2057):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB], 0xc8)
sendmsg$sock(r0, &(0x7f0000000000)={&(0x7f0000000140)=@pppoe={0x2a, 0x1000000, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'team_slave_0\x00'}}, 0x80, 0x0}, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x3346, 0xf}, 0x7, 0x0)
r2 = timerfd_create(0x0, 0x0)
timerfd_settime(r2, 0x1, &(0x7f0000000000)={{0x0, 0x989680}}, 0x0)
r3 = socket(0xa, 0x5, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x5c}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
sendmsg$inet_sctp(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@authinfo={0x18, 0x84, 0x6, {0x8000}}], 0x18, 0x4855}, 0x24000052)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$TIPC_MCAST_BROADCAST(r5, 0x10f, 0x85)
r6 = socket$rds(0x15, 0x5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r7, 0x0)
setsockopt$RDS_CONG_MONITOR(r6, 0x114, 0x1d, &(0x7f0000000440), 0x4)
semtimedop(0xffffffffffffffff, &(0x7f0000000080)=[{0x1, 0x9}], 0x1, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
read$FUSE(r8, &(0x7f0000000140)={0x2020}, 0x2020)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x4, &(0x7f0000000240)={0x4, &(0x7f0000002180)=[{0x9, 0xe, 0x9, 0x9}, {0x3314, 0x9, 0xe, 0x2}, {0x419, 0x8, 0x3c, 0x6}, {0x6, 0x7, 0x3, 0x94}]})
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r3, 0x942e, 0x0)

36.647330965s ago: executing program 34 (id=2057):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r1, &(0x7f0000000200)=ANY=[@ANYBLOB], 0xc8)
sendmsg$sock(r0, &(0x7f0000000000)={&(0x7f0000000140)=@pppoe={0x2a, 0x1000000, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'team_slave_0\x00'}}, 0x80, 0x0}, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x3346, 0xf}, 0x7, 0x0)
r2 = timerfd_create(0x0, 0x0)
timerfd_settime(r2, 0x1, &(0x7f0000000000)={{0x0, 0x989680}}, 0x0)
r3 = socket(0xa, 0x5, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x34, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x4}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x5c}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
sendmsg$inet_sctp(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@authinfo={0x18, 0x84, 0x6, {0x8000}}], 0x18, 0x4855}, 0x24000052)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$TIPC_MCAST_BROADCAST(r5, 0x10f, 0x85)
r6 = socket$rds(0x15, 0x5, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r7, 0x0)
setsockopt$RDS_CONG_MONITOR(r6, 0x114, 0x1d, &(0x7f0000000440), 0x4)
semtimedop(0xffffffffffffffff, &(0x7f0000000080)=[{0x1, 0x9}], 0x1, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00')
read$FUSE(r8, &(0x7f0000000140)={0x2020}, 0x2020)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x4, &(0x7f0000000240)={0x4, &(0x7f0000002180)=[{0x9, 0xe, 0x9, 0x9}, {0x3314, 0x9, 0xe, 0x2}, {0x419, 0x8, 0x3c, 0x6}, {0x6, 0x7, 0x3, 0x94}]})
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r3, 0x942e, 0x0)

8.822645481s ago: executing program 7 (id=2058):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0xa4, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private}, {0x8, 0x2, @broadcast}}}]}, @CTA_TIMEOUT={0x8}, @CTA_MARK={0x8}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x3}]}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_ISN={0x8}, @CTA_SYNPROXY_TSOFF={0x8}]}]}, 0xa4}}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)

8.247099674s ago: executing program 7 (id=2157):
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x28, 0xd, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044}, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x37, 0xfffffffffffffffd, &(0x7f0000000000)=0x2100)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000004000000000000000100000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x40, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001840)=@bpf_ext={0x1c, 0x1, &(0x7f0000000080)=ANY=[], &(0x7f0000000340)='GPL\x00', 0xfffffc00, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2469, r3, 0x0, 0x0, 0x0, 0x10, 0x878}, 0x94)
syz_open_procfs(0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x88a8, 0x0, 0x0, [0xff, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0xdd86}}}}}}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x44, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}]}, 0x44}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
setpgid(0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

7.306167299s ago: executing program 2 (id=2159):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (fail_nth: 1)
r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0xe)

6.70231634s ago: executing program 2 (id=2160):
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0xc042, 0x1ff)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
writev(r1, &(0x7f0000000040)=[{0x0, 0xfc94}], 0x10000000000001c7)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x8}}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x35, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000693c1e10cd060202043e010203010902240001000000000904230002722f680009057a"], 0x0)

6.385133533s ago: executing program 5 (id=2162):
r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
r1 = dup(r0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000008, 0x1c110, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000100)=ANY=[@ANYBLOB="9268c4316ab18c73c79f8650bd94d667c92c99d91820e1e0a7c2ac3aae81c62c3a6d7be5bc217ff63bee886ac3fc8bfa17ee134acc1e6c6deba8f01281af93995610de79c32a1f64f7ed67a087e680ffa77e1b40997895c8f63fb9ac6de9c3b1f4244e6d7b0386362f0bcd3fca45cd2a51cfaaad6eb51fb1f2f324df836248246831b4cc2684a7bc18fa", @ANYBLOB="9174a6cc0f7fa9c4910a993008cea608c95868424f0ea84510cdd1d98102bd", @ANYRES64=r0], 0x0, 0x9, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

6.207554549s ago: executing program 5 (id=2163):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0x21}, 0x94)
r3 = socket$inet6(0xa, 0x3, 0x3)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000200)={'bond_slave_1\x00', <r4=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r2, r4, 0x25, 0x2, @void}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r2}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
sendto$inet6(r1, &(0x7f0000000140)='\x00', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x6, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c)
shutdown(r1, 0x1)
sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)

5.438918666s ago: executing program 5 (id=2165):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e23, 0x10000000, @rand_addr=' \x01\x00', 0x2}, 0x1c)

5.224078949s ago: executing program 2 (id=2166):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r1, &(0x7f0000001040)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x0, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000000000f2170e65e3f50327e422000000000000000000000200000000001900", 0x11}, 0x60)
listen(r1, 0xf5f)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r2, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f00000007c0)="87", 0x19fff, 0x4000, 0x0, 0xfffffffffffffe00)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@deltaction={0x5c, 0x18, 0x1, 0x70bd2c, 0x25dfdc00, {0xa}, [@TCA_ACT_TAB={0x48, 0x1, [{0xc, 0x8d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0x14, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x20040844)
r4 = socket$unix(0x1, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000140)=0x88c6, 0x4)
accept(r1, 0x0, 0x0)
r5 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100015ae4c41096050100f5050100030109021b0001000000000904d60001b5e14500090583"], 0x0)
getgid()
syz_usb_control_io$cdc_ecm(r5, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)=ANY=[@ANYBLOB="0017100000005e14548638a5bac0b319d168c262b316"], 0x0, 0x0})

5.190746586s ago: executing program 5 (id=2167):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001980)={0x14, 0x2, 0x6, 0x201}, 0x14}}, 0x0)

5.045836805s ago: executing program 7 (id=2168):
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x5, 0x0, 0x81, 0xffffffff})
r1 = socket(0x2d, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r1, &(0x7f0000000040)={&(0x7f0000000000)={0x2d, 0x0, 0x20, 0x4000}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x2008004)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000940)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff92"], 0x0)
syz_usb_control_io$cdc_ecm(r2, &(0x7f00000005c0)={0x14, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r3 = socket(0x11, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x22}}, 0x14)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xe1, 0x4)
sendmsg$netlink(r3, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000480)=ANY=[@ANYBLOB="020114008cdc18000e3580009f000114600000060600ac141414e0000003808a8972bd0b72e4a139697dd2061fd7fdfe4b88942a31f48597e36e039b1c599db6e466749c2d4c8303a0f7fbda34fb8825f80200e3c0ab42e32a097dbd4be5ffca88faca"], 0xdd12}], 0x1}, 0x20040051)
r5 = syz_open_dev$admmidi(&(0x7f00000002c0), 0x4, 0x284000)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r4, 0x4024587b, &(0x7f0000000500)={{r5, &(0x7f0000000300)='gre0\x00', 0x2a6000, &(0x7f0000000340)={@align=0x9, {0x6, 0x5, 0x4}}, 0x7, &(0x7f0000000380)={@_ha_fsid}, &(0x7f00000003c0)=0x9}, 0x0, &(0x7f0000000440)})
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x3}, &(0x7f0000000080)=0x8)
r7 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r7, 0x4020565a, &(0x7f0000000000)={0x3, 0x9a090a, 0x1})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

4.881391558s ago: executing program 5 (id=2170):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ptrace$peekuser(0x3, 0x0, 0x5)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x80101)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000300)={0x1})
syz_emit_ethernet(0x3a, &(0x7f0000000840)=ANY=[@ANYBLOB="aaaaaaaaaaaa429e82211cf808004517002c0066000007fd8f780a0101027f00000400004e2200004a20a7219b4b71575ed8eeb89a76f2c245585467ed579ea8dd206cc13ec58f3cc526579ca9ac4876c1ff8b4f59541977f8569caf709fc222fd22b4eb7aa18ee73fc9bc82dd9837db3f5c006a476fbcce2f834b0596bc715f59a4a3a5690893a69a0cdf600e4464cf9a7e977380e894f4c9c76deb818c96f874260acbe2db62b22f642ab078468d5536ff3eb8eb79cbb6821d0ddaf7c93fb3876f9bd9167c8274bff7d70f67a582e83e631d12894a3b38ca09dcd52e27af01444d0ba353bd6cf84ac9e5fdad03767f34490fa28eb937f20a09b3b00d6fc7e1db2b4d3a374072"], 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
poll(&(0x7f0000002d40)=[{r5, 0x4080}], 0x1, 0x5)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
socket$packet(0x11, 0x2, 0x300)
unshare(0x2040c00)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
mkdir(0x0, 0x19)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB], &(0x7f0000000c40)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0xd, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x408, &(0x7f0000000040)=ANY=[@ANYRESOCT])
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x4)
write$char_usb(r6, &(0x7f00000001c0)="14eaf96a7cb59397964f93fdb3bb83b867aedd8ded07f15e844cd7938fb38824022ae71311e769a4392ba3c940258ef455f217a63f56a388d936e0cfdf32b77e6b051dbb0aca041869418710e20969950f5a5d58553fa60b6c480b1442ac815ad88c53e8fe69c0a3567590471e6dc79893113f3842007ed474955dfaf1a82521fececcdd12b7341e941df45bdf8f079be612d936639335f9cf908544e45e7756347ce4fb8884980714c3f93fcef5afbd4954a08cb5d44b19397b15ea0f72175d39e6e699afa037c5df066e1f852415c7fe9a", 0xd2)

3.704599895s ago: executing program 0 (id=2171):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x8, 0x0, 0x7fffffff}]})
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_linger(r2, 0x1, 0x3c, 0x0, 0x0)
socket(0x2d, 0x2, 0x0)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x1, <r4=>r1})
ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0x5}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x7, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0xfffffffe, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x3, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0xfffffffc, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x800009, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x3, 0xc8, 0xf1, 0xf, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x8, 0xb, 0x4, 0x9, 0x8, 0x40, 0xa, 0x47, 0x8000, 0x1, 0xfe000003, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000008, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x400003], [0x800007, 0x40c, 0x3ff, 0x5, 0xfffffffd, 0x100, 0x4, 0xb, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x40000005, 0x0, 0x1ef, 0x5, 0x9, 0x86, 0x3, 0x303c, 0x0, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x20006816, 0x5, 0x38, 0x200, 0x5, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2006, 0x80a2ed, 0x5, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x80005, 0x937, 0xd8, 0x6, 0x0, 0xb9, 0x4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0xfffffffe, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0x3, 0x3, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xfc0, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0x80, 0xfffffff8]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
unshare(0x6a040000)
socket(0x1e, 0x4, 0x0)
socket(0x1e, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(0x4)
r5 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x6c90, 0x40000)
ioctl$SCSI_IOCTL_DOORUNLOCK(r5, 0x5381)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

3.66326176s ago: executing program 1 (id=2172):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, 0x0)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000080)={0x8, [0x4, 0x4, 0x8, 0x0, 0xfff, 0x3, 0xd3ff, 0x1]}, 0x14)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000cc0)=@newqdisc={0x50, 0x24, 0xd0f, 0x7, 0x0, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x6, 0x8}, [@TCA_NETEM_DELAY_DIST={0x4}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
socket(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, 0x0) (async)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000080)={0x8, [0x4, 0x4, 0x8, 0x0, 0xfff, 0x3, 0xd3ff, 0x1]}, 0x14) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000020b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xb, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000cc0)=@newqdisc={0x50, 0x24, 0xd0f, 0x7, 0x0, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x6, 0x8}, [@TCA_NETEM_DELAY_DIST={0x4}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) (async)

3.35088121s ago: executing program 1 (id=2173):
r0 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
r1 = dup(r0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000008, 0x1c110, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000100)=ANY=[@ANYBLOB="9268c4316ab18c73c79f8650bd94d667c92c99d91820e1e0a7c2ac3aae81c62c3a6d7be5bc217ff63bee886ac3fc8bfa17ee134acc1e6c6deba8f01281af93995610de79c32a1f64f7ed67a087e680ffa77e1b40997895c8f63fb9ac6de9c3b1f4244e6d7b0386362f0bcd3fca45cd2a51cfaaad6eb51fb1f2f324df836248246831b4cc2684a7bc18fa", @ANYBLOB="9174a6cc0f7fa9c4910a993008cea608c95868424f0ea84510cdd1d98102bd", @ANYRES64=r0], 0x0, 0x9, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x2, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

3.276166477s ago: executing program 5 (id=2174):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x8, 0x0, 0x7fffffff}]})
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_linger(r2, 0x1, 0x3c, 0x0, 0x0)
socket(0x2d, 0x2, 0x0)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x1, <r4=>r1})
ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0x5}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x7, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0xfffffffe, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x3, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0xfffffffc, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x800009, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x3, 0xc8, 0xf1, 0xf, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x8, 0xb, 0x4, 0x9, 0x8, 0x40, 0xa, 0x47, 0x8000, 0x1, 0xfe000003, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000008, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x400003], [0x800007, 0x40c, 0x3ff, 0x5, 0xfffffffd, 0x100, 0x4, 0xb, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x40000005, 0x0, 0x1ef, 0x5, 0x9, 0x86, 0x3, 0x303c, 0x0, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x20006816, 0x5, 0x38, 0x200, 0x5, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2006, 0x80a2ed, 0x5, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x80005, 0x937, 0xd8, 0x6, 0x0, 0xb9, 0x4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0xfffffffe, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0x3, 0x3, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xfc0, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0x80, 0xfffffff8]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
rseq(0x0, 0x0, 0x0, 0x0)
unshare(0x6a040000)
socket(0x1e, 0x4, 0x0)
socket(0x1e, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
close(0x4) (fail_nth: 1)
r5 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x6c90, 0x40000)
ioctl$SCSI_IOCTL_DOORUNLOCK(r5, 0x5381)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

3.09562509s ago: executing program 1 (id=2175):
r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r0, 0x40106f52, &(0x7f0000000100)={0x2, &(0x7f0000000140)=[{0x13, '\x00', @data=0x22bd70a1, 0x7ff}, {0x20, '\x00', @buffer={"b963719aff27f15312bb8aa935bd6982e2e6aa62ab418bbd8ac717e893c09de8", 0x20}, 0x5}]}) (fail_nth: 1)

2.443102559s ago: executing program 1 (id=2176):
r0 = socket$inet6(0xa, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
pipe(0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff)
openat(0xffffffffffffff9c, 0x0, 0xc042, 0x1ff)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
r1 = socket$inet_icmp(0x2, 0x2, 0x1)
writev(r1, &(0x7f0000000040)=[{0x0, 0xfc94}], 0x10000000000001c7)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0x1ff)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x111, 0x8}}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x35, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000693c1e10cd060202043e010203010902240001000000000904230002722f680009057a"], 0x0)

2.313762604s ago: executing program 0 (id=2177):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
copy_file_range(r0, 0x0, r0, 0xfffffffffffffffc, 0x7, 0x0)
r1 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_SET_PROPERTY(r1, 0x40106f52, &(0x7f0000000100)={0x2, &(0x7f0000000140)=[{0x13, '\x00', @data=0x22bd70a1, 0x7ff}, {0x20, '\x00', @buffer={"b963719aff27f15312bb8aa935bd6982e2e6aa62ab418bbd8ac717e893c09de8", 0x20}, 0x5}]})

2.199640251s ago: executing program 0 (id=2178):
sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x28, 0xd, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044}, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x37, 0xfffffffffffffffd, &(0x7f0000000000)=0x2100)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000004000000000000000100000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x40, '\x00', r2, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001840)=@bpf_ext={0x1c, 0x1, &(0x7f0000000080)=ANY=[], &(0x7f0000000340)='GPL\x00', 0xfffffc00, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2469, r3, 0x0, 0x0, 0x0, 0x10, 0x878}, 0x94)
syz_open_procfs(0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_emit_ethernet(0x6a, &(0x7f00000000c0)={@broadcast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x88a8, 0x0, 0x0, [0xff, 0x0]}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0xdd86}}}}}}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x44, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}]}, 0x44}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
setpgid(0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

1.484259004s ago: executing program 2 (id=2179):
socket$nl_netfilter(0x10, 0x3, 0xc)
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000140)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x17, 0x0, 0x0)
setsockopt$inet_int(r2, 0x0, 0x13, &(0x7f0000000100)=0x800, 0x4)
ptrace(0x4206, r1)
tkill(r1, 0x12)
ioctl$TUNSETDEBUG(r0, 0x400454c9, &(0x7f00000001c0)=0xff)
r3 = syz_open_dev$mouse(&(0x7f0000000340), 0x1, 0x44000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000380))
ptrace$getregset(0x4204, r1, 0x202, &(0x7f0000000180)={&(0x7f0000000240)=""/151, 0x97})
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x1, 0xa000200000a958, 0x2000000009, 0x3, 0x80000002, 0x48cd, 0xfffffffffffffffc, 0xfff})

1.479777271s ago: executing program 0 (id=2180):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001980)={0x14, 0x2, 0x6, 0x201}, 0x14}}, 0x0)

1.348523255s ago: executing program 7 (id=2181):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd9, 0x72, 0xa4, 0x40, 0x20b7, 0x1540, 0xb75a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff}}]}}]}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002bbd70000e0010005400"], 0x14}, 0x1, 0x0, 0x0, 0x20000850}, 0x4000000)
close(r1)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000005c0)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="40a51504000000bb"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.340566831s ago: executing program 0 (id=2182):
socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
syz_emit_ethernet(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r3}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)

1.112014753s ago: executing program 2 (id=2183):
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002180)='memory.swap.events\x00', 0x275a, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], 0x0, 0x101, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
write$P9_RLERRORu(r1, &(0x7f0000000240)=ANY=[], 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1, 0x1}}, 0x40)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x20, 0x10012, r1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
fstatfs(r0, &(0x7f0000000280)=""/22) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84) (async)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000000c0)={<r4=>0x0, 0x2}, &(0x7f0000000180)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000140)={r4, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000000)=0x10) (async)
pipe(&(0x7f0000000240)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}) (async)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0) (async)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x43) (async)
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32=r10, @ANYRES32=r9, @ANYBLOB='\a'], 0x10) (async)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r10, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r8}, 0x20)
write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc) (async)
splice(r5, 0x0, r7, 0x0, 0x4ffe6, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f00000043c0)={<r11=>0x0, @in={{0x2, 0x4e24, @remote}}, 0x9, 0x8, 0x4, 0xfffff43e, 0x97}, &(0x7f0000004480)=0x98)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000300)={r11}, &(0x7f0000000040)=0x8)
r12 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r12, 0x83, 0x10, &(0x7f0000000500)=@ready={0x0, 0x0, 0x8, "72918f72", {0x1, 0x1, 0x1000, 0x2, 0x5}}) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4e23, 0xfffc, 0x4e23, 0x3, 0xa, 0x80, 0x30, 0x2e}, {0x100000000, 0x2, 0xfffffffffffffffe, 0x0, 0x3ff, 0x6, 0x8, 0x800000000001}, {0x9, 0x0, 0x0, 0x7}, 0xd6, 0x0, 0x1, 0x0, 0x1, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x5}, 0x210000, 0x3c}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xfffffffb}}, 0xe8)

1.048581793s ago: executing program 1 (id=2184):
creat(&(0x7f0000000000)='./file1\x00', 0x28)
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000440)={0x0, 0x79a8, 0x8, 0x1, 0x29a}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) (fail_nth: 1)
bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)

380.729007ms ago: executing program 0 (id=2185):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000400)={0x40, 0x12, 0x6d, "5155f0411f82d729c5d105651cc541e452dc42930729f4b56d87de4712c59404294eaa11f2729253804b6203fd2f2cebd8825048e3b9befa9894290a47c7d67ae4c9b1290525914700e4c14081ae8b3f8385aaacb12dcd3876a416d3f2d639949a3e33ac0e06b9f39a18c07372"}, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x4, {0x2, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

294.915542ms ago: executing program 1 (id=2186):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x80)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd24, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0xf, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x8848}, 0x80) (fail_nth: 1)

0s ago: executing program 2 (id=2187):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000480)={0x40, 0xb, 0x1, "e4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000000)={0x40, 0x11, 0x6, {0x6, 0xe, "440cedfc"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1c1e}}, &(0x7f00000000c0)={0x0, 0xf, 0x36, {0x5, 0xf, 0x36, 0x3, [@ptm_cap={0x3}, @ptm_cap={0x3}, @generic={0x2b, 0x10, 0x1, "1a09ddaa03bde23d11c6e77764b70b34ef346e40c078d870ce2afd0b9d125c8f827467a7677e6d91"}]}}, &(0x7f0000000100)={0x20, 0x29, 0xf, {0xf, 0x29, 0xa, 0x8, 0x5, 0x4, "33953b8f", "10895368"}}, &(0x7f0000000140)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x0, 0x3, 0x5, 0xf9, 0xfff6, 0x3}}}, &(0x7f0000000740)={0x84, &(0x7f0000000200)={0x40, 0x17, 0x96, "48eac397cb7fb5c563e7ac71afb7aaf5e762478db9d82f222a7b8c5f9f2ddd170452f0de130ab5873a2bda679f77da13dbe0bf14f639961dd87114b3fecc5ff48d2c0cfd79a7b7866309024dad5fc589a934aa978753b6f2ffd4f9709ad60c7bef07c7e61bcb5a5652ca81495767207a647306f0943aebdacc35d6756c4cc68984214cd5a7d77820704a5a36bb651b9db2bd3b38ea70"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000340)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f0000000380)={0x20, 0x0, 0x8, {0x0, 0x8, [0xfff0]}}, &(0x7f00000003c0)={0x40, 0x7, 0x2, 0xf800}, &(0x7f0000000400)={0x40, 0x9, 0x1, 0x4}, &(0x7f0000000440)={0x40, 0xb, 0x2, "8ade"}, &(0x7f00000004c0)={0x40, 0xf, 0x2, 0x3}, &(0x7f0000000580)={0x40, 0x13, 0x6, @multicast}, &(0x7f00000005c0)={0x40, 0x17, 0x6}, &(0x7f0000000600)={0x40, 0x19, 0x2, "965f"}, &(0x7f0000000640)={0x40, 0x1a, 0x2, 0x6}, &(0x7f0000000680)={0x40, 0x1c, 0x1, 0x9}, &(0x7f00000006c0)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000700)={0x40, 0x21, 0x1, 0x93}})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000180)={0x40, 0x12, 0x1, "b4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

[  T993] usb 6-1: Using ep0 maxpacket: 32
[  415.676412][  T993] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  415.676441][  T993] usb 6-1: config 0 has no interface number 0
[  415.679124][  T993] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8
[  415.679154][  T993] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.679176][  T993] usb 6-1: Product: syz
[  415.679191][  T993] usb 6-1: Manufacturer: syz
[  415.679205][  T993] usb 6-1: SerialNumber: syz
[  415.690267][  T993] usb 6-1: config 0 descriptor??
[  415.752019][  T993] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  415.752054][  T993] usb 6-1: selecting invalid altsetting 1
[  415.752070][  T993] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  415.782908][  T993] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  415.786747][  T993] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  415.786816][  T993] usb 6-1: media controller created
[  415.832291][T11111] delete_channel: no stack
[  415.902632][  T993] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  416.101182][T11119] hub 8-0:1.0: USB hub found
[  416.110720][T11119] hub 8-0:1.0: 1 port detected
[  417.154536][  T993] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  417.154590][  T993] zl10353_read_register: readreg error (reg=127, ret==-71)
[  417.157999][  T993] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  417.159639][T11122] bond2: option arp_validate: mode dependency failed, not supported in mode balance-alb(6)
[  417.279356][T11122] bond2 (unregistering): Released all slaves
[  417.292365][  T993] usb 6-1: USB disconnect, device number 12
[  417.683875][  T993] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  417.877198][  T993] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  417.877253][  T993] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  417.877280][  T993] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  417.877308][  T993] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  417.877331][  T993] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  417.879662][  T993] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  417.879691][  T993] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  417.879712][  T993] usb 6-1: Product: syz
[  417.879726][  T993] usb 6-1: Manufacturer: syz
[  417.879740][  T993] usb 6-1: SerialNumber: syz
[  417.900649][T11145] FAULT_INJECTION: forcing a failure.
[  417.900649][T11145] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  417.903716][T11145] CPU: 0 UID: 0 PID: 11145 Comm: syz.2.1822 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  417.903745][T11145] Tainted: [L]=SOFTLOCKUP
[  417.903752][T11145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  417.903763][T11145] Call Trace:
[  417.903770][T11145]  <TASK>
[  417.903777][T11145]  dump_stack_lvl+0xe8/0x150
[  417.903806][T11145]  should_fail_ex+0x46b/0x600
[  417.903832][T11145]  _copy_from_user+0x2d/0xb0
[  417.903855][T11145]  ___sys_sendmsg+0x1c6/0x360
[  417.903873][T11145]  ? __lock_acquire+0x6b5/0x2cf0
[  417.903898][T11145]  ? __pfx____sys_sendmsg+0x10/0x10
[  417.903943][T11145]  ? __fget_files+0x2a/0x420
[  417.903964][T11145]  ? __fget_files+0x3a6/0x420
[  417.903994][T11145]  __x64_sys_sendmsg+0x1c3/0x2a0
[  417.904015][T11145]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  417.904049][T11145]  ? __pfx_ksys_write+0x10/0x10
[  417.904073][T11145]  do_syscall_64+0x14d/0xf80
[  417.904094][T11145]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.904110][T11145]  ? trace_irq_disable+0x37/0x100
[  417.904124][T11145]  ? clear_bhb_loop+0x40/0x90
[  417.904145][T11145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.904164][T11145] RIP: 0033:0x7effcce4bf79
[  417.904181][T11145] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  417.904197][T11145] RSP: 002b:00007effcb07d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  417.904218][T11145] RAX: ffffffffffffffda RBX: 00007effcd0c6090 RCX: 00007effcce4bf79
[  417.904231][T11145] RDX: 0000000004008800 RSI: 0000200000000300 RDI: 0000000000000004
[  417.904244][T11145] RBP: 00007effcb07d090 R08: 0000000000000000 R09: 0000000000000000
[  417.904256][T11145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.904267][T11145] R13: 00007effcd0c6128 R14: 00007effcd0c6090 R15: 00007ffd9b59f7b8
[  417.904296][T11145]  </TASK>
[  418.053933][ T5952] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  418.212582][  T993] usb 6-1: config 0 descriptor??
[  418.215855][ T5952] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  418.215885][ T5952] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  418.244053][ T5952] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  418.244083][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.244104][ T5952] usb 2-1: Product: syz
[  418.244117][ T5952] usb 2-1: Manufacturer: syz
[  418.244132][ T5952] usb 2-1: SerialNumber: syz
[  418.325866][ T5952] usb 2-1: config 0 descriptor??
[  418.327232][T11139] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  418.327410][T11139] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  418.762685][  T993] radio-si470x 6-1:0.0: si470x_get_report: usb_control_msg returned -110
[  418.776251][  T993] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -5
[  418.829234][T11139] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  418.829366][T11139] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  419.035060][T11159] hub 8-0:1.0: USB hub found
[  419.037541][T11159] hub 8-0:1.0: 1 port detected
[  420.153504][ T5952] Error reading MAC address
[  420.177570][ T5952] usb 2-1: USB disconnect, device number 26
[  420.190080][T11169] FAULT_INJECTION: forcing a failure.
[  420.190080][T11169] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  420.190118][T11169] CPU: 0 UID: 0 PID: 11169 Comm: syz.6.1832 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  420.190145][T11169] Tainted: [L]=SOFTLOCKUP
[  420.190152][T11169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  420.190163][T11169] Call Trace:
[  420.190171][T11169]  <TASK>
[  420.190180][T11169]  dump_stack_lvl+0xe8/0x150
[  420.190209][T11169]  should_fail_ex+0x46b/0x600
[  420.190236][T11169]  _copy_to_user+0x31/0xb0
[  420.190262][T11169]  simple_read_from_buffer+0xe1/0x170
[  420.190290][T11169]  proc_fail_nth_read+0x1be/0x230
[  420.190313][T11169]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  420.190335][T11169]  ? rw_verify_area+0x2ac/0x4e0
[  420.190359][T11169]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  420.190379][T11169]  vfs_read+0x212/0xa70
[  420.190405][T11169]  ? __pfx_vfs_read+0x10/0x10
[  420.190425][T11169]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  420.190447][T11169]  ? lockdep_hardirqs_on+0x7a/0x110
[  420.190469][T11169]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  420.190490][T11169]  ? mutex_lock_nested+0x152/0x1d0
[  420.190507][T11169]  ? fdget_pos+0x252/0x320
[  420.190535][T11169]  ksys_read+0x156/0x270
[  420.190552][T11169]  ? __pfx_ksys_read+0x10/0x10
[  420.190584][T11169]  do_syscall_64+0x14d/0xf80
[  420.190604][T11169]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.190622][T11169]  ? trace_irq_disable+0x37/0x100
[  420.190638][T11169]  ? clear_bhb_loop+0x40/0x90
[  420.190660][T11169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.190677][T11169] RIP: 0033:0x7f377c3fc84e
[  420.190693][T11169] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  420.190708][T11169] RSP: 002b:00007f377a68dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  420.190732][T11169] RAX: ffffffffffffffda RBX: 00007f377a68e6c0 RCX: 00007f377c3fc84e
[  420.190753][T11169] RDX: 000000000000000f RSI: 00007f377a68e0a0 RDI: 0000000000000005
[  420.190766][T11169] RBP: 00007f377a68e090 R08: 0000000000000000 R09: 0000000000000000
[  420.190778][T11169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.190789][T11169] R13: 00007f377c6b6038 R14: 00007f377c6b5fa0 R15: 00007ffe5404c458
[  420.190820][T11169]  </TASK>
[  420.363835][ T5884] usb 3-1: new full-speed USB device number 67 using dummy_hcd
[  420.379176][ T5866] usb 6-1: USB disconnect, device number 13
[  420.475748][T11168] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  420.547426][ T5884] usb 3-1: not running at top speed; connect to a high speed hub
[  420.548497][ T5884] usb 3-1: config 3 has 0 interfaces, different from the descriptor's value: 1
[  420.552440][ T5884] usb 3-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[  420.552470][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.552482][ T5884] usb 3-1: Product: syz
[  420.552490][ T5884] usb 3-1: Manufacturer: syz
[  420.552498][ T5884] usb 3-1: SerialNumber: syz
[  420.929234][T11184] mac80211_hwsim hwsim19 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  420.977247][T11186] pimreg: entered allmulticast mode
[  421.404120][T11197] hub 8-0:1.0: USB hub found
[  421.406870][T11197] hub 8-0:1.0: 1 port detected
[  422.358639][T11199] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1842'.
[  422.515461][T11203] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1843'.
[  423.109975][ T5884] usb 3-1: USB disconnect, device number 67
[  423.197349][ T5866] usb 1-1: new full-speed USB device number 64 using dummy_hcd
[  423.351783][T11217] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  423.351904][T11217] [U] J"—e:ÀÆ"


[  423.405750][ T5866] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  423.405803][ T5866] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  423.405829][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  423.405855][ T5866] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  423.405877][ T5866] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  423.408134][ T5866] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  423.408162][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  423.408182][ T5866] usb 1-1: Product: syz
[  423.408196][ T5866] usb 1-1: Manufacturer: syz
[  423.408210][ T5866] usb 1-1: SerialNumber: syz
[  423.427127][ T5866] usb 1-1: config 0 descriptor??
[  423.670595][ T5866] radio-si470x 1-1:0.0: DeviceID=0x55f0 ChipID=0x411f
[  423.865824][ T5866] radio-si470x 1-1:0.0: software version 85, hardware version 240
[  424.063420][ T5866] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[  424.063508][ T5866] radio-si470x 1-1:0.0: submitting int urb failed (-90)
[  424.072619][ T5866] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[  424.072924][ T5866] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22
[  424.097445][ T5866] usb 1-1: USB disconnect, device number 64
[  424.733811][ T5957] wlan1: Trigger new scan to find an IBSS to join
[  424.945907][T11236] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1853'.
[  427.029249][T11271] FAULT_INJECTION: forcing a failure.
[  427.029249][T11271] name failslab, interval 1, probability 0, space 0, times 0
[  427.029287][T11271] CPU: 1 UID: 0 PID: 11271 Comm: syz.1.1867 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  427.029314][T11271] Tainted: [L]=SOFTLOCKUP
[  427.029322][T11271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  427.029334][T11271] Call Trace:
[  427.029342][T11271]  <TASK>
[  427.029351][T11271]  dump_stack_lvl+0xe8/0x150
[  427.029381][T11271]  should_fail_ex+0x46b/0x600
[  427.029409][T11271]  should_failslab+0xa8/0x100
[  427.029432][T11271]  __kmalloc_noprof+0xdf/0x7b0
[  427.029450][T11271]  ? kfree+0x4d/0x690
[  427.029467][T11271]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  427.029499][T11271]  tomoyo_realpath_from_path+0xe3/0x5d0
[  427.029521][T11271]  ? tomoyo_domain+0xd8/0x130
[  427.029547][T11271]  ? tomoyo_path_number_perm+0x219/0x630
[  427.029572][T11271]  tomoyo_path_number_perm+0x246/0x630
[  427.029600][T11271]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  427.029623][T11271]  ? __lock_acquire+0x6b5/0x2cf0
[  427.029652][T11271]  ? do_raw_spin_lock+0x12b/0x2f0
[  427.029705][T11271]  ? __fget_files+0x2a/0x420
[  427.029736][T11271]  ? __fget_files+0x2a/0x420
[  427.029757][T11271]  ? __fget_files+0x3a6/0x420
[  427.029778][T11271]  ? __fget_files+0x2a/0x420
[  427.029804][T11271]  security_file_ioctl+0xc3/0x2a0
[  427.029832][T11271]  __se_sys_ioctl+0x47/0x170
[  427.029860][T11271]  do_syscall_64+0x14d/0xf80
[  427.029882][T11271]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.029900][T11271]  ? trace_irq_disable+0x37/0x100
[  427.029916][T11271]  ? clear_bhb_loop+0x40/0x90
[  427.029938][T11271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.029956][T11271] RIP: 0033:0x7f64b37fbf79
[  427.029973][T11271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  427.029990][T11271] RSP: 002b:00007f64b1a56028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  427.030011][T11271] RAX: ffffffffffffffda RBX: 00007f64b3a75fa0 RCX: 00007f64b37fbf79
[  427.030026][T11271] RDX: 0000000000000000 RSI: 0000000080045518 RDI: 0000000000000003
[  427.030038][T11271] RBP: 00007f64b1a56090 R08: 0000000000000000 R09: 0000000000000000
[  427.030049][T11271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.030062][T11271] R13: 00007f64b3a76038 R14: 00007f64b3a75fa0 R15: 00007ffeff4c2e68
[  427.030093][T11271]  </TASK>
[  427.030171][T11271] ERROR: Out of memory at tomoyo_realpath_from_path.
[  427.728730][T11291] FAULT_INJECTION: forcing a failure.
[  427.728730][T11291] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  427.728759][T11291] CPU: 0 UID: 0 PID: 11291 Comm: syz.0.1874 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  427.728778][T11291] Tainted: [L]=SOFTLOCKUP
[  427.728783][T11291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  427.728792][T11291] Call Trace:
[  427.728798][T11291]  <TASK>
[  427.728805][T11291]  dump_stack_lvl+0xe8/0x150
[  427.728828][T11291]  should_fail_ex+0x46b/0x600
[  427.728848][T11291]  _copy_from_user+0x2d/0xb0
[  427.728866][T11291]  __se_sys_openat2+0x14a/0x2d0
[  427.728897][T11291]  ? __pfx___se_sys_openat2+0x10/0x10
[  427.728925][T11291]  do_syscall_64+0x14d/0xf80
[  427.728942][T11291]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.728956][T11291]  ? clear_bhb_loop+0x40/0x90
[  427.728972][T11291]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.728985][T11291] RIP: 0033:0x7faadf09bf79
[  427.728998][T11291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  427.729011][T11291] RSP: 002b:00007faadd2cd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5
[  427.729027][T11291] RAX: ffffffffffffffda RBX: 00007faadf316090 RCX: 00007faadf09bf79
[  427.729037][T11291] RDX: 0000200000000180 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  427.729047][T11291] RBP: 00007faadd2cd090 R08: 0000000000000000 R09: 0000000000000000
[  427.729056][T11291] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001
[  427.729064][T11291] R13: 00007faadf316128 R14: 00007faadf316090 R15: 00007fff31946e48
[  427.729087][T11291]  </TASK>
[  427.765848][ T1305] wlan1: Trigger new scan to find an IBSS to join
[  428.782624][ T7896] wlan1: Creating new IBSS network, BSSID 4a:99:3a:e6:83:50
[  429.304008][   T31] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  429.468320][   T31] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  429.468351][   T31] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  429.468372][   T31] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  429.468423][   T31] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  429.468451][   T31] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  429.470230][   T31] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  429.470311][   T31] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  429.470333][   T31] usb 3-1: Product: syz
[  429.470348][   T31] usb 3-1: Manufacturer: syz
[  429.532960][T11331] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1892'.
[  429.573450][   T31] cdc_wdm 3-1:1.0: skipping garbage
[  429.573472][   T31] cdc_wdm 3-1:1.0: skipping garbage
[  429.587863][   T31] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  429.587884][   T31] cdc_wdm 3-1:1.0: Unknown control protocol
[  429.810447][T11342] FAULT_INJECTION: forcing a failure.
[  429.810447][T11342] name failslab, interval 1, probability 0, space 0, times 0
[  429.810487][T11342] CPU: 0 UID: 0 PID: 11342 Comm: syz.0.1896 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  429.810513][T11342] Tainted: [L]=SOFTLOCKUP
[  429.810520][T11342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  429.810536][T11342] Call Trace:
[  429.810544][T11342]  <TASK>
[  429.810552][T11342]  dump_stack_lvl+0xe8/0x150
[  429.810580][T11342]  should_fail_ex+0x46b/0x600
[  429.810607][T11342]  should_failslab+0xa8/0x100
[  429.810630][T11342]  __kmalloc_noprof+0xdf/0x7b0
[  429.810649][T11342]  ? kfree+0x4d/0x690
[  429.810664][T11342]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  429.810689][T11342]  tomoyo_realpath_from_path+0xe3/0x5d0
[  429.810711][T11342]  ? tomoyo_domain+0xd8/0x130
[  429.810737][T11342]  ? tomoyo_path_number_perm+0x219/0x630
[  429.810766][T11342]  tomoyo_path_number_perm+0x246/0x630
[  429.810792][T11342]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  429.810814][T11342]  ? __lock_acquire+0x6b5/0x2cf0
[  429.810838][T11342]  ? do_raw_spin_lock+0x12b/0x2f0
[  429.810886][T11342]  ? __fget_files+0x2a/0x420
[  429.810910][T11342]  ? __fget_files+0x2a/0x420
[  429.810931][T11342]  ? __fget_files+0x3a6/0x420
[  429.810951][T11342]  ? __fget_files+0x2a/0x420
[  429.810975][T11342]  security_file_ioctl+0xc3/0x2a0
[  429.811000][T11342]  __se_sys_ioctl+0x47/0x170
[  429.811020][T11342]  do_syscall_64+0x14d/0xf80
[  429.811042][T11342]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.811060][T11342]  ? trace_irq_disable+0x37/0x100
[  429.811077][T11342]  ? clear_bhb_loop+0x40/0x90
[  429.811099][T11342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  429.811117][T11342] RIP: 0033:0x7faadf09bf79
[  429.811133][T11342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  429.811150][T11342] RSP: 002b:00007faadd2ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  429.811171][T11342] RAX: ffffffffffffffda RBX: 00007faadf315fa0 RCX: 00007faadf09bf79
[  429.811184][T11342] RDX: 0000200000000340 RSI: 00000000c058560f RDI: 0000000000000003
[  429.811197][T11342] RBP: 00007faadd2ee090 R08: 0000000000000000 R09: 0000000000000000
[  429.811209][T11342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  429.811219][T11342] R13: 00007faadf316038 R14: 00007faadf315fa0 R15: 00007fff31946e48
[  429.811247][T11342]  </TASK>
[  429.811256][T11342] ERROR: Out of memory at tomoyo_realpath_from_path.
[  429.974436][ T5884] usb 3-1: USB disconnect, device number 68
[  430.459863][T11355] delete_channel: no stack
[  432.577173][T11389] FAULT_INJECTION: forcing a failure.
[  432.577173][T11389] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.577210][T11389] CPU: 1 UID: 0 PID: 11389 Comm: syz.0.1914 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  432.577236][T11389] Tainted: [L]=SOFTLOCKUP
[  432.577243][T11389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  432.577254][T11389] Call Trace:
[  432.577261][T11389]  <TASK>
[  432.577268][T11389]  dump_stack_lvl+0xe8/0x150
[  432.577296][T11389]  should_fail_ex+0x46b/0x600
[  432.577321][T11389]  _copy_from_user+0x2d/0xb0
[  432.577351][T11389]  ___sys_sendmsg+0x1c6/0x360
[  432.577368][T11389]  ? __lock_acquire+0x6b5/0x2cf0
[  432.577394][T11389]  ? __pfx____sys_sendmsg+0x10/0x10
[  432.577439][T11389]  ? __fget_files+0x2a/0x420
[  432.577465][T11389]  ? __fget_files+0x3a6/0x420
[  432.577497][T11389]  __x64_sys_sendmsg+0x1c3/0x2a0
[  432.577519][T11389]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  432.577547][T11389]  ? __pfx_ksys_write+0x10/0x10
[  432.577577][T11389]  do_syscall_64+0x14d/0xf80
[  432.577599][T11389]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.577614][T11389]  ? trace_irq_disable+0x37/0x100
[  432.577631][T11389]  ? clear_bhb_loop+0x40/0x90
[  432.577653][T11389]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.577671][T11389] RIP: 0033:0x7faadf09bf79
[  432.577689][T11389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  432.577706][T11389] RSP: 002b:00007faadd2ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  432.577725][T11389] RAX: ffffffffffffffda RBX: 00007faadf315fa0 RCX: 00007faadf09bf79
[  432.577738][T11389] RDX: 00000000200088c4 RSI: 0000200000000280 RDI: 0000000000000003
[  432.577750][T11389] RBP: 00007faadd2ee090 R08: 0000000000000000 R09: 0000000000000000
[  432.577761][T11389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.577773][T11389] R13: 00007faadf316038 R14: 00007faadf315fa0 R15: 00007fff31946e48
[  432.577803][T11389]  </TASK>
[  432.801034][T11392] 9p: Bad value for 'wfdno'
[  433.924392][T11396] FAULT_INJECTION: forcing a failure.
[  433.924392][T11396] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  433.924415][T11396] CPU: 1 UID: 0 PID: 11396 Comm: syz.1.1917 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  433.924430][T11396] Tainted: [L]=SOFTLOCKUP
[  433.924435][T11396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  433.924442][T11396] Call Trace:
[  433.924446][T11396]  <TASK>
[  433.924451][T11396]  dump_stack_lvl+0xe8/0x150
[  433.924470][T11396]  should_fail_ex+0x46b/0x600
[  433.924487][T11396]  _copy_to_user+0x31/0xb0
[  433.924503][T11396]  simple_read_from_buffer+0xe1/0x170
[  433.924520][T11396]  proc_fail_nth_read+0x1be/0x230
[  433.924534][T11396]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  433.924546][T11396]  ? rw_verify_area+0x2ac/0x4e0
[  433.924562][T11396]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  433.924574][T11396]  vfs_read+0x212/0xa70
[  433.924588][T11396]  ? __pfx_vfs_read+0x10/0x10
[  433.924599][T11396]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  433.924622][T11396]  ? lockdep_hardirqs_on+0x7a/0x110
[  433.924635][T11396]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  433.924648][T11396]  ? mutex_lock_nested+0x152/0x1d0
[  433.924658][T11396]  ? fdget_pos+0x252/0x320
[  433.924676][T11396]  ksys_read+0x156/0x270
[  433.924687][T11396]  ? __pfx_ksys_read+0x10/0x10
[  433.924700][T11396]  ? __secure_computing+0xe1/0x2a0
[  433.924714][T11396]  do_syscall_64+0x14d/0xf80
[  433.924727][T11396]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.924737][T11396]  ? trace_irq_disable+0x37/0x100
[  433.924746][T11396]  ? clear_bhb_loop+0x40/0x90
[  433.924758][T11396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.924768][T11396] RIP: 0033:0x7f64b37bc84e
[  433.924779][T11396] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  433.924788][T11396] RSP: 002b:00007f64b1a55fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  433.924800][T11396] RAX: ffffffffffffffda RBX: 00007f64b1a566c0 RCX: 00007f64b37bc84e
[  433.924808][T11396] RDX: 000000000000000f RSI: 00007f64b1a560a0 RDI: 0000000000000004
[  433.924814][T11396] RBP: 00007f64b1a56090 R08: 0000000000000000 R09: 0000000000000000
[  433.924821][T11396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.924827][T11396] R13: 00007f64b3a76038 R14: 00007f64b3a75fa0 R15: 00007ffeff4c2e68
[  433.924848][T11396]  </TASK>
[  438.108520][ T5957] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  438.146363][T11387] Process accounting resumed
[  438.623804][ T5866] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  438.639262][T11427] use of bytesused == 0 is deprecated and will be removed in the future,
[  438.639288][T11427] use the actual size instead.
[  438.767593][ T5866] usb 6-1: device descriptor read/64, error -71
[  439.003902][ T5866] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  439.138476][ T5866] usb 6-1: device descriptor read/64, error -71
[  439.244991][ T5866] usb usb6-port1: attempt power cycle
[  439.583886][ T5866] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  439.605856][ T5866] usb 6-1: device descriptor read/8, error -71
[  439.652846][T11446] FAULT_INJECTION: forcing a failure.
[  439.652846][T11446] name failslab, interval 1, probability 0, space 0, times 0
[  439.652881][T11446] CPU: 1 UID: 0 PID: 11446 Comm: syz.0.1921 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  439.652909][T11446] Tainted: [L]=SOFTLOCKUP
[  439.652917][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  439.652929][T11446] Call Trace:
[  439.652937][T11446]  <TASK>
[  439.652946][T11446]  dump_stack_lvl+0xe8/0x150
[  439.652976][T11446]  should_fail_ex+0x46b/0x600
[  439.653003][T11446]  should_failslab+0xa8/0x100
[  439.653026][T11446]  __kmalloc_noprof+0xdf/0x7b0
[  439.653045][T11446]  ? kfree+0x4d/0x690
[  439.653060][T11446]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  439.653086][T11446]  tomoyo_realpath_from_path+0xe3/0x5d0
[  439.653103][T11446]  ? tomoyo_domain+0xd8/0x130
[  439.653124][T11446]  ? tomoyo_path_number_perm+0x219/0x630
[  439.653144][T11446]  tomoyo_path_number_perm+0x246/0x630
[  439.653166][T11446]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  439.653185][T11446]  ? __lock_acquire+0x6b5/0x2cf0
[  439.653206][T11446]  ? do_raw_spin_lock+0x12b/0x2f0
[  439.653246][T11446]  ? __fget_files+0x2a/0x420
[  439.653267][T11446]  ? __fget_files+0x2a/0x420
[  439.653284][T11446]  ? __fget_files+0x3a6/0x420
[  439.653301][T11446]  ? __fget_files+0x2a/0x420
[  439.653322][T11446]  security_file_ioctl+0xc3/0x2a0
[  439.653345][T11446]  __se_sys_ioctl+0x47/0x170
[  439.653363][T11446]  do_syscall_64+0x14d/0xf80
[  439.653380][T11446]  ? rcu_is_watching+0x15/0xb0
[  439.653399][T11446]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.653413][T11446]  ? clear_bhb_loop+0x40/0x90
[  439.653431][T11446]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.653445][T11446] RIP: 0033:0x7faadf09bf79
[  439.653459][T11446] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  439.653473][T11446] RSP: 002b:00007faadd2ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  439.653489][T11446] RAX: ffffffffffffffda RBX: 00007faadf316180 RCX: 00007faadf09bf79
[  439.653500][T11446] RDX: 00002000000002c0 RSI: 00000000c058560f RDI: 0000000000000009
[  439.653510][T11446] RBP: 00007faadd2ac090 R08: 0000000000000000 R09: 0000000000000000
[  439.653520][T11446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  439.653530][T11446] R13: 00007faadf316218 R14: 00007faadf316180 R15: 00007fff31946e48
[  439.653560][T11446]  </TASK>
[  439.653573][T11446] ERROR: Out of memory at tomoyo_realpath_from_path.
[  439.884109][ T5866] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  439.914345][ T5866] usb 6-1: device descriptor read/8, error -71
[  439.988328][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  439.988371][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[  440.026116][ T5866] usb usb6-port1: unable to enumerate USB device
[  441.149104][T11464] loop7: detected capacity change from 16383 to 0
[  441.149173][    C1] blk_print_req_error: 21 callbacks suppressed
[  441.149190][    C1] I/O error, dev loop7, sector 640 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2
[  441.589264][T11468] mac80211_hwsim hwsim19 wlan1: entered promiscuous mode
[  441.592898][T11468] macvlan2: entered promiscuous mode
[  441.991015][T11479] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  442.059454][T11482] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  443.210983][T11510] input: syz0 as /devices/virtual/input/input26
[  443.337871][T11514] FAULT_INJECTION: forcing a failure.
[  443.337871][T11514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  443.337900][T11514] CPU: 0 UID: 0 PID: 11514 Comm: syz.6.1957 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  443.337921][T11514] Tainted: [L]=SOFTLOCKUP
[  443.337925][T11514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  443.337932][T11514] Call Trace:
[  443.337937][T11514]  <TASK>
[  443.337942][T11514]  dump_stack_lvl+0xe8/0x150
[  443.337961][T11514]  should_fail_ex+0x46b/0x600
[  443.337976][T11514]  _copy_from_user+0x2d/0xb0
[  443.337992][T11514]  do_sys_poll+0x2a0/0xfa0
[  443.338012][T11514]  ? __lock_acquire+0x6b5/0x2cf0
[  443.338026][T11514]  ? __pfx_do_sys_poll+0x10/0x10
[  443.338040][T11514]  ? is_bpf_text_address+0x292/0x2b0
[  443.338052][T11514]  ? is_bpf_text_address+0x26/0x2b0
[  443.338109][T11514]  ? set_user_sigmask+0xcd/0x1c0
[  443.338122][T11514]  ? __pfx_set_user_sigmask+0x10/0x10
[  443.338133][T11514]  ? kmem_cache_free+0x185/0x690
[  443.338144][T11514]  ? do_sys_openat2+0x14c/0x200
[  443.338162][T11514]  __se_sys_ppoll+0x209/0x2b0
[  443.338177][T11514]  ? __pfx___se_sys_ppoll+0x10/0x10
[  443.338190][T11514]  ? __pfx_ksys_write+0x10/0x10
[  443.338203][T11514]  ? __x64_sys_ppoll+0x20/0xc0
[  443.338216][T11514]  do_syscall_64+0x14d/0xf80
[  443.338230][T11514]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.338240][T11514]  ? trace_irq_disable+0x37/0x100
[  443.338248][T11514]  ? clear_bhb_loop+0x40/0x90
[  443.338260][T11514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.338270][T11514] RIP: 0033:0x7f377c43bf79
[  443.338280][T11514] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  443.338289][T11514] RSP: 002b:00007f377a66d028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  443.338301][T11514] RAX: ffffffffffffffda RBX: 00007f377c6b6090 RCX: 00007f377c43bf79
[  443.338308][T11514] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  443.338315][T11514] RBP: 00007f377a66d090 R08: 0000000000000000 R09: 0000000000000000
[  443.338321][T11514] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  443.338327][T11514] R13: 00007f377c6b6128 R14: 00007f377c6b6090 R15: 00007ffe5404c458
[  443.338343][T11514]  </TASK>
[  443.813500][T11524] FAULT_INJECTION: forcing a failure.
[  443.813500][T11524] name failslab, interval 1, probability 0, space 0, times 0
[  443.813540][T11524] CPU: 0 UID: 0 PID: 11524 Comm: syz.6.1962 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  443.813567][T11524] Tainted: [L]=SOFTLOCKUP
[  443.813574][T11524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  443.813586][T11524] Call Trace:
[  443.813593][T11524]  <TASK>
[  443.813603][T11524]  dump_stack_lvl+0xe8/0x150
[  443.813633][T11524]  should_fail_ex+0x46b/0x600
[  443.813662][T11524]  should_failslab+0xa8/0x100
[  443.813685][T11524]  __kmalloc_cache_noprof+0x84/0x690
[  443.813706][T11524]  ? alloc_pipe_info+0xe8/0x4d0
[  443.813728][T11524]  alloc_pipe_info+0xe8/0x4d0
[  443.813750][T11524]  splice_direct_to_actor+0xa19/0xc80
[  443.813772][T11524]  ? kstrtoull+0x12f/0x1d0
[  443.813796][T11524]  ? kstrtouint+0x6e/0xe0
[  443.813817][T11524]  ? __pfx_direct_splice_actor+0x10/0x10
[  443.813841][T11524]  ? get_pid_task+0x20/0x1f0
[  443.813878][T11524]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  443.813901][T11524]  ? get_pid_task+0x20/0x1f0
[  443.813931][T11524]  do_splice_direct+0x19b/0x2a0
[  443.813956][T11524]  ? __pfx_do_splice_direct+0x10/0x10
[  443.813980][T11524]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  443.814011][T11524]  ? rw_verify_area+0x25b/0x4e0
[  443.814039][T11524]  do_sendfile+0x547/0x7e0
[  443.814061][T11524]  ? __pfx_vfs_write+0x10/0x10
[  443.814084][T11524]  ? __pfx_do_sendfile+0x10/0x10
[  443.814116][T11524]  __se_sys_sendfile64+0x144/0x1a0
[  443.814140][T11524]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  443.814160][T11524]  ? __task_pid_nr_ns+0x28/0x490
[  443.814192][T11524]  do_syscall_64+0x14d/0xf80
[  443.814213][T11524]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.814231][T11524]  ? clear_bhb_loop+0x40/0x90
[  443.814253][T11524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.814271][T11524] RIP: 0033:0x7f377c43bf79
[  443.814288][T11524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  443.814305][T11524] RSP: 002b:00007f377a68e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  443.814325][T11524] RAX: ffffffffffffffda RBX: 00007f377c6b5fa0 RCX: 00007f377c43bf79
[  443.814340][T11524] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[  443.814351][T11524] RBP: 00007f377a68e090 R08: 0000000000000000 R09: 0000000000000000
[  443.814364][T11524] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  443.814377][T11524] R13: 00007f377c6b6038 R14: 00007f377c6b5fa0 R15: 00007ffe5404c458
[  443.814408][T11524]  </TASK>
[  443.965985][ T5952] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  444.113755][ T5952] usb 2-1: Using ep0 maxpacket: 8
[  444.115215][ T5952] usb 2-1: config 0 has an invalid interface number: 143 but max is 0
[  444.115231][ T5952] usb 2-1: config 0 has no interface number 0
[  444.115257][ T5952] usb 2-1: New USB device found, idVendor=2058, idProduct=1005, bcdDevice=c1.9b
[  444.115270][ T5952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.118079][ T5952] usb 2-1: config 0 descriptor??
[  444.210416][T11527] netlink: 'syz.2.1963': attribute type 39 has an invalid length.
[  444.245592][ T5952] viperboard 2-1:0.143: version 0.00 found at bus 002 address 027
[  444.420464][ T5952] viperboard-i2c viperboard-i2c.2.auto: error -EIO: failure setting i2c_bus_freq to 100
[  444.420484][ T5952] viperboard-i2c viperboard-i2c.2.auto: probe with driver viperboard-i2c failed with error -5
[  444.983894][ T5952] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  445.155717][ T5952] usb 1-1: Using ep0 maxpacket: 32
[  445.169533][ T5952] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.169568][ T5952] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  445.169608][ T5952] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00
[  445.169632][ T5952] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.251323][T11547] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  445.251916][T11547] batadv_slave_0: entered promiscuous mode
[  445.251942][T11547] batadv_slave_0: entered allmulticast mode
[  445.268106][ T5952] usb 1-1: config 0 descriptor??
[  445.516460][ T5952] asus 0003:0B05:1822.000A: item fetching failed at offset 5/7
[  445.517146][ T5952] asus 0003:0B05:1822.000A: Asus hid parse failed: -22
[  445.517244][ T5952] asus 0003:0B05:1822.000A: probe with driver asus failed with error -22
[  445.625294][ T5866] usb 1-1: USB disconnect, device number 65
[  446.964548][   T31] usb 2-1: USB disconnect, device number 27
[  447.201742][T11585] sctp: [Deprecated]: syz.0.1987 (pid 11585) Use of struct sctp_assoc_value in delayed_ack socket option.
[  447.201742][T11585] Use struct sctp_sack_info instead
[  447.394707][ T6000] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  447.449993][T11594] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  447.607542][T11594] FAULT_INJECTION: forcing a failure.
[  447.607542][T11594] name failslab, interval 1, probability 0, space 0, times 0
[  447.607605][T11594] CPU: 1 UID: 0 PID: 11594 Comm: syz.6.1991 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  447.607633][T11594] Tainted: [L]=SOFTLOCKUP
[  447.607640][T11594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  447.607652][T11594] Call Trace:
[  447.607661][T11594]  <TASK>
[  447.607670][T11594]  dump_stack_lvl+0xe8/0x150
[  447.607701][T11594]  should_fail_ex+0x46b/0x600
[  447.607729][T11594]  should_failslab+0xa8/0x100
[  447.607751][T11594]  __kmalloc_noprof+0xdf/0x7b0
[  447.607771][T11594]  ? kfree+0x4d/0x690
[  447.607786][T11594]  ? tomoyo_path_number_perm+0x219/0x630
[  447.607813][T11594]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  447.607839][T11594]  tomoyo_realpath_from_path+0xe3/0x5d0
[  447.607862][T11594]  ? tomoyo_domain+0xd8/0x130
[  447.607888][T11594]  ? tomoyo_path_number_perm+0x219/0x630
[  447.607912][T11594]  tomoyo_path_number_perm+0x246/0x630
[  447.607939][T11594]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  447.607962][T11594]  ? __lock_acquire+0x6b5/0x2cf0
[  447.607989][T11594]  ? do_raw_spin_lock+0x12b/0x2f0
[  447.608019][T11594]  ? __pfx___schedule+0x10/0x10
[  447.608061][T11594]  ? __fget_files+0x2a/0x420
[  447.608087][T11594]  ? __fget_files+0x2a/0x420
[  447.608108][T11594]  ? __fget_files+0x3a6/0x420
[  447.608129][T11594]  ? __fget_files+0x2a/0x420
[  447.608156][T11594]  security_file_ioctl+0xc3/0x2a0
[  447.608184][T11594]  __se_sys_ioctl+0x47/0x170
[  447.608207][T11594]  do_syscall_64+0x14d/0xf80
[  447.608229][T11594]  ? rcu_is_watching+0x15/0xb0
[  447.608250][T11594]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.608269][T11594]  ? clear_bhb_loop+0x40/0x90
[  447.608291][T11594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.608309][T11594] RIP: 0033:0x7f377c43bf79
[  447.608327][T11594] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  447.608345][T11594] RSP: 002b:00007f377a68e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  447.608366][T11594] RAX: ffffffffffffffda RBX: 00007f377c6b5fa0 RCX: 00007f377c43bf79
[  447.608380][T11594] RDX: 0000200000000780 RSI: 0000000000003b8c RDI: 0000000000000003
[  447.608394][T11594] RBP: 00007f377a68e090 R08: 0000000000000000 R09: 0000000000000000
[  447.608407][T11594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  447.608419][T11594] R13: 00007f377c6b6038 R14: 00007f377c6b5fa0 R15: 00007ffe5404c458
[  447.608457][T11594]  </TASK>
[  447.613582][T11594] ERROR: Out of memory at tomoyo_realpath_from_path.
[  447.684617][ T6000] usb 3-1: Using ep0 maxpacket: 32
[  448.096996][ T6000] usb 3-1: config 0 has an invalid interface number: 196 but max is 0
[  448.097027][ T6000] usb 3-1: config 0 has no interface number 0
[  448.097074][ T6000] usb 3-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  448.097098][ T6000] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  448.097124][ T6000] usb 3-1: config 0 interface 196 has no altsetting 0
[  448.101348][ T6000] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  448.101384][ T6000] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.101405][ T6000] usb 3-1: Product: syz
[  448.101420][ T6000] usb 3-1: Manufacturer: syz
[  448.101435][ T6000] usb 3-1: SerialNumber: syz
[  448.406207][ T6000] usb 3-1: config 0 descriptor??
[  448.674249][ T6000] ipheth 3-1:0.196: Unable to find endpoints
[  448.713054][ T6000] usb 3-1: USB disconnect, device number 69
[  451.201504][T11643] FAULT_INJECTION: forcing a failure.
[  451.201504][T11643] name failslab, interval 1, probability 0, space 0, times 0
[  451.201537][T11643] CPU: 1 UID: 0 PID: 11643 Comm: syz.5.2009 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  451.201561][T11643] Tainted: [L]=SOFTLOCKUP
[  451.201568][T11643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  451.201578][T11643] Call Trace:
[  451.201586][T11643]  <TASK>
[  451.201593][T11643]  dump_stack_lvl+0xe8/0x150
[  451.201620][T11643]  should_fail_ex+0x46b/0x600
[  451.201646][T11643]  should_failslab+0xa8/0x100
[  451.201666][T11643]  __kmalloc_noprof+0xdf/0x7b0
[  451.201686][T11643]  ? kfree+0x4d/0x690
[  451.201701][T11643]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  451.201727][T11643]  tomoyo_realpath_from_path+0xe3/0x5d0
[  451.201748][T11643]  ? tomoyo_domain+0xd8/0x130
[  451.201772][T11643]  ? tomoyo_path_number_perm+0x219/0x630
[  451.201797][T11643]  tomoyo_path_number_perm+0x246/0x630
[  451.201824][T11643]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  451.201845][T11643]  ? __lock_acquire+0x6b5/0x2cf0
[  451.201870][T11643]  ? do_raw_spin_lock+0x12b/0x2f0
[  451.201918][T11643]  ? __fget_files+0x2a/0x420
[  451.201944][T11643]  ? __fget_files+0x2a/0x420
[  451.201992][T11643]  ? __fget_files+0x3a6/0x420
[  451.202012][T11643]  ? __fget_files+0x2a/0x420
[  451.202037][T11643]  security_file_ioctl+0xc3/0x2a0
[  451.202065][T11643]  __se_sys_ioctl+0x47/0x170
[  451.202087][T11643]  do_syscall_64+0x14d/0xf80
[  451.202109][T11643]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.202126][T11643]  ? trace_irq_disable+0x37/0x100
[  451.202142][T11643]  ? clear_bhb_loop+0x40/0x90
[  451.202164][T11643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.202181][T11643] RIP: 0033:0x7f4bbf43bf79
[  451.202198][T11643] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  451.202214][T11643] RSP: 002b:00007f4bbd696028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  451.202234][T11643] RAX: ffffffffffffffda RBX: 00007f4bbf6b5fa0 RCX: 00007f4bbf43bf79
[  451.202254][T11643] RDX: 00002000000005c0 RSI: 000000004010640d RDI: 0000000000000003
[  451.202266][T11643] RBP: 00007f4bbd696090 R08: 0000000000000000 R09: 0000000000000000
[  451.202277][T11643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  451.202289][T11643] R13: 00007f4bbf6b6038 R14: 00007f4bbf6b5fa0 R15: 00007ffc38ebfc68
[  451.202320][T11643]  </TASK>
[  451.202328][T11643] ERROR: Out of memory at tomoyo_realpath_from_path.
[  451.455213][ T5866] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  451.632369][ T5866] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  451.632403][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  451.632425][ T5866] usb 3-1: Product: syz
[  451.632440][ T5866] usb 3-1: Manufacturer: syz
[  451.632455][ T5866] usb 3-1: SerialNumber: syz
[  451.640072][ T5866] usb 3-1: config 0 descriptor??
[  451.695335][ T5866] hub 3-1:0.0: bad descriptor, ignoring hub
[  451.695376][ T5866] hub 3-1:0.0: probe with driver hub failed with error -5
[  451.868233][ T5866] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  451.886033][ T5866] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  451.892884][ T5866] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  451.892963][ T5866] usb 3-1: media controller created
[  451.969799][ T5866] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  452.175721][ T5866] DVB: Unable to find symbol dib7000p_attach()
[  452.175734][ T5866] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  452.453818][ T5866] rc_core: IR keymap rc-dib0700-rc5 not found
[  452.453839][ T5866] Registered IR keymap rc-empty
[  452.456433][ T5866] dvb-usb: could not initialize remote control.
[  452.456443][ T5866] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  452.879473][ T5952] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  453.433756][ T5952] usb 6-1: Using ep0 maxpacket: 32
[  453.444332][ T5952] usb 6-1: config 0 has an invalid interface number: 196 but max is 0
[  453.444360][ T5952] usb 6-1: config 0 has no interface number 0
[  453.444407][ T5952] usb 6-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  453.444430][ T5952] usb 6-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  453.444456][ T5952] usb 6-1: config 0 interface 196 has no altsetting 0
[  453.454813][ T5952] usb 6-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  453.454842][ T5952] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.461638][ T5952] usb 6-1: Product: syz
[  453.461657][ T5952] usb 6-1: Manufacturer: syz
[  453.461672][ T5952] usb 6-1: SerialNumber: syz
[  453.746069][ T5952] usb 6-1: config 0 descriptor??
[  454.531569][ T6736] usb 3-1: USB disconnect, device number 70
[  454.637644][ T5952] ipheth 6-1:0.196: Unable to find endpoints
[  454.724306][ T6736] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  454.725377][ T5952] usb 6-1: USB disconnect, device number 18
[  454.811568][ T5809] Bluetooth: hci1: unexpected cc 0x2039 length: 9 > 1
[  454.872237][T11673] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  454.872269][T11673] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  454.872286][T11673] bridge_slave_1: invalid flags given to default FDB implementation
[  455.125485][T11680] FAULT_INJECTION: forcing a failure.
[  455.125485][T11680] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  455.125517][T11680] CPU: 1 UID: 0 PID: 11680 Comm: syz.6.2019 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  455.125539][T11680] Tainted: [L]=SOFTLOCKUP
[  455.125546][T11680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  455.125556][T11680] Call Trace:
[  455.125563][T11680]  <TASK>
[  455.125571][T11680]  dump_stack_lvl+0xe8/0x150
[  455.125597][T11680]  should_fail_ex+0x46b/0x600
[  455.125623][T11680]  _copy_from_user+0x2d/0xb0
[  455.125647][T11680]  ___sys_sendmsg+0x1c6/0x360
[  455.125665][T11680]  ? __lock_acquire+0x6b5/0x2cf0
[  455.125690][T11680]  ? __pfx____sys_sendmsg+0x10/0x10
[  455.125731][T11680]  ? __fget_files+0x2a/0x420
[  455.125752][T11680]  ? __fget_files+0x3a6/0x420
[  455.125780][T11680]  __x64_sys_sendmsg+0x1c3/0x2a0
[  455.125796][T11680]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  455.125821][T11680]  ? __pfx_ksys_write+0x10/0x10
[  455.125857][T11680]  do_syscall_64+0x14d/0xf80
[  455.125879][T11680]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.125897][T11680]  ? trace_irq_disable+0x37/0x100
[  455.125913][T11680]  ? clear_bhb_loop+0x40/0x90
[  455.125934][T11680]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.125949][T11680] RIP: 0033:0x7f377c43bf79
[  455.125966][T11680] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  455.125981][T11680] RSP: 002b:00007f377a66d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  455.126001][T11680] RAX: ffffffffffffffda RBX: 00007f377c6b6090 RCX: 00007f377c43bf79
[  455.126015][T11680] RDX: 0000000000004080 RSI: 0000200000000440 RDI: 0000000000000005
[  455.126027][T11680] RBP: 00007f377a66d090 R08: 0000000000000000 R09: 0000000000000000
[  455.126038][T11680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.126049][T11680] R13: 00007f377c6b6128 R14: 00007f377c6b6090 R15: 00007ffe5404c458
[  455.126076][T11680]  </TASK>
[  455.846883][T11694] hub 8-0:1.0: USB hub found
[  455.848648][T11694] hub 8-0:1.0: 1 port detected
[  456.896331][ T6736] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  457.065484][ T6736] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  457.065514][ T6736] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  457.065533][ T6736] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  457.065581][ T6736] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  457.065607][ T6736] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  457.067354][ T6736] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  457.067383][ T6736] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  457.067404][ T6736] usb 6-1: Product: syz
[  457.067419][ T6736] usb 6-1: Manufacturer: syz
[  457.161751][T11703] mac80211_hwsim hwsim21 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  457.190424][ T6736] cdc_wdm 6-1:1.0: skipping garbage
[  457.190436][ T6736] cdc_wdm 6-1:1.0: skipping garbage
[  457.191920][ T6736] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  457.191931][ T6736] cdc_wdm 6-1:1.0: Unknown control protocol
[  457.480434][    C0] dummy_hcd dummy_hcd.5: timer fired with no URBs pending?
[  457.482925][ T6736] usb 6-1: USB disconnect, device number 19
[  457.674310][ T5952] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  457.823901][ T5952] usb 2-1: Using ep0 maxpacket: 32
[  457.825770][ T5952] usb 2-1: config 0 has an invalid interface number: 196 but max is 0
[  457.825796][ T5952] usb 2-1: config 0 has no interface number 0
[  457.825836][ T5952] usb 2-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  457.825860][ T5952] usb 2-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  457.825882][ T5952] usb 2-1: config 0 interface 196 has no altsetting 0
[  457.828947][ T5952] usb 2-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  457.828978][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.828998][ T5952] usb 2-1: Product: syz
[  457.829012][ T5952] usb 2-1: Manufacturer: syz
[  457.829026][ T5952] usb 2-1: SerialNumber: syz
[  457.837984][ T5952] usb 2-1: config 0 descriptor??
[  458.118330][ T5952] ipheth 2-1:0.196: Unable to find endpoints
[  458.143902][ T5952] usb 2-1: USB disconnect, device number 28
[  458.380280][T11738] FAULT_INJECTION: forcing a failure.
[  458.380280][T11738] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  458.380316][T11738] CPU: 1 UID: 0 PID: 11738 Comm: syz.2.2039 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  458.380342][T11738] Tainted: [L]=SOFTLOCKUP
[  458.380349][T11738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  458.380361][T11738] Call Trace:
[  458.380369][T11738]  <TASK>
[  458.380377][T11738]  dump_stack_lvl+0xe8/0x150
[  458.380406][T11738]  should_fail_ex+0x46b/0x600
[  458.380433][T11738]  prepare_alloc_pages+0x22a/0x6b0
[  458.380462][T11738]  __alloc_frozen_pages_noprof+0x12f/0x380
[  458.380488][T11738]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  458.380513][T11738]  ? __pfx_policy_nodemask+0x10/0x10
[  458.380536][T11738]  ? rt_read_unlock+0x14f/0x220
[  458.380560][T11738]  alloc_pages_mpol+0xd1/0x380
[  458.380584][T11738]  folio_alloc_mpol_noprof+0x39/0xe0
[  458.380605][T11738]  shmem_get_folio_gfp+0x644/0x1a80
[  458.380647][T11738]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  458.380664][T11738]  ? __lock_acquire+0x6b5/0x2cf0
[  458.380698][T11738]  shmem_fault+0x170/0x380
[  458.380725][T11738]  __do_fault+0x138/0x390
[  458.380750][T11738]  do_pte_missing+0x66a/0x2e60
[  458.380779][T11738]  ? handle_mm_fault+0xe7/0x13c0
[  458.380803][T11738]  handle_mm_fault+0xd0a/0x13c0
[  458.380827][T11738]  ? handle_mm_fault+0xe7/0x13c0
[  458.380850][T11738]  ? __pfx_handle_mm_fault+0x10/0x10
[  458.380870][T11738]  ? follow_page_pte+0xc25/0x13c0
[  458.380899][T11738]  ? __pfx_follow_page_pte+0x10/0x10
[  458.380934][T11738]  __get_user_pages+0x1679/0x2800
[  458.380982][T11738]  faultin_page_range+0x240/0x8c0
[  458.381003][T11738]  ? __asan_memset+0x22/0x50
[  458.381026][T11738]  ? blk_start_plug+0x6e/0x1b0
[  458.381049][T11738]  madvise_do_behavior+0x2e5/0x540
[  458.381075][T11738]  ? __pfx_madvise_do_behavior+0x10/0x10
[  458.381094][T11738]  ? down_read+0x156/0x200
[  458.381134][T11738]  do_madvise+0x1b3/0x270
[  458.381182][T11738]  ? __pfx_do_madvise+0x10/0x10
[  458.381214][T11738]  ? __pfx_ksys_write+0x10/0x10
[  458.381239][T11738]  __x64_sys_madvise+0xa6/0xc0
[  458.381267][T11738]  do_syscall_64+0x14d/0xf80
[  458.381288][T11738]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.381306][T11738]  ? trace_irq_disable+0x37/0x100
[  458.381322][T11738]  ? clear_bhb_loop+0x40/0x90
[  458.381344][T11738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.381360][T11738] RIP: 0033:0x7effcce4bf79
[  458.381377][T11738] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  458.381393][T11738] RSP: 002b:00007effcb09e028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  458.381414][T11738] RAX: ffffffffffffffda RBX: 00007effcd0c5fa0 RCX: 00007effcce4bf79
[  458.381426][T11738] RDX: 0000000000000017 RSI: 0000000000c00000 RDI: 0000200000000000
[  458.381439][T11738] RBP: 00007effcb09e090 R08: 0000000000000000 R09: 0000000000000000
[  458.381451][T11738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.381462][T11738] R13: 00007effcd0c6038 R14: 00007effcd0c5fa0 R15: 00007ffd9b59f7b8
[  458.381493][T11738]  </TASK>
[  458.883965][ T5809] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  458.884832][ T5809] Bluetooth: hci1: Injecting HCI hardware error event
[  458.888224][ T5814] Bluetooth: hci1: hardware error 0x00
[  459.764969][   T13] wlan1: Trigger new scan to find an IBSS to join
[  460.299751][T11768] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2052'.
[  460.500768][ T5809] Bluetooth: hci1: unexpected event for opcode 0x2042
[  460.513800][ T6000] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  460.523803][ T5884] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  460.563777][ T6736] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  460.676712][ T6000] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  460.676742][ T6000] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  460.676763][ T6000] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  460.676816][ T6000] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  460.676843][ T6000] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  460.677529][ T5884] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  460.677568][ T5884] usb 3-1: config 2 interface 0 has no altsetting 0
[  460.679016][ T6000] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  460.679042][ T6000] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  460.679062][ T6000] usb 6-1: Product: syz
[  460.679076][ T6000] usb 6-1: Manufacturer: syz
[  460.680691][ T5884] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  460.680718][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.680738][ T5884] usb 3-1: Product: syz
[  460.680752][ T5884] usb 3-1: Manufacturer: syz
[  460.680767][ T5884] usb 3-1: SerialNumber: syz
[  460.728635][ T5884] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  460.728668][ T5884] usb 3-1: selecting invalid altsetting 0
[  460.753461][ T5884] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  460.753795][ T6736] usb 1-1: Using ep0 maxpacket: 32
[  460.757518][ T5884] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  460.757801][ T6736] usb 1-1: config 0 has an invalid interface number: 196 but max is 0
[  460.757825][ T6736] usb 1-1: config 0 has no interface number 0
[  460.757866][ T6736] usb 1-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  460.757888][ T6736] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  460.757911][ T6736] usb 1-1: config 0 interface 196 has no altsetting 0
[  460.758100][ T5884] usb 3-1: media controller created
[  460.760136][ T6736] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  460.760163][ T6736] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.760182][ T6736] usb 1-1: Product: syz
[  460.760196][ T6736] usb 1-1: Manufacturer: syz
[  460.760209][ T6736] usb 1-1: SerialNumber: syz
[  460.777025][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  460.794869][ T5952] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[  460.967548][ T5952] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  460.967602][ T5952] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  460.967630][ T5952] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  460.967657][ T5952] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  460.967681][ T5952] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  460.996033][ T5952] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  460.996063][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  460.996083][ T5952] usb 2-1: Product: syz
[  460.996097][ T5952] usb 2-1: Manufacturer: syz
[  460.996112][ T5952] usb 2-1: SerialNumber: syz
[  461.074940][ T6736] usb 1-1: config 0 descriptor??
[  461.083404][ T6000] cdc_wdm 6-1:1.0: skipping garbage
[  461.083425][ T6000] cdc_wdm 6-1:1.0: skipping garbage
[  461.114389][ T5952] usb 2-1: config 0 descriptor??
[  461.123506][ T6000] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  461.123877][ T5814] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  461.127980][ T6000] cdc_wdm 6-1:1.0: Unknown control protocol
[  461.182443][ T5884] usb 3-1: USB disconnect, device number 71
[  461.334535][ T5952] radio-si470x 2-1:0.0: DeviceID=0x55f0 ChipID=0x411f
[  461.336083][ T6736] ipheth 1-1:0.196: Unable to find endpoints
[  461.371341][ T6736] usb 1-1: USB disconnect, device number 66
[  461.491984][    T9] usb 6-1: USB disconnect, device number 20
[  461.534543][ T5952] radio-si470x 2-1:0.0: software version 85, hardware version 240
[  461.735088][ T5952] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71
[  461.735147][ T5952] radio-si470x 2-1:0.0: submitting int urb failed (-90)
[  461.735543][ T5952] radio-si470x 2-1:0.0: si470x_set_report: usb_control_msg returned -71
[  461.735805][ T5952] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -22
[  461.786294][ T5952] usb 2-1: USB disconnect, device number 29
[  461.869553][ T5809] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  461.872218][ T5809] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  461.872571][ T5809] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  461.903877][ T5809] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  461.921724][ T5809] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  461.956191][ T6736] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  462.001971][ T1305] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.107806][ T6736] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  462.107837][ T6736] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.107858][ T6736] usb 3-1: Product: syz
[  462.107872][ T6736] usb 3-1: Manufacturer: syz
[  462.107887][ T6736] usb 3-1: SerialNumber: syz
[  462.233834][ T5884] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  462.313524][ T1305] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.385176][ T5884] usb 1-1: device descriptor read/64, error -71
[  462.385769][T11789] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2061'.
[  462.633799][ T5884] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  462.823782][ T5884] usb 1-1: device descriptor read/64, error -71
[  462.934093][ T5884] usb usb1-port1: attempt power cycle
[  462.936142][ T1305] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  462.970248][T11783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.971853][T11783] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  463.001296][T11783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  463.016350][T11783] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  463.048702][ T6736] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO
[  463.048757][ T6736] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[  463.049151][ T6736] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  463.049200][ T6736] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  463.049836][ T6736] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  463.139081][ T6736] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  463.170048][ T6736] usb 3-1: USB disconnect, device number 72
[  463.217953][T11801] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  463.221689][T11801] VFS: Can't find a romfs filesystem on dev nullb0.
[  463.221689][T11801] 
[  463.312867][ T5884] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  463.334485][ T5884] usb 1-1: device descriptor read/8, error -71
[  463.350238][ T1305] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  463.437547][T11784] chnl_net:caif_netlink_parms(): no params data found
[  463.542129][T11784] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.542308][T11784] bridge0: port 1(bridge_slave_0) entered disabled state
[  463.542469][T11784] bridge_slave_0: entered allmulticast mode
[  463.572876][T11784] bridge_slave_0: entered promiscuous mode
[  463.573791][ T5884] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  463.598438][ T5884] usb 1-1: device descriptor read/8, error -71
[  463.710220][T11784] bridge0: port 2(bridge_slave_1) entered blocking state
[  463.710328][T11784] bridge0: port 2(bridge_slave_1) entered disabled state
[  463.710553][T11784] bridge_slave_1: entered allmulticast mode
[  463.712318][T11784] bridge_slave_1: entered promiscuous mode
[  463.713822][ T5884] usb usb1-port1: unable to enumerate USB device
[  463.824747][T11808] delete_channel: no stack
[  463.897370][T11784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  463.954562][T11784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  464.003796][ T5809] Bluetooth: hci0: command tx timeout
[  464.183843][ T5952] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  464.206076][T11818] pimreg: entered allmulticast mode
[  464.209098][T11784] team0: Port device team_slave_0 added
[  464.212815][T11784] team0: Port device team_slave_1 added
[  464.264514][ T1305] bridge_slave_1: left allmulticast mode
[  464.264540][ T1305] bridge_slave_1: left promiscuous mode
[  464.264884][ T1305] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.324787][ T1305] bridge_slave_0: left allmulticast mode
[  464.324807][ T1305] bridge_slave_0: left promiscuous mode
[  464.324960][ T1305] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.334577][ T5952] usb 6-1: Using ep0 maxpacket: 32
[  464.336982][ T5952] usb 6-1: config 0 has an invalid interface number: 196 but max is 0
[  464.337009][ T5952] usb 6-1: config 0 has no interface number 0
[  464.337053][ T5952] usb 6-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  464.337076][ T5952] usb 6-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  464.337101][ T5952] usb 6-1: config 0 interface 196 has no altsetting 0
[  464.339670][ T5952] usb 6-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  464.339697][ T5952] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.339717][ T5952] usb 6-1: Product: syz
[  464.339731][ T5952] usb 6-1: Manufacturer: syz
[  464.339746][ T5952] usb 6-1: SerialNumber: syz
[  464.358607][ T5952] usb 6-1: config 0 descriptor??
[  464.433874][ T5866] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  464.597504][ T5952] ipheth 6-1:0.196: Unable to find endpoints
[  464.618694][ T5952] usb 6-1: USB disconnect, device number 21
[  464.621183][ T5866] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  464.621212][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.621222][ T5866] usb 3-1: Product: syz
[  464.621230][ T5866] usb 3-1: Manufacturer: syz
[  464.621237][ T5866] usb 3-1: SerialNumber: syz
[  464.730326][ T7896] wlan1: Trigger new scan to find an IBSS to join
[  465.263431][T11828] FAULT_INJECTION: forcing a failure.
[  465.263431][T11828] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  465.263475][T11828] CPU: 1 UID: 0 PID: 11828 Comm: syz.0.2074 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  465.263502][T11828] Tainted: [L]=SOFTLOCKUP
[  465.263508][T11828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  465.263519][T11828] Call Trace:
[  465.263528][T11828]  <TASK>
[  465.263538][T11828]  dump_stack_lvl+0xe8/0x150
[  465.263567][T11828]  should_fail_ex+0x46b/0x600
[  465.263594][T11828]  copy_fpstate_to_sigframe+0xa8c/0xd40
[  465.263631][T11828]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  465.263653][T11828]  ? __pfx_rtlock_slowlock_locked+0x10/0x10
[  465.263676][T11828]  ? rt_spin_lock+0x1e0/0x400
[  465.263693][T11828]  ? rt_spin_lock+0x1e0/0x400
[  465.263716][T11828]  ? fpu__alloc_mathframe+0xac/0x130
[  465.263737][T11828]  get_sigframe+0x5f7/0x820
[  465.263777][T11828]  ? __pfx_get_sigframe+0x10/0x10
[  465.263796][T11828]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  465.263814][T11828]  ? reacquire_held_locks+0x104/0x190
[  465.263839][T11828]  ? rt_spin_lock+0x1e0/0x400
[  465.263863][T11828]  x64_setup_rt_frame+0x161/0xcb0
[  465.263881][T11828]  ? rt_spin_unlock+0x14f/0x200
[  465.263903][T11828]  ? rt_spin_unlock+0x160/0x200
[  465.263924][T11828]  ? get_signal+0x1120/0x1310
[  465.263951][T11828]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  465.263980][T11828]  arch_do_signal_or_restart+0x429/0x830
[  465.264004][T11828]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  465.264030][T11828]  ? ksys_read+0x248/0x270
[  465.264057][T11828]  exit_to_user_mode_loop+0x86/0x480
[  465.264080][T11828]  ? rcu_is_watching+0x15/0xb0
[  465.264106][T11828]  do_syscall_64+0x32d/0xf80
[  465.264127][T11828]  ? rcu_is_watching+0x15/0xb0
[  465.264149][T11828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.264167][T11828]  ? clear_bhb_loop+0x40/0x90
[  465.264189][T11828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.264207][T11828] RIP: 0033:0x7faadf09bf77
[  465.264224][T11828] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89
[  465.264240][T11828] RSP: 002b:00007faadd2ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  465.264261][T11828] RAX: 0000000000000000 RBX: 00007faadf315fa0 RCX: 00007faadf09bf79
[  465.264274][T11828] RDX: 0000000000002020 RSI: 0000200000006100 RDI: 0000000000000003
[  465.264286][T11828] RBP: 00007faadd2ee090 R08: 0000000000000000 R09: 0000000000000000
[  465.264298][T11828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.264310][T11828] R13: 00007faadf316038 R14: 00007faadf315fa0 R15: 00007fff31946e48
[  465.264340][T11828]  </TASK>
[  465.298349][T11821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.300442][T11821] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.313539][T11821] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.315824][T11821] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.366880][ T5866] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -EPROTO
[  465.366938][ T5866] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[  465.367377][ T5866] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  465.367424][ T5866] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  465.368238][ T5866] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  465.408898][ T5866] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  465.443817][ T5866] usb 3-1: USB disconnect, device number 73
[  465.766647][   T58] wlan1: Creating new IBSS network, BSSID 5e:10:3f:d5:f2:7d
[  466.030085][T11841] FAULT_INJECTION: forcing a failure.
[  466.030085][T11841] name failslab, interval 1, probability 0, space 0, times 0
[  466.030109][T11841] CPU: 0 UID: 0 PID: 11841 Comm: syz.0.2079 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  466.030125][T11841] Tainted: [L]=SOFTLOCKUP
[  466.030129][T11841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  466.030136][T11841] Call Trace:
[  466.030141][T11841]  <TASK>
[  466.030146][T11841]  dump_stack_lvl+0xe8/0x150
[  466.030166][T11841]  should_fail_ex+0x46b/0x600
[  466.030182][T11841]  should_failslab+0xa8/0x100
[  466.030195][T11841]  __kmalloc_noprof+0xdf/0x7b0
[  466.030207][T11841]  ? kfree+0x4d/0x690
[  466.030215][T11841]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  466.030230][T11841]  tomoyo_realpath_from_path+0xe3/0x5d0
[  466.030242][T11841]  ? tomoyo_domain+0xd8/0x130
[  466.030257][T11841]  ? tomoyo_path_number_perm+0x219/0x630
[  466.030272][T11841]  tomoyo_path_number_perm+0x246/0x630
[  466.030289][T11841]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  466.030303][T11841]  ? __lock_acquire+0x6b5/0x2cf0
[  466.030319][T11841]  ? do_raw_spin_lock+0x12b/0x2f0
[  466.030350][T11841]  ? __fget_files+0x2a/0x420
[  466.030366][T11841]  ? __fget_files+0x2a/0x420
[  466.030379][T11841]  ? __fget_files+0x3a6/0x420
[  466.030391][T11841]  ? __fget_files+0x2a/0x420
[  466.030407][T11841]  security_file_ioctl+0xc3/0x2a0
[  466.030430][T11841]  __se_sys_ioctl+0x47/0x170
[  466.030443][T11841]  do_syscall_64+0x14d/0xf80
[  466.030457][T11841]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.030467][T11841]  ? trace_irq_disable+0x37/0x100
[  466.030476][T11841]  ? clear_bhb_loop+0x40/0x90
[  466.030488][T11841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.030498][T11841] RIP: 0033:0x7faadf09bf79
[  466.030508][T11841] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  466.030517][T11841] RSP: 002b:00007faadd2ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  466.030529][T11841] RAX: ffffffffffffffda RBX: 00007faadf315fa0 RCX: 00007faadf09bf79
[  466.030537][T11841] RDX: 0000200000000040 RSI: 0000000040405515 RDI: 0000000000000003
[  466.030544][T11841] RBP: 00007faadd2ee090 R08: 0000000000000000 R09: 0000000000000000
[  466.030551][T11841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  466.030558][T11841] R13: 00007faadf316038 R14: 00007faadf315fa0 R15: 00007fff31946e48
[  466.030574][T11841]  </TASK>
[  466.030579][T11841] ERROR: Out of memory at tomoyo_realpath_from_path.
[  466.083749][ T5809] Bluetooth: hci0: command tx timeout
[  466.463821][    T9] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[  466.603828][    T9] usb 6-1: device descriptor read/64, error -71
[  466.763845][ T5866] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  466.843874][    T9] usb 6-1: new full-speed USB device number 23 using dummy_hcd
[  466.904275][ T1305] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  466.913827][ T5866] usb 3-1: Using ep0 maxpacket: 32
[  466.928849][ T5866] usb 3-1: config 0 has an invalid interface number: 196 but max is 0
[  466.928877][ T5866] usb 3-1: config 0 has no interface number 0
[  466.928913][ T5866] usb 3-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  466.928925][ T5866] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  466.928938][ T5866] usb 3-1: config 0 interface 196 has no altsetting 0
[  466.931060][ T5866] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  466.931085][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.931096][ T5866] usb 3-1: Product: syz
[  466.931103][ T5866] usb 3-1: Manufacturer: syz
[  466.931110][ T5866] usb 3-1: SerialNumber: syz
[  466.938608][ T5866] usb 3-1: config 0 descriptor??
[  466.973839][    T9] usb 6-1: device descriptor read/64, error -71
[  467.054633][ T1305] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  467.081622][ T1305] bond0 (unregistering): Released all slaves
[  467.084110][    T9] usb usb6-port1: attempt power cycle
[  467.127982][T11784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  467.127996][T11784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  467.128010][T11784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  467.247005][ T5866] ipheth 3-1:0.196: Unable to find endpoints
[  467.258207][ T5866] usb 3-1: USB disconnect, device number 74
[  467.340258][T11784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  467.340271][T11784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  467.340287][T11784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  467.454004][    T9] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  467.475843][    T9] usb 6-1: device descriptor read/8, error -71
[  467.589691][T11784] hsr_slave_0: entered promiscuous mode
[  467.602495][T11784] hsr_slave_1: entered promiscuous mode
[  467.608694][T11784] debugfs: 'hsr0' already exists in 'hsr'
[  467.608725][T11784] Cannot create hsr debugfs directory
[  467.713796][    T9] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  467.738754][    T9] usb 6-1: device descriptor read/8, error -71
[  467.847516][    T9] usb usb6-port1: unable to enumerate USB device
[  468.184703][ T5809] Bluetooth: hci0: command tx timeout
[  468.216312][T11876] kvm: user requested TSC rate below hardware speed
[  468.243902][    T9] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  468.396560][    T9] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  468.396591][    T9] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  468.396612][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  468.396660][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  468.396687][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  468.399263][    T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  468.399292][    T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  468.399302][    T9] usb 2-1: Product: syz
[  468.399310][    T9] usb 2-1: Manufacturer: syz
[  468.426593][    T9] cdc_wdm 2-1:1.0: skipping garbage
[  468.426613][    T9] cdc_wdm 2-1:1.0: skipping garbage
[  468.450360][    T9] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  468.450384][    T9] cdc_wdm 2-1:1.0: Unknown control protocol
[  468.793962][T11883] mac80211_hwsim hwsim9 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  468.833075][    T9] usb 2-1: USB disconnect, device number 30
[  468.929368][T11886] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2092'.
[  469.056095][ T1305] hsr_slave_0: left promiscuous mode
[  469.093835][ T1305] hsr_slave_1: left promiscuous mode
[  469.094897][ T1305] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  469.094922][ T1305] batman_adv: batadv0: Removing interface: batadv_slave_0
[  469.114166][ T5956] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  469.164466][ T1305] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  469.164495][ T1305] batman_adv: batadv0: Removing interface: batadv_slave_1
[  469.439368][ T1305] veth1_macvtap: left promiscuous mode
[  469.439437][ T1305] veth0_macvtap: left promiscuous mode
[  469.439757][ T1305] veth1_vlan: left promiscuous mode
[  469.439849][ T1305] veth0_vlan: left promiscuous mode
[  469.503853][ T5866] usb 1-1: new full-speed USB device number 71 using dummy_hcd
[  469.653804][    T9] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  469.677742][ T5866] usb 1-1: config 0 has an invalid interface number: 66 but max is 0
[  469.677770][ T5866] usb 1-1: config 0 has no interface number 0
[  469.677795][ T5866] usb 1-1: too many endpoints for config 0 interface 66 altsetting 233: 52, using maximum allowed: 30
[  469.677827][ T5866] usb 1-1: config 0 interface 66 altsetting 233 has 0 endpoint descriptors, different from the interface descriptor's value: 52
[  469.677851][ T5866] usb 1-1: config 0 interface 66 has no altsetting 0
[  469.677876][ T5866] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  469.677895][ T5866] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.682808][ T5866] usb 1-1: config 0 descriptor??
[  469.813778][    T9] usb 6-1: Using ep0 maxpacket: 8
[  469.815853][    T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  469.815880][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.894574][    T9] pvrusb2: Hardware description: Terratec Grabster AV400
[  469.894777][    T9] pvrusb2: **********
[  469.894787][    T9] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  469.894799][    T9] pvrusb2: Important functionality might not be entirely working.
[  469.894812][    T9] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  469.894824][    T9] pvrusb2: **********
[  470.095850][ T2365] pvrusb2: Invalid write control endpoint
[  470.221250][ T2365] pvrusb2: Invalid write control endpoint
[  470.221267][ T2365] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  470.221276][ T2365] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  470.221285][ T2365] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  470.221294][ T2365] pvrusb2: Device being rendered inoperable
[  470.246582][ T5809] Bluetooth: hci0: command tx timeout
[  470.278003][ T2365] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  470.278064][ T2365] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  470.291612][T11896] pvrusb2: Attempted to execute control transfer when device not ok
[  470.304174][ T5884] usb 6-1: USB disconnect, device number 26
[  470.346144][ T2365] pvrusb2: Attached sub-driver cx25840
[  470.346160][ T2365] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  470.346169][ T2365] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  470.537682][ T5866] usb 1-1: string descriptor 0 read error: -71
[  470.550908][ T5866] usb 1-1: USB disconnect, device number 71
[  470.964423][T11905] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2097'.
[  471.253831][ T5884] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  471.324646][    T9] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  471.411177][ T5884] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  471.411210][ T5884] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  471.411234][ T5884] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  471.433338][ T5884] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  471.433369][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.433389][ T5884] usb 6-1: Product: syz
[  471.433403][ T5884] usb 6-1: Manufacturer: syz
[  471.433418][ T5884] usb 6-1: SerialNumber: syz
[  471.446871][ T5884] usb 6-1: config 0 descriptor??
[  471.473798][    T9] usb 3-1: Using ep0 maxpacket: 32
[  471.481872][    T9] usb 3-1: config 0 has an invalid interface number: 121 but max is 2
[  471.481899][    T9] usb 3-1: config 0 has an invalid descriptor of length 213, skipping remainder of the config
[  471.481918][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[  471.481939][    T9] usb 3-1: config 0 has no interface number 0
[  471.482037][    T9] usb 3-1: config 0 interface 121 altsetting 1 endpoint 0xD has invalid maxpacket 512, setting to 64
[  471.482063][    T9] usb 3-1: config 0 interface 121 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 6
[  471.482089][    T9] usb 3-1: config 0 interface 121 has no altsetting 0
[  471.488612][    T9] usb 3-1: New USB device found, idVendor=0856, idProduct=ac26, bcdDevice=49.83
[  471.488642][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.488797][    T9] usb 3-1: Product: syz
[  471.488857][    T9] usb 3-1: Manufacturer: syz
[  471.488872][    T9] usb 3-1: SerialNumber: syz
[  471.498958][    T9] usb 3-1: config 0 descriptor??
[  471.630107][T11910] FAULT_INJECTION: forcing a failure.
[  471.630107][T11910] name failslab, interval 1, probability 0, space 0, times 0
[  471.630132][T11910] CPU: 0 UID: 0 PID: 11910 Comm: syz.0.2100 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  471.630148][T11910] Tainted: [L]=SOFTLOCKUP
[  471.630151][T11910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  471.630158][T11910] Call Trace:
[  471.630163][T11910]  <TASK>
[  471.630168][T11910]  dump_stack_lvl+0xe8/0x150
[  471.630188][T11910]  should_fail_ex+0x46b/0x600
[  471.630207][T11910]  should_failslab+0xa8/0x100
[  471.630221][T11910]  __kvmalloc_node_noprof+0x170/0x8e0
[  471.630234][T11910]  ? seq_read_iter+0x203/0xe20
[  471.630246][T11910]  ? mutex_lock_nested+0x152/0x1d0
[  471.630256][T11910]  ? seq_read_iter+0xb8/0xe20
[  471.630268][T11910]  seq_read_iter+0x203/0xe20
[  471.630279][T11910]  ? _parse_integer_limit+0x1ae/0x1f0
[  471.630295][T11910]  ? __asan_memset+0x22/0x50
[  471.630314][T11910]  seq_read+0x36a/0x490
[  471.630324][T11910]  ? get_pid_task+0x20/0x1f0
[  471.630343][T11910]  ? __pfx_seq_read+0x10/0x10
[  471.630354][T11910]  ? __lock_acquire+0x6b5/0x2cf0
[  471.630376][T11910]  ? __pfx_seq_read+0x10/0x10
[  471.630385][T11910]  proc_reg_read+0x1f6/0x2f0
[  471.630398][T11910]  ? __pfx_proc_reg_read+0x10/0x10
[  471.630411][T11910]  vfs_read+0x212/0xa70
[  471.630426][T11910]  ? __pfx_vfs_read+0x10/0x10
[  471.630437][T11910]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  471.630450][T11910]  ? lockdep_hardirqs_on+0x7a/0x110
[  471.630464][T11910]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  471.630477][T11910]  ? mutex_lock_nested+0x152/0x1d0
[  471.630486][T11910]  ? fdget_pos+0x252/0x320
[  471.630505][T11910]  ksys_read+0x156/0x270
[  471.630516][T11910]  ? __pfx_ksys_read+0x10/0x10
[  471.630532][T11910]  do_syscall_64+0x14d/0xf80
[  471.630546][T11910]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.630556][T11910]  ? clear_bhb_loop+0x40/0x90
[  471.630568][T11910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.630578][T11910] RIP: 0033:0x7faadf09bf79
[  471.630588][T11910] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  471.630597][T11910] RSP: 002b:00007faadd2ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  471.630609][T11910] RAX: ffffffffffffffda RBX: 00007faadf315fa0 RCX: 00007faadf09bf79
[  471.630617][T11910] RDX: 0000000000002020 RSI: 0000200000000640 RDI: 0000000000000003
[  471.630624][T11910] RBP: 00007faadd2ee090 R08: 0000000000000000 R09: 0000000000000000
[  471.630630][T11910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.630636][T11910] R13: 00007faadf316038 R14: 00007faadf315fa0 R15: 00007fff31946e48
[  471.630653][T11910]  </TASK>
[  471.688203][ T5884] adutux 6-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  471.976472][  T993] usb 6-1: USB disconnect, device number 27
[  472.138294][    T9] ftdi_sio 3-1:0.121: FTDI USB Serial Device converter detected
[  472.139758][    T9] ftdi_sio ttyUSB0: unknown device type: 0x4983
[  472.152850][    T9] usb 3-1: USB disconnect, device number 75
[  472.157799][    T9] ftdi_sio 3-1:0.121: device disconnected
[  472.313876][ T5884] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  472.484578][ T5884] usb 1-1: Using ep0 maxpacket: 16
[  472.493494][ T5884] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 254, using maximum allowed: 30
[  472.493552][ T5884] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  472.493576][ T5884] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  472.493608][ T5884] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 254
[  472.495750][ T5884] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  472.495778][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  472.495797][ T5884] usb 1-1: SerialNumber: syz
[  472.755776][ T4323] wlan1: Trigger new scan to find an IBSS to join
[  472.802833][T11913] tipc: Failed to remove unknown binding: 66,0,0/0:1794686385/1794686386
[  472.941461][T11913] tipc: Failed to remove unknown binding: 66,0,0/0:1794686385/1794686386
[  473.876650][ T5884] usb 1-1: USB disconnect, device number 72
[  474.663780][ T5884] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  474.793779][ T5884] usb 1-1: device descriptor read/64, error -71
[  474.864003][  T993] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  475.043957][ T5884] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  475.074217][  T993] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  475.074247][  T993] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  475.074266][  T993] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  475.074313][  T993] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  475.074347][  T993] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  475.076007][  T993] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  475.076035][  T993] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  475.076053][  T993] usb 6-1: Product: syz
[  475.076067][  T993] usb 6-1: Manufacturer: syz
[  475.090016][  T993] cdc_wdm 6-1:1.0: skipping garbage
[  475.090036][  T993] cdc_wdm 6-1:1.0: skipping garbage
[  475.095129][  T993] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  475.095149][  T993] cdc_wdm 6-1:1.0: Unknown control protocol
[  475.173836][ T5884] usb 1-1: device descriptor read/64, error -71
[  475.304149][ T5884] usb usb1-port1: attempt power cycle
[  475.519009][  T993] usb 6-1: USB disconnect, device number 28
[  475.682712][ T5884] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  475.696636][ T5884] usb 1-1: device descriptor read/8, error -71
[  475.716704][T11948] netlink: 'syz.2.2111': attribute type 21 has an invalid length.
[  475.944152][ T5884] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  475.975267][ T5884] usb 1-1: device descriptor read/8, error -71
[  475.996068][ T1305] team0 (unregistering): Port device team_slave_1 removed
[  476.098723][ T5884] usb usb1-port1: unable to enumerate USB device
[  476.284346][ T1305] team0 (unregistering): Port device team_slave_0 removed
[  477.483808][   T31] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  477.653796][   T31] usb 6-1: Using ep0 maxpacket: 16
[  477.656367][   T31] usb 6-1: config 0 has an invalid interface number: 35 but max is 0
[  477.656396][   T31] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  477.656416][   T31] usb 6-1: config 0 has no interface number 0
[  477.656460][   T31] usb 6-1: config 0 interface 35 altsetting 0 has an endpoint descriptor with address 0x7A, changing to 0xA
[  477.656487][   T31] usb 6-1: config 0 interface 35 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  477.656511][   T31] usb 6-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  477.659804][   T31] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=3e.04
[  477.659833][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.659854][   T31] usb 6-1: Product: syz
[  477.659869][   T31] usb 6-1: Manufacturer: syz
[  477.659884][   T31] usb 6-1: SerialNumber: syz
[  477.706276][   T31] usb 6-1: config 0 descriptor??
[  477.763843][   T58] wlan1: Trigger new scan to find an IBSS to join
[  477.923840][   T31] usb 6-1: USB disconnect, device number 29
[  478.907860][   T58] wlan1: Creating new IBSS network, BSSID 16:d1:49:55:27:10
[  479.320012][T11952] netlink: 840 bytes leftover after parsing attributes in process `syz.2.2111'.
[  479.653848][  T993] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  479.854613][  T993] usb 2-1: Using ep0 maxpacket: 32
[  479.856665][  T993] usb 2-1: config 2 has an invalid interface number: 88 but max is 0
[  479.856691][  T993] usb 2-1: config 2 has no interface number 0
[  479.856736][  T993] usb 2-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256
[  479.856761][  T993] usb 2-1: config 2 interface 88 has no altsetting 0
[  479.860156][  T993] usb 2-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  479.860174][  T993] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.860184][  T993] usb 2-1: Product: syz
[  479.860192][  T993] usb 2-1: Manufacturer: syz
[  479.860199][  T993] usb 2-1: SerialNumber: syz
[  479.869337][T11975] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  480.094316][T11975] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  480.160798][T11784] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  480.337444][T11784] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  480.442832][T11784] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  480.555229][T11784] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  480.559523][T11998] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2122'.
[  480.615600][T12002] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd
[  480.957992][  T993] asix 2-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  480.958248][  T993] asix 2-1:2.88: probe with driver asix failed with error -71
[  481.026836][  T993] usb 2-1: USB disconnect, device number 31
[  482.182570][ T6000] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  482.739942][ T6000] usb 3-1: Using ep0 maxpacket: 16
[  483.041055][ T6000] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  483.041084][ T6000] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  483.041104][ T6000] usb 3-1: config 0 has no interface number 0
[  483.041145][ T6000] usb 3-1: config 0 interface 35 altsetting 0 has an endpoint descriptor with address 0x7A, changing to 0xA
[  483.041170][ T6000] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  483.041192][ T6000] usb 3-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  483.126582][ T6000] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=3e.04
[  483.126611][ T6000] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.126622][ T6000] usb 3-1: Product: syz
[  483.126630][ T6000] usb 3-1: Manufacturer: syz
[  483.126637][ T6000] usb 3-1: SerialNumber: syz
[  483.179527][ T6000] usb 3-1: config 0 descriptor??
[  483.217423][T11784] 8021q: adding VLAN 0 to HW filter on device bond0
[  483.331694][T11784] 8021q: adding VLAN 0 to HW filter on device team0
[  483.385041][ T5958] bridge0: port 1(bridge_slave_0) entered blocking state
[  483.385236][ T5958] bridge0: port 1(bridge_slave_0) entered forwarding state
[  483.387548][ T5958] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.387686][ T5958] bridge0: port 2(bridge_slave_1) entered forwarding state
[  483.389364][ T5952] usb 3-1: USB disconnect, device number 76
[  483.813780][  T807] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  483.957198][T11784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  483.963775][ T5952] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[  483.988036][  T807] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  483.988066][  T807] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.988087][  T807] usb 1-1: Product: syz
[  483.988102][  T807] usb 1-1: Manufacturer: syz
[  483.988118][  T807] usb 1-1: SerialNumber: syz
[  484.135974][ T5952] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  484.136029][ T5952] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  484.136054][ T5952] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  484.136079][ T5952] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  484.136100][ T5952] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  484.138834][ T5952] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  484.138865][ T5952] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  484.138886][ T5952] usb 6-1: Product: syz
[  484.138900][ T5952] usb 6-1: Manufacturer: syz
[  484.138914][ T5952] usb 6-1: SerialNumber: syz
[  484.161574][ T5952] usb 6-1: config 0 descriptor??
[  484.374144][ T5952] radio-si470x 6-1:0.0: DeviceID=0x55f0 ChipID=0x411f
[  484.757718][ T5952] radio-si470x 6-1:0.0: software version 85, hardware version 240
[  484.796814][T12033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.797579][T12033] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.811187][T12033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  485.506311][T12033] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.524978][  T807] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  485.525038][  T807] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPROTO
[  485.533569][  T807] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  485.533837][  T807] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  485.535153][  T807] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  485.578927][ T5952] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71
[  485.578981][ T5952] radio-si470x 6-1:0.0: submitting int urb failed (-90)
[  485.579360][ T5952] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71
[  485.579651][ T5952] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -22
[  485.620952][ T5952] usb 6-1: USB disconnect, device number 30
[  485.673896][  T807] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71
[  485.746246][  T807] usb 1-1: USB disconnect, device number 77
[  485.959232][T12074] FAULT_INJECTION: forcing a failure.
[  485.959232][T12074] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  485.959269][T12074] CPU: 1 UID: 0 PID: 12074 Comm: syz.2.2135 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  485.959295][T12074] Tainted: [L]=SOFTLOCKUP
[  485.959302][T12074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  485.959313][T12074] Call Trace:
[  485.959321][T12074]  <TASK>
[  485.959330][T12074]  dump_stack_lvl+0xe8/0x150
[  485.959360][T12074]  should_fail_ex+0x46b/0x600
[  485.959387][T12074]  _copy_from_user+0x2d/0xb0
[  485.959411][T12074]  wants_mount_setattr+0x1ba/0x8f0
[  485.959432][T12074]  ? lockdep_hardirqs_on+0x7a/0x110
[  485.959456][T12074]  ? __pfx_wants_mount_setattr+0x10/0x10
[  485.959474][T12074]  ? rt_mutex_slowunlock+0x1cb/0x300
[  485.959505][T12074]  __se_sys_mount_setattr+0x16a/0x280
[  485.959535][T12074]  ? __pfx___se_sys_mount_setattr+0x10/0x10
[  485.959564][T12074]  ? __x64_sys_mount_setattr+0x20/0xc0
[  485.959590][T12074]  do_syscall_64+0x14d/0xf80
[  485.959611][T12074]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.959629][T12074]  ? trace_irq_disable+0x37/0x100
[  485.959645][T12074]  ? clear_bhb_loop+0x40/0x90
[  485.959665][T12074]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.959683][T12074] RIP: 0033:0x7effcce4bf79
[  485.959700][T12074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  485.959717][T12074] RSP: 002b:00007effcb09e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ba
[  485.959736][T12074] RAX: ffffffffffffffda RBX: 00007effcd0c5fa0 RCX: 00007effcce4bf79
[  485.959748][T12074] RDX: 0000000000008900 RSI: 0000200000000200 RDI: ffffffffffffff9c
[  485.959760][T12074] RBP: 00007effcb09e090 R08: 0000000000000020 R09: 0000000000000000
[  485.959772][T12074] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  485.959784][T12074] R13: 00007effcd0c6038 R14: 00007effcd0c5fa0 R15: 00007ffd9b59f7b8
[  485.959811][T12074]  </TASK>
[  486.049390][T11784] veth0_vlan: entered promiscuous mode
[  486.110646][T11784] veth1_vlan: entered promiscuous mode
[  486.306336][T11784] veth0_macvtap: entered promiscuous mode
[  486.395965][T12087] FAULT_INJECTION: forcing a failure.
[  486.395965][T12087] name failslab, interval 1, probability 0, space 0, times 0
[  486.396000][T12087] CPU: 0 UID: 0 PID: 12087 Comm: syz.1.2139 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  486.396027][T12087] Tainted: [L]=SOFTLOCKUP
[  486.396034][T12087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  486.396046][T12087] Call Trace:
[  486.396054][T12087]  <TASK>
[  486.396063][T12087]  dump_stack_lvl+0xe8/0x150
[  486.396092][T12087]  should_fail_ex+0x46b/0x600
[  486.396118][T12087]  should_failslab+0xa8/0x100
[  486.396146][T12087]  __kmalloc_noprof+0xdf/0x7b0
[  486.396165][T12087]  ? kfree+0x4d/0x690
[  486.396181][T12087]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  486.396207][T12087]  tomoyo_realpath_from_path+0xe3/0x5d0
[  486.396229][T12087]  ? tomoyo_domain+0xd8/0x130
[  486.396254][T12087]  ? tomoyo_path_number_perm+0x219/0x630
[  486.396286][T12087]  tomoyo_path_number_perm+0x246/0x630
[  486.396313][T12087]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  486.396337][T12087]  ? __lock_acquire+0x6b5/0x2cf0
[  486.396368][T12087]  ? do_raw_spin_lock+0x12b/0x2f0
[  486.396421][T12087]  ? __fget_files+0x2a/0x420
[  486.396448][T12087]  ? __fget_files+0x2a/0x420
[  486.396468][T12087]  ? __fget_files+0x3a6/0x420
[  486.396489][T12087]  ? __fget_files+0x2a/0x420
[  486.396515][T12087]  security_file_ioctl+0xc3/0x2a0
[  486.396543][T12087]  __se_sys_ioctl+0x47/0x170
[  486.396566][T12087]  do_syscall_64+0x14d/0xf80
[  486.396589][T12087]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.396607][T12087]  ? trace_irq_disable+0x37/0x100
[  486.396623][T12087]  ? clear_bhb_loop+0x40/0x90
[  486.396646][T12087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.396663][T12087] RIP: 0033:0x7f64b37fbf79
[  486.396680][T12087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  486.396698][T12087] RSP: 002b:00007f64b1a56028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  486.396719][T12087] RAX: ffffffffffffffda RBX: 00007f64b3a75fa0 RCX: 00007f64b37fbf79
[  486.396734][T12087] RDX: 0000000000000001 RSI: 0000000000005608 RDI: 0000000000000003
[  486.396747][T12087] RBP: 00007f64b1a56090 R08: 0000000000000000 R09: 0000000000000000
[  486.396760][T12087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.396772][T12087] R13: 00007f64b3a76038 R14: 00007f64b3a75fa0 R15: 00007ffeff4c2e68
[  486.396804][T12087]  </TASK>
[  486.396813][T12087] ERROR: Out of memory at tomoyo_realpath_from_path.
[  486.398534][T11784] veth1_macvtap: entered promiscuous mode
[  486.528833][T11784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  486.561424][T11784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  486.626941][ T1305] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  486.630685][ T1305] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  486.631043][ T1305] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  486.667302][ T7896] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  487.108972][T12105] FAULT_INJECTION: forcing a failure.
[  487.108972][T12105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  487.109008][T12105] CPU: 1 UID: 0 PID: 12105 Comm: syz.5.2144 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  487.109035][T12105] Tainted: [L]=SOFTLOCKUP
[  487.109042][T12105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  487.109054][T12105] Call Trace:
[  487.109061][T12105]  <TASK>
[  487.109070][T12105]  dump_stack_lvl+0xe8/0x150
[  487.109100][T12105]  should_fail_ex+0x46b/0x600
[  487.109128][T12105]  _copy_from_user+0x2d/0xb0
[  487.109153][T12105]  ___sys_sendmsg+0x1c6/0x360
[  487.109172][T12105]  ? __lock_acquire+0x6b5/0x2cf0
[  487.109199][T12105]  ? __pfx____sys_sendmsg+0x10/0x10
[  487.109258][T12105]  ? __fget_files+0x2a/0x420
[  487.109281][T12105]  ? __fget_files+0x3a6/0x420
[  487.109313][T12105]  __x64_sys_sendmsg+0x1c3/0x2a0
[  487.109334][T12105]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  487.109363][T12105]  ? __pfx_ksys_write+0x10/0x10
[  487.109392][T12105]  do_syscall_64+0x14d/0xf80
[  487.109415][T12105]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.109432][T12105]  ? trace_irq_disable+0x37/0x100
[  487.109449][T12105]  ? clear_bhb_loop+0x40/0x90
[  487.109470][T12105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.109488][T12105] RIP: 0033:0x7f4bbf43bf79
[  487.109505][T12105] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  487.109521][T12105] RSP: 002b:00007f4bbd696028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  487.109542][T12105] RAX: ffffffffffffffda RBX: 00007f4bbf6b5fa0 RCX: 00007f4bbf43bf79
[  487.109556][T12105] RDX: 0000000004040010 RSI: 0000200000001200 RDI: 0000000000000003
[  487.109569][T12105] RBP: 00007f4bbd696090 R08: 0000000000000000 R09: 0000000000000000
[  487.109580][T12105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  487.109592][T12105] R13: 00007f4bbf6b6038 R14: 00007f4bbf6b5fa0 R15: 00007ffc38ebfc68
[  487.109623][T12105]  </TASK>
[  487.213751][ T5884] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  487.369257][ T5884] usb 2-1: Using ep0 maxpacket: 16
[  487.374178][ T5884] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[  487.374206][ T5884] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  487.374225][ T5884] usb 2-1: config 0 has no interface number 0
[  487.374266][ T5884] usb 2-1: config 0 interface 35 altsetting 0 has an endpoint descriptor with address 0x7A, changing to 0xA
[  487.374291][ T5884] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  487.374312][ T5884] usb 2-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  487.378289][ T5884] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=3e.04
[  487.378318][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  487.378338][ T5884] usb 2-1: Product: syz
[  487.378352][ T5884] usb 2-1: Manufacturer: syz
[  487.378366][ T5884] usb 2-1: SerialNumber: syz
[  487.424154][ T5884] usb 2-1: config 0 descriptor??
[  487.696323][    T9] usb 2-1: USB disconnect, device number 32
[  487.766959][ T7150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  487.766981][ T7150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  488.598746][ T7150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  488.598765][ T7150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  488.665345][T12119] netlink: 'syz.0.2147': attribute type 1 has an invalid length.
[  488.665424][T12119] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  488.665435][T12119] IPv6: NLM_F_CREATE should be set when creating new route
[  488.666866][T12119] sctp: [Deprecated]: syz.0.2147 (pid 12119) Use of struct sctp_assoc_value in delayed_ack socket option.
[  488.666866][T12119] Use struct sctp_sack_info instead
[  489.323807][    T9] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  489.473913][    T9] usb 6-1: Using ep0 maxpacket: 8
[  489.496282][    T9] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  489.496312][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  489.496332][    T9] usb 6-1: Product: syz
[  489.496347][    T9] usb 6-1: Manufacturer: syz
[  489.496363][    T9] usb 6-1: SerialNumber: syz
[  489.500363][    T9] usb 6-1: config 0 descriptor??
[  489.604968][T12139] FAULT_INJECTION: forcing a failure.
[  489.604968][T12139] name failslab, interval 1, probability 0, space 0, times 0
[  489.605005][T12139] CPU: 1 UID: 0 PID: 12139 Comm: syz.1.2154 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  489.605032][T12139] Tainted: [L]=SOFTLOCKUP
[  489.605039][T12139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  489.605050][T12139] Call Trace:
[  489.605059][T12139]  <TASK>
[  489.605067][T12139]  dump_stack_lvl+0xe8/0x150
[  489.605096][T12139]  should_fail_ex+0x46b/0x600
[  489.605123][T12139]  should_failslab+0xa8/0x100
[  489.605147][T12139]  __kmalloc_noprof+0xdf/0x7b0
[  489.605166][T12139]  ? kfree+0x4d/0x690
[  489.605182][T12139]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  489.605208][T12139]  tomoyo_realpath_from_path+0xe3/0x5d0
[  489.605231][T12139]  ? tomoyo_domain+0xd8/0x130
[  489.605256][T12139]  ? tomoyo_path_number_perm+0x219/0x630
[  489.605281][T12139]  tomoyo_path_number_perm+0x246/0x630
[  489.605309][T12139]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  489.605331][T12139]  ? __lock_acquire+0x6b5/0x2cf0
[  489.605357][T12139]  ? do_raw_spin_lock+0x12b/0x2f0
[  489.605410][T12139]  ? __fget_files+0x2a/0x420
[  489.605434][T12139]  ? __fget_files+0x2a/0x420
[  489.605455][T12139]  ? __fget_files+0x3a6/0x420
[  489.605475][T12139]  ? __fget_files+0x2a/0x420
[  489.605500][T12139]  security_file_ioctl+0xc3/0x2a0
[  489.605530][T12139]  __se_sys_ioctl+0x47/0x170
[  489.605551][T12139]  do_syscall_64+0x14d/0xf80
[  489.605575][T12139]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.605592][T12139]  ? trace_irq_disable+0x37/0x100
[  489.605609][T12139]  ? clear_bhb_loop+0x40/0x90
[  489.605640][T12139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  489.605658][T12139] RIP: 0033:0x7f64b37fbf79
[  489.605676][T12139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  489.605692][T12139] RSP: 002b:00007f64b1a56028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  489.605713][T12139] RAX: ffffffffffffffda RBX: 00007f64b3a75fa0 RCX: 00007f64b37fbf79
[  489.605727][T12139] RDX: 0000000000000002 RSI: 000000000000540a RDI: 0000000000000003
[  489.605740][T12139] RBP: 00007f64b1a56090 R08: 0000000000000000 R09: 0000000000000000
[  489.605752][T12139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  489.605764][T12139] R13: 00007f64b3a76038 R14: 00007f64b3a75fa0 R15: 00007ffeff4c2e68
[  489.605795][T12139]  </TASK>
[  489.605803][T12139] ERROR: Out of memory at tomoyo_realpath_from_path.
[  489.729074][    T9] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  491.212786][    T9] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  491.223902][    T9] usb 6-1: USB disconnect, device number 31
[  491.236924][T12157] FAULT_INJECTION: forcing a failure.
[  491.236924][T12157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  491.236947][T12157] CPU: 1 UID: 0 PID: 12157 Comm: syz.2.2159 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  491.236963][T12157] Tainted: [L]=SOFTLOCKUP
[  491.236967][T12157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  491.236973][T12157] Call Trace:
[  491.236978][T12157]  <TASK>
[  491.236982][T12157]  dump_stack_lvl+0xe8/0x150
[  491.237001][T12157]  should_fail_ex+0x46b/0x600
[  491.237017][T12157]  _copy_from_user+0x2d/0xb0
[  491.237033][T12157]  ___sys_recvmsg+0x175/0x590
[  491.237047][T12157]  ? __pfx____sys_recvmsg+0x10/0x10
[  491.237060][T12157]  ? __fget_files+0x2a/0x420
[  491.237084][T12157]  ? __fget_files+0x3a6/0x420
[  491.237102][T12157]  do_recvmmsg+0x33a/0x800
[  491.237117][T12157]  ? __pfx_do_recvmmsg+0x10/0x10
[  491.237135][T12157]  ? rt_mutex_slowunlock+0x1cb/0x300
[  491.237154][T12157]  __x64_sys_recvmmsg+0x198/0x250
[  491.237167][T12157]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  491.237183][T12157]  do_syscall_64+0x14d/0xf80
[  491.237197][T12157]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.237207][T12157]  ? trace_irq_disable+0x37/0x100
[  491.237216][T12157]  ? clear_bhb_loop+0x40/0x90
[  491.237228][T12157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.237238][T12157] RIP: 0033:0x7effcce4bf79
[  491.237248][T12157] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  491.237258][T12157] RSP: 002b:00007effcb09e028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  491.237270][T12157] RAX: ffffffffffffffda RBX: 00007effcd0c5fa0 RCX: 00007effcce4bf79
[  491.237277][T12157] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[  491.237284][T12157] RBP: 00007effcb09e090 R08: 0000000000000000 R09: 0000000000000000
[  491.237291][T12157] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  491.237297][T12157] R13: 00007effcd0c6038 R14: 00007effcd0c5fa0 R15: 00007ffd9b59f7b8
[  491.237313][T12157]  </TASK>
[  491.800799][T12164] FAULT_INJECTION: forcing a failure.
[  491.800799][T12164] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  491.800824][T12164] CPU: 0 UID: 0 PID: 12164 Comm: syz.5.2161 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  491.800840][T12164] Tainted: [L]=SOFTLOCKUP
[  491.800843][T12164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  491.800850][T12164] Call Trace:
[  491.800854][T12164]  <TASK>
[  491.800860][T12164]  dump_stack_lvl+0xe8/0x150
[  491.800880][T12164]  should_fail_ex+0x46b/0x600
[  491.800896][T12164]  _copy_from_user+0x2d/0xb0
[  491.800912][T12164]  ___sys_sendmsg+0x1c6/0x360
[  491.800922][T12164]  ? __lock_acquire+0x6b5/0x2cf0
[  491.800939][T12164]  ? __pfx____sys_sendmsg+0x10/0x10
[  491.800952][T12164]  ? kstrtouint+0x6e/0xe0
[  491.800975][T12164]  ? __fget_files+0x2a/0x420
[  491.800989][T12164]  ? __fget_files+0x3a6/0x420
[  491.801007][T12164]  __sys_sendmmsg+0x282/0x4e0
[  491.801020][T12164]  ? __pfx___sys_sendmmsg+0x10/0x10
[  491.801035][T12164]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  491.801054][T12164]  ? ksys_write+0x248/0x270
[  491.801065][T12164]  ? __pfx_ksys_write+0x10/0x10
[  491.801078][T12164]  __x64_sys_sendmmsg+0xa0/0xc0
[  491.801089][T12164]  do_syscall_64+0x14d/0xf80
[  491.801103][T12164]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.801112][T12164]  ? trace_irq_disable+0x37/0x100
[  491.801121][T12164]  ? clear_bhb_loop+0x40/0x90
[  491.801134][T12164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.801143][T12164] RIP: 0033:0x7f4bbf43bf79
[  491.801153][T12164] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  491.801162][T12164] RSP: 002b:00007f4bbd696028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  491.801174][T12164] RAX: ffffffffffffffda RBX: 00007f4bbf6b5fa0 RCX: 00007f4bbf43bf79
[  491.801182][T12164] RDX: 00000000040001b6 RSI: 0000200000001540 RDI: 0000000000000003
[  491.801189][T12164] RBP: 00007f4bbd696090 R08: 0000000000000000 R09: 0000000000000000
[  491.801196][T12164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  491.801202][T12164] R13: 00007f4bbf6b6038 R14: 00007f4bbf6b5fa0 R15: 00007ffc38ebfc68
[  491.801217][T12164]  </TASK>
[  491.924395][    T9] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  492.105893][    T9] usb 3-1: Using ep0 maxpacket: 16
[  492.107961][    T9] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  492.107987][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  492.108006][    T9] usb 3-1: config 0 has no interface number 0
[  492.108046][    T9] usb 3-1: config 0 interface 35 altsetting 0 has an endpoint descriptor with address 0x7A, changing to 0xA
[  492.108072][    T9] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  492.108095][    T9] usb 3-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  492.110515][    T9] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=3e.04
[  492.110532][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.110543][    T9] usb 3-1: Product: syz
[  492.110551][    T9] usb 3-1: Manufacturer: syz
[  492.110559][    T9] usb 3-1: SerialNumber: syz
[  492.166148][    T9] usb 3-1: config 0 descriptor??
[  492.322487][T12169] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  492.376206][ T5952] usb 3-1: USB disconnect, device number 77
[  492.394037][    T9] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  492.543807][    T9] usb 2-1: Using ep0 maxpacket: 16
[  492.545335][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  492.545353][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  492.545366][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  492.545389][    T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  492.545401][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.549538][    T9] usb 2-1: config 0 descriptor??
[  493.207152][    T9] usbhid 2-1:0.0: can't add hid device: -71
[  493.207262][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  493.224088][    T9] usb 2-1: USB disconnect, device number 33
[  493.338859][T12180] netlink: 'syz.2.2166': attribute type 21 has an invalid length.
[  493.338885][T12180] IPv6: NLM_F_CREATE should be specified when creating new route
[  493.340210][T12180] sock: sock_timestamping_bind_phc: sock not bind to device
[  493.680726][T12188] hub 8-0:1.0: USB hub found
[  493.682610][T12188] hub 8-0:1.0: 1 port detected
[  494.525985][ T6736] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  494.696642][ T6736] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  494.696678][ T6736] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  494.696702][ T6736] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  494.699737][ T6736] usb 8-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  494.699767][ T6736] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  494.699788][ T6736] usb 8-1: Product: syz
[  494.699803][ T6736] usb 8-1: Manufacturer: syz
[  494.699818][ T6736] usb 8-1: SerialNumber: syz
[  494.705381][ T6736] usb 8-1: config 0 descriptor??
[  494.719889][T12196] netem: invalid attributes len -24
[  494.719906][T12196] netem: change failed
[  494.833833][  T807] usb 3-1: new full-speed USB device number 78 using dummy_hcd
[  494.933823][ T6736] adutux 8-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  494.985898][  T807] usb 3-1: config 0 has an invalid interface number: 214 but max is 0
[  494.985927][  T807] usb 3-1: config 0 has no interface number 0
[  494.985972][  T807] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  494.989423][  T807] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  494.989453][  T807] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  494.989472][  T807] usb 3-1: Manufacturer: syz
[  494.989486][  T807] usb 3-1: SerialNumber: syz
[  495.080210][  T807] usb 3-1: config 0 descriptor??
[  495.157504][ T5866] usb 8-1: USB disconnect, device number 2
[  495.347831][T12208] FAULT_INJECTION: forcing a failure.
[  495.347831][T12208] name failslab, interval 1, probability 0, space 0, times 0
[  495.347871][T12208] CPU: 0 UID: 0 PID: 12208 Comm: syz.1.2175 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  495.347898][T12208] Tainted: [L]=SOFTLOCKUP
[  495.347905][T12208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  495.347917][T12208] Call Trace:
[  495.347925][T12208]  <TASK>
[  495.347934][T12208]  dump_stack_lvl+0xe8/0x150
[  495.347964][T12208]  should_fail_ex+0x46b/0x600
[  495.347992][T12208]  should_failslab+0xa8/0x100
[  495.348015][T12208]  __kmalloc_noprof+0xdf/0x7b0
[  495.348034][T12208]  ? kfree+0x4d/0x690
[  495.348050][T12208]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  495.348076][T12208]  tomoyo_realpath_from_path+0xe3/0x5d0
[  495.348098][T12208]  ? tomoyo_domain+0xd8/0x130
[  495.348123][T12208]  ? tomoyo_path_number_perm+0x219/0x630
[  495.348148][T12208]  tomoyo_path_number_perm+0x246/0x630
[  495.348173][T12208]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  495.348195][T12208]  ? __lock_acquire+0x6b5/0x2cf0
[  495.348220][T12208]  ? do_raw_spin_lock+0x12b/0x2f0
[  495.348279][T12208]  ? __fget_files+0x2a/0x420
[  495.348304][T12208]  ? __fget_files+0x2a/0x420
[  495.348325][T12208]  ? __fget_files+0x3a6/0x420
[  495.348346][T12208]  ? __fget_files+0x2a/0x420
[  495.348370][T12208]  security_file_ioctl+0xc3/0x2a0
[  495.348492][T12208]  __se_sys_ioctl+0x47/0x170
[  495.348519][T12208]  do_syscall_64+0x14d/0xf80
[  495.348543][T12208]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.348559][T12208]  ? trace_irq_disable+0x37/0x100
[  495.348574][T12208]  ? clear_bhb_loop+0x40/0x90
[  495.348597][T12208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.348615][T12208] RIP: 0033:0x7f64b37fbf79
[  495.348632][T12208] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  495.348647][T12208] RSP: 002b:00007f64b1a56028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  495.348668][T12208] RAX: ffffffffffffffda RBX: 00007f64b3a75fa0 RCX: 00007f64b37fbf79
[  495.348681][T12208] RDX: 0000200000000100 RSI: 0000000040106f52 RDI: 0000000000000003
[  495.348693][T12208] RBP: 00007f64b1a56090 R08: 0000000000000000 R09: 0000000000000000
[  495.348704][T12208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  495.348715][T12208] R13: 00007f64b3a76038 R14: 00007f64b3a75fa0 R15: 00007ffeff4c2e68
[  495.348753][T12208]  </TASK>
[  495.350004][T12208] ERROR: Out of memory at tomoyo_realpath_from_path.
[  495.842906][ T5958] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  496.154986][    T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  496.333777][    T9] usb 2-1: Using ep0 maxpacket: 16
[  496.336125][    T9] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[  496.336152][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  496.336171][    T9] usb 2-1: config 0 has no interface number 0
[  496.336215][    T9] usb 2-1: config 0 interface 35 altsetting 0 has an endpoint descriptor with address 0x7A, changing to 0xA
[  496.336240][    T9] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  496.336261][    T9] usb 2-1: config 0 interface 35 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  496.343457][    T9] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=3e.04
[  496.343487][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.343507][    T9] usb 2-1: Product: syz
[  496.343522][    T9] usb 2-1: Manufacturer: syz
[  496.343536][    T9] usb 2-1: SerialNumber: syz
[  496.404466][    T9] usb 2-1: config 0 descriptor??
[  496.663310][    T9] usb 2-1: USB disconnect, device number 34
[  496.708635][  T807] usbtouchscreen 3-1:0.214: probe with driver usbtouchscreen failed with error -71
[  496.768583][  T807] usb 3-1: USB disconnect, device number 78
[  497.409174][ T5814] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  497.429774][ T5814] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  497.430153][ T5814] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  497.432962][ T5814] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  497.443555][ T5814] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  498.175449][  T807] usb 1-1: new full-speed USB device number 78 using dummy_hcd
[  498.176938][T12244] FAULT_INJECTION: forcing a failure.
[  498.176938][T12244] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  498.176973][T12244] CPU: 0 UID: 0 PID: 12244 Comm: syz.1.2186 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  498.176999][T12244] Tainted: [L]=SOFTLOCKUP
[  498.177006][T12244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  498.177018][T12244] Call Trace:
[  498.177026][T12244]  <TASK>
[  498.177035][T12244]  dump_stack_lvl+0xe8/0x150
[  498.177063][T12244]  should_fail_ex+0x46b/0x600
[  498.177090][T12244]  _copy_from_user+0x2d/0xb0
[  498.177114][T12244]  ___sys_sendmsg+0x1c6/0x360
[  498.177132][T12244]  ? __lock_acquire+0x6b5/0x2cf0
[  498.177160][T12244]  ? __pfx____sys_sendmsg+0x10/0x10
[  498.177212][T12244]  ? __fget_files+0x2a/0x420
[  498.177234][T12244]  ? __fget_files+0x3a6/0x420
[  498.177266][T12244]  __x64_sys_sendmsg+0x1c3/0x2a0
[  498.177288][T12244]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  498.177316][T12244]  ? __pfx_ksys_write+0x10/0x10
[  498.177346][T12244]  do_syscall_64+0x14d/0xf80
[  498.177368][T12244]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.177386][T12244]  ? trace_irq_disable+0x37/0x100
[  498.177403][T12244]  ? clear_bhb_loop+0x40/0x90
[  498.177425][T12244]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.177443][T12244] RIP: 0033:0x7f64b37fbf79
[  498.177460][T12244] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  498.177476][T12244] RSP: 002b:00007f64b1a56028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  498.177496][T12244] RAX: ffffffffffffffda RBX: 00007f64b3a75fa0 RCX: 00007f64b37fbf79
[  498.177511][T12244] RDX: 0000000000000080 RSI: 0000200000000000 RDI: 0000000000000006
[  498.177523][T12244] RBP: 00007f64b1a56090 R08: 0000000000000000 R09: 0000000000000000
[  498.177536][T12244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  498.177548][T[  498.177548][T12244] R13: 00007f64b3a76038 R14: 00007f64b3a75fa0 R15: 00007ffeff4c2e68
[  498.177579][T12244]  </TASK>
[  498.393913][ T5866] ==================================================================
[  498.393934][ T5866] BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190
[  498.393963][ T5866] Read of size 8 at addr ffffc9001139a008 by task kworker/0:4/5866
[  498.393980][ T5866] 
[  498.393994][ T5866] CPU: 0 UID: 0 PID: 5866 Comm: kworker/0:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  498.394020][ T5866] Tainted: [L]=SOFTLOCKUP
[  498.394028][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  498.394040][ T5866] Workqueue: usb_hub_wq hub_event
[  498.394065][ T5866] Call Trace:
[  498.394072][ T5866]  <TASK>
[  498.394081][ T5866]  dump_stack_lvl+0xe8/0x150
[  498.394105][ T5866]  print_report+0xba/0x230
[  498.394126][ T5866]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  498.394146][ T5866]  kasan_report+0x117/0x150
[  498.394166][ T5866]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  498.394189][ T5866]  __list_del_entry_valid_or_report+0xb5/0x190
[  498.394210][ T5866]  kcov_remote_start+0x2af/0x710
[  498.394236][ T5866]  hub_event+0x150/0x4f60
[  498.394257][ T5866]  ? __lock_acquire+0x6b5/0x2cf0
[  498.394279][ T5866]  ? __lock_acquire+0x6b5/0x2cf0
[  498.394302][ T5866]  ? look_up_lock_class+0x57/0x110
[  498.394325][ T5866]  ? update_load_avg+0x1b0/0x1e70
[  498.394348][ T5866]  ? __lock_acquire+0x6b5/0x2cf0
[  498.394372][ T5866]  ? finish_task_switch+0x161/0x920
[  498.394396][ T5866]  ? lock_acquire+0x106/0x330
[  498.394422][ T5866]  ? __pfx_hub_event+0x10/0x10
[  498.394443][ T5866]  ? process_scheduled_works+0xa0f/0x17a0
[  498.394466][ T5866]  ? process_scheduled_works+0xa0f/0x17a0
[  498.394485][ T5866]  ? process_scheduled_works+0xa0f/0x17a0
[  498.394505][ T5866]  process_scheduled_works+0xaec/0x17a0
[  498.394534][ T5866]  ? __pfx_process_scheduled_works+0x10/0x10
[  498.394555][ T5866]  ? assign_work+0x3d5/0x5e0
[  498.394576][ T5866]  worker_thread+0xa50/0xfc0
[  498.394607][ T5866]  kthread+0x388/0x470
[  498.394630][ T5866]  ? __pfx_worker_thread+0x10/0x10
[  498.394648][ T5866]  ? __pfx_kthread+0x10/0x10
[  498.394670][ T5866]  ret_from_fork+0x51e/0xb90
[  498.394691][ T5866]  ? __pfx_ret_from_fork+0x10/0x10
[  498.394710][ T5866]  ? __switch_to+0xc7d/0x1400
[  498.394730][ T5866]  ? __pfx_kthread+0x10/0x10
[  498.394752][ T5866]  ret_from_fork_asm+0x1a/0x30
[  498.394782][ T5866]  </TASK>
[  498.394789][ T5866] 
[  498.394794][ T5866] The buggy address belongs to a vmalloc virtual mapping
[  498.394811][ T5866] Memory state around the buggy address:
[  498.394822][ T5866]  ffffc90011399f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  498.394835][ T5866]  ffffc90011399f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  498.394846][ T5866] >ffffc9001139a000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  498.394855][ T5866]                       ^
[  498.394865][ T5866]  ffffc9001139a080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  498.394877][ T5866]  ffffc9001139a100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  498.394893][ T5866] ==================================================================
[  498.394913][ T5866] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  498.394931][ T5866] CPU: 0 UID: 0 PID: 5866 Comm: kworker/0:4 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  498.394956][ T5866] Tainted: [L]=SOFTLOCKUP
[  498.394964][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  498.394976][ T5866] Workqueue: usb_hub_wq hub_event
[  498.394996][ T5866] Call Trace:
[  498.395003][ T5866]  <TASK>
[  498.395011][ T5866]  vpanic+0x1e0/0x670
[  498.395035][ T5866]  panic+0xc5/0xd0
[  498.395056][ T5866]  ? __pfx_panic+0x10/0x10
[  498.395079][ T5866]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  498.395098][ T5866]  ? rcu_is_watching+0x15/0xb0
[  498.395124][ T5866]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  498.395143][ T5866]  check_panic_on_warn+0x89/0xb0
[  498.395161][ T5866]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  498.395180][ T5866]  end_report+0x6f/0x140
[  498.395197][ T5866]  kasan_report+0x128/0x150
[  498.395216][ T5866]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  498.395239][ T5866]  __list_del_entry_valid_or_report+0xb5/0x190
[  498.395260][ T5866]  kcov_remote_start+0x2af/0x710
[  498.395284][ T5866]  hub_event+0x150/0x4f60
[  498.395305][ T5866]  ? __lock_acquire+0x6b5/0x2cf0
[  498.395327][ T5866]  ? __lock_acquire+0x6b5/0x2cf0
[  498.395349][ T5866]  ? look_up_lock_class+0x57/0x110
[  498.395371][ T5866]  ? update_load_avg+0x1b0/0x1e70
[  498.395393][ T5866]  ? __lock_acquire+0x6b5/0x2cf0
[  498.395417][ T5866]  ? finish_task_switch+0x161/0x920
[  498.395440][ T5866]  ? lock_acquire+0x106/0x330
[  498.395466][ T5866]  ? __pfx_hub_event+0x10/0x10
[  498.395488][ T5866]  ? process_scheduled_works+0xa0f/0x17a0
[  498.395510][ T5866]  ? process_scheduled_works+0xa0f/0x17a0
[  498.395529][ T5866]  ? process_scheduled_works+0xa0f/0x17a0
[  498.395550][ T5866]  process_scheduled_works+0xaec/0x17a0
[  498.395582][ T5866]  ? __pfx_process_scheduled_works+0x10/0x10
[  498.395604][ T5866]  ? assign_work+0x3d5/0x5e0
[  498.395625][ T5866]  worker_thread+0xa50/0xfc0
[  498.395656][ T5866]  kthread+0x388/0x470
[  498.395678][ T5866]  ? __pfx_worker_thread+0x10/0x10
[  498.395697][ T5866]  ? __pfx_kthread+0x10/0x10
[  498.395718][ T5866]  ret_from_fork+0x51e/0xb90
[  498.395740][ T5866]  ? __pfx_ret_from_fork+0x10/0x10
[  498.395759][ T5866]  ? __switch_to+0xc7d/0x1400
[  498.395779][ T5866]  ? __pfx_kthread+0x10/0x10
[  498.395802][ T5866]  ret_from_fork_asm+0x1a/0x30
[  498.395832][ T5866]  </TASK>
[  498.395972][ T5866] Kernel Offset: disabled