last executing test programs:

2m6.833199206s ago: executing program 4 (id=2190):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=[{0x6, 0x43, 0x0, 0x7fff0000}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x102, 0x0)
close(r2)
ioctl$TUNSETLINK(r1, 0x400454cd, 0x306)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(r0, 0xffffffffffffffff, 0x0)

2m6.186435821s ago: executing program 4 (id=2193):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bff"], 0x15)

2m5.943344012s ago: executing program 4 (id=2194):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = syz_open_dev$video(&(0x7f0000002c40), 0x0, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000200)={0xa, 0x2, 0x5, {0x3, 0x0, 0x80081, 0x403}})
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x101001, 0x391)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1c)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
writev(0xffffffffffffffff, &(0x7f0000000140), 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, 0xffffffffffffffff, 0x0)
r5 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)

2m1.422489058s ago: executing program 4 (id=2204):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000001540)=ANY=[@ANYBLOB="18030007430000000000000017000201180f0000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b5020000140000008500000083000000bc0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000000000024b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x7, 0x1003, &(0x7f0000001e40)=""/4099, 0x40f00, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)

2m1.193041628s ago: executing program 4 (id=2206):
unshare(0x2040400)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f0000000080)='tracefs\x00', 0x0, &(0x7f0000000000))
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000080)={'fscrypt:', @desc1}, 0x0, 0x0, 0xffffffffffffffff)
io_uring_setup(0xf31, &(0x7f00000001c0)={0x0, 0xaf08, 0x1, 0x3, 0x18a})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x33, &(0x7f0000000240)=0xad, 0x4)
bind$inet6(r4, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)

1m59.713187453s ago: executing program 4 (id=2207):
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x5c}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800, 0x5}, 0x2b)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="680000004200010a"], 0x68}, 0x1, 0x0, 0x0, 0x20000050}, 0x800)

1m44.445028202s ago: executing program 32 (id=2207):
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x5c}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x4800, 0x5}, 0x2b)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="680000004200010a"], 0x68}, 0x1, 0x0, 0x0, 0x20000050}, 0x800)

10.42948489s ago: executing program 0 (id=2482):
r0 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

9.817019495s ago: executing program 0 (id=2486):
socket$inet(0x2, 0x1, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x8910, 0x20001116)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001980)={0x1, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80000001}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000480), 0x4014, &(0x7f0000001000)=ANY=[@ANYBLOB="6d706f6c3d62690bbe608ae7a8e257d632a80e6e643a302d4e3a332f", @ANYRESOCT=r0]) (fail_nth: 7)

8.633556659s ago: executing program 0 (id=2490):
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid() (async)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000c, 0x11, 0xffffffffffffffff, 0x100000000) (async)
r3 = inotify_init() (async)
r4 = userfaultfd(0x80001) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000010101010000000000000000020000000c0019800800010008000000100001800c0002"], 0xfde2}}, 0x0)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x34d}) (async)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1}) (async)
mremap(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f0000ffb000/0x3000)=nil) (async)
mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000fff000/0x1000)=nil)
close_range(r3, 0xffffffffffffffff, 0x0)

8.602480043s ago: executing program 3 (id=2491):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000080}, 0x4000000)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000180)={0x5, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0x4000})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

8.518047849s ago: executing program 5 (id=2493):
unshare(0x2040400)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f0000000080)='tracefs\x00', 0x0, &(0x7f0000000000))
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, 0x0)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000080)={'fscrypt:', @desc1}, 0x0, 0x0, 0xffffffffffffffff)
r5 = io_uring_setup(0xf31, &(0x7f00000001c0)={0x0, 0xaf08, 0x1, 0x3, 0x18a})
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0)
sendto$inet6(r6, 0x0, 0x0, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000000280)="a07742fb4e45a3174b9ad2dc628f9eecb7007793b065563271ae80e5be1d2f84c0a5b86f803f2c000b975fe42e8dfdaa38438b6e853e7df209be9e95b38db211a1b2727f72bc99edf3a96dec4855ccbcdea369f6c14496d2ebe38e018117370096b0f762b2145ea8063421f4e864a584ce03deafbb91cba6edfbf1e563eb4c676053c197acb882c5cf7b2fb8dc35b23b7b5e95dcc59e9e5aba328a7626b54f1ec0a25fce644f13314a53a30f023b992596cef4f4f9bdee5391adc6f2f45f36cc00ce6c4509dfd1bff92542bad4e4c1256439b279de793f09e95aaa", 0xdb}], 0x1)
close_range(r5, 0xffffffffffffffff, 0x0)

8.386622559s ago: executing program 3 (id=2494):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="00000c0400000700015f"], 0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r1 = socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
r2 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
madvise(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x9)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newlink={0x2c, 0x10, 0x1, 0x70bda9, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2a2c9, 0x15b30}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0x9}, @IFLA_VFINFO_LIST={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0xd1}, 0x0)

7.66239043s ago: executing program 0 (id=2497):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@bridge_dellink={0x20, 0x11, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x18400, 0x40a00}}, 0x20}, 0x1, 0x0, 0x0, 0x60}, 0x0)

7.512682126s ago: executing program 2 (id=2498):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc", 0x13}], 0x1}, 0x200a4800)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002740)=[{&(0x7f00000004c0)=""/4096, 0x1000}, {&(0x7f0000000100)=""/203, 0xcb}, {&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000027c0)=""/234, 0xea}, {&(0x7f0000000380)=""/138, 0x8a}, {&(0x7f00000024c0)=""/98, 0x62}, {&(0x7f0000002540)=""/224, 0xe0}, {&(0x7f0000002640)=""/200, 0xc8}], 0x8}, 0x40)

6.930430112s ago: executing program 1 (id=2499):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'ipvlan1\x00', &(0x7f0000000000)=@ethtool_perm_addr={0x4b, 0xa, "437207e9940bae450000"}})
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f00000000c0)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000140), 0x12)
r3 = openat$cgroup_procs(r1, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000080), 0x12)

6.866347486s ago: executing program 0 (id=2500):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend', 0xa00, 0x0) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
r2 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x909, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x81, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000002540)={0x24, 0x0, 0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) (async)
r3 = accept4(r1, 0x0, 0x0, 0x80800)
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r3) (async, rerun: 64)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0) (rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa300000000000007030000f1feffff720a06fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed00000f030000000000001d44000000000000730a04fe0000000072030000000a0000b500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa516a68f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a597e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef77997e344e61482808c02b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb879"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x2}, 0x10}, 0x94) (async)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x55)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004ac0a9dea0000000700000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000a000000850000000700000095"], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r6, 0x0, 0xe, 0x0, &(0x7f0000000640)="d9b9547ed3c0021a6fd6a67ab922", 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) (async)
bind$inet6(r7, &(0x7f0000000540)={0xa, 0x4e22, 0x7651, @empty, 0x200}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg1\x00', <r8=>0x0})
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB="0300"/20, @ANYRES32=r8, @ANYRES32=r0, @ANYRESHEX=r4], 0x50) (async, rerun: 32)
r10 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2c24, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x7, 0xff, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0x10}}}}}]}}]}}, 0x0) (rerun: 32)
syz_usb_control_io$hid(r10, 0x0, 0x0) (async)
syz_usb_control_io$hid(r10, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x3, {[@local=@item_012={0x2, 0x2, 0x2, "b5b2"}]}}, 0x0}, 0x0) (async)
syz_usb_control_io$uac1(r10, &(0x7f0000000140)={0x14, &(0x7f00000000c0)={0x60, 0x24, 0x22, {0x22, 0x7, "ca940834a5e34b1f44456c86a248ada87fae93c88999c3156625ff9fd5dd936a"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2801}}}, &(0x7f0000000380)={0x44, &(0x7f0000000180)={0x20, 0x13, 0x6, "95dd215d5469"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x1}, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0, &(0x7f0000000340)={0x20, 0x85, 0x3, "00d6f8"}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r9, 0xc400941d, &(0x7f0000000580)={<r11=>0x0, 0x14, 0x6, 0x1})
ioctl$BTRFS_IOC_DEV_INFO(r7, 0xd000941e, &(0x7f0000000980)={r11, "956975be5e1472705bab702b76333d72"}) (async)
r12 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r12, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) (async)
bind$inet(r12, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
read$proc_mixer(r0, &(0x7f0000000180)=""/74, 0x4a) (async, rerun: 32)
bind$inet6(r7, &(0x7f0000001980)={0xa, 0x4e24, 0x8000, @ipv4={'\x00', '\xff\xff', @remote}, 0x7fffffff}, 0x1c) (rerun: 32)

6.70690158s ago: executing program 2 (id=2501):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000100)={0x0, 0x3, 0x1, 'x'}, 0x9)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000900)=[@in6={0xa, 0x4e23, 0x3f, @loopback, 0x5}], 0x1c)

6.706176814s ago: executing program 1 (id=2502):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40140, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000002f000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00'}, 0x48)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0x1}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x18082, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

6.664780346s ago: executing program 2 (id=2503):
io_uring_setup(0x4822, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0xfb})
r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0)
flock(r1, 0x2)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)
ioctl$sock_SIOCOUTQ(r2, 0x5411, &(0x7f0000002880))
ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000000))
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000060000000800000008"], 0x48)
renameat2(r1, &(0x7f00000003c0)='./file0\x00', r1, &(0x7f0000000400)='./file0\x00', 0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={0xffffffffffffffff, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x8001, 0x0, 0x7}, {0x1, 0xa0, 0xfb, 0x9}, {0x1, 0x1, 0x0, 0x2a3559ad}]})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000500), r0)
getsockname$packet(r0, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000580)=0x14)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'gretap0\x00', <r7=>0x0})
sendto$packet(r6, 0x0, 0x0, 0x4044810, &(0x7f0000000280)={0x11, 0x88a8, r7, 0x1, 0x4, 0x6, @multicast}, 0x14)
r8 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301)
ioctl$USBDEVFS_CLAIM_PORT(r8, 0x80045519, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000640)={'syztnl0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x2f, 0x4, 0x1, 0x0, 0x1c, @remote, @private0, 0x8000, 0x10, 0x8000, 0x80000001}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000740)={'syztnl2\x00', &(0x7f0000000680)={'gre0\x00', 0x0, 0x8, 0x7, 0xffffffff, 0x1, {{0x27, 0x4, 0x3, 0x9, 0x9c, 0x64, 0x0, 0x4, 0x4, 0x0, @multicast2, @broadcast, {[@timestamp_prespec={0x44, 0x2c, 0x19, 0x3, 0x1, [{@initdev={0xac, 0x1e, 0x5, 0x0}, 0xd}, {@dev={0xac, 0x14, 0x14, 0x2d}, 0x48}, {@remote, 0x3bea}, {@remote, 0x1}, {@local, 0x2}]}, @generic={0x86, 0x11, "fdd756dd47a17c89e2ec7738075909"}, @generic={0x86, 0xa, "58322588c2cf3bc3"}, @noop, @timestamp_addr={0x44, 0x14, 0xe8, 0x1, 0x7, [{@private=0xa010101, 0x6}, {@remote, 0xffffffff}]}, @generic={0x86, 0xe, "ecbeb68168c64c73b43df4e4"}, @ra={0x94, 0x4}, @ssrr={0x89, 0x17, 0xcb, [@private=0xa010105, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @broadcast, @local]}]}}}}})
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r4, &(0x7f0000000840)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x24, r5, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x2}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x44}, 0x20000000)
syz_usb_connect(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e0100002b4101", @ANYRESHEX=0x0], 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000001c0)={0x96f1, {{0xa, 0x4e20, 0x9, @mcast2, 0x9b2}}, {{0xa, 0x4e22, 0x229, @remote, 0x5}}}, 0x108)
flock(r0, 0x2)
r9 = open(&(0x7f0000000300)='.\x00', 0x100000, 0x0)
flock(r9, 0x1)

6.564196264s ago: executing program 1 (id=2504):
r0 = socket$inet(0x2, 0x2, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r1, &(0x7f0000002640)=[{&(0x7f0000000080)="b2c753e83ccc9d5816f9a620e8c5b837df39017b3416c44926e5ef28948519ae83eb755b47a741d943bfea19853e691bb678cef9260302272123d976a48e233337cdc5085eda137f9a0d78d8fb373f6958689115aa1c12ebd8b6fe440cb1caa3e9ac14e91a1ae7aeb711f1dd6b19b6ab93e92577c3024c41cf8f9e8371d8f8d2e27063f3048a6a84a0d486e0701ffb9bab40d43db3fd209dc9f6a6e4c06df1965d7c6c788500a5671f9eca96f6f6f2b62b046e6e86232b6d84fb436326b82e50211e569db42c15787913faef5125721ff497841d30e6559de70c70320367b57eade1f1ededb68582e1f179c30323f5c28bc8e6382033d11aabdbb98281ecfb4c25a8e4ca7de3d215ed9612c203dcff61b96a1a4e020a799932de6b4a8800e24a3b0dbb8b4185a84999b4cccea7cd7acc25be635a4bcea7e70679ba193d7be4e757fe6608565844abe517c124ddebca03bb73c636511729fff0842b475a83803d0a636768c3832a50f441c2913b8753849aa0a2c9e954c900b511b4722c95ec38d44b1cfc03cf94168a345e947263e095e0f4a54bab3be17f10e38e87d75b23857f1a8301296c80573f321ca87d21dcb24152045c3f47ab97688cc13e98cde95a1477fb4796f44425e5be882bc05812db7dbcec41d44bfc3222d58627303cdcef666904c24b93c429c15a4c54c1534fe12cc8ebf6885baa1f5ca488b809d570ab86248c9b42f615c43dfe476f0afeb4cd1f0a0ae19e0d3d127ebd60f65b7169c0c77316895044de9519c2fa912c76993afcb1467d84f445d2a5fca309901faed022edaacc5740f08cd4d0803b2f47341ed1ff10e251269200cffc5fe971b9b37ccb0e5b0202ef6f40f896a5140c12ba60770bde9c7e88cc5135e36a57175535d67010fce9702b2e0cbf9f2b3ab095b1a2b0a34542ff06f6b53a64ab022396971763a6fd0326bfbb7c8c88bc8abe16c57ced112f2e1e3c57580e3e76285948c4c55e563c1f7726f663a95a6a2c584f797d4339eebf4ae23514b48342f904b92af54be0b0f1cc3fcf9d07a8b6f6472cd7872f3ba7b7c06b308d20673e0dc1b3e9ad5d984170f62dc2cabe273a7faefc8c9bb0f59312be6e639abf81616e27384fd6eb76a8be0db485b62678adb11bce905d584c904770a6e1c5a289f4fef9e2f5471cee9e33330a7726c31fbfa72c85e23a980926caff285a9c678e5301272a9359c7b5c98ec6233b8096e2bf63c5711b6ce7e55c5d0d7c88a11e63e12e14ef5df66d3296202227d2650502b1112592225a94d36a48b8171334857ab969b5947d08a017ac9b9b44b1dccdfb8888eeed9a528b", 0x3b1}], 0x1)
setsockopt$sock_int(r0, 0x1, 0xf, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a"], 0x7c}}, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
shutdown(r2, 0x0)
recvmmsg(r2, &(0x7f0000000080), 0x72a, 0x0, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000001c0)={0x800000a})
pipe(&(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = socket$inet(0x2, 0x2, 0x1)
setsockopt$sock_int(r6, 0x1, 0x5, &(0x7f0000000440)=0x1, 0x4)
sendmsg$inet(r6, &(0x7f00000001c0)={&(0x7f0000000000)={0x2, 0x4e22, @private=0xa010100}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000140)="0800101d89b5eb00", 0x8}], 0x1}, 0x20010404)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB="0c00b12896e1dc37661f5a1d633853d10974d180bb3eedb78a8f87fd9016f10eba6edc14e0b5bcff92c419d8b773874031a41b72387ced33353c66cb7d79f03dc82f255442dce12a0a54d6ffd61d349337b7b54ccdf2bba27c86f1fdc4e41a9f631607568831ed01000000dd85e0590acc92bef414dc097c7ddbb6815ab396d539ddb26245f5873b91e8c34c1754adc8e0254202422eaa7b08cc811b3349ae66626e0d65a01367e413a982866d2aaf49562ed42090cb7264204a43bbd5970dc60a877fde845b0dc583ef97dcf3761dff369f449c56d28477b0d9f92a36f3bf0335e898fb1e90b3c145e37f99244e55d61e6cf47f9a00f770752afed5db5e60b9c898"])
write$P9_RLERRORu(r5, &(0x7f0000000340)=ANY=[], 0xffffffb3)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x51, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ec13b2106d04d308280b0102030109023f00010000000009046900000e010000082402"], 0x0)

6.432204757s ago: executing program 5 (id=2505):
r0 = getpgid(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
getpgrp(0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000100)={@default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4, 0xffffffffffff0001, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
syz_pidfd_open(r0, 0x0)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setns(0xffffffffffffffff, 0x66020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)

6.350145311s ago: executing program 3 (id=2506):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in={0x2, 0x4e21, @private=0xa010102}], 0x10)
setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f00000000c0)=0x9, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x80)

4.416207872s ago: executing program 5 (id=2507):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r2=>0x0], &(0x7f0000000200), 0x3, r1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000500)={0x4000, 0x1, &(0x7f0000000180)=[r1], &(0x7f0000000280)=[0x7fff], &(0x7f0000000580)=[r2], &(0x7f0000000040)})

4.278952763s ago: executing program 3 (id=2508):
r0 = socket(0x11, 0x3, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x882, 0x4)
bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
sendto$packet(r0, &(0x7f00000002c0)="fb57975e267951722b395d37bac8", 0x5ee, 0x0, 0x0, 0x0)

3.921919221s ago: executing program 0 (id=2509):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000001340)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r2=>0x0})
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000080)=0x3)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001380)=@newtfilter={0x878, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0xfff3}, {}, {0xe, 0x300}}, [@filter_kind_options=@f_fw={{0x7}, {0x84c, 0x2, [@TCA_FW_POLICE={0x848, 0x2, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x4, 0x9, 0x8000, 0x7, 0xe7ac, 0x8, 0x1, 0x7, 0x7, 0x4, 0xff, 0x8d3c, 0x8, 0x7, 0x1, 0x1, 0x4, 0x8, 0x9c, 0x6, 0x80, 0x7, 0x3, 0x44, 0x1000, 0x8, 0x80000000, 0x100, 0x8, 0x7, 0x8cc, 0xe3ad, 0x7, 0x7, 0x1b, 0x7f, 0x0, 0x2, 0x16, 0x8372, 0x4, 0x7, 0x9, 0x8, 0x7fffffff, 0x3, 0xc64, 0x4, 0x3, 0x7fff, 0x2f, 0xe, 0x7480, 0x7, 0x1, 0x2, 0x5, 0x1a700000, 0x2, 0x3ff, 0x5, 0x40, 0x401, 0x6, 0x1, 0x2, 0x0, 0x0, 0x5, 0x2, 0x5, 0x5a90, 0x9, 0x400, 0x8, 0x8000, 0x3, 0x80000000, 0x8000, 0x200, 0xfffffff9, 0x7, 0x6, 0x7, 0x9, 0xb0, 0x3f1, 0x80000000, 0x7, 0x8, 0xfffffff3, 0x8, 0x40, 0xfffffff6, 0x4, 0xfffffffa, 0xffffff0c, 0x1000, 0xb1, 0xfff, 0xffff8001, 0xffffffc0, 0x5, 0x8001, 0x3, 0x340, 0x9, 0x6, 0x7, 0x7, 0x3ff, 0xfffffeff, 0x3, 0x4, 0x9, 0xfffffffd, 0x5, 0x0, 0x1, 0xfffffffe, 0xff, 0x200, 0x4, 0x20000000, 0x8, 0x0, 0x5, 0xffffffff, 0x8001, 0x2, 0x6, 0x8, 0xffff, 0x8, 0x1, 0x40, 0x2, 0xffffffff, 0xffff8000, 0x1, 0x69b, 0xfffffffa, 0x2, 0x63f4, 0xb534, 0x899, 0x9, 0x7fff, 0x400, 0x4, 0x9, 0x0, 0xfffffff8, 0x0, 0x0, 0x101, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0xd, 0xfffffffb, 0x40, 0x6, 0x3ff, 0x4, 0x4c08, 0x1, 0x80, 0x1000, 0x5, 0x3, 0x6, 0x9, 0x3, 0x3, 0x10000, 0x7fff, 0x1d3c, 0x0, 0x2ee3, 0x9a, 0x8, 0x10000, 0xf3a5, 0x0, 0x2, 0x2, 0x2, 0x80000000, 0x4, 0x0, 0xffffffff, 0x100, 0x8, 0x3, 0x6, 0xfffffffd, 0x3, 0xd, 0x5, 0x6, 0x10000, 0x7, 0x1, 0x7, 0x7fff, 0x5, 0x77a6, 0x0, 0x7, 0x400, 0x10000, 0x7f, 0x0, 0x0, 0x6, 0x5, 0x4, 0x80, 0x47, 0xaa, 0xe, 0x8, 0x7ff, 0x800, 0x7, 0x1893, 0x4, 0x1, 0x1, 0x8, 0x80000001, 0x0, 0x10, 0x80000001, 0x1, 0x8001, 0x9b6f, 0x2, 0x2f, 0x61, 0x8, 0x5, 0x8001, 0x401, 0x4, 0x31268a4e, 0x7fffffff, 0x1, 0x4, 0x2, 0x8, 0x0, 0x7]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x60e9, 0x8, 0xa, 0xf3a, 0x0, {0xb, 0x0, 0x1, 0x7, 0x7, 0x1}, {0x6, 0x0, 0xe, 0xfffd, 0x9, 0x2}, 0x7fffffff, 0x2, 0x7}}, @TCA_POLICE_RATE={0x404, 0x2, [0x8000, 0x67, 0x9, 0x8, 0x3ff, 0x10, 0x840, 0x7fff, 0x68, 0x1, 0x2, 0xdb3, 0x5, 0x40, 0x6, 0x400, 0xd, 0x2537, 0x4, 0x4, 0x8, 0x100, 0x5, 0x8, 0x0, 0xffff, 0x7, 0x9, 0x7, 0xb, 0x3, 0x0, 0x400, 0x2, 0x10001, 0x7ff, 0xfffffffe, 0xffff8930, 0x2, 0x5, 0xffffffff, 0x8, 0x7, 0xa4, 0x401, 0x2, 0x100, 0x5, 0x3, 0x10000, 0x5, 0x0, 0x2, 0xa, 0x1, 0x8001, 0x4, 0x7, 0x8001, 0xc, 0x8, 0x10001, 0xa63, 0x3, 0x6, 0x4, 0x80, 0x2, 0x6, 0x7, 0x1, 0x8000, 0x7, 0x9, 0x9, 0xd7dd, 0xe2b, 0xe9ee, 0xfffffffd, 0x3, 0xffff, 0x3, 0x6, 0x3, 0x62, 0xa9, 0x20000, 0x0, 0x80, 0xd1c, 0xfffffff8, 0x10, 0x53e, 0xb2, 0x4, 0x8e, 0xd, 0x5, 0x1, 0x101, 0x8, 0x3, 0xfffffe00, 0x3ff, 0x0, 0x8, 0x1, 0x10, 0x3, 0xfff, 0x5, 0x6, 0xfffffff7, 0xa, 0x0, 0x10001, 0x81, 0xa, 0x9f6, 0x1ff, 0x0, 0x10, 0x40, 0x8, 0x7, 0x8, 0x800, 0x8, 0x10001, 0x4, 0x7, 0x3, 0x5, 0x80, 0x2, 0x1000, 0x7, 0x800, 0x81, 0x80000000, 0xa, 0xec32, 0x1, 0x0, 0x4f, 0x2, 0x7, 0x200, 0xd4b0, 0x9, 0x0, 0x2, 0x5, 0x9, 0x6, 0x1, 0x5, 0x7ff, 0x9, 0xfffffffb, 0x8, 0x1, 0xc, 0x1, 0x2, 0x1, 0xfffffff9, 0x8, 0x3, 0x4aec5ca0, 0x0, 0x2, 0x5, 0x26e8, 0xcf5b, 0xffff, 0x3, 0x2800, 0xffffffff, 0x9, 0x1, 0xfffffffe, 0x10001, 0x4, 0x67, 0x6, 0x4e, 0x0, 0xf40, 0x3, 0x10001, 0xffffffff, 0x0, 0x2, 0xfffff504, 0x9, 0xfffffff9, 0x4, 0x2, 0x80, 0x80000001, 0x7, 0x200, 0x7, 0x5, 0x4, 0x10001, 0x1ff, 0x2, 0x8e9d, 0x191, 0x5, 0x80000000, 0x5, 0x7, 0x401, 0x1, 0x7, 0x8, 0x5, 0x7, 0x8, 0x9, 0x4, 0x3, 0x5, 0x8001, 0x3, 0x9, 0x4, 0x5, 0x1, 0x2342, 0x6cf, 0x4, 0x3, 0x6, 0x9, 0x5, 0x9, 0x3, 0xa7, 0x0, 0x6, 0x30, 0x81, 0x1, 0xfff, 0x1, 0xb, 0x200, 0x4, 0x5, 0x759, 0xd, 0x4]}]}]}}]}, 0x878}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="0d01"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])

3.920051421s ago: executing program 3 (id=2510):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@bridge_dellink={0x20, 0x11, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x18400, 0x40a00}}, 0x20}, 0x1, 0x0, 0x0, 0x60}, 0x0)

3.465847082s ago: executing program 2 (id=2511):
r0 = syz_open_dev$media(&(0x7f0000000040), 0x5, 0x100)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000080)=<r1=>0xffffffffffffffff)
r2 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000000)={0xf010000, 0x0, 0x100, r1, 0x0, 0x0})

3.366960478s ago: executing program 1 (id=2512):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x10001, 0x0, 0x1, 0x0, 0x8})
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000003c0)={0x1, @sdr={0x21335742, 0x200}}) (fail_nth: 6)

3.247380248s ago: executing program 5 (id=2513):
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x100000a, 0x4c831, 0xffffffffffffffff, 0x86c2f000)

3.178919166s ago: executing program 2 (id=2514):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40140, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="850000002f000000840000000000000095000000000000008560fc2b2062f611fc2f864ef177d634e46e8dcfe61b4fb9f600344d592fee49e176fe6ad28fbcb1f9259bfc63e9030971917e30b6f42e8f9dd6ab0ce07312a135cd363aa7e5bcef8fd0e8c7d2082584156c52ebfd69e8e13b7a8b477abc86468e11b6242133ce882f05e16b91c37b3437347f6058b4489c759783b9d4dfb55d0085a26e41201a6d8c8ced33e10048e756a40538b32bf653fa3c831a4e60599ed7a0f999d18de9984522a7cdb6fc30015633a0132c9578b7da5bd7280a5f7e28fd858ba712020b23ef8a2785b6c146c48b48ca7e232d0489661396e9303b38aa5d26d06e2e676795fd2733f95da570bab301000000ffffffff2a2792a630d8fcdc"], &(0x7f0000000180)='GPL\x00'}, 0x48)
close(r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0x1}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x18082, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

2.810363879s ago: executing program 1 (id=2515):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000100)={0x0, 0x3, 0x1, 'x'}, 0x9)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000900)=[@in6={0xa, 0x4e23, 0x3f, @loopback, 0x5}], 0x1c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0x1, 0x4)
vmsplice(r6, &(0x7f0000001680)=[{&(0x7f0000001740)='P', 0x1}, {&(0x7f0000000200)='\b', 0x1}, {&(0x7f0000001300)="da", 0x1}, {&(0x7f00000002c0)='@', 0xfffffffffffffdb3}, {&(0x7f0000000340)="069485951039c27f70b90f6758c3da21bdaf944cedf1bf161960909d9053471fc8c09c089cf1c12b52bdae0af35fef7213ec1c4632c8f61f2e413e7558751424a21d0edff438c69a6e6250e1af1c05b2dd4170d3089ba958da6d47f2839524d20d91c5631505ac5f210ad5a34e28963468285dea4a31e2a4e1daa7499e945d6c015a8f234c71e493c4ed33a04a32ffc030242e6a4e9772f6e4491744154117132af1b4d5631c163d5befa02146b5bc6b13dbe59a0a6ae59947dc8586a6e0", 0xbe}, {&(0x7f0000003040)="162dd3cad75f87b473622140aca9f6be4377caaba76f08daaad767f134c2ffc2ba9c92a5971b01b71a225dababc99832633ea975d465532309695b29d56eb9befec5159067bffa2d17b24093b372ebaf5589d18a8905982d01ee2870aa096647d6afabca77e0f36a01481b10ed8f0a585ceb41bf50f0515c259bbbbee74db0e045a9fde3614d35c6f2dfa1e71dace811a410bdfb395dd7c54fa733c6f8111f24df309ad928c6462d0a53a3824f9af07b11cb0c05724c33acfad1f5f16bffaf6c58ab2b8c4626bd9d4d1cc4ab67c9838b1fc53fb4ce46d304a12fffc2110043381d08160f056e8d3908497a402dcc156ff69bbf5cb5e5443c06bc4e3c6e4f231aab0eb6fdd2bb0740ae88095360d8b247daa6628fc10edbf048d800625134022e1d5d0bcb5c50e567f50c1990b1a434caa57d210b6084c9424d37c7a71479613b69b67670baab82f13b0923a73786655cfceb0c70d511b94f992391cad9ce57c5c76675cae6a2712cb9ce6dc07bdd0118001f062a22943ca72742a0fe97c48b9b895515fc71145fac9dfd27118a70b71dd564f27e31e1112292864a7be45459524ad8fb03c1f4388bdba3d9e3882a9be894133b0deea92885d0276f268bad0396635036192da1a9788e7525b08de07b0f351147e0f2aaa239e197924a5fc6961dbfcc96ad4cae4cf59f7a812d0c7f8506216dfb7658f8f8545477f4b6c1a606554ee19621d85438014d5e569b0c467e67cf0bb046284f4145ee9f9601b950b0217d183d0266da78f83ed2cf8a83f1374295853d52cdd561a756f247598126cddc98416c42c47a5ad4fda1c419b6ce04f4b57efd2cecf7bfe1589aab05c33e397c8acfb5e4d05cc62db2ba633e74d08c9a3c92111d39ef7d1c0321bfa1827b9fbbb592c49d46244b57c985ee4cc830f7eeda32cae961c4386916f927fc7f442eb6e2eaf45a3d2b0f28d4d319fdedd003aedc1c6384085921397a041384edee7172973fddb3eee2132acdec385cb596055f82a41087097ffece144a340cfe3ec0c0b833f4a92d28709419827eb0f747d73a2e7cc7d00a24749b9dd340793e2ca36536bc47233c9e2602a7f7f94450b22117215be6086d0c0132d24350c19abcb3d713fa97f76ce6ec8f61b24bfecb3ddcd0e7bccd0c4839de19283e95e08bc629554aac9543c15b0f69f1d03374269796c477579d212708b760914bde3269d9e9b0036c7cd0e8f3376d6a62ed0cde76861423ec5f76f2ab4d0f05b21db57277feaaf8475e6e6d1e5672281db17046b7464439d69e25210f67998e912d02c5296c60a450a38495e3b6737339a05f83e5a02aa1ee5bca6bf67ba84c659ef3cc4495cb1551e749277a86db07e7c48f61ee0672919d6a00472a893b6c6eead02140318fb497a1819b692b9bcb3b5cbe7cb55b9524abb1268b3f4a031a64fe6305519a2212298089c443b0503e77b7c8a3da14387872ca35cd6524f629161d85f253498568587513aa16848fa8f8f3dea115cbe8e85bdb8aa20f20ce26f3fcaac4615a9b9d7d6919ba952f7e93a96ba26010cc4bc24622ed3bb9b063e0e686f41b2cece5a50d787676600a04bfe7e6eb78e740b8bcb4b3a51f2a39250d0163a75d8f97032c60efc5516ba48ce2d53da0a7aab99330369a2c44cfc6ac65707733971493de86a519629f7be4643a52abe3d0ca1e22dfa27d8f7c54c50e0e1f3f639dbc622afa56d22b2732232d62b0a312c359dfd25e266f2138a49689fcc789470b01aabc05563ab025938153c15abbb300192e0bc27f810246d4d24295f337db02aa6b3e801905ee519a681fd73462eb330800763f75ae88e3e57c2a5552fba4b6154cab775625b817e18ff1e26273d21bf8b3cb2a79df7e92a8e498dadc04f11c62d6841bdd0408b212a43951a4a4f4f29c9b8918644e743e2f30cc52d422a9ce03750307096a5f8b61bb585ada2ad7a63d440e418c16e6827792dd470fa980a72cbe53b354ab208b0cb99ad858ff2ee4395f7fbff96c38fe2f84ccca78b6c867d1ff0440c5795b875339b87d98e59dca2dd80b3624c7406b56dc76b0198514bdb97b228e5b726683b3c12f71fb2b1dda24d085175acdc5d7744129df8065168ac103d819bc95dd408e17bfa7ae37d0ff5145e393a37b5cc08c2c10e5ef5d80dd6c79d35c650417e6fc47467c3552bbc1a3d50d2cdce471e5cd43b48475272e30c9d415c826bed60369c1841219e15d93bd87de49e2566de3a01dfc60cd3295134c876863cbfb7be8be44b0d4369b81a778f8fb2fcd039048fd16bf9d4f08a9458dbeadb298ee12b7ee7f6f43099dc684e33bee75d23f37c5b058e56f785f1c2af0c2ad66b69fc1fc06073bd53bed4a967314a6af8ede4d2facdae08ed503c4903fd5fdfd291327cd2ead1876361a16d9341cc24a63b2b51538b7199e048c00cab7127d19ae9a3ea0755b9b5d9604fefcfe7237d641019291bcd9ce30d5a388ad7127fde6061f1e307c0024ff1c200dc04354340eb4e8daac073b7c2f1fe1cee49330cc89ac061bd8a5f1676391d22d4afc8e5875daf4806bac0b5565bb99f07723cdd063ff070ba409fba6642888ea88109b333c3748f77b99f3bd4b9b61ec5e3d798d3584937c0165f4df571b8132ae425849e7e5ce414fbb00d9a30c129e2c13b6791435bb552bb01cedf3003b3bb24503fe226121d1f83419d5c23fad54dbd08fb3449b8a561954a23b47e34b7b14ddbcec2745353269e19fe218da2d0aad6df73083b3979160d4e52c8532c9f6602bc8ee624b9d5157fefbffec98e0e91a4f3824ccb4c33e17d19011f4c8db333d0fc5530930951cb63353a3aa0617ab2aba52268b81628d9f4a56b227300488c10df1e7f7533e1e4db449cb9cb6e588debf4795f98810702de5bfb81414bdacfcbd9e66f051ec7272b41ba281e8a68fe7c61e1cb4e74077342ddb7c5191d9731448a9e42a30c4df80e533db26ca3e12ab8ce8b5f0d114888692589b6c836c603ea4210c31b0e053092d75d9ceb49c5e9e2815b5aeebfcb53e97017d0ff6c7d3410120e355f9a6a1226e64a1621a2e6c04865acb25e137243ab9b82beea39c411163afd8969b086df73751020879785ec79c451fb822c11df1ae927318b35bd583a56827fd8744df8e7693837b8ddb0e831fd97b87505d5540d76d3e09895e64cc563dadf60bec88ee70b6008a53e50523ffbd2c0aa9f19123bd6f28de9851ae1f3f6101b46acf9139792be4872bf494c8970aee100a7a0c4dfbccbf01b6ccbebdfa8291f8ab3e25a9e4ff5dbda11488630e3bb8158b8f8de8cd4f793885e7a28e5afdf45eb57ad1330dfc0c51f51986e53c458feb4a4ef55b810a32f847d7ff5500c0f769d9abc090c10f87ba4e5250f36e70abb838ccb8f9fa95d96ba1e2e75a2d808a8fa26b686149ed6738a8e63ef70ed284e25d044aaa1e14c8caea04b77c9fba96036dd8b3be2e7704c65090fa7e8bf0e45c291709d3eb16a81e8aac27a120e52c05866310d8f288367f2b5187e83a1f7d5cb9dc6f8faa648683b7c88d54871dfcdca822568959ac2f7eb7dd3a345b0a8149806105dc90abfee3d5cefae3dfece4723fdc5a73c3a087020ca2fe1b166fe5b54cfb2f661fa5b017502155bf91856c3aae5cd20a48fbb958e1a0e70df51e4e46bbea56f639f6f32698d45297296244e8aaa845c13b70fa7f4f31115de0808975c143191c89c0233c557ddb93d6233ce22a699ca9a54ca6e8ddcfb5bf9d95b9807a49d9a64f7a239c77fa4e0d92d561fca5aa3e6c149c16c11131c9ad78493572cf1a9f953cc63ef8121cfa86a0f3fdb5a73c8530ddf93a9308fcaf436455aa6817f65e4616c9e38733b1cf9fa09822953d7d203748c5e45cbbe84a4fb7d59318013ba2a7da6f972c47ff9289091d7476035affddf44cc7a0b223cd14af5243dd14cd5d0f42849bd31af8ef9de434a01c52ee583c2d93b4785c34969629ffa406335ccd090637b83a5ee126a4833e6d6cf92b8aa6f9a2213df25fa575980c0cbd98039ca978860442b7466c3d4aa215593243d9c7ad3980470c9ef85154566ceed93ccb0330634f92d1fe5050bfe135f345527c93476e474f31ea45729ec534475d36b69876644e5db59c8cb0412f8d65be9ff2bea5ac37c5b1ff5d5d484aebed8b33920bbc8ed59ba9b3bf24ab6da8ebeda14dad9148183411980136cc2fde47049c98063b0ff1816a0852af035cbe8313d88620559e8331d983a43e0f4b515a61f5761bcd2130853ea24377d042643684699ceb9441a73f1285f6a15c8e00d17b4e051df2bd16b1a5699f6dce4556b0b6c88b8b86464beb6415777a8ec890c9335cc14452d6b23e2483d5b77b56042a694435bf913cb6e48ce6ca60c3009b274869bb350a8026d80680b32c9394e9b5dfee8df555a705bb1ff17ac848ccec95bb37206a72ab1d56160682d83e38c8acca34b08fa3b8665b35d01967c0a49681ef74b89b39f785977187a9d6f70affe2a32f41fe942fbd30fd9da981cf8f75485015962cb598d3d09a039787bf8d339695d0f5cd7cb60d25cdba119fa435e3692e06bdd76db5856eb2ed2cd85a081209b0a1453d52e1f8cf5120c7f044bddc38cded7ed59a793bfb2b289137137147f704a0628bb8e3e342b6084fbcc105b5345023fed9b2d339b95b0d0c97945943a70e007fe2172c501fae54ad04c279ae6da7150ea25469ce7e9c33b51713b05dcd4753930a0a37326d276fd28c8c0f6e06660beb102e2868fee31f70d37d38769e824846b081d120d8fcd394627fd672fe823cfdcf7af07b20b40e8e5efce8e93e8414744efd2723798aad9dabd8e23efc08983db6c65cf3c43d5b759ca52d118fad7a1bb23e5b3578f616fc42e304c797e640d8b985987274766adbf424e4e9a78c29dc436636e0df6e9255ebdd2c7c0cd261d42631cc49df231d0bd080da2928bcab9a0546b404b658f75fca9d8e506f3f6639bca2a13eae6bded0081fd2239bd8c0ab2382d23eecfb8985da82fe5ed32a96ac1e198d7f8cf5752cfb296af0a2d59ed19022cb084b525d44d8c773a14743a706baf209aebb270104b16181fdc2462d356341d89ba8024171c462640abfc3bd6f602c3bbd710f6ae6a2cef146f27002f78051d6687b83dac0cc627e0af1ed8765396d9783c6429b4063a8d58728c60ec88416c5dbdf362b891d278db21c9a4558c724b06547fc5f641801dd0da8403e57cff37d407fab07bb389c40555af869af263265333bf8aa4290d7cdb9a78573362d608a549165f13323c0107aa4dfac934fef838cf6e5f06b9324a5d8474183f077de97287eaf3c85cb74165b189d7547d3fccc4c763d02ce57d59c70f39e8065cdeb5fd13c4c14609f98941b73b16fed60bc55a2d8ef92104568b595f4a31f6428d527b34c470715d1300cd41ea992763f46a739ba387f359ee1d97c51e889e5599cebd800dbeef1496e3dbacaafc403d0dc7cd3c7d193788536aa5b0f5f25482744107d74795f27a8a8832596166fdcaa548b90c48890715526a52518f16d697d65beb6321befa003dc56432e3dd4b01cede5447813eb429dce845bf9702e5063fe571d8cb6cfecf12870e373b42c4f86f75b7b249f1bdb397113dfd7a23f1930f8533e300e8d0dc1674acb3ce38342b01edcaa09a0f4502f0ba94efeb853fa917612fc16a3829b437663a1e1", 0xfc1}, {&(0x7f0000000040)='\t', 0x1}], 0x7, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r6, 0x541b, 0x0)
write(r4, 0x0, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5)

2.30279378s ago: executing program 2 (id=2516):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe7, 0xcc, 0x61, 0x20, 0x10c4, 0x818a, 0x7d8f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0xc0, 0x5, [{{0x9, 0x4, 0x23, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, [], [{{0x9, 0x5, 0x85, 0x3, 0x200, 0x2, 0x5, 0x1}}]}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000100)={0x0, 0xa, 0x5, "d67c355cd6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.301879838s ago: executing program 5 (id=2517):
r0 = getpgid(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000100)={@default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4, 0xffffffffffff0001, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})
syz_pidfd_open(r0, 0x0)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setns(0xffffffffffffffff, 0x66020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)

1.293413912s ago: executing program 3 (id=2518):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
r4 = fsopen(&(0x7f00000000c0)='ecryptfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xe}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/meminfo\x00', 0x0, 0x0)
sendfile(r7, r8, 0x0, 0x20000023896)
socket$nl_xfrm(0x10, 0x3, 0x6)
unshare(0x22020400)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x0, &(0x7f000082a000/0x400000)=nil)
r9 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r9, 0x29, 0x35, 0x0, 0x0)
bind$inet6(r9, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000240)={'ni_at_a2150\x00', [0xb013, 0x3, 0x10000000, 0xdc7, 0x88d7, 0x8f, 0x2, 0x8012, 0x1006, 0xffffffff, 0x5, 0x7, 0x10000009, 0x3, 0x30000000, 0xfffffffd, 0x8, 0x0, 0x9, 0x8e, 0x100004, 0x3, 0x7, 0xa, 0x4, 0x1, 0xb0c4, 0x800, 0x20004, 0x400002, 0x22]})
ioctl$COMEDI_BUFINFO(r0, 0xc02c640e, &(0x7f00000001c0)={0x0, 0x6, 0x2, 0xfffff1d6, 0x0, 0x2, 0x1})

1.130660652s ago: executing program 1 (id=2519):
select(0x65, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x0, 0xea60})
r0 = fsopen(&(0x7f0000000500)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1) (async)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307201, &(0x7f00000000c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) (async)
r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0x86c) (async, rerun: 64)
syz_clone3(&(0x7f0000000d40)={0x10245000, 0x0, 0x0, 0x0, {0x3c}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) (rerun: 64)

0s ago: executing program 5 (id=2520):
r0 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0)
close(0xffffffffffffffff)
r1 = socket(0x10, 0x803, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100))
fsopen(&(0x7f0000000080)='ext3\x00', 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_emit_ethernet(0x4e, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0, @ANYBLOB="d75eee124838fa1860eeaa01f236b53f74417db28aa8f6c5179cf5ed254ad697fc9394b0f3d7cb70ff8b7ce9e52a3c32fdfe33603d295701f6dacf3d707b2119cc85dc07fc7eb53b80626504fa74c6cf37bf5063d0284c9521b367e98b85aaae67a113582cea4f57429d193adf4a6bbcccceb2568480abab45e72cb75e3f4d20f08a15f84a6333da4504eaf39092fc9dc0b33ca009837125531ec6ef0e86c878e9bd378d0c12531fca9ca1400eb024", @ANYRES8=0x0], 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x2e0880, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x1264, &(0x7f0000000400)={0x0, 0x79ae, 0x40, 0x2, 0x1ed}, &(0x7f0000000240)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
keyctl$reject(0x14, 0x0, 0xfffeffffffffff18, 0x1, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_setup(0x10b, &(0x7f0000000680)={0x0, 0x72fb, 0x10, 0x1, 0x3d3}, &(0x7f0000000140)=<r8=>0x0, &(0x7f0000000280))
io_uring_register$IORING_REGISTER_NAPI(r5, 0x1b, 0x0, 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd=r1, 0x0, 0x0, 0x1, 0x7})
syz_io_uring_submit(r8, r7, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100, 0x23456})
io_uring_enter(r5, 0x627, 0xc1040000, 0x43, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r2, 0x8000, 0xffffffffffffffff, 0x2})
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

kernel console output (not intermixed with test programs):

x270
[  716.028150][T12218]  ? __pfx_ksys_read+0x10/0x10
[  716.028183][T12218]  do_syscall_64+0x14d/0xf80
[  716.028202][T12218]  ? trace_irq_disable+0x3b/0x150
[  716.028221][T12218]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.028239][T12218]  ? clear_bhb_loop+0x40/0x90
[  716.028260][T12218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.028277][T12218] RIP: 0033:0x7fc899dccece
[  716.028294][T12218] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  716.028308][T12218] RSP: 002b:00007fc89805dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  716.028328][T12218] RAX: ffffffffffffffda RBX: 00007fc89805e6c0 RCX: 00007fc899dccece
[  716.028341][T12218] RDX: 000000000000000f RSI: 00007fc89805e0a0 RDI: 0000000000000006
[  716.028352][T12218] RBP: 00007fc89805e090 R08: 0000000000000000 R09: 0000000000000000
[  716.028363][T12218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.028373][T12218] R13: 00007fc89a086038 R14: 00007fc89a085fa0 R15: 00007ffe2c4873d8
[  716.028403][T12218]  </TASK>
[  716.129088][T12221] overlayfs: failed to clone upperpath
[  716.214152][  T809] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  716.362624][  T809] usb 3-1: Using ep0 maxpacket: 16
[  716.367178][  T809] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  716.367207][  T809] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  716.367241][  T809] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  716.367263][  T809] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.408311][  T809] usb 3-1: config 0 descriptor??
[  716.821933][  T809] hid (null): report_id 0 is invalid
[  717.019061][  T809] usb 3-1: string descriptor 0 read error: -71
[  717.049854][  T809] usb 3-1: Max retries (5) exceeded reading string descriptor 200
[  717.049931][  T809] letsketch 0003:6161:4D15.0010: probe with driver letsketch failed with error -32
[  717.104265][  T809] usb 3-1: USB disconnect, device number 50
[  717.223514][T12105] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  717.252976][T12105] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  717.301059][T12105] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  718.812679][T12105] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  719.138334][T12105] 8021q: adding VLAN 0 to HW filter on device bond0
[  720.203764][T12105] 8021q: adding VLAN 0 to HW filter on device team0
[  720.238970][T10035] bridge0: port 1(bridge_slave_0) entered blocking state
[  720.239092][T10035] bridge0: port 1(bridge_slave_0) entered forwarding state
[  720.243771][T12249] netlink: set zone limit has 4 unknown bytes
[  720.294408][ T1131] bridge0: port 2(bridge_slave_1) entered blocking state
[  720.294523][ T1131] bridge0: port 2(bridge_slave_1) entered forwarding state
[  720.991238][T12105] 8021q: adding VLAN 0 to HW filter on device batadv0
[  721.114421][T12105] veth0_vlan: entered promiscuous mode
[  721.122428][T12105] veth1_vlan: entered promiscuous mode
[  721.326404][T12105] veth0_macvtap: entered promiscuous mode
[  721.331044][T12105] veth1_macvtap: entered promiscuous mode
[  721.381297][T12105] batman_adv: batadv0: Interface activated: batadv_slave_0
[  721.397830][T12105] batman_adv: batadv0: Interface activated: batadv_slave_1
[  721.448354][T10035] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  721.449393][T10035] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  721.450750][T10035] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  721.450974][T10035] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  721.732803][ T5951] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  721.878462][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  721.878483][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  721.922377][ T5951] usb 1-1: config 0 has an invalid interface number: 130 but max is 0
[  721.922402][ T5951] usb 1-1: config 0 has no interface number 0
[  721.922451][ T5951] usb 1-1: New USB device found, idVendor=1b3d, idProduct=014a, bcdDevice= 1.1d
[  721.922463][ T5951] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.994650][ T5951] usb 1-1: config 0 descriptor??
[  722.251105][ T5951] ftdi_sio 1-1:0.130: FTDI USB Serial Device converter detected
[  722.381278][ T5951] usb 1-1: Detected SIO
[  722.392855][ T5951] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  723.555085][ T1116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  723.555103][ T1116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  723.644799][ T8385] usb 1-1: USB disconnect, device number 38
[  723.673853][ T8385] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  723.674520][ T8385] ftdi_sio 1-1:0.130: device disconnected
[  725.532150][T12311] netlink: set zone limit has 4 unknown bytes
[  725.753951][T12317] netlink: 'syz.4.2033': attribute type 10 has an invalid length.
[  725.753965][T12317] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2033'.
[  725.784824][T12317] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  725.792182][T12317] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  725.849641][T12319] netlink: 'syz.3.2034': attribute type 3 has an invalid length.
[  726.130924][T12324] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  726.370695][T12337] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  726.412918][ T5948] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  728.147719][ T5948] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  728.147748][ T5948] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.147766][ T5948] usb 3-1: Product: syz
[  728.147779][ T5948] usb 3-1: Manufacturer: syz
[  728.147792][ T5948] usb 3-1: SerialNumber: syz
[  728.154312][ T5948] usb 3-1: config 0 descriptor??
[  728.192627][    T9] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  728.342889][    T9] usb 5-1: Using ep0 maxpacket: 16
[  728.347024][    T9] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  728.347472][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  728.347493][    T9] usb 5-1: config 0 has no interface number 0
[  728.350515][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  728.350531][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.350541][    T9] usb 5-1: Product: syz
[  728.350548][    T9] usb 5-1: Manufacturer: syz
[  728.350555][    T9] usb 5-1: SerialNumber: syz
[  728.383295][    T9] usb 5-1: config 0 descriptor??
[  728.468866][    T9] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  728.468918][    T9] uvcvideo 5-1:0.105: No valid video chain found.
[  728.523310][ T5948] usb 3-1: Firmware version (0.0) predates our first public release.
[  728.523326][ T5948] usb 3-1: Please update to version 0.2 or newer
[  728.581549][T12347] netlink: set zone limit has 4 unknown bytes
[  728.620373][ T5948] usb 3-1: USB disconnect, device number 51
[  730.376301][ T6371] usb 5-1: USB disconnect, device number 66
[  730.448525][T12368] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2046'.
[  730.449218][T12368] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2046'.
[  730.484960][T12368] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2046'.
[  733.386922][T12390] delete_channel: no stack
[  733.686945][T12384] netlink: set zone limit has 4 unknown bytes
[  735.662637][   T10] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  735.842624][   T10] usb 5-1: Using ep0 maxpacket: 16
[  735.844357][   T10] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  735.844379][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  735.844396][   T10] usb 5-1: config 0 has no interface number 0
[  735.859798][   T10] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  735.859824][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  735.859841][   T10] usb 5-1: Product: syz
[  735.859854][   T10] usb 5-1: Manufacturer: syz
[  735.859867][   T10] usb 5-1: SerialNumber: syz
[  735.938500][   T10] usb 5-1: config 0 descriptor??
[  735.951882][   T10] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  735.951909][   T10] uvcvideo 5-1:0.105: No valid video chain found.
[  735.964749][T12410] tmpfs: Unknown parameter 'appraise'
[  736.060076][T12413] ip_tunnel: non-ECT from 10.1.1.0 with TOS=0x3
[  737.752470][   T37] audit: type=1326 audit(1771696772.808:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.775632][   T37] audit: type=1326 audit(1771696772.838:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.777455][   T37] audit: type=1326 audit(1771696772.838:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.777731][   T37] audit: type=1326 audit(1771696772.838:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.777974][   T37] audit: type=1326 audit(1771696772.838:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.778202][   T37] audit: type=1326 audit(1771696772.838:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.778505][   T37] audit: type=1326 audit(1771696772.838:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.778858][   T37] audit: type=1326 audit(1771696772.838:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.780261][   T37] audit: type=1326 audit(1771696772.838:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  737.780628][   T37] audit: type=1326 audit(1771696772.838:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12430 comm="syz.2.2066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  738.567240][   T10] usb 5-1: USB disconnect, device number 67
[  738.823294][ T6371] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  739.902629][ T6371] usb 2-1: Using ep0 maxpacket: 32
[  739.904440][ T6371] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  739.904466][ T6371] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  739.904498][ T6371] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  739.904517][ T6371] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  739.912445][ T6371] usb 2-1: config 0 descriptor??
[  740.122633][    T9] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[  740.157082][T12435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  740.158796][T12435] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  740.272629][   T10] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  740.278647][    T9] usb 1-1: New USB device found, idVendor=0403, idProduct=bca4, bcdDevice=d7.23
[  740.278672][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.278689][    T9] usb 1-1: Product: syz
[  740.278701][    T9] usb 1-1: Manufacturer: syz
[  740.278713][    T9] usb 1-1: SerialNumber: syz
[  740.325581][    T9] usb 1-1: config 0 descriptor??
[  740.369958][T12435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  740.372253][T12435] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  740.405742][ T6371] savu 0003:1E7D:2D5A.0011: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  740.424908][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  740.424956][   T10] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  740.424977][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  740.424992][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  740.425003][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  740.427047][   T10] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  740.427085][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.427095][   T10] usb 5-1: Product: syz
[  740.427102][   T10] usb 5-1: Manufacturer: syz
[  740.427110][   T10] usb 5-1: SerialNumber: syz
[  740.520688][   T10] usb 5-1: config 0 descriptor??
[  740.530445][   T10] garmin_gps 5-1:0.0: Garmin GPS usb/tty converter detected
[  740.532215][   T10] garmin_gps ttyUSB0: failed to submit interrupt urb: -90
[  740.532268][   T10] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -90
[  740.664517][ T6371] usb 2-1: USB disconnect, device number 50
[  740.750255][T12463] fido_id[12463]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  740.960610][ T6371] usb 1-1: USB disconnect, device number 39
[  744.752615][ T6371] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  745.023185][ T6371] usb 1-1: Using ep0 maxpacket: 16
[  745.061911][ T6371] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  745.061982][ T6371] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  745.062046][ T6371] usb 1-1: config 0 has no interface number 0
[  745.099960][ T6371] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  745.100084][ T6371] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  745.100127][ T6371] usb 1-1: Product: syz
[  745.100163][ T6371] usb 1-1: Manufacturer: syz
[  745.100199][ T6371] usb 1-1: SerialNumber: syz
[  745.498819][ T6371] usb 1-1: config 0 descriptor??
[  745.549701][ T6371] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  745.549732][ T6371] uvcvideo 1-1:0.105: No valid video chain found.
[  746.020828][ T6371] usb 5-1: USB disconnect, device number 68
[  746.030508][ T6371] garmin_gps 5-1:0.0: device disconnected
[  747.470277][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  747.547435][   T36] usb 1-1: USB disconnect, device number 40
[  750.899716][T12534] netlink: 'syz.2.2100': attribute type 1 has an invalid length.
[  750.923022][  T809] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  750.999393][T12536] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  751.006542][T12534] 8021q: adding VLAN 0 to HW filter on device bond1
[  751.022945][ T1131] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  751.072591][  T809] usb 2-1: Using ep0 maxpacket: 32
[  751.075854][  T809] usb 2-1: config 0 has an invalid interface number: 2 but max is 0
[  751.075876][  T809] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  751.075894][  T809] usb 2-1: config 0 has no interface number 0
[  751.078779][  T809] usb 2-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f
[  751.078804][  T809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  751.078823][  T809] usb 2-1: Product: syz
[  751.078836][  T809] usb 2-1: Manufacturer: syz
[  751.078850][  T809] usb 2-1: SerialNumber: syz
[  751.142913][ T1116] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  751.144333][  T809] usb 2-1: config 0 descriptor??
[  751.515420][T12542] FAULT_INJECTION: forcing a failure.
[  751.515420][T12542] name failslab, interval 1, probability 0, space 0, times 0
[  751.515506][T12542] CPU: 0 UID: 0 PID: 12542 Comm: syz.4.2088 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  751.515532][T12542] Tainted: [L]=SOFTLOCKUP
[  751.515540][T12542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  751.515551][T12542] Call Trace:
[  751.515559][T12542]  <TASK>
[  751.515567][T12542]  dump_stack_lvl+0xe8/0x150
[  751.515597][T12542]  should_fail_ex+0x46b/0x600
[  751.515627][T12542]  should_failslab+0xa8/0x100
[  751.515654][T12542]  kmem_cache_alloc_noprof+0x87/0x680
[  751.515677][T12542]  ? rcu_is_watching+0x15/0xb0
[  751.515695][T12542]  ? security_file_alloc+0x34/0x310
[  751.515720][T12542]  security_file_alloc+0x34/0x310
[  751.515744][T12542]  init_file+0x96/0x2d0
[  751.515766][T12542]  alloc_empty_file+0x6e/0x1d0
[  751.515786][T12542]  alloc_file_pseudo+0x155/0x240
[  751.515804][T12542]  ? rt_spin_unlock+0x14f/0x200
[  751.515825][T12542]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  751.515857][T12542]  sock_alloc_file+0xb8/0x2f0
[  751.515881][T12542]  ? __sys_socket+0x12b/0x1b0
[  751.515902][T12542]  __sys_socket+0x13c/0x1b0
[  751.515924][T12542]  __x64_sys_socket+0x7a/0x90
[  751.515944][T12542]  do_syscall_64+0x14d/0xf80
[  751.515966][T12542]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.515985][T12542]  ? clear_bhb_loop+0x40/0x90
[  751.516007][T12542]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.516025][T12542] RIP: 0033:0x7fc899e0c629
[  751.516043][T12542] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  751.516064][T12542] RSP: 002b:00007fc89803d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  751.516085][T12542] RAX: ffffffffffffffda RBX: 00007fc89a086090 RCX: 00007fc899e0c629
[  751.516098][T12542] RDX: 0000000000000002 RSI: 0000000000000001 RDI: 0000000000000018
[  751.516109][T12542] RBP: 00007fc89803d090 R08: 0000000000000000 R09: 0000000000000000
[  751.516121][T12542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  751.516132][T12542] R13: 00007fc89a086128 R14: 00007fc89a086090 R15: 00007ffe2c4873d8
[  751.516163][T12542]  </TASK>
[  752.054008][  T809] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  752.124800][  T809] snd-usb-audio 2-1:0.2: probe with driver snd-usb-audio failed with error -2
[  752.128455][  T809] usb 2-1: USB disconnect, device number 51
[  752.214694][T12484] udevd[12484]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  753.552654][ T6371] usb 3-1: new full-speed USB device number 52 using dummy_hcd
[  753.875087][ T6371] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  753.875114][ T6371] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  753.875162][ T6371] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  753.875183][ T6371] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.882219][ T6371] usb 3-1: config 0 descriptor??
[  753.941209][ T6371] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  753.941319][ T6371] dvb-usb: bulk message failed: -22 (3/0)
[  753.987751][ T6371] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  753.992344][ T6371] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  753.992413][ T6371] usb 3-1: media controller created
[  754.038081][ T6371] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  754.167703][ T6371] dvb-usb: bulk message failed: -22 (6/0)
[  754.167795][ T6371] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  754.214902][ T6371] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input22
[  754.240612][ T6371] dvb-usb: schedule remote query interval to 150 msecs.
[  754.240631][ T6371] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  754.271923][ T6371] usb 3-1: USB disconnect, device number 52
[  754.675449][ T6371] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  755.852133][T12588] FAULT_INJECTION: forcing a failure.
[  755.852133][T12588] name failslab, interval 1, probability 0, space 0, times 0
[  755.852167][T12588] CPU: 1 UID: 0 PID: 12588 Comm: syz.0.2112 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  755.852193][T12588] Tainted: [L]=SOFTLOCKUP
[  755.852200][T12588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  755.852212][T12588] Call Trace:
[  755.852220][T12588]  <TASK>
[  755.852228][T12588]  dump_stack_lvl+0xe8/0x150
[  755.852259][T12588]  should_fail_ex+0x46b/0x600
[  755.852290][T12588]  should_failslab+0xa8/0x100
[  755.852316][T12588]  __kmalloc_cache_noprof+0x84/0x690
[  755.852341][T12588]  ? sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[  755.852372][T12588]  sctp_auth_asoc_copy_shkeys+0x14e/0x5a0
[  755.852406][T12588]  sctp_association_new+0x15d3/0x25e0
[  755.852441][T12588]  sctp_connect_new_asoc+0x2e4/0x6b0
[  755.852466][T12588]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  755.852492][T12588]  ? __ipv6_addr_type+0x14d/0x2f0
[  755.852517][T12588]  ? sctp_inet6_send_verify+0x6e/0x300
[  755.852541][T12588]  ? sctp_endpoint_lookup_assoc+0xd1/0x260
[  755.852564][T12588]  __sctp_connect+0x5cb/0xdc0
[  755.852590][T12588]  ? __local_bh_enable+0x1e1/0x2f0
[  755.852616][T12588]  ? __pfx___sctp_connect+0x10/0x10
[  755.852636][T12588]  ? security_sctp_bind_connect+0x7e/0x2c0
[  755.852664][T12588]  ? __sctp_setsockopt_connectx+0xc7/0x190
[  755.852692][T12588]  sctp_setsockopt+0x708/0x12c0
[  755.852710][T12588]  ? sock_common_setsockopt+0x36/0xc0
[  755.852730][T12588]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  755.852751][T12588]  do_sock_setsockopt+0x17c/0x1b0
[  755.852777][T12588]  __x64_sys_setsockopt+0x143/0x1b0
[  755.852804][T12588]  do_syscall_64+0x14d/0xf80
[  755.852825][T12588]  ? trace_irq_disable+0x3b/0x150
[  755.852845][T12588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.852864][T12588]  ? clear_bhb_loop+0x40/0x90
[  755.852885][T12588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.852903][T12588] RIP: 0033:0x7f6a4fd1c629
[  755.852928][T12588] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  755.852943][T12588] RSP: 002b:00007f6a4df76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  755.852963][T12588] RAX: ffffffffffffffda RBX: 00007f6a4ff95fa0 RCX: 00007f6a4fd1c629
[  755.852977][T12588] RDX: 000000000000006e RSI: 0000000000000084 RDI: 0000000000000003
[  755.852989][T12588] RBP: 00007f6a4df76090 R08: 0000000000000038 R09: 0000000000000000
[  755.853001][T12588] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  755.853013][T12588] R13: 00007f6a4ff96038 R14: 00007f6a4ff95fa0 R15: 00007ffcc4b2a828
[  755.853044][T12588]  </TASK>
[  756.375117][T12596] fuse: Bad value for 'fd'
[  757.905388][   T37] kauditd_printk_skb: 35 callbacks suppressed
[  757.905407][   T37] audit: type=1326 audit(1771696792.968:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.905598][   T37] audit: type=1326 audit(1771696792.968:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.906092][   T37] audit: type=1326 audit(1771696792.968:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.906252][   T37] audit: type=1326 audit(1771696792.968:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.906541][   T37] audit: type=1326 audit(1771696792.968:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.906656][   T37] audit: type=1326 audit(1771696792.968:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.906825][   T37] audit: type=1326 audit(1771696792.968:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.907002][   T37] audit: type=1326 audit(1771696792.968:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.907128][   T37] audit: type=1326 audit(1771696792.968:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  757.908084][   T37] audit: type=1326 audit(1771696792.968:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12605 comm="syz.2.2117" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19cb9c629 code=0x7ffc0000
[  758.657483][T12623] Device name cannot be null; rc = [-22]
[  758.783460][T12625] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2122'.
[  760.807160][T12637] fuse: Bad value for 'user_id'
[  760.807181][T12637] fuse: Bad value for 'user_id'
[  760.812780][ T8385] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  760.973282][ T8385] usb 3-1: Using ep0 maxpacket: 16
[  760.976067][ T8385] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  760.976095][ T8385] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  760.976129][ T8385] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  760.976151][ T8385] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  761.154202][ T8385] usb 3-1: config 0 descriptor??
[  762.996312][ T8385] usb 3-1: string descriptor 0 read error: -71
[  763.032748][ T8385] usb 3-1: Max retries (5) exceeded reading string descriptor 200
[  763.032825][ T8385] letsketch 0003:6161:4D15.0012: probe with driver letsketch failed with error -32
[  763.076629][ T8385] usb 3-1: USB disconnect, device number 53
[  765.032647][   T10] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  765.182655][   T10] usb 5-1: Using ep0 maxpacket: 32
[  765.184892][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  765.184921][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  765.184955][   T10] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  765.184982][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  765.245732][   T10] usb 5-1: config 0 descriptor??
[  765.449516][T12666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  765.449940][T12666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  765.556388][T12674] fuse: Bad value for 'fd'
[  766.989552][T12666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  766.990051][T12666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  767.039341][   T10] savu 0003:1E7D:2D5A.0013: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  767.240813][   T36] usb 5-1: USB disconnect, device number 69
[  767.403370][T12685] netlink: 236 bytes leftover after parsing attributes in process `syz.0.2144'.
[  767.403395][T12685] netlink: 236 bytes leftover after parsing attributes in process `syz.0.2144'.
[  767.403495][T12685] FAULT_INJECTION: forcing a failure.
[  767.403495][T12685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  767.403524][T12685] CPU: 1 UID: 0 PID: 12685 Comm: syz.0.2144 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  767.403549][T12685] Tainted: [L]=SOFTLOCKUP
[  767.403556][T12685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  767.403568][T12685] Call Trace:
[  767.403575][T12685]  <TASK>
[  767.403583][T12685]  dump_stack_lvl+0xe8/0x150
[  767.403613][T12685]  should_fail_ex+0x46b/0x600
[  767.403644][T12685]  _copy_to_user+0x31/0xb0
[  767.403668][T12685]  simple_read_from_buffer+0xe1/0x170
[  767.403693][T12685]  proc_fail_nth_read+0x1be/0x230
[  767.403717][T12685]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  767.403738][T12685]  ? rw_verify_area+0x2ac/0x4e0
[  767.403759][T12685]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  767.403779][T12685]  vfs_read+0x212/0xa80
[  767.403809][T12685]  ? __pfx_vfs_read+0x10/0x10
[  767.403833][T12685]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  767.403856][T12685]  ? lockdep_hardirqs_on+0x7a/0x110
[  767.403887][T12685]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  767.403908][T12685]  ? mutex_lock_nested+0x152/0x1d0
[  767.403925][T12685]  ? fdget_pos+0x252/0x320
[  767.403953][T12685]  ksys_read+0x156/0x270
[  767.403979][T12685]  ? __pfx_ksys_read+0x10/0x10
[  767.404013][T12685]  do_syscall_64+0x14d/0xf80
[  767.404033][T12685]  ? trace_irq_disable+0x3b/0x150
[  767.404052][T12685]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.404071][T12685]  ? clear_bhb_loop+0x40/0x90
[  767.404094][T12685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.404112][T12685] RIP: 0033:0x7f6a4fcdcece
[  767.404132][T12685] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  767.404147][T12685] RSP: 002b:00007f6a4df75fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  767.404169][T12685] RAX: ffffffffffffffda RBX: 00007f6a4df766c0 RCX: 00007f6a4fcdcece
[  767.404183][T12685] RDX: 000000000000000f RSI: 00007f6a4df760a0 RDI: 0000000000000005
[  767.404195][T12685] RBP: 00007f6a4df76090 R08: 0000000000000000 R09: 0000000000000000
[  767.404207][T12685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  767.404218][T12685] R13: 00007f6a4ff96038 R14: 00007f6a4ff95fa0 R15: 00007ffcc4b2a828
[  767.404249][T12685]  </TASK>
[  767.865067][T12688] syzkaller0: entered promiscuous mode
[  767.865092][T12688] syzkaller0: entered allmulticast mode
[  769.825348][T12711] FAULT_INJECTION: forcing a failure.
[  769.825348][T12711] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  769.825383][T12711] CPU: 1 UID: 0 PID: 12711 Comm: syz.2.2154 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  769.825418][T12711] Tainted: [L]=SOFTLOCKUP
[  769.825425][T12711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  769.825437][T12711] Call Trace:
[  769.825444][T12711]  <TASK>
[  769.825452][T12711]  dump_stack_lvl+0xe8/0x150
[  769.825483][T12711]  should_fail_ex+0x46b/0x600
[  769.825516][T12711]  _copy_to_user+0x31/0xb0
[  769.825540][T12711]  simple_read_from_buffer+0xe1/0x170
[  769.825565][T12711]  proc_fail_nth_read+0x1be/0x230
[  769.825588][T12711]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  769.825611][T12711]  ? rw_verify_area+0x2ac/0x4e0
[  769.825633][T12711]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  769.825653][T12711]  vfs_read+0x212/0xa80
[  769.825683][T12711]  ? __pfx_vfs_read+0x10/0x10
[  769.825707][T12711]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  769.825730][T12711]  ? lockdep_hardirqs_on+0x7a/0x110
[  769.825751][T12711]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  769.825771][T12711]  ? mutex_lock_nested+0x152/0x1d0
[  769.825788][T12711]  ? fdget_pos+0x252/0x320
[  769.825815][T12711]  ksys_read+0x156/0x270
[  769.825839][T12711]  ? __pfx_ksys_read+0x10/0x10
[  769.825860][T12711]  ? __pfx_sock_ioctl+0x10/0x10
[  769.825893][T12711]  do_syscall_64+0x14d/0xf80
[  769.825913][T12711]  ? trace_irq_disable+0x3b/0x150
[  769.825933][T12711]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.825951][T12711]  ? clear_bhb_loop+0x40/0x90
[  769.825973][T12711]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.825990][T12711] RIP: 0033:0x7fc19cb5cece
[  769.826007][T12711] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  769.826022][T12711] RSP: 002b:00007fc19adedfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  769.826042][T12711] RAX: ffffffffffffffda RBX: 00007fc19adee6c0 RCX: 00007fc19cb5cece
[  769.826056][T12711] RDX: 000000000000000f RSI: 00007fc19adee0a0 RDI: 0000000000000004
[  769.826067][T12711] RBP: 00007fc19adee090 R08: 0000000000000000 R09: 0000000000000000
[  769.826079][T12711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  769.826090][T12711] R13: 00007fc19ce16038 R14: 00007fc19ce15fa0 R15: 00007ffd787e21c8
[  769.826120][T12711]  </TASK>
[  770.040084][T12713] netlink: 236 bytes leftover after parsing attributes in process `syz.1.2153'.
[  770.040109][T12713] netlink: 236 bytes leftover after parsing attributes in process `syz.1.2153'.
[  770.422907][   T36] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  770.752679][   T36] usb 3-1: Using ep0 maxpacket: 32
[  770.762401][   T36] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  770.762429][   T36] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  770.762465][   T36] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  770.762649][   T36] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.768314][   T36] usb 3-1: config 0 descriptor??
[  770.929112][T12731] sctp: [Deprecated]: syz.3.2159 (pid 12731) Use of struct sctp_assoc_value in delayed_ack socket option.
[  770.929112][T12731] Use struct sctp_sack_info instead
[  771.006851][T12715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  771.011660][T12715] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  771.308896][T12732] FAULT_INJECTION: forcing a failure.
[  771.308896][T12732] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  771.308953][T12732] CPU: 1 UID: 0 PID: 12732 Comm: syz.1.2158 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  771.308980][T12732] Tainted: [L]=SOFTLOCKUP
[  771.308987][T12732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  771.308998][T12732] Call Trace:
[  771.309006][T12732]  <TASK>
[  771.309014][T12732]  dump_stack_lvl+0xe8/0x150
[  771.309044][T12732]  should_fail_ex+0x46b/0x600
[  771.309076][T12732]  _copy_from_user+0x2d/0xb0
[  771.309098][T12732]  __sys_connect+0x156/0x450
[  771.309118][T12732]  ? irqentry_exit+0x59e/0x620
[  771.309139][T12732]  ? lockdep_hardirqs_on+0x7a/0x110
[  771.309160][T12732]  ? __pfx___sys_connect+0x10/0x10
[  771.309178][T12732]  ? rcu_is_watching+0x15/0xb0
[  771.309218][T12732]  __x64_sys_connect+0x7a/0x90
[  771.309240][T12732]  do_syscall_64+0x14d/0xf80
[  771.309260][T12732]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.309279][T12732]  ? clear_bhb_loop+0x40/0x90
[  771.309300][T12732]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  771.309318][T12732] RIP: 0033:0x7f8e58acc629
[  771.309336][T12732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  771.309352][T12732] RSP: 002b:00007f8e56cfd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  771.309372][T12732] RAX: ffffffffffffffda RBX: 00007f8e58d46090 RCX: 00007f8e58acc629
[  771.309386][T12732] RDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003
[  771.309398][T12732] RBP: 00007f8e56cfd090 R08: 0000000000000000 R09: 0000000000000000
[  771.309410][T12732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  771.309421][T12732] R13: 00007f8e58d46128 R14: 00007f8e58d46090 R15: 00007ffdd9f16bf8
[  771.309451][T12732]  </TASK>
[  771.644442][T12715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  771.644927][T12715] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  771.801017][   T36] savu 0003:1E7D:2D5A.0014: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  771.870428][  T809] usb 3-1: USB disconnect, device number 54
[  771.973996][T12735] fido_id[12735]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  772.218388][T12739] 9p: Bad value for 'rfdno'
[  772.273534][T12740] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2163'.
[  772.688129][T12748] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2166'.
[  772.874965][T12752] FAULT_INJECTION: forcing a failure.
[  772.874965][T12752] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  772.874999][T12752] CPU: 1 UID: 0 PID: 12752 Comm: syz.1.2161 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  772.875025][T12752] Tainted: [L]=SOFTLOCKUP
[  772.875031][T12752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  772.875042][T12752] Call Trace:
[  772.875050][T12752]  <TASK>
[  772.875058][T12752]  dump_stack_lvl+0xe8/0x150
[  772.875088][T12752]  should_fail_ex+0x46b/0x600
[  772.875125][T12752]  _copy_to_user+0x31/0xb0
[  772.875149][T12752]  simple_read_from_buffer+0xe1/0x170
[  772.875174][T12752]  proc_fail_nth_read+0x1be/0x230
[  772.875197][T12752]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  772.875220][T12752]  ? rw_verify_area+0x2ac/0x4e0
[  772.875242][T12752]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  772.875263][T12752]  vfs_read+0x212/0xa80
[  772.875294][T12752]  ? __pfx_vfs_read+0x10/0x10
[  772.875319][T12752]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  772.875342][T12752]  ? lockdep_hardirqs_on+0x7a/0x110
[  772.875364][T12752]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  772.875386][T12752]  ? mutex_lock_nested+0x152/0x1d0
[  772.875402][T12752]  ? fdget_pos+0x252/0x320
[  772.875431][T12752]  ksys_read+0x156/0x270
[  772.875458][T12752]  ? __pfx_ksys_read+0x10/0x10
[  772.875492][T12752]  do_syscall_64+0x14d/0xf80
[  772.875513][T12752]  ? trace_irq_disable+0x3b/0x150
[  772.875532][T12752]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.875551][T12752]  ? clear_bhb_loop+0x40/0x90
[  772.875573][T12752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.875591][T12752] RIP: 0033:0x7f8e58a8cece
[  772.875608][T12752] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  772.875624][T12752] RSP: 002b:00007f8e56d1dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  772.875643][T12752] RAX: ffffffffffffffda RBX: 00007f8e56d1e6c0 RCX: 00007f8e58a8cece
[  772.875657][T12752] RDX: 000000000000000f RSI: 00007f8e56d1e0a0 RDI: 0000000000000003
[  772.875669][T12752] RBP: 00007f8e56d1e090 R08: 0000000000000000 R09: 0000000000000000
[  772.875681][T12752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  772.875693][T12752] R13: 00007f8e58d46038 R14: 00007f8e58d45fa0 R15: 00007ffdd9f16bf8
[  772.875723][T12752]  </TASK>
[  774.086496][T12784] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2179'.
[  774.102601][ T8385] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  774.130029][T12786] 9p: Bad value for 'rfdno'
[  774.190602][T12789] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2180'.
[  774.223126][T12790] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2181'.
[  774.252649][ T8385] usb 5-1: Using ep0 maxpacket: 32
[  774.257070][ T8385] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  774.257098][ T8385] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  774.257133][ T8385] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  774.257154][ T8385] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.308500][ T8385] usb 5-1: config 0 descriptor??
[  774.414235][T12791] veth1_to_bond: entered allmulticast mode
[  775.612920][T12794] sd 0:0:1:0: device reset
[  775.746282][T12794] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2182'.
[  775.761916][T12772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  775.762400][T12772] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  775.802840][T12788] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2181'.
[  777.109059][ T8385] usbhid 5-1:0.0: can't add hid device: -71
[  777.109163][ T8385] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  777.135240][T12788] veth1_to_bond (unregistering): left allmulticast mode
[  777.218934][ T8385] usb 5-1: USB disconnect, device number 70
[  777.400183][T12788] bond0: (slave bond_slave_1): Releasing backup interface
[  777.425961][T12808] FAULT_INJECTION: forcing a failure.
[  777.425961][T12808] name failslab, interval 1, probability 0, space 0, times 0
[  777.426149][T12808] CPU: 0 UID: 0 PID: 12808 Comm: syz.4.2188 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  777.426176][T12808] Tainted: [L]=SOFTLOCKUP
[  777.426183][T12808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  777.426194][T12808] Call Trace:
[  777.426202][T12808]  <TASK>
[  777.426210][T12808]  dump_stack_lvl+0xe8/0x150
[  777.426240][T12808]  should_fail_ex+0x46b/0x600
[  777.426271][T12808]  should_failslab+0xa8/0x100
[  777.426297][T12808]  __kmalloc_cache_noprof+0x84/0x690
[  777.426322][T12808]  ? proc_self_get_link+0xe5/0x180
[  777.426341][T12808]  ? __task_pid_nr_ns+0x399/0x470
[  777.426365][T12808]  proc_self_get_link+0xe5/0x180
[  777.426385][T12808]  ? __pfx_proc_self_get_link+0x10/0x10
[  777.426405][T12808]  pick_link+0x727/0xfe0
[  777.426436][T12808]  step_into_slowpath+0x547/0x7e0
[  777.426463][T12808]  ? __pfx_step_into_slowpath+0x10/0x10
[  777.426495][T12808]  link_path_walk+0xd50/0x18d0
[  777.426535][T12808]  path_openat+0x2d5/0x38a0
[  777.426590][T12808]  ? __pfx_path_openat+0x10/0x10
[  777.426614][T12808]  ? __lock_acquire+0x6b5/0x2cf0
[  777.426635][T12808]  ? kmem_cache_alloc_noprof+0x33b/0x680
[  777.426666][T12808]  ? do_raw_spin_lock+0x12b/0x2f0
[  777.426698][T12808]  do_file_open+0x23e/0x4a0
[  777.426728][T12808]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  777.426755][T12808]  ? __pfx_do_file_open+0x10/0x10
[  777.426775][T12808]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  777.426816][T12808]  ? alloc_fd+0x64e/0x6c0
[  777.426847][T12808]  do_sys_openat2+0x113/0x200
[  777.426870][T12808]  ? __pfx_do_sys_openat2+0x10/0x10
[  777.426890][T12808]  ? ksys_write+0x248/0x270
[  777.426914][T12808]  ? __pfx_ksys_write+0x10/0x10
[  777.426939][T12808]  __x64_sys_openat+0x138/0x170
[  777.426963][T12808]  do_syscall_64+0x14d/0xf80
[  777.426984][T12808]  ? trace_irq_disable+0x3b/0x150
[  777.427004][T12808]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.427022][T12808]  ? clear_bhb_loop+0x40/0x90
[  777.427044][T12808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.427062][T12808] RIP: 0033:0x7fc899dccece
[  777.427080][T12808] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  777.427096][T12808] RSP: 002b:00007fc89805df18 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  777.427116][T12808] RAX: ffffffffffffffda RBX: 00007fc89805e6c0 RCX: 00007fc899dccece
[  777.427133][T12808] RDX: 0000000000000000 RSI: 00007fc899ea21d0 RDI: ffffffffffffff9c
[  777.427146][T12808] RBP: 00007fc89805e090 R08: 0000000000000000 R09: 0000000000000000
[  777.427157][T12808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  777.427168][T12808] R13: 00007fc89a086038 R14: 00007fc89a085fa0 R15: 00007ffe2c4873d8
[  777.427197][T12808]  </TASK>
[  778.748124][T12829] netlink: 228 bytes leftover after parsing attributes in process `syz.0.2187'.
[  778.798124][T12829] dvmrp0: entered allmulticast mode
[  779.270614][T12831] 9p: Bad value for 'rfdno'
[  781.022927][ T5854] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  781.172606][ T5854] usb 2-1: Using ep0 maxpacket: 32
[  781.174883][ T5854] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  781.174909][ T5854] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  781.174942][ T5854] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  781.174965][ T5854] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  781.180067][ T5854] usb 2-1: config 0 descriptor??
[  782.890213][ T5854] usbhid 2-1:0.0: can't add hid device: -71
[  782.890305][ T5854] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  782.926045][ T5854] usb 2-1: USB disconnect, device number 52
[  783.162744][T12853] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2205'.
[  784.784008][T12859] fuse: Unknown parameter '0x0000000000000003'
[  784.823496][T12861] 9p: Bad value for 'rfdno'
[  790.454154][T12875] Device name cannot be null; rc = [-22]
[  797.273465][T12880] FAULT_INJECTION: forcing a failure.
[  797.273465][T12880] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  797.273500][T12880] CPU: 1 UID: 0 PID: 12880 Comm: syz.2.2213 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  797.273525][T12880] Tainted: [L]=SOFTLOCKUP
[  797.273531][T12880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  797.273542][T12880] Call Trace:
[  797.273549][T12880]  <TASK>
[  797.273558][T12880]  dump_stack_lvl+0xe8/0x150
[  797.273588][T12880]  should_fail_ex+0x46b/0x600
[  797.273618][T12880]  _copy_from_user+0x2d/0xb0
[  797.273641][T12880]  __se_sys_mbind+0x654/0x10f0
[  797.273667][T12880]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  797.273693][T12880]  ? __pfx___se_sys_mbind+0x10/0x10
[  797.273714][T12880]  ? rt_mutex_slowunlock+0x1cb/0x300
[  797.273732][T12880]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  797.273759][T12880]  ? fput+0xa0/0xd0
[  797.273780][T12880]  ? ksys_write+0x248/0x270
[  797.273805][T12880]  ? __pfx_ksys_write+0x10/0x10
[  797.273832][T12880]  ? __x64_sys_mbind+0x21/0xf0
[  797.273857][T12880]  do_syscall_64+0x14d/0xf80
[  797.273878][T12880]  ? trace_irq_disable+0x3b/0x150
[  797.273898][T12880]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.273922][T12880]  ? clear_bhb_loop+0x40/0x90
[  797.273945][T12880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.273962][T12880] RIP: 0033:0x7fc19cb9c629
[  797.273980][T12880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  797.273995][T12880] RSP: 002b:00007fc19adee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  797.274016][T12880] RAX: ffffffffffffffda RBX: 00007fc19ce15fa0 RCX: 00007fc19cb9c629
[  797.274029][T12880] RDX: 0000000000008000 RSI: 0000000000002000 RDI: 0000200000195000
[  797.274041][T12880] RBP: 00007fc19adee090 R08: 0000000000000003 R09: 0000000000000003
[  797.274053][T12880] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000001
[  797.274065][T12880] R13: 00007fc19ce16038 R14: 00007fc19ce15fa0 R15: 00007ffd787e21c8
[  797.274094][T12880]  </TASK>
[  797.892616][ T5951] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  798.487449][T12900] FAULT_INJECTION: forcing a failure.
[  798.487449][T12900] name failslab, interval 1, probability 0, space 0, times 0
[  798.487504][T12900] CPU: 0 UID: 0 PID: 12900 Comm: syz.0.2217 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  798.487531][T12900] Tainted: [L]=SOFTLOCKUP
[  798.487538][T12900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  798.487549][T12900] Call Trace:
[  798.487557][T12900]  <TASK>
[  798.487565][T12900]  dump_stack_lvl+0xe8/0x150
[  798.487585][T12900]  should_fail_ex+0x46b/0x600
[  798.487604][T12900]  should_failslab+0xa8/0x100
[  798.487620][T12900]  __kmalloc_cache_noprof+0x84/0x690
[  798.487635][T12900]  ? sched_core_alloc_cookie+0x41/0xa0
[  798.487647][T12900]  ? rt_spin_unlock+0x160/0x200
[  798.487657][T12900]  ? sched_core_share_pid+0xd7/0x7b0
[  798.487670][T12900]  sched_core_alloc_cookie+0x41/0xa0
[  798.487682][T12900]  ? sched_core_share_pid+0xd7/0x7b0
[  798.487693][T12900]  sched_core_share_pid+0x31a/0x7b0
[  798.487710][T12900]  ? __pfx_sched_core_share_pid+0x10/0x10
[  798.487727][T12900]  __se_sys_prctl+0x884/0x1a60
[  798.487743][T12900]  ? __pfx___se_sys_prctl+0x10/0x10
[  798.487757][T12900]  ? __x64_sys_prctl+0x20/0xc0
[  798.487769][T12900]  do_syscall_64+0x14d/0xf80
[  798.487782][T12900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  798.487792][T12900]  ? clear_bhb_loop+0x40/0x90
[  798.487804][T12900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  798.487814][T12900] RIP: 0033:0x7f6a4fd1c629
[  798.487825][T12900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  798.487834][T12900] RSP: 002b:00007f6a4df55028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
[  798.487846][T12900] RAX: ffffffffffffffda RBX: 00007f6a4ff96090 RCX: 00007f6a4fd1c629
[  798.487853][T12900] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000003e
[  798.487859][T12900] RBP: 00007f6a4df55090 R08: 0000000000000000 R09: 0000000000000000
[  798.487871][T12900] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  798.487877][T12900] R13: 00007f6a4ff96128 R14: 00007f6a4ff96090 R15: 00007ffcc4b2a828
[  798.487893][T12900]  </TASK>
[  799.262587][ T5951] usb 3-1: Using ep0 maxpacket: 32
[  799.314363][ T5951] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  799.314393][ T5951] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  799.314427][ T5951] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  799.314448][ T5951] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.319227][ T5951] usb 3-1: config 0 descriptor??
[  799.523056][T12885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  799.526713][T12885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  799.735728][T12885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  799.736224][T12885] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  799.854044][ T5951] savu 0003:1E7D:2D5A.0015: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  799.957248][   T36] usb 3-1: USB disconnect, device number 55
[  800.386627][T12942] Invalid option length (1048442) for dns_resolver key
[  800.641751][T12937] fido_id[12937]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  800.714471][   T60] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  800.738530][   T60] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  800.740816][   T60] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  800.752708][   T60] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  800.764226][   T60] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  800.897002][T12952] Device name cannot be null; rc = [-22]
[  800.924405][T12944] lo speed is unknown, defaulting to 1000
[  800.992716][ T5951] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  801.162659][ T5951] usb 2-1: Using ep0 maxpacket: 16
[  801.167489][ T5951] usb 2-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  801.167514][ T5951] usb 2-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  801.167526][ T5951] usb 2-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  801.167539][ T5951] usb 2-1: config 1 interface 0 has no altsetting 0
[  801.170840][ T5951] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  801.170874][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.170892][ T5951] usb 2-1: Product: syz
[  801.170906][ T5951] usb 2-1: Manufacturer: syz
[  801.170919][ T5951] usb 2-1: SerialNumber: syz
[  801.462948][ T5951] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 53 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  802.863155][T10017] Bluetooth: hci1: command tx timeout
[  802.869108][ T5854] usb 2-1: USB disconnect, device number 53
[  802.886774][ T5854] usblp0: removed
[  803.075252][T12962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  803.445157][T12978] Device name cannot be null; rc = [-22]
[  803.670720][ T8718] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.594688][T12993] netlink: 'syz.1.2236': attribute type 2 has an invalid length.
[  804.594710][T12993] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2236'.
[  804.813582][T12997] forcing mempool usage for __sg_alloc_table+0x1bc/0x700
[  804.882889][T10017] Bluetooth: hci1: command tx timeout
[  805.018807][T13005] Device name cannot be null; rc = [-22]
[  805.055237][ T8718] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  805.252664][   T36] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  805.385754][ T8718] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  805.402788][   T36] usb 2-1: Using ep0 maxpacket: 16
[  805.409712][   T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  805.409739][   T36] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  805.409773][   T36] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  805.409794][   T36] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  805.415663][   T36] usb 2-1: config 0 descriptor??
[  805.492677][ T5854] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  805.649050][ T5854] usb 1-1: config 7 has an invalid descriptor of length 32, skipping remainder of the config
[  805.649077][ T5854] usb 1-1: config 7 has 1 interface, different from the descriptor's value: 2
[  805.651801][ T5854] usb 1-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84
[  805.651818][ T5854] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  805.651828][ T5854] usb 1-1: Product: syz
[  805.651835][ T5854] usb 1-1: SerialNumber: syz
[  805.703717][ T5854] usb 1-1: bad CDC descriptors
[  805.707427][ T5854] option 1-1:7.0: GSM modem (1-port) converter detected
[  805.796100][ T8718] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  805.820638][   T36] usbhid 2-1:0.0: can't add hid device: -71
[  805.820739][   T36] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  805.844829][   T36] usb 2-1: USB disconnect, device number 54
[  805.883866][T12944] chnl_net:caif_netlink_parms(): no params data found
[  805.900591][ T5854] usb 1-1: USB disconnect, device number 41
[  805.907493][ T5854] option 1-1:7.0: device disconnected
[  806.092911][T12944] bridge0: port 1(bridge_slave_0) entered blocking state
[  806.093016][T12944] bridge0: port 1(bridge_slave_0) entered disabled state
[  806.093171][T12944] bridge_slave_0: entered allmulticast mode
[  806.104219][T12944] bridge_slave_0: entered promiscuous mode
[  806.108051][T12944] bridge0: port 2(bridge_slave_1) entered blocking state
[  806.108236][T12944] bridge0: port 2(bridge_slave_1) entered disabled state
[  806.108400][T12944] bridge_slave_1: entered allmulticast mode
[  806.111002][T12944] bridge_slave_1: entered promiscuous mode
[  806.157990][T12944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  806.162336][T12944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  806.217072][T12944] team0: Port device team_slave_0 added
[  806.220367][T12944] team0: Port device team_slave_1 added
[  806.315888][T12944] batman_adv: batadv0: Adding interface: batadv_slave_0
[  806.315905][T12944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  806.315929][T12944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  806.440282][T12944] batman_adv: batadv0: Adding interface: batadv_slave_1
[  806.440299][T12944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  806.440323][T12944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  806.632626][ T5854] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  806.782594][ T5854] usb 2-1: Using ep0 maxpacket: 32
[  806.783938][ T5854] usb 2-1: config 0 has an invalid interface number: 227 but max is 0
[  806.783953][ T5854] usb 2-1: config 0 has no interface number 0
[  806.783977][ T5854] usb 2-1: config 0 interface 227 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 24
[  806.785746][ T5854] usb 2-1: New USB device found, idVendor=0d83, idProduct=28bc, bcdDevice=7a.80
[  806.785760][ T5854] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.785770][ T5854] usb 2-1: Product: syz
[  806.785778][ T5854] usb 2-1: Manufacturer: syz
[  806.785785][ T5854] usb 2-1: SerialNumber: syz
[  806.873646][ T5854] usb 2-1: config 0 descriptor??
[  806.874320][T13024] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  807.703241][T10017] Bluetooth: hci1: command tx timeout
[  807.818147][T13024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  807.833392][T13024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  807.858744][T12944] hsr_slave_0: entered promiscuous mode
[  807.873264][T12944] hsr_slave_1: entered promiscuous mode
[  807.874123][T12944] debugfs: 'hsr0' already exists in 'hsr'
[  807.874146][T12944] Cannot create hsr debugfs directory
[  808.022302][ T5854] cdc_eem 2-1:0.227: probe with driver cdc_eem failed with error -71
[  808.060415][ T5854] usb 2-1: USB disconnect, device number 55
[  809.228275][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  810.249374][T10017] Bluetooth: hci1: command tx timeout
[  810.593423][ T8718] bridge_slave_1: left allmulticast mode
[  810.593510][ T8718] bridge_slave_1: left promiscuous mode
[  810.596060][ T8718] bridge0: port 2(bridge_slave_1) entered disabled state
[  810.685328][T13046] FAULT_INJECTION: forcing a failure.
[  810.685328][T13046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  810.685361][T13046] CPU: 0 UID: 0 PID: 13046 Comm: syz.1.2258 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  810.685386][T13046] Tainted: [L]=SOFTLOCKUP
[  810.685393][T13046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  810.685404][T13046] Call Trace:
[  810.685412][T13046]  <TASK>
[  810.685421][T13046]  dump_stack_lvl+0xe8/0x150
[  810.685451][T13046]  should_fail_ex+0x46b/0x600
[  810.685483][T13046]  _copy_to_user+0x31/0xb0
[  810.685507][T13046]  simple_read_from_buffer+0xe1/0x170
[  810.685532][T13046]  proc_fail_nth_read+0x1be/0x230
[  810.685555][T13046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  810.685578][T13046]  ? rw_verify_area+0x2ac/0x4e0
[  810.685600][T13046]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  810.685621][T13046]  vfs_read+0x212/0xa80
[  810.685652][T13046]  ? __pfx_vfs_read+0x10/0x10
[  810.685677][T13046]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  810.685705][T13046]  ? lockdep_hardirqs_on+0x7a/0x110
[  810.685728][T13046]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  810.685749][T13046]  ? mutex_lock_nested+0x152/0x1d0
[  810.685767][T13046]  ? fdget_pos+0x252/0x320
[  810.685795][T13046]  ksys_read+0x156/0x270
[  810.685820][T13046]  ? __pfx_ksys_read+0x10/0x10
[  810.685854][T13046]  do_syscall_64+0x14d/0xf80
[  810.685875][T13046]  ? trace_irq_disable+0x3b/0x150
[  810.685895][T13046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  810.685914][T13046]  ? clear_bhb_loop+0x40/0x90
[  810.685936][T13046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  810.685955][T13046] RIP: 0033:0x7f8e58a8cece
[  810.685973][T13046] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  810.685990][T13046] RSP: 002b:00007f8e56d1dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  810.686010][T13046] RAX: ffffffffffffffda RBX: 00007f8e56d1e6c0 RCX: 00007f8e58a8cece
[  810.686024][T13046] RDX: 000000000000000f RSI: 00007f8e56d1e0a0 RDI: 0000000000000005
[  810.686036][T13046] RBP: 00007f8e56d1e090 R08: 0000000000000000 R09: 0000000000000000
[  810.686049][T13046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  810.686060][T13046] R13: 00007f8e58d46038 R14: 00007f8e58d45fa0 R15: 00007ffdd9f16bf8
[  810.686091][T13046]  </TASK>
[  810.925691][ T8718] bridge_slave_0: left allmulticast mode
[  810.925720][ T8718] bridge_slave_0: left promiscuous mode
[  810.925971][ T8718] bridge0: port 1(bridge_slave_0) entered disabled state
[  811.093870][T13049] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  811.093886][T13049] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it.
[  811.093897][T13049] overlayfs: missing 'lowerdir'
[  811.535600][T13059] Device name cannot be null; rc = [-22]
[  811.762219][T13062] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2254'.
[  812.265123][   T37] kauditd_printk_skb: 13 callbacks suppressed
[  812.265141][   T37] audit: type=1326 audit(2000000045.290:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13063 comm="syz.3.2260" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb89f2ac629 code=0x0
[  813.931388][ T8718] dvmrp0 (unregistering): left allmulticast mode
[  814.163441][ T8718] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  814.203030][ T8718] bond_slave_0: left promiscuous mode
[  814.253254][ T8718] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  814.293181][ T8718] bond_slave_1: left promiscuous mode
[  814.304495][ T8718] bond0 (unregistering): Released all slaves
[  814.343506][ T8718] bond1 (unregistering): (slave veth3): Releasing active interface
[  814.441068][ T8718] bond1 (unregistering): Released all slaves
[  814.457228][ T8718] bond2 (unregistering): Released all slaves
[  814.559499][   T37] audit: type=1326 audit(2000000047.580:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  814.560259][   T37] audit: type=1326 audit(2000000047.580:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  814.605888][   T37] audit: type=1326 audit(2000000047.620:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  814.605939][   T37] audit: type=1326 audit(2000000047.620:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  814.605978][   T37] audit: type=1326 audit(2000000047.620:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  814.606016][   T37] audit: type=1326 audit(2000000047.620:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6a4fcdcece code=0x7ffc0000
[  814.606053][   T37] audit: type=1326 audit(2000000047.620:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6a4fd1c2bb code=0x7ffc0000
[  814.606089][   T37] audit: type=1326 audit(2000000047.620:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6a4fd1c2bb code=0x7ffc0000
[  814.611944][   T37] audit: type=1326 audit(2000000047.630:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13075 comm="syz.0.2263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6a4fd1c2bb code=0x7ffc0000
[  814.924829][ T5951] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  816.212157][ T5951] usb 1-1: Using ep0 maxpacket: 8
[  816.241535][ T5951] usb 1-1: unable to get BOS descriptor or descriptor too short
[  816.257662][T10017] Bluetooth: hci3: unexpected event for opcode 0x0c7b
[  816.278267][ T5951] usb 1-1: config 4 interface 0 has no altsetting 0
[  816.366515][ T5951] usb 1-1: string descriptor 0 read error: -22
[  816.366592][ T5951] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  816.366605][ T5951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  816.428848][ T5951] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  816.512026][ T5951] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  816.512432][ T5951] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  816.522918][ T5951] usb 1-1: media controller created
[  816.613897][ T5951] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  816.965163][ T5951] usb 1-1: USB disconnect, device number 42
[  817.277950][T13112] overlayfs: failed to clone upperpath
[  817.317148][T13112] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2273'.
[  818.569145][T13123] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2277'.
[  818.645135][T13127] netlink: 'syz.2.2278': attribute type 26 has an invalid length.
[  818.693010][T13129] FAULT_INJECTION: forcing a failure.
[  818.693010][T13129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  818.693042][T13129] CPU: 1 UID: 0 PID: 13129 Comm: syz.2.2279 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  818.693067][T13129] Tainted: [L]=SOFTLOCKUP
[  818.693073][T13129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  818.693084][T13129] Call Trace:
[  818.693092][T13129]  <TASK>
[  818.693099][T13129]  dump_stack_lvl+0xe8/0x150
[  818.693129][T13129]  should_fail_ex+0x46b/0x600
[  818.693161][T13129]  _copy_to_iter+0x404/0x17d0
[  818.693178][T13129]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  818.693224][T13129]  ? __pfx__copy_to_iter+0x10/0x10
[  818.693244][T13129]  ? fput+0xa0/0xd0
[  818.693262][T13129]  ? __pfx_tty_show_fdinfo+0x10/0x10
[  818.693283][T13129]  ? seq_show+0x5a3/0x700
[  818.693311][T13129]  seq_read_iter+0xbf6/0xe20
[  818.693355][T13129]  seq_read+0x36a/0x490
[  818.693387][T13129]  ? __pfx_seq_read+0x10/0x10
[  818.693421][T13129]  ? rw_verify_area+0x2ac/0x4e0
[  818.693443][T13129]  ? __pfx_seq_read+0x10/0x10
[  818.693468][T13129]  vfs_read+0x212/0xa80
[  818.693499][T13129]  ? __pfx_vfs_read+0x10/0x10
[  818.693524][T13129]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  818.693546][T13129]  ? lockdep_hardirqs_on+0x7a/0x110
[  818.693567][T13129]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  818.693588][T13129]  ? mutex_lock_nested+0x152/0x1d0
[  818.693605][T13129]  ? fdget_pos+0x252/0x320
[  818.693633][T13129]  ksys_read+0x156/0x270
[  818.693657][T13129]  ? __pfx_ksys_read+0x10/0x10
[  818.693690][T13129]  do_syscall_64+0x14d/0xf80
[  818.693709][T13129]  ? trace_irq_disable+0x3b/0x150
[  818.693727][T13129]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.693746][T13129]  ? clear_bhb_loop+0x40/0x90
[  818.693766][T13129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.693784][T13129] RIP: 0033:0x7fc19cb9c629
[  818.693801][T13129] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  818.693816][T13129] RSP: 002b:00007fc19adee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  818.693836][T13129] RAX: ffffffffffffffda RBX: 00007fc19ce15fa0 RCX: 00007fc19cb9c629
[  818.693850][T13129] RDX: 0000000000000054 RSI: 0000200000002080 RDI: 0000000000000004
[  818.693862][T13129] RBP: 00007fc19adee090 R08: 0000000000000000 R09: 0000000000000000
[  818.693873][T13129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  818.693885][T13129] R13: 00007fc19ce16038 R14: 00007fc19ce15fa0 R15: 00007ffd787e21c8
[  818.693916][T13129]  </TASK>
[  820.426151][T10017] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  820.426982][T10017] Bluetooth: hci3: Injecting HCI hardware error event
[  820.430311][T10017] Bluetooth: hci3: hardware error 0x00
[  820.462900][T13136] netlink: 'syz.2.2280': attribute type 6 has an invalid length.
[  820.824162][T13125] bridge1: port 1(veth5) entered blocking state
[  820.824342][T13125] bridge1: port 1(veth5) entered disabled state
[  820.824514][T13125] veth5: entered allmulticast mode
[  820.827284][T13125] veth5: entered promiscuous mode
[  820.829485][T13125] bridge1: port 1(veth5) entered blocking state
[  820.829630][T13125] bridge1: port 1(veth5) entered forwarding state
[  820.933483][T10035] bridge1: port 1(veth5) entered disabled state
[  820.991280][T13142] overlayfs: failed to clone upperpath
[  821.039245][T13143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2282'.
[  822.603359][T10017] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  822.685506][ T8718] hsr_slave_0: left promiscuous mode
[  822.726833][ T8718] hsr_slave_1: left promiscuous mode
[  822.728062][ T8718] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  822.728173][ T8718] batman_adv: batadv0: Removing interface: batadv_slave_0
[  822.784302][ T8718] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  822.784325][ T8718] batman_adv: batadv0: Removing interface: batadv_slave_1
[  822.914855][ T8718] veth1_macvtap: left promiscuous mode
[  822.915106][ T8718] veth0_macvtap: left promiscuous mode
[  822.915397][ T8718] veth1_vlan: left promiscuous mode
[  822.915622][ T8718] veth0_vlan: left promiscuous mode
[  824.014199][    T9] usb 2-1: new full-speed USB device number 56 using dummy_hcd
[  824.195655][    T9] usb 2-1: config 0 has an invalid interface number: 253 but max is 0
[  824.195682][    T9] usb 2-1: config 0 has no interface number 0
[  824.195711][    T9] usb 2-1: too many endpoints for config 0 interface 253 altsetting 84: 241, using maximum allowed: 30
[  824.195758][    T9] usb 2-1: config 0 interface 253 altsetting 84 has 0 endpoint descriptors, different from the interface descriptor's value: 241
[  824.195784][    T9] usb 2-1: config 0 interface 253 has no altsetting 0
[  824.201795][    T9] usb 2-1: New USB device found, idVendor=0403, idProduct=bca4, bcdDevice=d7.23
[  824.201820][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  824.201839][    T9] usb 2-1: Product: syz
[  824.201852][    T9] usb 2-1: Manufacturer: syz
[  824.201865][    T9] usb 2-1: SerialNumber: syz
[  824.312897][ T5951] IPVS: starting estimator thread 0...
[  824.322945][    T9] usb 2-1: config 0 descriptor??
[  824.424899][T13177] IPVS: using max 8 ests per chain, 19200 per kthread
[  824.643026][ T8718] team0 (unregistering): Port device team_slave_1 removed
[  824.683013][ T8718] team0 (unregistering): Port device team_slave_0 removed
[  825.004294][T13184] pim6reg0: tun_chr_ioctl cmd 1074025677
[  825.004981][T13184] pim6reg0: linktype set to 776
[  826.681631][T10017] Bluetooth: hci5: command tx timeout
[  826.738267][T12944] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  826.765102][    T9] ftdi_sio 2-1:0.253: FTDI USB Serial Device converter detected
[  826.766855][    T9] ftdi_sio ttyUSB0: unknown device type: 0xd723
[  826.816413][    T9] usb 2-1: USB disconnect, device number 56
[  826.835181][    T9] ftdi_sio 2-1:0.253: device disconnected
[  826.877103][T12944] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  826.906181][T12944] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  826.974849][T12944] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  827.027615][   T37] kauditd_printk_skb: 41 callbacks suppressed
[  827.027631][   T37] audit: type=1326 audit(2000000060.050:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13195 comm="syz.3.2298" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb89f2ac629 code=0x0
[  827.337084][T13212] FAULT_INJECTION: forcing a failure.
[  827.337084][T13212] name failslab, interval 1, probability 0, space 0, times 0
[  827.337120][T13212] CPU: 0 UID: 0 PID: 13212 Comm: syz.1.2301 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  827.337145][T13212] Tainted: [L]=SOFTLOCKUP
[  827.337152][T13212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  827.337163][T13212] Call Trace:
[  827.337171][T13212]  <TASK>
[  827.337179][T13212]  dump_stack_lvl+0xe8/0x150
[  827.337216][T13212]  should_fail_ex+0x46b/0x600
[  827.337247][T13212]  should_failslab+0xa8/0x100
[  827.337274][T13212]  __kmalloc_cache_noprof+0x84/0x690
[  827.337299][T13212]  ? snd_mixer_oss_build_test+0x7b/0x3c0
[  827.337329][T13212]  snd_mixer_oss_build_test+0x7b/0x3c0
[  827.337358][T13212]  snd_mixer_oss_build_input+0x1f7/0x1250
[  827.337393][T13212]  ? __pfx_snd_mixer_oss_build_input+0x10/0x10
[  827.337422][T13212]  ? rcu_is_watching+0x15/0xb0
[  827.337449][T13212]  ? kstrdup+0x81/0x100
[  827.337477][T13212]  snd_mixer_oss_proc_write+0x58c/0x7c0
[  827.337494][T13212]  ? __lock_acquire+0x6b5/0x2cf0
[  827.337517][T13212]  ? __pfx_snd_mixer_oss_proc_write+0x10/0x10
[  827.337546][T13212]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  827.337569][T13212]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  827.337593][T13212]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  827.337611][T13212]  ? rt_spin_unlock+0x14f/0x200
[  827.337629][T13212]  ? __pfx_snd_mixer_oss_proc_write+0x10/0x10
[  827.337647][T13212]  snd_info_text_entry_release+0xe8/0x1d0
[  827.337672][T13212]  ? __pfx_snd_info_text_entry_release+0x10/0x10
[  827.337692][T13212]  close_pdeo+0x21b/0x400
[  827.337715][T13212]  ? __pfx_close_pdeo+0x10/0x10
[  827.337733][T13212]  ? preempt_count_add+0x91/0x190
[  827.337755][T13212]  ? rt_spin_lock+0x2ce/0x400
[  827.337775][T13212]  ? __pfx_rt_spin_lock+0x10/0x10
[  827.337805][T13212]  proc_reg_release+0x151/0x190
[  827.337826][T13212]  ? __pfx_proc_reg_release+0x10/0x10
[  827.337847][T13212]  __fput+0x461/0xa90
[  827.337875][T13212]  task_work_run+0x1d9/0x270
[  827.337897][T13212]  ? __pfx_task_work_run+0x10/0x10
[  827.337926][T13212]  exit_to_user_mode_loop+0xed/0x480
[  827.337948][T13212]  ? rcu_is_watching+0x15/0xb0
[  827.337971][T13212]  do_syscall_64+0x32d/0xf80
[  827.337993][T13212]  ? trace_irq_disable+0x3b/0x150
[  827.338012][T13212]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.338031][T13212]  ? clear_bhb_loop+0x40/0x90
[  827.338053][T13212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.338069][T13212] RIP: 0033:0x7f8e58acc629
[  827.338085][T13212] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  827.338099][T13212] RSP: 002b:00007f8e56d1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000124
[  827.338119][T13212] RAX: 0000000000000007 RBX: 00007f8e58d45fa0 RCX: 00007f8e58acc629
[  827.338132][T13212] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000008
[  827.338142][T13212] RBP: 00007f8e56d1e090 R08: 0000000000000000 R09: 0000000000000000
[  827.338153][T13212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  827.338164][T13212] R13: 00007f8e58d46038 R14: 00007f8e58d45fa0 R15: 00007ffdd9f16bf8
[  827.338203][T13212]  </TASK>
[  827.381634][T12944] 8021q: adding VLAN 0 to HW filter on device bond0
[  827.436582][T12944] 8021q: adding VLAN 0 to HW filter on device team0
[  827.484562][  T115] bridge0: port 1(bridge_slave_0) entered blocking state
[  827.484688][  T115] bridge0: port 1(bridge_slave_0) entered forwarding state
[  827.557387][  T166] bridge0: port 2(bridge_slave_1) entered blocking state
[  827.557523][  T166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  830.164211][T12944] 8021q: adding VLAN 0 to HW filter on device batadv0
[  831.163946][T13266] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  831.595489][T12944] veth0_vlan: entered promiscuous mode
[  831.623877][T12944] veth1_vlan: entered promiscuous mode
[  831.680554][T12944] veth0_macvtap: entered promiscuous mode
[  831.691562][T12944] veth1_macvtap: entered promiscuous mode
[  831.721279][T12944] batman_adv: batadv0: Interface activated: batadv_slave_0
[  831.779018][T12944] batman_adv: batadv0: Interface activated: batadv_slave_1
[  831.820461][ T8718] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  831.821972][ T8718] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  831.843189][   T60] Bluetooth: hci5: command 0x0406 tx timeout
[  831.854342][ T8718] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  831.870960][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  832.092569][    T9] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  832.166871][T13287] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.210105][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.210609][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.210987][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.211316][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.211629][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.211954][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.212319][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.215023][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.215411][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2313'.
[  832.245688][    T9] usb 3-1: Using ep0 maxpacket: 16
[  832.247655][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  832.247724][    T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  832.247748][    T9] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  832.251476][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  832.251500][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.251519][    T9] usb 3-1: Product: syz
[  832.251532][    T9] usb 3-1: Manufacturer: syz
[  832.251545][    T9] usb 3-1: SerialNumber: syz
[  832.330745][T13292] 9p: Bad value for 'rfdno'
[  832.527505][    T9] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  832.527631][    T9] usb 3-1: MIDIStreaming interface descriptor not found
[  832.872377][    T9] usb 3-1: USB disconnect, device number 56
[  832.894613][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  832.894632][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  833.216128][  T115] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  833.216148][  T115] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  833.934092][T13310] udevd[13310]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  836.066202][T13344] FAULT_INJECTION: forcing a failure.
[  836.066202][T13344] name failslab, interval 1, probability 0, space 0, times 0
[  836.066237][T13344] CPU: 1 UID: 0 PID: 13344 Comm: syz.1.2324 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  836.066263][T13344] Tainted: [L]=SOFTLOCKUP
[  836.066271][T13344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  836.066281][T13344] Call Trace:
[  836.066289][T13344]  <TASK>
[  836.066298][T13344]  dump_stack_lvl+0xe8/0x150
[  836.066328][T13344]  should_fail_ex+0x46b/0x600
[  836.066359][T13344]  should_failslab+0xa8/0x100
[  836.066386][T13344]  __kvmalloc_node_noprof+0x170/0x8e0
[  836.066408][T13344]  ? alloc_fdtable+0x101/0x2c0
[  836.066427][T13344]  alloc_fdtable+0x101/0x2c0
[  836.066439][T13344]  ? dup_fd+0x871/0xb70
[  836.066454][T13344]  dup_fd+0x879/0xb70
[  836.066475][T13344]  copy_files+0xc8/0x120
[  836.066495][T13344]  copy_process+0x1767/0x3d00
[  836.066519][T13344]  ? copy_process+0x921/0x3d00
[  836.066545][T13344]  ? __pfx_copy_process+0x10/0x10
[  836.066571][T13344]  kernel_clone+0x249/0x840
[  836.066591][T13344]  ? __pfx_kernel_clone+0x10/0x10
[  836.066608][T13344]  ? do_raw_spin_lock+0x12b/0x2f0
[  836.066638][T13344]  __x64_sys_clone+0x1b6/0x230
[  836.066663][T13344]  ? __pfx___x64_sys_clone+0x10/0x10
[  836.066693][T13344]  ? __pfx_ksys_write+0x10/0x10
[  836.066718][T13344]  do_syscall_64+0x14d/0xf80
[  836.066734][T13344]  ? trace_irq_disable+0x3b/0x150
[  836.066750][T13344]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  836.066764][T13344]  ? clear_bhb_loop+0x40/0x90
[  836.066780][T13344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  836.066793][T13344] RIP: 0033:0x7f8e58acc629
[  836.066806][T13344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  836.066818][T13344] RSP: 002b:00007f8e56cdbfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  836.066833][T13344] RAX: ffffffffffffffda RBX: 00007f8e58d46180 RCX: 00007f8e58acc629
[  836.066843][T13344] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020223000
[  836.066852][T13344] RBP: 00007f8e56cdc090 R08: 0000000000000000 R09: 0000000000000000
[  836.066860][T13344] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  836.066868][T13344] R13: 00007f8e58d46218 R14: 00007f8e58d46180 R15: 00007ffdd9f16bf8
[  836.066890][T13344]  </TASK>
[  837.431883][T13351] sctp: [Deprecated]: syz.0.2325 (pid 13351) Use of struct sctp_assoc_value in delayed_ack socket option.
[  837.431883][T13351] Use struct sctp_sack_info instead
[  840.232594][ T6371] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  840.398157][ T6371] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  840.398186][ T6371] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  840.398205][ T6371] usb 2-1: Product: syz
[  840.398219][ T6371] usb 2-1: Manufacturer: syz
[  840.398233][ T6371] usb 2-1: SerialNumber: syz
[  840.453836][ T6371] usb 2-1: config 0 descriptor??
[  840.513208][T13371] __nla_validate_parse: 70 callbacks suppressed
[  840.513227][T13371] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2330'.
[  840.513241][T13371] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2330'.
[  840.513275][T13371] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2330'.
[  840.513317][T13371] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2330'.
[  840.543806][   T37] audit: type=1326 audit(2000000073.570:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13370 comm="syz.5.2330" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f03030bc629 code=0x0
[  840.705409][T13379] FAULT_INJECTION: forcing a failure.
[  840.705409][T13379] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  840.705442][T13379] CPU: 0 UID: 0 PID: 13379 Comm: syz.2.2331 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  840.705463][T13379] Tainted: [L]=SOFTLOCKUP
[  840.705470][T13379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  840.705480][T13379] Call Trace:
[  840.705487][T13379]  <TASK>
[  840.705494][T13379]  dump_stack_lvl+0xe8/0x150
[  840.705523][T13379]  should_fail_ex+0x46b/0x600
[  840.705551][T13379]  prepare_alloc_pages+0x22a/0x6b0
[  840.705577][T13379]  __alloc_frozen_pages_noprof+0x12f/0x380
[  840.705593][T13379]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  840.705609][T13379]  ? __pfx_policy_nodemask+0x10/0x10
[  840.705635][T13379]  alloc_pages_mpol+0xd1/0x380
[  840.705656][T13379]  ___kmalloc_large_node+0x4e/0x150
[  840.705677][T13379]  __kmalloc_large_node_noprof+0x18/0x90
[  840.705697][T13379]  __kmalloc_noprof+0x4a3/0x7b0
[  840.705714][T13379]  ? iovec_from_user+0x87/0x250
[  840.705730][T13379]  ? __lock_acquire+0x6b5/0x2cf0
[  840.705746][T13379]  iovec_from_user+0x87/0x250
[  840.705764][T13379]  __import_iovec+0x163/0x7e0
[  840.705787][T13379]  import_iovec+0x73/0xa0
[  840.705806][T13379]  __se_sys_keyctl+0x6da/0x9e0
[  840.705827][T13379]  ? __pfx___se_sys_keyctl+0x10/0x10
[  840.705863][T13379]  ? ksys_write+0x248/0x270
[  840.705883][T13379]  ? __pfx_ksys_write+0x10/0x10
[  840.705904][T13379]  ? __x64_sys_keyctl+0x20/0xc0
[  840.705922][T13379]  do_syscall_64+0x14d/0xf80
[  840.705938][T13379]  ? trace_irq_disable+0x3b/0x150
[  840.705954][T13379]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.705968][T13379]  ? clear_bhb_loop+0x40/0x90
[  840.705995][T13379]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  840.706008][T13379] RIP: 0033:0x7fc19cb9c629
[  840.706023][T13379] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  840.706036][T13379] RSP: 002b:00007fc19adee028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  840.706053][T13379] RAX: ffffffffffffffda RBX: 00007fc19ce15fa0 RCX: 00007fc19cb9c629
[  840.706064][T13379] RDX: 0000200000000000 RSI: 0000000000000000 RDI: 0000000000000014
[  840.706073][T13379] RBP: 00007fc19adee090 R08: 0000000000000000 R09: 0000000000000000
[  840.706082][T13379] R10: 1000000000000232 R11: 0000000000000246 R12: 0000000000000001
[  840.706091][T13379] R13: 00007fc19ce16038 R14: 00007fc19ce15fa0 R15: 00007ffd787e21c8
[  840.706115][T13379]  </TASK>
[  842.207855][ T6371] usb 2-1: Firmware version (0.0) predates our first public release.
[  842.207880][ T6371] usb 2-1: Please update to version 0.2 or newer
[  842.389146][T13400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2335'.
[  842.415157][ T6371] usb 2-1: USB disconnect, device number 57
[  842.504776][T13406] FAULT_INJECTION: forcing a failure.
[  842.504776][T13406] name failslab, interval 1, probability 0, space 0, times 0
[  842.504810][T13406] CPU: 1 UID: 0 PID: 13406 Comm: syz.0.2338 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  842.504835][T13406] Tainted: [L]=SOFTLOCKUP
[  842.504841][T13406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  842.504853][T13406] Call Trace:
[  842.504860][T13406]  <TASK>
[  842.504869][T13406]  dump_stack_lvl+0xe8/0x150
[  842.504899][T13406]  should_fail_ex+0x46b/0x600
[  842.504930][T13406]  should_failslab+0xa8/0x100
[  842.504957][T13406]  __kmalloc_noprof+0xdf/0x7b0
[  842.504981][T13406]  ? iovec_from_user+0x87/0x250
[  842.505006][T13406]  iovec_from_user+0x87/0x250
[  842.505025][T13406]  ? trace_kmalloc+0x2a/0x110
[  842.505050][T13406]  __import_iovec+0x163/0x7e0
[  842.505074][T13406]  ? __asan_memset+0x22/0x50
[  842.505105][T13406]  io_import_rw_buffer+0x453/0x730
[  842.505139][T13406]  ? __pfx_io_import_rw_buffer+0x10/0x10
[  842.505159][T13406]  ? percpu_ref_get_many+0x21/0x1e0
[  842.505180][T13406]  ? percpu_ref_get_many+0x21/0x1e0
[  842.505210][T13406]  io_prep_rwv+0x138/0x440
[  842.505234][T13406]  ? __pfx_io_prep_rwv+0x10/0x10
[  842.505260][T13406]  ? __asan_memset+0x22/0x50
[  842.505280][T13406]  ? blk_start_plug_nr_ios+0x7e/0x1c0
[  842.505308][T13406]  io_submit_sqes+0xb35/0x2370
[  842.505362][T13406]  __se_sys_io_uring_enter+0x2d2/0x18c0
[  842.505384][T13406]  ? lockdep_hardirqs_on+0x7a/0x110
[  842.505410][T13406]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  842.505436][T13406]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  842.505460][T13406]  ? fput+0xa0/0xd0
[  842.505480][T13406]  ? ksys_write+0x248/0x270
[  842.505505][T13406]  ? __pfx_ksys_write+0x10/0x10
[  842.505533][T13406]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  842.505559][T13406]  do_syscall_64+0x14d/0xf80
[  842.505580][T13406]  ? trace_irq_disable+0x3b/0x150
[  842.505600][T13406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  842.505618][T13406]  ? clear_bhb_loop+0x40/0x90
[  842.505640][T13406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  842.505658][T13406] RIP: 0033:0x7f6a4fd1c629
[  842.505676][T13406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  842.505692][T13406] RSP: 002b:00007f6a4df76028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  842.505712][T13406] RAX: ffffffffffffffda RBX: 00007f6a4ff95fa0 RCX: 00007f6a4fd1c629
[  842.505726][T13406] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[  842.505737][T13406] RBP: 00007f6a4df76090 R08: 0000000000000000 R09: 0000000000000000
[  842.505749][T13406] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001
[  842.505760][T13406] R13: 00007f6a4ff96038 R14: 00007f6a4ff95fa0 R15: 00007ffcc4b2a828
[  842.505791][T13406]  </TASK>
[  845.476973][ T5951] usb 1-1: new full-speed USB device number 43 using dummy_hcd
[  845.552670][   T36] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  845.591368][T13430] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2346'.
[  845.628446][ T5951] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  845.628506][ T5951] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  845.628540][ T5951] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64
[  845.628564][ T5951] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  845.630001][ T5951] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  845.630025][ T5951] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  845.630043][ T5951] usb 1-1: Manufacturer: syz
[  845.708983][ T5951] usb 1-1: config 0 descriptor??
[  845.712849][   T36] usb 3-1: Using ep0 maxpacket: 8
[  845.716797][   T36] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  845.716838][   T36] usb 3-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00
[  845.716859][   T36] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.725233][   T36] usb 3-1: config 0 descriptor??
[  847.349020][   T36] asus 0003:048D:CE50.0016: hidraw0: USB HID v0.00 Device [HID 048d:ce50] on usb-dummy_hcd.2-1/input0
[  847.349061][   T36] asus 0003:048D:CE50.0016: Asus input not registered
[  847.360798][   T36] asus 0003:048D:CE50.0016: probe with driver asus failed with error -12
[  847.452682][ T5951] rc_core: IR keymap rc-hauppauge not found
[  847.452700][ T5951] Registered IR keymap rc-empty
[  847.455357][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.474046][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.494162][ T5951] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  847.497204][ T5951] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input27
[  847.501238][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.522799][   T36] usb 3-1: USB disconnect, device number 57
[  847.541598][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.553421][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.572854][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.592876][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.612875][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.617305][T13438] fido_id[13438]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  847.654321][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.673034][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.692872][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.712869][ T5951] mceusb 1-1:0.0: Error: mce write urb status = -71
[  847.756107][ T5951] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[  847.756127][ T5951] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  847.779377][ T5951] usb 1-1: USB disconnect, device number 43
[  848.335064][T13457] FAULT_INJECTION: forcing a failure.
[  848.335064][T13457] name failslab, interval 1, probability 0, space 0, times 0
[  848.335099][T13457] CPU: 0 UID: 0 PID: 13457 Comm: syz.5.2345 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  848.335125][T13457] Tainted: [L]=SOFTLOCKUP
[  848.335132][T13457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  848.335143][T13457] Call Trace:
[  848.335151][T13457]  <TASK>
[  848.335159][T13457]  dump_stack_lvl+0xe8/0x150
[  848.335189][T13457]  should_fail_ex+0x46b/0x600
[  848.335220][T13457]  should_failslab+0xa8/0x100
[  848.335247][T13457]  __kmalloc_noprof+0xdf/0x7b0
[  848.335270][T13457]  ? ethnl_default_set_doit+0x16a/0xad0
[  848.335297][T13457]  ethnl_default_set_doit+0x16a/0xad0
[  848.335319][T13457]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  848.335341][T13457]  ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0
[  848.335371][T13457]  genl_family_rcv_msg_doit+0x22a/0x330
[  848.335392][T13457]  ? __asan_memcpy+0x40/0x70
[  848.335417][T13457]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  848.335437][T13457]  ? rcu_is_watching+0x15/0xb0
[  848.335468][T13457]  ? bpf_lsm_capable+0x9/0x20
[  848.335485][T13457]  ? security_capable+0x7e/0x2c0
[  848.335516][T13457]  genl_rcv_msg+0x61c/0x7a0
[  848.335549][T13457]  ? __pfx_genl_rcv_msg+0x10/0x10
[  848.335570][T13457]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  848.335595][T13457]  ? __pfx_ref_tracker_free+0x10/0x10
[  848.335621][T13457]  netlink_rcv_skb+0x232/0x4b0
[  848.335641][T13457]  ? __pfx_genl_rcv_msg+0x10/0x10
[  848.335664][T13457]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  848.335697][T13457]  ? netlink_deliver_tap+0x2e/0x1b0
[  848.335715][T13457]  ? netlink_deliver_tap+0x2e/0x1b0
[  848.335737][T13457]  genl_rcv+0x28/0x40
[  848.335757][T13457]  netlink_unicast+0x831/0x9f0
[  848.335790][T13457]  ? __pfx_netlink_unicast+0x10/0x10
[  848.335816][T13457]  ? netlink_sendmsg+0x650/0xb40
[  848.335833][T13457]  ? skb_put+0x11b/0x210
[  848.335857][T13457]  netlink_sendmsg+0x813/0xb40
[  848.335885][T13457]  ? __pfx_netlink_sendmsg+0x10/0x10
[  848.335912][T13457]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  848.335939][T13457]  ____sys_sendmsg+0xa4e/0xac0
[  848.335969][T13457]  ? __pfx_____sys_sendmsg+0x10/0x10
[  848.336001][T13457]  ? import_iovec+0x73/0xa0
[  848.336025][T13457]  ___sys_sendmsg+0x2a5/0x360
[  848.336053][T13457]  ? __pfx____sys_sendmsg+0x10/0x10
[  848.336115][T13457]  ? __fget_files+0x2a/0x420
[  848.336135][T13457]  ? __fget_files+0x3a6/0x420
[  848.336166][T13457]  __x64_sys_sendmsg+0x1c3/0x2a0
[  848.336191][T13457]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  848.336222][T13457]  ? __pfx_ksys_write+0x10/0x10
[  848.336257][T13457]  do_syscall_64+0x14d/0xf80
[  848.336279][T13457]  ? trace_irq_disable+0x3b/0x150
[  848.336299][T13457]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.336317][T13457]  ? clear_bhb_loop+0x40/0x90
[  848.336340][T13457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  848.336358][T13457] RIP: 0033:0x7f03030bc629
[  848.336376][T13457] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  848.336392][T13457] RSP: 002b:00007f030130e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  848.336412][T13457] RAX: ffffffffffffffda RBX: 00007f0303335fa0 RCX: 00007f03030bc629
[  848.336426][T13457] RDX: 0000000002008040 RSI: 00002000000000c0 RDI: 0000000000000003
[  848.336439][T13457] RBP: 00007f030130e090 R08: 0000000000000000 R09: 0000000000000000
[  848.336450][T13457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  848.336462][T13457] R13: 00007f0303336038 R14: 00007f0303335fa0 R15: 00007ffc63883388
[  848.336492][T13457]  </TASK>
[  848.472810][ T5780] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  849.083794][ T5780] usb 3-1: Using ep0 maxpacket: 32
[  849.101558][ T5780] usb 3-1: config 1 interface 0 altsetting 224 endpoint 0x2 has an invalid bInterval 22, changing to 8
[  849.101592][ T5780] usb 3-1: config 1 interface 0 has no altsetting 0
[  849.160909][ T5780] usb 3-1: New USB device found, idVendor=05ac, idProduct=8102, bcdDevice= 0.40
[  849.160939][ T5780] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  849.160984][ T5780] usb 3-1: Product: 깍䋴綼醪邱鸛㙼ꢕ砤靪ᕅ狀擻⹥유⍀ᮙ뮠﷦例ꊿ欈䉠Κ⵵ꙛ操꺪댙䃖亩럖栛߿幫鱕틫폹贯汆松鋻犁ಫ袍麍俚㑶ꕣꔉ梥풚ᑡꥇ휱શ鐺⁞䥆棅솔㛥৿쐶壏ㇺퟝᦹ넾হ멯鹹䱇埣彣誦番Ⰻ嫼䣀녧⌛ⳳ骣䪌赣
[  849.161035][ T5780] usb 3-1: Manufacturer: ⁉
[  849.161073][ T5780] usb 3-1: SerialNumber: ㅌⴗ♻鷂቎珢⹷୷籰阍ꛌ섻凣▫Ⱞ캇淬璓盳ꔥ⾳埬褑റᐳ㱽揓䷄틴鮍욙䵷㕛ﶻ䜦尓䱛ɓ嫖ጫ⹧䏾쳍ꉌ٠瞗
[  851.289871][ T5780] usbhid 3-1:1.0: can't add hid device: -71
[  851.289977][ T5780] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  851.329744][ T5780] usb 3-1: USB disconnect, device number 58
[  851.722580][ T5951] usb 6-1: new low-speed USB device number 2 using dummy_hcd
[  852.657422][ T5951] usb 6-1: No LPM exit latency info found, disabling LPM.
[  852.659993][ T5951] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 8
[  852.660023][ T5951] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  852.664192][ T5951] usb 6-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.40
[  852.664218][ T5951] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.664236][ T5951] usb 6-1: Product: 㧰蘘ᛋ譴連姴༄產ዌꉵ੧鞟㗥䤒銵ⲻ₞꭯踧란쏼褚ر⭩↦䃒柄ಁ葋퇤㇇힫첑氢氺鴹풳큟䮗抭靿艹뿘芊햧츥ｰ玀江䤷䄺㯓称앷떶ꖃ⏘ȃ坩㎌阩柚鑰龿ꬓ镆迌뫆䯢ꟅჾⰠ๯㓀鑵샾딽ꔺ䤧ᛩ䚆䂾콄࿿෉維燁緒簫鞇᯴늏뿉碣錂酽含زォ
[  852.664266][ T5951] usb 6-1: SerialNumber: Т
[  852.677283][T13484] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  852.677454][T13484] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  854.393148][T13482] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(7)
[  854.393176][T13482] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  854.450662][T13482] vhci_hcd vhci_hcd.0: Device attached
[  855.643714][T13511] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[  855.643742][T13511] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  855.643899][T13511] vhci_hcd vhci_hcd.0: Device attached
[  855.973125][ T5948] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[  856.217290][T13512] vhci_hcd: connection closed
[  856.217762][   T13] vhci_hcd vhci_hcd.5: stop threads
[  856.217781][   T13] vhci_hcd vhci_hcd.5: release socket
[  856.217828][   T13] vhci_hcd vhci_hcd.5: disconnect device
[  856.218234][T13504] vhci_hcd: connection reset by peer
[  856.219306][   T13] vhci_hcd vhci_hcd.5: stop threads
[  856.219322][   T13] vhci_hcd vhci_hcd.5: release socket
[  856.219392][   T13] vhci_hcd vhci_hcd.5: disconnect device
[  856.282727][ T5951] usbhid 6-1:1.0: can't add hid device: -71
[  856.285183][ T5951] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  856.356587][ T5951] usb 6-1: USB disconnect, device number 2
[  856.513183][T13520] x_tables: ip6_tables: TEE.1 target: invalid size 40 (kernel) != (user) 48
[  856.597036][T13523] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2372'.
[  857.652902][T13526] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2373'.
[  857.835119][T13534] syzkaller1: entered promiscuous mode
[  857.835143][T13534] syzkaller1: entered allmulticast mode
[  861.558430][T13580] netlink: 'syz.1.2381': attribute type 21 has an invalid length.
[  861.558453][T13580] netlink: 'syz.1.2381': attribute type 30 has an invalid length.
[  862.914139][ T5948] vhci_hcd vhci_hcd.5: vhci_device speed not set
[  863.737228][T13597] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2387'.
[  866.643233][T12284] usb usb44-port1: attempt power cycle
[  867.252619][T12284] usb usb44-port1: unable to enumerate USB device
[  867.522576][T13621] overlayfs: failed to clone upperpath
[  867.682783][   T37] audit: type=1326 audit(2000000100.700:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.682824][   T37] audit: type=1326 audit(2000000100.700:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.687711][   T37] audit: type=1326 audit(2000000100.710:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.687754][   T37] audit: type=1326 audit(2000000100.710:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.687798][   T37] audit: type=1326 audit(2000000100.710:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.722594][   T37] audit: type=1326 audit(2000000100.740:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.722638][   T37] audit: type=1326 audit(2000000100.740:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.722676][   T37] audit: type=1326 audit(2000000100.740:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.722710][   T37] audit: type=1326 audit(2000000100.740:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  867.722743][   T37] audit: type=1326 audit(2000000100.740:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13623 comm="syz.0.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f6a4fd1c629 code=0x7ffc0000
[  869.522761][T13646] tmpfs: User quota block hardlimit too large.
[  869.618255][T13650] overlayfs: failed to resolve './file1': -2
[  869.719092][T13656] overlay: ./file0 is not a directory
[  871.032557][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  871.670919][T13672] netlink: 'syz.5.2406': attribute type 19 has an invalid length.
[  871.670934][T13672] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2406'.
[  871.679437][T13672] netlink: 'syz.5.2406': attribute type 19 has an invalid length.
[  871.679450][T13672] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2406'.
[  871.689939][ T1116] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  871.691079][ T1116] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  871.691131][ T1116] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  871.691163][ T1116] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  874.792561][   T36] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  874.951035][   T36] usb 6-1: config 0 interface 0 has no altsetting 0
[  874.951074][   T36] usb 6-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  874.951097][   T36] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.340848][   T36] usb 6-1: config 0 descriptor??
[  876.868695][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  876.869564][   T36] usbhid 6-1:0.0: can't add hid device: -71
[  876.869661][   T36] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  876.923021][   T36] usb 6-1: USB disconnect, device number 3
[  878.949361][T13741] Device name cannot be null; rc = [-22]
[  879.263900][T13743] netlink: 168 bytes leftover after parsing attributes in process `syz.5.2426'.
[  880.113586][T13747] Device name cannot be null; rc = [-22]
[  880.242569][T13749] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2427'.
[  880.920714][T13760] exFAT-fs (loop1): unable to read boot sector
[  880.920733][T13760] exFAT-fs (loop1): failed to read boot sector
[  880.920743][T13760] exFAT-fs (loop1): failed to recognize exfat type
[  884.406979][T13789] Device name cannot be null; rc = [-22]
[  884.519593][T13791] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2439'.
[  884.635523][T13787] netlink: 'syz.5.2438': attribute type 3 has an invalid length.
[  884.989024][ T8385] IPVS: starting estimator thread 0...
[  885.204935][T13793] IPVS: using max 8 ests per chain, 19200 per kthread
[  885.491737][T13805] netlink: 'syz.3.2441': attribute type 20 has an invalid length.
[  885.491774][T13805] IPv6: NLM_F_CREATE should be specified when creating new route
[  885.639601][T13810] netlink: 'syz.5.2446': attribute type 10 has an invalid length.
[  885.639622][T13810] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2446'.
[  885.700976][T13811] netlink: 428 bytes leftover after parsing attributes in process `syz.0.2445'.
[  885.712724][ T5948] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  885.838247][T13810] batadv0: entered promiscuous mode
[  885.838273][T13810] batadv0: entered allmulticast mode
[  885.839434][T13810] bridge0: port 3(batadv0) entered blocking state
[  885.839630][T13810] bridge0: port 3(batadv0) entered disabled state
[  885.852365][T13810] bridge0: port 3(batadv0) entered blocking state
[  885.858313][T13810] bridge0: port 3(batadv0) entered forwarding state
[  885.860989][T13811] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2445'.
[  885.895106][ T5948] usb 2-1: Using ep0 maxpacket: 16
[  885.897408][ T5948] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  885.897436][ T5948] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  885.897470][ T5948] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  885.897491][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.937015][ T5948] usb 2-1: config 0 descriptor??
[  886.286279][   T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  886.286298][   T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  886.605382][ T8385] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  886.826307][ T8385] usb 3-1: Using ep0 maxpacket: 16
[  887.278166][ T5948] usb 2-1: string descriptor 0 read error: -71
[  887.312679][ T5948] usb 2-1: Max retries (5) exceeded reading string descriptor 200
[  887.312760][ T5948] letsketch 0003:6161:4D15.0017: probe with driver letsketch failed with error -32
[  887.336915][ T5948] usb 2-1: USB disconnect, device number 58
[  887.434426][ T8385] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  887.434453][ T8385] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  887.434469][ T8385] usb 3-1: config 0 has no interface number 0
[  887.445128][ T8385] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  887.445156][ T8385] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  887.445173][ T8385] usb 3-1: Product: syz
[  887.445188][ T8385] usb 3-1: Manufacturer: syz
[  887.445201][ T8385] usb 3-1: SerialNumber: syz
[  887.450137][ T8385] usb 3-1: config 0 descriptor??
[  887.455942][ T8385] uvcvideo 3-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  887.455971][ T8385] uvcvideo 3-1:0.105: No valid video chain found.
[  887.969405][T13852] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  890.221860][ T8385] usb 3-1: USB disconnect, device number 59
[  890.403335][ T8718] bond0 (unregistering): Released all slaves
[  890.450492][ T8718] bond1 (unregistering): Released all slaves
[  890.522990][T13837] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  890.524812][T13850] bridge0: adding interface bridge0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  890.535911][T13868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2464'.
[  891.609039][T13883] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2468'.
[  891.634275][T13876] serio: Serial port pty31
[  892.559522][ T8718] tipc: Left network mode
[  892.683955][ T6371] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  892.942605][ T6371] usb 6-1: Using ep0 maxpacket: 16
[  892.944733][ T6371] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  892.944757][ T6371] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  892.944775][ T6371] usb 6-1: config 0 has no interface number 0
[  892.947355][ T6371] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  892.947381][ T6371] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  892.947399][ T6371] usb 6-1: Product: syz
[  892.947413][ T6371] usb 6-1: Manufacturer: syz
[  892.947426][ T6371] usb 6-1: SerialNumber: syz
[  892.954204][ T6371] usb 6-1: config 0 descriptor??
[  892.959773][ T6371] uvcvideo 6-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  892.959801][ T6371] uvcvideo 6-1:0.105: No valid video chain found.
[  893.769935][T13911] FAULT_INJECTION: forcing a failure.
[  893.769935][T13911] name failslab, interval 1, probability 0, space 0, times 0
[  893.769975][T13911] CPU: 1 UID: 0 PID: 13911 Comm: syz.0.2479 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  893.770031][T13911] Tainted: [L]=SOFTLOCKUP
[  893.770046][T13911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  893.770068][T13911] Call Trace:
[  893.770076][T13911]  <TASK>
[  893.770085][T13911]  dump_stack_lvl+0xe8/0x150
[  893.770116][T13911]  should_fail_ex+0x46b/0x600
[  893.770147][T13911]  should_failslab+0xa8/0x100
[  893.770181][T13911]  __kvmalloc_node_noprof+0x170/0x8e0
[  893.770205][T13911]  ? __fget_files+0x2a/0x420
[  893.770225][T13911]  ? vmemdup_user+0x2b/0xd0
[  893.770253][T13911]  vmemdup_user+0x2b/0xd0
[  893.770274][T13911]  map_get_next_key+0x1c9/0x630
[  893.770297][T13911]  ? bpf_lsm_bpf+0x9/0x20
[  893.770312][T13911]  ? security_bpf+0x7e/0x2d0
[  893.770343][T13911]  __sys_bpf+0x768/0x950
[  893.770365][T13911]  ? __pfx___sys_bpf+0x10/0x10
[  893.770383][T13911]  ? rt_mutex_slowunlock+0x1cb/0x300
[  893.770417][T13911]  ? ksys_write+0x248/0x270
[  893.770441][T13911]  ? __pfx_ksys_write+0x10/0x10
[  893.770468][T13911]  __x64_sys_bpf+0x7c/0x90
[  893.770488][T13911]  do_syscall_64+0x14d/0xf80
[  893.770509][T13911]  ? trace_irq_disable+0x3b/0x150
[  893.770528][T13911]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  893.770546][T13911]  ? clear_bhb_loop+0x40/0x90
[  893.770566][T13911]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  893.770583][T13911] RIP: 0033:0x7f6a4fd1c629
[  893.770601][T13911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  893.770616][T13911] RSP: 002b:00007f6a4df76028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  893.770637][T13911] RAX: ffffffffffffffda RBX: 00007f6a4ff95fa0 RCX: 00007f6a4fd1c629
[  893.770650][T13911] RDX: 0000000000000020 RSI: 0000200000000140 RDI: 0000000000000004
[  893.770662][T13911] RBP: 00007f6a4df76090 R08: 0000000000000000 R09: 0000000000000000
[  893.770674][T13911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  893.770686][T13911] R13: 00007f6a4ff96038 R14: 00007f6a4ff95fa0 R15: 00007ffcc4b2a828
[  893.770714][T13911]  </TASK>
[  893.812572][ T8385] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  893.996697][ T8385] usb 3-1: Using ep0 maxpacket: 16
[  893.998979][ T8385] usb 3-1: config index 0 descriptor too short (expected 65, got 36)
[  893.999027][ T8385] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  893.999051][ T8385] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 238, changing to 11
[  893.999074][ T8385] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 58880, setting to 1024
[  893.999099][ T8385] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  893.999136][ T8385] usb 3-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  893.999164][ T8385] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.009041][ T8385] usb 3-1: config 0 descriptor??
[  894.009962][T13902] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  894.036977][ T8385] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input31
[  894.241031][T13902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  894.241517][T13902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  894.255435][ T6371] usb 3-1: USB disconnect, device number 60
[  894.280650][T13918] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  894.595064][T13928] FAULT_INJECTION: forcing a failure.
[  894.595064][T13928] name failslab, interval 1, probability 0, space 0, times 0
[  894.595107][T13928] CPU: 1 UID: 0 PID: 13928 Comm: syz.0.2486 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  894.595122][T13928] Tainted: [L]=SOFTLOCKUP
[  894.595126][T13928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  894.595132][T13928] Call Trace:
[  894.595139][T13928]  <TASK>
[  894.595147][T13928]  dump_stack_lvl+0xe8/0x150
[  894.595177][T13928]  should_fail_ex+0x46b/0x600
[  894.595209][T13928]  should_failslab+0xa8/0x100
[  894.595236][T13928]  __kmalloc_noprof+0xdf/0x7b0
[  894.595253][T13928]  ? tomoyo_encode+0x28b/0x550
[  894.595270][T13928]  tomoyo_encode+0x28b/0x550
[  894.595287][T13928]  tomoyo_mount_permission+0x3a2/0x9d0
[  894.595302][T13928]  ? stack_depot_save_flags+0x33/0x810
[  894.595317][T13928]  ? terminate_walk+0x3d7/0x510
[  894.595327][T13928]  ? tomoyo_mount_permission+0x2b3/0x9d0
[  894.595343][T13928]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  894.595384][T13928]  security_sb_mount+0xe4/0x320
[  894.595396][T13928]  path_mount+0xbc/0x10e0
[  894.595407][T13928]  ? user_path_at+0xd4/0x160
[  894.595422][T13928]  ? user_path_at+0xd4/0x160
[  894.595436][T13928]  __se_sys_mount+0x31d/0x420
[  894.595449][T13928]  ? __pfx___se_sys_mount+0x10/0x10
[  894.595460][T13928]  ? __se_sys_mkdirat+0xc9/0x150
[  894.595477][T13928]  ? __x64_sys_mount+0x20/0xc0
[  894.595490][T13928]  do_syscall_64+0x14d/0xf80
[  894.595503][T13928]  ? trace_irq_disable+0x3b/0x150
[  894.595514][T13928]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.595525][T13928]  ? clear_bhb_loop+0x40/0x90
[  894.595537][T13928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  894.595547][T13928] RIP: 0033:0x7f6a4fd1c629
[  894.595558][T13928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  894.595567][T13928] RSP: 002b:00007f6a4df76028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  894.595579][T13928] RAX: ffffffffffffffda RBX: 00007f6a4ff95fa0 RCX: 00007f6a4fd1c629
[  894.595586][T13928] RDX: 0000200000000480 RSI: 0000200000000000 RDI: 0000000000000000
[  894.595593][T13928] RBP: 00007f6a4df76090 R08: 0000200000001000 R09: 0000000000000000
[  894.595600][T13928] R10: 0000000000004014 R11: 0000000000000246 R12: 0000000000000001
[  894.595606][T13928] R13: 00007f6a4ff96038 R14: 00007f6a4ff95fa0 R15: 00007ffcc4b2a828
[  894.595622][T13928]  </TASK>
[  895.687757][ T8385] usb 6-1: USB disconnect, device number 4
[  897.717925][ T8718] hsr_slave_0: left promiscuous mode
[  897.756142][ T8718] hsr_slave_1: left promiscuous mode
[  897.803967][ T8718] veth0_macvtap: left promiscuous mode
[  897.804138][ T8718] veth1_vlan: left promiscuous mode
[  897.804294][ T8718] veth0_vlan: left promiscuous mode
[  897.842604][ T5951] usb 1-1: new full-speed USB device number 44 using dummy_hcd
[  897.872538][T13976] 9p: Bad value for 'wfdno'
[  897.982569][ T6371] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  897.994679][ T5951] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[  897.994724][ T5951] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  897.994749][ T5951] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  897.994787][ T5951] usb 1-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[  897.994807][ T5951] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.004189][ T5951] usb 1-1: config 0 descriptor??
[  898.005018][T13968] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  898.142715][ T6371] usb 3-1: Using ep0 maxpacket: 16
[  898.144898][ T6371] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  898.144922][ T6371] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  898.144940][ T6371] usb 3-1: config 0 has no interface number 0
[  898.164503][T12284] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  898.173493][ T6371] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  898.173519][ T6371] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  898.173537][ T6371] usb 3-1: Product: syz
[  898.173551][ T6371] usb 3-1: Manufacturer: syz
[  898.173564][ T6371] usb 3-1: SerialNumber: syz
[  898.225348][ T6371] usb 3-1: config 0 descriptor??
[  898.252816][ T6371] uvcvideo 3-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[  898.252854][ T6371] uvcvideo 3-1:0.105: No valid video chain found.
[  898.312579][T12284] usb 2-1: Using ep0 maxpacket: 16
[  898.315486][T12284] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  898.315510][T12284] usb 2-1: config 0 has an invalid descriptor of length 107, skipping remainder of the config
[  898.315529][T12284] usb 2-1: config 0 has no interface number 0
[  898.319235][T12284] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  898.319260][T12284] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  898.319326][T12284] usb 2-1: Product: syz
[  898.319340][T12284] usb 2-1: Manufacturer: syz
[  898.319354][T12284] usb 2-1: SerialNumber: syz
[  898.350179][T12284] usb 2-1: config 0 descriptor??
[  898.520163][ T5951] input: HID 28bd:0909 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28BD:0909.0018/input/input33
[  898.743610][ T5951] uclogic 0003:28BD:0909.0018: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.0-1/input0
[  898.767828][ T5951] usb 1-1: USB disconnect, device number 44
[  900.113283][T13987] fido_id[13987]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  900.746594][T12282] usb 3-1: USB disconnect, device number 61
[  900.778467][ T5951] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  900.933809][ T5951] usb 1-1: Using ep0 maxpacket: 8
[  900.934383][T12284] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046d:08d3)
[  900.934459][T12284] uvcvideo 2-1:0.105: No valid video chain found.
[  900.953244][ T5951] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  900.953273][ T5951] usb 1-1: config 179 has no interface number 0
[  900.953316][ T5951] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  900.953341][ T5951] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  900.953365][ T5951] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  900.953389][ T5951] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  900.953413][ T5951] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  900.953451][ T5951] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  900.953471][ T5951] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  900.964518][T12284] usb 2-1: USB disconnect, device number 59
[  901.026480][T13991] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  901.299968][T14000] FAULT_INJECTION: forcing a failure.
[  901.299968][T14000] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  901.300001][T14000] CPU: 1 UID: 0 PID: 14000 Comm: syz.1.2512 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  901.300025][T14000] Tainted: [L]=SOFTLOCKUP
[  901.300031][T14000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  901.300041][T14000] Call Trace:
[  901.300049][T14000]  <TASK>
[  901.300057][T14000]  dump_stack_lvl+0xe8/0x150
[  901.300086][T14000]  should_fail_ex+0x46b/0x600
[  901.300118][T14000]  _copy_to_user+0x31/0xb0
[  901.300141][T14000]  simple_read_from_buffer+0xe1/0x170
[  901.300170][T14000]  proc_fail_nth_read+0x1be/0x230
[  901.300193][T14000]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  901.300215][T14000]  ? rw_verify_area+0x2ac/0x4e0
[  901.300238][T14000]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  901.300259][T14000]  vfs_read+0x212/0xa80
[  901.300289][T14000]  ? __pfx_vfs_read+0x10/0x10
[  901.300313][T14000]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  901.300337][T14000]  ? lockdep_hardirqs_on+0x7a/0x110
[  901.300359][T14000]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  901.300381][T14000]  ? mutex_lock_nested+0x152/0x1d0
[  901.300398][T14000]  ? fdget_pos+0x252/0x320
[  901.300425][T14000]  ksys_read+0x156/0x270
[  901.300456][T14000]  ? __pfx_ksys_read+0x10/0x10
[  901.300477][T14000]  ? __pfx_v4l2_ioctl+0x10/0x10
[  901.300514][T14000]  do_syscall_64+0x14d/0xf80
[  901.300535][T14000]  ? trace_irq_disable+0x3b/0x150
[  901.300556][T14000]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.300574][T14000]  ? clear_bhb_loop+0x40/0x90
[  901.300596][T14000]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.300614][T14000] RIP: 0033:0x7f8e58a8cece
[  901.300631][T14000] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  901.300647][T14000] RSP: 002b:00007f8e56d1dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  901.300668][T14000] RAX: ffffffffffffffda RBX: 00007f8e56d1e6c0 RCX: 00007f8e58a8cece
[  901.300682][T14000] RDX: 000000000000000f RSI: 00007f8e56d1e0a0 RDI: 0000000000000004
[  901.300694][T14000] RBP: 00007f8e56d1e090 R08: 0000000000000000 R09: 0000000000000000
[  901.300706][T14000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  901.300718][T14000] R13: 00007f8e58d46038 R14: 00007f8e58d45fa0 R15: 00007ffdd9f16bf8
[  901.300746][T14000]  </TASK>
[  901.574418][T14005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  901.574964][T14005] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  904.428509][ T8385] usb 1-1: USB disconnect, device number 45
[  904.459530][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  904.459602][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  904.514289][    C0] ==================================================================
[  904.514307][    C0] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60
[  904.514340][    C0] Read of size 1 at addr ffff88803d667070 by task ktimers/0/16
[  904.514358][    C0] 
[  904.514372][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  904.514400][    C0] Tainted: [L]=SOFTLOCKUP
[  904.514408][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  904.514421][    C0] Call Trace:
[  904.514429][    C0]  <TASK>
[  904.514439][    C0]  dump_stack_lvl+0xe8/0x150
[  904.514466][    C0]  print_report+0xba/0x230
[  904.514491][    C0]  ? _raw_spin_lock_irqsave+0x40/0x60
[  904.514514][    C0]  kasan_report+0x117/0x150
[  904.514539][    C0]  ? irqentry_exit+0x59e/0x620
[  904.514564][    C0]  ? _raw_spin_lock_irqsave+0x40/0x60
[  904.514590][    C0]  __kasan_check_byte+0x2a/0x40
[  904.514616][    C0]  lock_acquire+0x79/0x2e0
[  904.514645][    C0]  ? rcu_is_watching+0x15/0xb0
[  904.514668][    C0]  _raw_spin_lock_irqsave+0x40/0x60
[  904.514691][    C0]  ? rt_spin_lock+0x157/0x400
[  904.514710][    C0]  rt_spin_lock+0x157/0x400
[  904.514730][    C0]  ? __pfx_rt_spin_lock+0x10/0x10
[  904.514752][    C0]  ? rt_spin_unlock+0x160/0x200
[  904.514772][    C0]  __wake_up_common_lock+0x2f/0x1e0
[  904.514803][    C0]  __usb_hcd_giveback_urb+0x419/0x5e0
[  904.514835][    C0]  dummy_timer+0x8a6/0x4710
[  904.514860][    C0]  ? try_to_take_rt_mutex+0x840/0xb00
[  904.514894][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  904.514916][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  904.514937][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  904.514962][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  904.514980][    C0]  __hrtimer_run_queues+0x55f/0xda0
[  904.515010][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  904.515031][    C0]  ? read_tsc+0x9/0x20
[  904.515059][    C0]  hrtimer_run_softirq+0x192/0x5d0
[  904.515084][    C0]  handle_softirqs+0x1de/0x6f0
[  904.515114][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[  904.515141][    C0]  run_ktimerd+0x69/0x100
[  904.515168][    C0]  smpboot_thread_fn+0x541/0xa50
[  904.515195][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[  904.515232][    C0]  kthread+0x388/0x470
[  904.515253][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  904.515279][    C0]  ? __pfx_kthread+0x10/0x10
[  904.515299][    C0]  ret_from_fork+0x51e/0xb90
[  904.515325][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  904.515350][    C0]  ? __switch_to+0xc7d/0x1450
[  904.515374][    C0]  ? __pfx_kthread+0x10/0x10
[  904.515393][    C0]  ret_from_fork_asm+0x1a/0x30
[  904.515419][    C0]  </TASK>
[  904.515427][    C0] 
[  904.515432][    C0] Allocated by task 5951:
[  904.515442][    C0]  kasan_save_track+0x3e/0x80
[  904.515464][    C0]  __kasan_kmalloc+0x93/0xb0
[  904.515485][    C0]  __kmalloc_cache_noprof+0x3a6/0x690
[  904.515509][    C0]  xpad_probe+0x428/0x1fd0
[  904.515531][    C0]  usb_probe_interface+0x668/0xc90
[  904.515555][    C0]  really_probe+0x267/0xaf0
[  904.515572][    C0]  __driver_probe_device+0x18c/0x320
[  904.515596][    C0]  driver_probe_device+0x4f/0x240
[  904.515620][    C0]  __device_attach_driver+0x2d4/0x4c0
[  904.515645][    C0]  bus_for_each_drv+0x25b/0x2f0
[  904.515664][    C0]  __device_attach+0x2c8/0x450
[  904.515686][    C0]  device_initial_probe+0xa1/0xd0
[  904.515710][    C0]  bus_probe_device+0x12d/0x220
[  904.515729][    C0]  device_add+0x7b6/0xb80
[  904.515750][    C0]  usb_set_configuration+0x1a87/0x2110
[  904.515773][    C0]  usb_generic_driver_probe+0x8d/0x150
[  904.515796][    C0]  usb_probe_device+0x1c4/0x3b0
[  904.515818][    C0]  really_probe+0x267/0xaf0
[  904.515834][    C0]  __driver_probe_device+0x18c/0x320
[  904.515857][    C0]  driver_probe_device+0x4f/0x240
[  904.515882][    C0]  __device_attach_driver+0x2d4/0x4c0
[  904.515906][    C0]  bus_for_each_drv+0x25b/0x2f0
[  904.515926][    C0]  __device_attach+0x2c8/0x450
[  904.515949][    C0]  device_initial_probe+0xa1/0xd0
[  904.515972][    C0]  bus_probe_device+0x12d/0x220
[  904.515991][    C0]  device_add+0x7b6/0xb80
[  904.516012][    C0]  usb_new_device+0x9f8/0x16e0
[  904.516031][    C0]  hub_event+0x2a49/0x4f60
[  904.516052][    C0]  process_scheduled_works+0xb02/0x1830
[  904.516075][    C0]  worker_thread+0xa50/0xfc0
[  904.516097][    C0]  kthread+0x388/0x470
[  904.516113][    C0]  ret_from_fork+0x51e/0xb90
[  904.516135][    C0]  ret_from_fork_asm+0x1a/0x30
[  904.516151][    C0] 
[  904.516156][    C0] Freed by task 8385:
[  904.516166][    C0]  kasan_save_track+0x3e/0x80
[  904.516187][    C0]  kasan_save_free_info+0x46/0x50
[  904.516205][    C0]  __kasan_slab_free+0x5c/0x80
[  904.516233][    C0]  kfree+0x1c1/0x6c0
[  904.516252][    C0]  xpad_disconnect+0x350/0x480
[  904.516274][    C0]  usb_unbind_interface+0x26e/0x910
[  904.516297][    C0]  device_release_driver_internal+0x4d9/0x870
[  904.516322][    C0]  bus_remove_device+0x352/0x440
[  904.516342][    C0]  device_del+0x52b/0x900
[  904.516363][    C0]  usb_disable_device+0x3d4/0x8d0
[  904.516385][    C0]  usb_disconnect+0x315/0x970
[  904.516403][    C0]  hub_event+0x1cf9/0x4f60
[  904.516425][    C0]  process_scheduled_works+0xb02/0x1830
[  904.516446][    C0]  worker_thread+0xa50/0xfc0
[  904.516468][    C0]  kthread+0x388/0x470
[  904.516484][    C0]  ret_from_fork+0x51e/0xb90
[  904.516506][    C0]  ret_from_fork_asm+0x1a/0x30
[  904.516522][    C0] 
[  904.516528][    C0] The buggy address belongs to the object at ffff88803d667000
[  904.516528][    C0]  which belongs to the cache kmalloc-1k of size 1024
[  904.516546][    C0] The buggy address is located 112 bytes inside of
[  904.516546][    C0]  freed 1024-byte region [ffff88803d667000, ffff88803d667400)
[  904.516569][    C0] 
[  904.516574][    C0] The buggy address belongs to the physical page:
[  904.516586][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3d660
[  904.516605][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  904.516623][    C0] flags: 0x80000000000040(head|node=0|zone=1)
[  904.516639][    C0] page_type: f5(slab)
[  904.516658][    C0] raw: 0080000000000040 ffff88813fe1cdc0 dead000000000100 dead000000000122
[  904.516674][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  904.516692][    C0] head: 0080000000000040 ffff88813fe1cdc0 dead000000000100 dead000000000122
[  904.516709][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  904.516726][    C0] head: 0080000000000003 ffffea0000f59801 00000000ffffffff 00000000ffffffff
[  904.516743][    C0] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  904.516754][    C0] page dumped because: kasan: bad access detected
[  904.516764][    C0] page_owner tracks the page as allocated
[  904.516772][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5541, tgid 5541 (S50sshd), ts 47680568800, free_ts 47573710351
[  904.516808][    C0]  post_alloc_hook+0x231/0x280
[  904.516831][    C0]  get_page_from_freelist+0x28bb/0x2950
[  904.516849][    C0]  __alloc_frozen_pages_noprof+0x18d/0x380
[  904.516867][    C0]  allocate_slab+0x77/0x660
[  904.516885][    C0]  refill_objects+0x334/0x3c0
[  904.516902][    C0]  __pcs_replace_empty_main+0x328/0x5f0
[  904.516922][    C0]  __kmalloc_noprof+0x530/0x7b0
[  904.516944][    C0]  tomoyo_init_log+0x1aaf/0x1fb0
[  904.516969][    C0]  tomoyo_supervisor+0x353/0x1570
[  904.516993][    C0]  tomoyo_env_perm+0x151/0x1f0
[  904.517012][    C0]  tomoyo_find_next_domain+0x15cd/0x1aa0
[  904.517032][    C0]  tomoyo_bprm_check_security+0x11c/0x180
[  904.517059][    C0]  security_bprm_check+0x85/0x240
[  904.517084][    C0]  bprm_execve+0x896/0x1460
[  904.517105][    C0]  do_execveat_common+0x50d/0x690
[  904.517127][    C0]  __x64_sys_execve+0x97/0xc0
[  904.517148][    C0] page last free pid 5537 tgid 5537 stack trace:
[  904.517161][    C0]  __free_frozen_pages+0xfe3/0x1170
[  904.517184][    C0]  __slab_free+0x24f/0x2a0
[  904.517211][    C0]  qlist_free_all+0x97/0x100
[  904.517232][    C0]  kasan_quarantine_reduce+0x148/0x160
[  904.517253][    C0]  __kasan_slab_alloc+0x22/0x80
[  904.517275][    C0]  kmem_cache_alloc_noprof+0x33b/0x680
[  904.517298][    C0]  vm_area_dup+0x2b/0x670
[  904.517315][    C0]  __split_vma+0x1e4/0xa30
[  904.517333][    C0]  vms_gather_munmap_vmas+0x4fa/0x1370
[  904.517352][    C0]  mmap_region+0x87f/0x2230
[  904.517371][    C0]  do_mmap+0xc2f/0x10c0
[  904.517390][    C0]  vm_mmap_pgoff+0x2cc/0x4f0
[  904.517411][    C0]  ksys_mmap_pgoff+0x4e8/0x720
[  904.517432][    C0]  do_syscall_64+0x14d/0xf80
[  904.517453][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  904.517471][    C0] 
[  904.517477][    C0] Memory state around the buggy address:
[  904.517488][    C0]  ffff88803d666f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  904.517502][    C0]  ffff88803d666f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  904.517516][    C0] >ffff88803d667000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  904.517526][    C0]                                                              ^
[  904.517538][    C0]  ffff88803d667080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  904.517552][    C0]  ffff88803d667100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  904.517562][    C0] ==================================================================
[  904.517589][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  904.517607][    C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  904.517635][    C0] Tainted: [L]=SOFTLOCKUP
[  904.517642][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  904.517655][    C0] Call Trace:
[  904.517663][    C0]  <TASK>
[  904.517671][    C0]  vpanic+0x56c/0xa60
[  904.517700][    C0]  ? __pfx_vpanic+0x10/0x10
[  904.517729][    C0]  panic+0xc5/0xd0
[  904.517754][    C0]  ? __pfx_panic+0x10/0x10
[  904.517780][    C0]  ? _raw_spin_lock_irqsave+0x40/0x60
[  904.517802][    C0]  ? rcu_is_watching+0x15/0xb0
[  904.517824][    C0]  ? _raw_spin_lock_irqsave+0x40/0x60
[  904.517847][    C0]  ? _raw_spin_lock_irqsave+0x40/0x60
[  904.517870][    C0]  check_panic_on_warn+0x89/0xb0
[  904.517891][    C0]  ? _raw_spin_lock_irqsave+0x40/0x60
[  904.517914][    C0]  end_report+0x73/0x180
[  904.517938][    C0]  ? _raw_spin_lock_irqsave+0x40/0x60
[  904.517961][    C0]  kasan_report+0x128/0x150
[  904.517984][    C0]  ? irqentry_exit+0x59e/0x620
[  904.518008][    C0]  ? _raw_spin_lock_irqsave+0x40/0x60
[  904.518034][    C0]  __kasan_check_byte+0x2a/0x40
[  904.518060][    C0]  lock_acquire+0x79/0x2e0
[  904.518087][    C0]  ? rcu_is_watching+0x15/0xb0
[  904.518108][    C0]  _raw_spin_lock_irqsave+0x40/0x60
[  904.518130][    C0]  ? rt_spin_lock+0x157/0x400
[  904.518149][    C0]  rt_spin_lock+0x157/0x400
[  904.518169][    C0]  ? __pfx_rt_spin_lock+0x10/0x10
[  904.518190][    C0]  ? rt_spin_unlock+0x160/0x200
[  904.518216][    C0]  __wake_up_common_lock+0x2f/0x1e0
[  904.518246][    C0]  __usb_hcd_giveback_urb+0x419/0x5e0
[  904.518276][    C0]  dummy_timer+0x8a6/0x4710
[  904.518301][    C0]  ? try_to_take_rt_mutex+0x840/0xb00
[  904.518335][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  904.518356][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  904.518376][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  904.518401][    C0]  ? __pfx_dummy_timer+0x10/0x10
[  904.518419][    C0]  __hrtimer_run_queues+0x55f/0xda0
[  904.518449][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  904.518468][    C0]  ? read_tsc+0x9/0x20
[  904.518494][    C0]  hrtimer_run_softirq+0x192/0x5d0
[  904.518520][    C0]  handle_softirqs+0x1de/0x6f0
[  904.518548][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[  904.518575][    C0]  run_ktimerd+0x69/0x100
[  904.518601][    C0]  smpboot_thread_fn+0x541/0xa50
[  904.518628][    C0]  ? smpboot_thread_fn+0x4d/0xa50
[  904.518659][    C0]  kthread+0x388/0x470
[  904.518678][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  904.518704][    C0]  ? __pfx_kthread+0x10/0x10
[  904.518724][    C0]  ret_from_fork+0x51e/0xb90
[  904.518749][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  904.518773][    C0]  ? __switch_to+0xc7d/0x1450
[  904.518797][    C0]  ? __pfx_kthread+0x10/0x10
[  904.518817][    C0]  ret_from_fork_asm+0x1a/0x30
[  904.518842][    C0]  </TASK>
[  904.519185][    C0] Kernel Offset: disabled