last executing test programs:

4m29.85309675s ago: executing program 2 (id=3242):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4, 0x6, 0x8}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

4m28.499983458s ago: executing program 2 (id=3248):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@ipv6_newrule={0x4c, 0x20, 0x1, 0x0, 0x0, {0xa, 0x80, 0x14, 0x0, 0x0, 0x0, 0x0, 0x7, 0x10017}, [@FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @FIB_RULE_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e22, 0x4e22}}, @FRA_DST={0x14, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}, 0x4c}}, 0x40000)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
close(r2)
read(r2, &(0x7f0000000100)=""/71, 0x47)
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000380)=""/206)
connect$can_bcm(r1, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="0400"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=r1, @ANYRES64, @ANYBLOB="0000000001"], 0x48}}, 0x0)
r3 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
request_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)='abcdefghijklmnop', 0x0)
request_key(&(0x7f0000001d40)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0xfffffffffffffffe)
r4 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2982, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
sendfile(r5, r6, 0x0, 0x20000023896)
ioctl$TCXONC(r5, 0x540a, 0x0)
r7 = dup3(r3, r4, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x3c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0x6c}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}}, 0x4000080)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x20000090)
recvmsg(r7, &(0x7f0000000240)={&(0x7f00000000c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80}, 0x40)
r11 = openat$cgroup_ro(r7, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xd, 0x10012, r11, 0x0)
write$binfmt_register(0xffffffffffffffff, 0x0, 0x0)

4m26.472676209s ago: executing program 2 (id=3252):
r0 = openat$proc_mixer(0xffffff9c, &(0x7f0000000000)='/proc/asound/card2/oss_mixer\x00', 0x24000, 0x0)
fchmod(r0, 0x10)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_changed={{0x2d, 0x9}, {0x8, 0xc9, 0x9, 0x9, 0x6, 0x7}}}, 0xc)
r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x1ff, 0x80201)
ioctl$SNDRV_PCM_IOCTL_PREPARE(r1, 0x4140, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x0, <r2=>0xffffffffffffffff})
splice(r2, &(0x7f0000000100)=0x9, 0xffffffffffffffff, &(0x7f0000000140)=0x2, 0x8000, 0x2)
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000180)='./cgroup/syz1\x00', 0x1ff)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200014}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x4, 0x1, 0x301, 0x0, 0x0, {0x5}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x40)
preadv2(r2, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/175, 0xaf}], 0x1, 0x8, 0x8, 0x5)
io_submit(0x0, 0x1, &(0x7f0000000440)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x2, 0x34d, r2, &(0x7f00000003c0)="c9340a59cd6a2c525f62e7c34bbad7a9101e", 0x12, 0x6, 0x0, 0x1, r1}])
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0186405, &(0x7f0000000500)={0xde, 0x0, {}, {<r3=>0xee01}, 0x10001, 0x9})
mount$fuse(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x822851, &(0x7f0000000540)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, 0xee01}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x28}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x400}}, {@default_permissions}], [{@audit}]}})
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000640)='./cgroup/syz1\x00', 0x1ff)
socket$nl_sock_diag(0x10, 0x3, 0x4)

4m26.21821034s ago: executing program 2 (id=3253):
socket$netlink(0x10, 0x3, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x10, 0x3, 0x10)
r0 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_ENUMSTD(r0, 0xc0405619, &(0x7f0000000140)={0x28000, 0x4, "4b92701c4f23fda994a6568f565caa068961b65f4101b158", {0x374, 0xa}, 0x80000000})
socket$alg(0x26, 0x5, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000080000000140012800a00010076786c616e0000000400028008000a00", @ANYRES64=r1], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)

4m24.629606127s ago: executing program 2 (id=3257):
socket$inet_mptcp(0x2, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}], 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r2, &(0x7f0000000300)=[{&(0x7f00000001c0)}], 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x1d, 0x6, 0x558, 0x0, 0x280, 0x368, 0x1b0, 0x0, 0x488, 0x488, 0x488, 0x488, 0x488, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {}, 0x203}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@eui64={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b8)
ioprio_set$uid(0x3, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2)
r4 = syz_open_procfs(0x0, 0x0)
preadv(r4, &(0x7f0000000580)=[{&(0x7f0000000100)=""/212, 0xd4}], 0x1, 0x1fe, 0x12)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x2c, 0x3e, 0x107, 0x70bd2d, 0x25dfdbfc, {0x4, 0x7c}, [@typed={0x4}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x15, 0x0, 0x0, @u32=0x7fffffff}]}]}, 0x2c}}, 0x0)

4m20.210121885s ago: executing program 2 (id=3271):
r0 = syz_open_dev$vim2m(&(0x7f0000000500), 0xb53d, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x9, 0x3, 0x1})
syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0xb00)
syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x800)
r1 = syz_io_uring_setup(0x1e20, &(0x7f0000000200)={0x0, 0x86f4, 0x10100}, &(0x7f00000005c0)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r4 = syz_io_uring_setup(0x1e20, &(0x7f0000000200)={0x0, 0x86f5, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000280)=<r5=>0x0, &(0x7f0000000580)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_CREATE_PIT2(r8, 0x4040ae77, &(0x7f0000000180)={0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0xfffffffffffffe1b}], 0x0, 0x4498bda7e2139f37, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r8, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x5, 0x10, 0x1, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5, 0x6}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0xffffff01, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0x2, 0x0, 0x4}]})
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x200004, 0x0, 0x2, 0x0, 0x1], 0x80a0000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_GET_PIT(r8, 0xc048ae65, &(0x7f0000000240))
io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4})

4m4.75795649s ago: executing program 32 (id=3271):
r0 = syz_open_dev$vim2m(&(0x7f0000000500), 0xb53d, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x9, 0x3, 0x1})
syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0xb00)
syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x800)
r1 = syz_io_uring_setup(0x1e20, &(0x7f0000000200)={0x0, 0x86f4, 0x10100}, &(0x7f00000005c0)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0)
r4 = syz_io_uring_setup(0x1e20, &(0x7f0000000200)={0x0, 0x86f5, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000280)=<r5=>0x0, &(0x7f0000000580)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
ioctl$KVM_CREATE_PIT2(r8, 0x4040ae77, &(0x7f0000000180)={0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0xfffffffffffffe1b}], 0x0, 0x4498bda7e2139f37, 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r8, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x5, 0x10, 0x1, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5, 0x6}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0xffffff01, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0x2, 0x0, 0x4}]})
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x200004, 0x0, 0x2, 0x0, 0x1], 0x80a0000})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_GET_PIT(r8, 0xc048ae65, &(0x7f0000000240))
io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x1f, 0x1, 0x4})

7.717527972s ago: executing program 4 (id=4202):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x38, r1, 0x5, 0x3, 0x0, {{0x12}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0x700, {0x4, 0x1, 0x9, 0x16c}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40040}, 0x24000000) (fail_nth: 2)

7.126186389s ago: executing program 4 (id=4203):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x10, &(0x7f0000000280)={0x20, 0x18}, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xbd)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'wg0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TRUST={0xc, 0x9, {0xd6eb, 0x7}}]}]}]}, 0x48}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$sock_int(r7, 0x1, 0x1d, &(0x7f00000003c0)=0x40008, 0x4)
setsockopt$SO_TIMESTAMP(r7, 0x1, 0x1d, &(0x7f0000000000)=0x6dcc0000, 0x4)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000540)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000480)={0xc0, r2, 0x800, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x1}}, @NL80211_ATTR_SCAN_FREQUENCIES={0x44, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x70}, {0x8, 0x0, 0x8}, {0x8, 0x0, 0x6}, {0x8, 0x0, 0x9}, {0x8, 0x0, 0xf833}, {0x8, 0x0, 0x38000}, {0x8, 0x0, 0x800}, {0x8, 0x0, 0x1}]}, @NL80211_ATTR_SCAN_SSIDS={0x1c, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ap_ssid}]}, @NL80211_ATTR_SCAN_SSIDS={0x3c, 0x2d, 0x0, 0x1, [{0x21, 0x0, @random="7a7641b4dd17c98d8559bbf3bd2c8fa26e80fea6dd7c4ef77a5b188ffd"}, {0x12, 0x0, @random="c9c19dbadc2f4481c2c0eb1b3a9c"}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x84}, 0x800)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', <r9=>0x0, 0x7800, 0x0, 0x1, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x3, 0xfffc, 0x0, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0xfa}, @multicast2}}}})
sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYRES32=r8, @ANYRESDEC=r9, @ANYBLOB="010029bd7000fbdbdf253400000008000300", @ANYRES32=r6, @ANYBLOB="14ff55000e65b5701032f9dfd23d64ded6daa7be14005500b7b5367de8ac38e3ffd3f5a200000001"], 0x44}, 0x1, 0x0, 0x0, 0x4000041}, 0x20004001)
r10 = syz_open_dev$dri(&(0x7f0000000080), 0xb414, 0x426980)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc00c64b5, &(0x7f00000001c0)={&(0x7f0000000180)=[<r11=>0x0, 0x0], 0x2})
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000200)={0x0, 0x0, <r12=>0x0})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000280)={0x0, 0x0, <r13=>0x0, 0x0, 0x0, 0x8, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETPLANE(r10, 0xc02064b6, &(0x7f0000000300)={r11, r12, r13, 0x0, 0x0, 0x1, &(0x7f00000002c0)=[0x0]})
syz_emit_ethernet(0x56, &(0x7f0000000600)={@broadcast, @random="c64e27ae2529", @void, {@canfd={0xd, {{0x1, 0x0, 0x1, 0x1}, 0xc, 0x0, 0x0, 0x0, "06ba8b1aabb3489a29de08ab415a7d5194e0d6633b63dc1800ec361a9bb85e6335596f67d162e145260989c3b3a374a6025910ce7d030984b3073067fd999ba2"}}}}, &(0x7f0000000140)={0x0, 0x4, [0x29d, 0x373, 0xcd8, 0x9af]})

4.858344756s ago: executing program 1 (id=4214):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_int(r1, &(0x7f0000000080), 0x12)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

4.589922014s ago: executing program 1 (id=4215):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

4.466807655s ago: executing program 1 (id=4216):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0485619, &(0x7f0000000040)={0x6, 0x1700, "778d8ce72aa8f35457c8617739b4948e07180be64604d3a5", {0x9, 0x8}, 0x2})
socket(0x200000000000011, 0x2, 0xd)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3)
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x30, r5, 0x1, 0xfffffffc, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x5, 0x2, 0x1000000}, @NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0xefffffff]}]}]}, 0x30}}, 0x4000004)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
openat2$dir(0xffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x2, 0xa0, 0x2}, 0x18)
write$UHID_INPUT(r6, &(0x7f0000001040)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d670a8b089b3f363563030890e0879b0af8c6e70a9b334a959b669a9b2f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d073b610acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669114e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813491ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eb4581f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab9640071550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c513a9177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f411254c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486229e5b2e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df7227dfdb0d2b9e935c5af3cf474bed79dfc24ab0f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78c8fa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000026347ee800", 0xffca}}, 0x1014)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="340000001000010800000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000042004000c002b8008000100", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x34}}, 0x0)

4.144111155s ago: executing program 4 (id=4219):
r0 = openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x121041, 0x0)
ioctl$SNDCTL_FM_4OP_ENABLE(r0, 0x4004510f, &(0x7f0000000240)=0xfffffffd)

3.746262085s ago: executing program 4 (id=4220):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000100)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x21}}, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000080)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000140)={0x5, 0x95, 0x7, 0x1, 0x9, 0x2b, 0x9, 0xfa, 0x6, 0x1, 0x5, 0x1, 0x3, 0x2}, 0xe)
r2 = dup(r1)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000002080)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000002240)={0x0, @in6={{0xa, 0x4e24, 0x5, @empty, 0xb055}}, 0x4, 0x1, 0xf06, 0x0, 0xac, 0x7d, 0x5}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x0, 0x1b}, 0x9c) (fail_nth: 2)

3.514074763s ago: executing program 5 (id=4222):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000780)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc/1/\x00\x82q\xef\xe5\xa0\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd2g\xb6\xe6'}, 0x30)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0xd9, 0x8, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x0, 0x0, 0x6, 0x0, 0xbdb], 0x6000, 0x120582})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r4 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000001100)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3", 0xa3}], 0x3}], 0x1, 0x20048800)
gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r7 = openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
faccessat2(r7, &(0x7f0000000000)='\x00', 0x2, 0x1000)
ioctl$int_in(r5, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r5, 0xa, 0x12)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000001c0)={'hsr0\x00', 0x1000})
poll(&(0x7f0000b2c000)=[{r6, 0x5063}], 0x1, 0xffffffffffbffff8)
dup2(r5, r6)

3.297439949s ago: executing program 4 (id=4223):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000340))
r3 = dup(r2)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r3})
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f00000017c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f00000003c0)={0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r5, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535ef976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fce30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac353b21fe733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc33be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52af50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472787621147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f138319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600"})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = getpgid(0x0)
fcntl$setownex(r0, 0xf, &(0x7f0000000000)={0x2, r7})
accept4$unix(r3, &(0x7f00000005c0), &(0x7f0000000100)=0x6e, 0x80000)
r8 = openat$sequencer(0xffffff9c, &(0x7f0000000640), 0x20300, 0x0)
fcntl$getownex(r8, 0x10, &(0x7f0000000680))

2.907645808s ago: executing program 4 (id=4226):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000000010000000000000000000000000000000c000200fffffffe00000009a118e834ba597683f2cdb1c0b0e0d388f4809fe2373531b5c04e0156a8d4a2c17fde45269cb3fa41253e417a4cd857a777e201efd899cf90961802a07f2c89d1c4feb0e67f21cef76851317bfa0be89fa5a3c841be83d3797f4b8c9c1f998e0e04facc35a12b5b879fe7b9d6c59ad9e5219a22fff4c750bdcaa1b0c8d8fb632dd0a8e5be9d33cb199c"], 0x20}}, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000040)={0x1, 'gretap0\x00', {}, 0x1})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/mdstat\x00', 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r3, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000040), 0xff7a}], 0x1}}], 0x8000000000000df, 0x40080c1)
shutdown(r3, 0x1)
syz_usb_connect(0x0, 0x63, &(0x7f0000000000)=ANY=[@ANYBLOB="120100005e05b14021040203e8450000000109025100010000000009040900000202ff00052406000105240000000d24b8fe3f9ea3a0e8ca0800ff06241a05002a052401010305240600010524"], 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket(0x10, 0x803, 0x40000008)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_inet_tcp_SIOCOUTQ(r4, 0x5411, 0x0)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r7)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r7, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003640)={&(0x7f0000000100)={0x30, r8, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000004)
stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140))
openat$fuse(0xffffff9c, &(0x7f0000000280), 0x2, 0x0)
syz_io_uring_setup(0x7b1, &(0x7f0000000200)={0x0, 0x200086f7, 0x80, 0x0, 0x3b6, 0x0, r2}, &(0x7f0000002000), &(0x7f0000000000))
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)

2.807798385s ago: executing program 3 (id=4227):
r0 = socket(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
listen(r0, 0x7f)
syz_emit_ethernet(0x36, &(0x7f0000000240)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r1, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000340)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000001100)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\f\n5', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, 0x0)

2.615783419s ago: executing program 1 (id=4228):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=@newtaction={0x48, 0x30, 0x1, 0xf0bd28, 0x25dfdbfb, {}, [{0x34, 0x1, [@m_gact={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000c800}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000001dc76dcd00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r1, @ANYRES8=r2, @ANYRESDEC], 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x0, 0x2})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000f40)=ANY=[@ANYBLOB="7a0af8ff75250000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000002000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651064d08dde084e0c7ffddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e13b2f9614d547244a22000000000000db453620ce72d75946c0b638d91dbef661935839c77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef4a96279856076ff7ac9ba09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be22dda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed5441218c54d0b3e9f298392b3276fabe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314d7bb31ad9713d249499ed0d8a24abd57e052888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f000000eaffffffffffffff0000000000c9b46ff99a039eda74f74fe532dcfcd2c315b626fd768dbdf00fd532575767a7bca3968f50c20cfcaf91ab14b77f87e476bcf45fff904531adea62a517702743bf3492c8952c8e1fc37674de47d5881750516404c647fe02085b1a9603227411b17b6c7bc84fdfa0cfce589550df8faeeae5ca5024b374da260be559a741d22370373392ed74a7d1aff96a5b59775237f50c6bd8e0c4a7666be5962cd0931845e659a03a48fe85d370d9b6b755a2f66989da880c899d4d1c6757be6baffdce49b8c81f43d933549289dd475e39f399f6822a111ed8142b5dd2c01a15c949d86bd93b580800"/798], &(0x7f0000000100)='GPL\x00'}, 0x48)

2.247307744s ago: executing program 3 (id=4229):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r0, 0x3)
syz_emit_ethernet(0x4a, &(0x7f0000000340)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000001100)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\f\n5', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}}, 0x0) (fail_nth: 2)

2.246357621s ago: executing program 5 (id=4230):
r0 = openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x121041, 0x0)
ioctl$SNDCTL_FM_4OP_ENABLE(r0, 0x4004510f, &(0x7f0000000240)=0xfffffffd)

2.123325301s ago: executing program 5 (id=4232):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@CTA_HELP={0x10, 0x5, 0x0, 0x1, {0x9, 0x1, 'snmp\x00'}}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x1}, @CTA_LABELS_MASK={0x8, 0x17, [0x0]}]}, 0x70}, 0x1, 0x0, 0x0, 0xc014}, 0x20000800)
socket(0x22, 0x2, 0x80)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="a80000000001010400000000141a00000200000044000f80080002400000000408000140000000050800024000000006080003400000000e08000140000000000800034000000026510001400000000308000340000000040800074000000001240001801400018008000100e000000108000200e00000010c0002800500b68d500000002400028014000180080001000000000008000200ac1e00010c0002800500010000000000"], 0xa8}}, 0x0)

1.726255855s ago: executing program 5 (id=4234):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x48, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x1, 0x28}, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_OTHER_BSS={0x4}]}]]}, 0x48}}, 0x0)
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
unshare(0x8040480)
r4 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='\x00', 0x89901)
openat$dir(0xffffff9c, &(0x7f0000000040)='./file0\x00', 0x8400, 0x113)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000300)={r4, 0xffffffffffffffff, 0x1d, 0x0, @void}, 0x10)
setsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000080)=0x6, 0x4)
socketpair$tipc(0x1e, 0x7, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
sendfile(r4, r5, 0x0, 0x2)
ioctl$VIDIOC_S_CROP(r3, 0x4014563c, &(0x7f000001f9c0)={0xa, {0x8000, 0x200, 0x0, 0x7}})
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f00000000c0)={0x2, 0x0, 0x6, {0x9, 0x0, 0xffffffff, 0xf46}})

1.585802142s ago: executing program 0 (id=4235):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x38011, r0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
clock_settime(0x0, &(0x7f0000009ac0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2)

1.422364042s ago: executing program 5 (id=4236):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x38011, r0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
clock_settime(0x0, &(0x7f0000009ac0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) (fail_nth: 2)

1.082561066s ago: executing program 0 (id=4237):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x20)
ioctl$HIDIOCGRAWNAME(r0, 0x80404804, &(0x7f0000000000))

1.025258693s ago: executing program 0 (id=4238):
r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x59455247, 0x780, 0x438, 0x0, @discrete={0x7fff, 0xfff}})

953.338319ms ago: executing program 3 (id=4239):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310301000000000000000900000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x20000095}, 0x200480c4) (fail_nth: 2)

952.858823ms ago: executing program 0 (id=4240):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$getregset(0x4212, r0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28})

896.760999ms ago: executing program 0 (id=4241):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000780)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc/1/\x00\x82q\xef\xe5\xa0\xb9\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd2g\xb6\xe6'}, 0x30)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0xd9, 0x8, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x0, 0x0, 0x6, 0x0, 0xbdb], 0x6000, 0x120582})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x300f})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r4 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000001100)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3", 0xa3}], 0x3}], 0x1, 0x20048800)
gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r7 = openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
faccessat2(r7, &(0x7f0000000000)='\x00', 0x2, 0x1000)
ioctl$int_in(r5, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(r5, 0xa, 0x12)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000001c0)={'hsr0\x00', 0x1000})
poll(&(0x7f0000b2c000)=[{r6, 0x5063}], 0x1, 0xffffffffffbffff8)
dup2(r5, r6)

552.974569ms ago: executing program 5 (id=4242):
syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0xffffffff, 0x1, 0x0, 0x179}, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc283, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x4, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x0, 0x5}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000100)=ANY=[], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}, 0x1, 0x0, 0x0, 0x4044}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000000306010200000000000000002d000001050001000700"], 0x1c}, 0x1, 0x0, 0x0, 0x4004810}, 0x840)
r1 = socket$inet6(0xa, 0x3, 0x1)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r2, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x1, 0x0, 0x5}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r3, 0x6, 0x1f, 0x0, &(0x7f00000001c0))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0))
openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
syz_usb_connect$uac1(0x1, 0xc7, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xb5, 0x3, 0x1, 0x0, 0xc0, 0x67, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x1}, [@output_terminal={0x9, 0x24, 0x3, 0x6, 0x303, 0x2, 0x2, 0x9}, @output_terminal={0x9, 0x24, 0x3, 0x5, 0x101, 0x3, 0x6, 0x7}, @feature_unit={0x9, 0x24, 0x6, 0x4, 0x5, 0x1, [0xa], 0x4}, @output_terminal={0x9, 0x24, 0x3, 0x3, 0x100, 0x5, 0x3, 0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x8, 0x3, 0x5, 0x54, "2e1dfee712965c"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x70, 0x1, 0x0, {0x7, 0x25, 0x1, 0x2, 0x5, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x9, 0xc, 0x1, '&\x00-'}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x98, 0x4, 0x4, 0x2, "fd00", "b72d0e"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xd6, 0x4, 0xa, 0x5, "", "8b35"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0xc, 0x9, 0x1, {0x7, 0x25, 0x1, 0x1, 0x19, 0x4}}}}}}}]}}, &(0x7f0000000840)={0xa, &(0x7f0000000580)={0xa, 0x6, 0x250, 0x1a, 0x6c, 0xf, 0x40, 0x4}, 0x38, &(0x7f00000005c0)={0x5, 0xf, 0x38, 0x3, [@wireless={0xb, 0x10, 0x1, 0xc, 0x33, 0x9, 0xa6, 0x3ff, 0x1}, @ssp_cap={0x14, 0x10, 0xa, 0x3, 0x2, 0x6a, 0xf00f, 0x7fff, [0xff0000, 0x3f00]}, @ss_container_id={0x14, 0x10, 0x4, 0xa, "6ba4549990091ea2953b0043b78bf7fb"}]}, 0x6, [{0x72, &(0x7f0000000600)=@string={0x72, 0x3, "5a6831e8599811462b9c712f73363b39f058873615166d1bf48cc9e83431c02395d852cd9a6157045048a38518a1cc8115a2e698ffc03579a77447489660ff08964a4336afb78883a028b6fa653e80acbadb0a161da42e7daa84397e7717b47ee32f5759504871db32124957f0ff46ef"}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x415}}, {0x65, &(0x7f00000006c0)=@string={0x65, 0x3, "2c1a8ee69b6d1c197d7e83ccdc769241dd1694908fd08104d97e5e2a89b00bf3752f27971f6632ccb3aedd29d268b647a6dc1413819f7ac0c27a5691d2757fd814fce1411d332d531fac735779dd5139e57ea75c88992448711424bc0ea2b967ba3931"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x140a}}, {0x7c, &(0x7f0000000780)=@string={0x7c, 0x3, "9284564c648abf8f83dfa8797e922d1efe5720554a99718af03b09039ab5fcd88e5f34c93216433288862fd06c2f6d5a4f95d67ea7502fb26deea7e0bed11ca9cc26ab4d5bbf4683b7484e9c122f8232cea3d8efe2d3c3e094416c90dc23d9d0029e44d648340ebb62cec2ad3072d0a9a0569b0bf68bb353e62c"}}, {0x4, &(0x7f0000000800)=@lang_id={0x4, 0x3, 0x440a}}]})
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r4)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08001400fc000000080011000700000008000e00800000000800", @ANYRES64=r4], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

483.790225ms ago: executing program 1 (id=4243):
r0 = socket(0x21, 0x80000, 0x7c)
sendmmsg$inet(r0, &(0x7f0000001bc0)=[{{&(0x7f0000000080)={0x2, 0x4, @private=0xa0100fd}, 0x10, &(0x7f00000005c0)=[{&(0x7f00000000c0)='~', 0x1}, {&(0x7f00000004c0)="836842d203007e8f1ea1be7a1f62", 0xe}, {&(0x7f0000000500)="113679d312c5f7a3b6b9c27b8d361a06a42312396bc1546487ed90c3d22e75962cf86edbacb9856d5183322a73f420c52254d6db71087558a3ec34a967cbb9e97024717adf2fd0fb7f1e86851521", 0x4e}, {&(0x7f0000002ec0)="21df56bebd8f424e8b52787714de329d880950e81c68dbe94cd0914dcd3e4931a878db1e9b612bc6b31ace67b5e944de42ece4a22bfa123004a7e58f52fdc2047ba331ca3fb4a47cfa1975a834349909d1b6af2eafcc212d3a7b05037b14eb0bedc04bbd60990bdf68dcfce6e0071ee1050beeeb0912f786130b9465e0f555557ff2fbb9458f5052240882693561c1f7bccc4262d18a09fcab5c02566b43aa578b52b52e73947c2dae3acafcc682cb5f50509d857b85b02c7576a9a6f133e3848f6c1b34659dae589b10bfd43066c5dc3603cce30ba937b5455af835cabf2a3b2655b1bf92fbfc4008d2b202607255263fa277b5a040cae6bb044a74a759467c5a3e7bd65aeced92b4a12c37eb8943037ce6ea2116d1a2af8cfeddde694fa19ef79f76c438d6665c5ad31b9b32366b75903b9e8994829a07fab96f513149c227d0ead56485baeb6afc3b26c15b167746314b651dfd8fb9c8120a808386400759d7882543ff22efdf7ecde836c7bfd80c0437c21dd5c4366d139f63a64f79679c91ceee049f488759524ac813df4ce76348b6be2eb0c83f34ad411c4a938a586334daaac49685e3b452ce405384c5f6e09f6b0b532e126d199802e341944d980c9099473c44eae582cb53d3d8897c13163715590a921ba3971aa03732756c33e288c239046267147263ef37f32761964b4974abd5d32afacca8da069010e3da97f843f3d9d3f1cdef993667ba36f56b7df52e5040cdfda2a7552f2f6251f22d6716b651ac767a588f3f50d10c54007c990dd34c2f4aa627e98f84460fbcf759bf4c6bada7ffec25863ca4203a0b1bb9e7994bca043480390af082504768c9b79825880923ac3fdd451a8a819562b8de8f63277041acda0c3baf0f1bb67511f18085e0555e7f008bea88e107198f9357a98876711affb2798c0138da1b10a25062077981fee255443a4d23ea517f2d942a1ae4085991b8b31d2f58d2bc6770d1e3a0eb296bed39f2d5f695e8c448b22f9d177f85504f3c70f88d5fb9b3ceded1930832cf9e9ae26dc79f9c096c933763f0afcb240b8e6b64c0ce6646a237d2b8219dfea31f6a5058a80772d6cd13db432ae896c96f5f831d426543dc58ee1979fbe91163b6de7c553eb714045fc916ce646ae2995d55ae309eea38869ccb7f3ba2eebf92de2a46e730bc4187a681111e9862c4214de8cad3e18b8718c89452971425142124f02213eeac1cb93cd1accd347e10a920f44fee6a44f869ebe40357d62fd9eca9171336660ecbab4dede08781bb2369eae01a0885a4f733386352ba28945edaf6d4eb1c75c727f9353188e982ad6c977e8d9c1e5744cda7709287876cb24028077c809831eb188e9a7b3f7cd51b6209fe3023a70575593b383db04ec16c06832599d696c343557298ffb5411949c7608066da161b08bbe79df6ec9b98ca598fbb90711fb78f0fb9ca682db2588ca852d132d76af0aaeab46a1bace8d4c430d20d594405e996381c66d4012fb011421cf5d181136fdfee4779cbfcf95726a3e6fcc56a20938d222caefd61ca84179a94660924138f0ac3d2978a5ba916dc559df43fb5b96d17f2424ebd00cf8c427654ef2193c9681ddb7f0a2eff13e4ead0bd1f9b4cde2eba1505beeb619c65a97c0937503ffdc6eb55da674546a0d4ed69cb69d606a04529c4323e531d3953745f630f770ef50cf8186f62ffe9210f0ab78f44be6be238e2c56309297017ea942382d4e188bc484106cf04ab6dc001b571c188febb0d2fe77c73cbcc955ad737dd2083d7126397fb1d71833b50174893cbc543d5ab14633ef20d67ca8b16b57cd2b32074448f4f0f61cb203a3a105344b5143f0b24ad608693aefd1d4a4a00534a81214aca3c93484febea44a69538e3e1e1b6d73f48b30ce85adab02feda8224bae75672a2aeef9d3c46380b6836882bbb9feb661cd1a02e190e573cd8691ada5c4fc775df81eb0f44b306836fbb99da52c336c77d2817d213a4820fd637dc6842d13cdcbeac96741b2d13d27048b243c5b337e3770b90773fb5c7963df02980fb6b333aae72ccc428dc790eb315e67968354318bfca229b155410ecd1d9f20b3d88393add526314bb1480c804646c481cc99e818efcb13ec53bde433ef7b251f5ba1a20641b1271bb5d61e86beee3612d4f56ef3882bbff452a20c25d3c5b52a4953e0f3025831e5639fee51f7c9f5a4da30a10c757a689efb4760b60f2bb64db34462b32a22bac1cbecad6b0bb606d76f1af8e08d80e9bbe8eba086bfdf0044614790ee5a516ef48551c74bc7b702b2063fe787e1b9feb39d2d91330f0f10d48decd620527705b64bab915ba24bc180b31e417d468e57cc5a203298e70dfbb99bfeb47fe7b170c49b06451a548921ad81f37ded5f77eb94efb03308ab1b25b9a2645891c77a7cda0a86b8227abb583503f669ed17ff1f0f904ac7607774d5bc85a5e7fbf41a7da9bc834021b10870ddd373cf72db903b37099ca9a9e5f0c3cdb81dd9e5dedb20ee5499038507dce5f08931a8434b6b76595909f357da324e99214c04640080442f56528c2d34dd7d456f08bec22ce41d95ee8c10063c8bec7779bbb95e54b68137a2a7b420b7c59c77d6b20070e2119f2d8d978107434394275a472d5c77889d5a3f233cb7cf53aac68837f3a45298447c5b50ddde01448ab6d37b8476d7f11acad4d767a18654c5241498118381d80bb4b368f6db5bf59542a2fde97d108edd42b79ec6c7d0caeedc70723dfd32f39acb9f4c3632c277d4d022e81da7dc594ab0f77066b6702ed7dfb859c625acc95b0dbf7e533fb427611d327b53610cc7f36a3ff881c219151a01f0f11cba7d713cb8f1dd80a49e788d9ef0a13fba3c43d1ed0847c4ad340a2c1e013654499ee64e1c4acdfce388a0eb9ca4bcdc907018ad0321eaf425b642c8d2ed53d701062a329970641faacc559155c802b593e85e30ceddfb0c574c000cb91161d4a82a67a3d5f487daa49cdde4f81979b94221092c5504ab1e3ff67956691dc83bb587377deffd4b490f7d847ef419682bf6fc847ea71b4aa1d4a7f7e864e67487f9f03f901611348e77cd3da17969764b3ba63b9ad7a060d4029262cd055d9bdd76fdfa4ac52e582586a6d00f50240060984fa1e8201d6697feeac529db100970fe60db0ce8de88a376c5810364cb8e7a189db17fa7b851d9f58a75a8143c73f899f063944d8a729068cf15cfb5ffa571046bed35d7bf37f7d42ec0250e916d8f9e3127d7c09d3b4f70c95ac3cf825ac81bc41bc059a203ef769fe0d6ef920daaf38f8f273e4de84a6c9a8bff4e77d44fcb1b83d3ee1cb186d0b33d3265c99875912324953a6b86a5f24710cec5d6eb46b2844b55f76ef80de28181cd6d2ac1bc04ae9763865ef803f971441278b5222c3b36cb66d44289787eecfbc9edfcd82b58db1a196c332b50dd60946f61209fd3dcb0727733bdc654463c6ab4772b69e62e4d4569286f21681845268a274c8af755ff9b548ae96a0ff4d95196978718a4b330931d4370fa459942757bfc56948047f07ba5e0c0452a2aca8aa517fddc11fbf1a9653310af2d35eb20b84b1125f10928cda64cec513a6133bef23f283da2a4f805b9d424f569ba4b039148f7ae156cf87cd8cf3004f1c09ea0397b28488074e5202980d7f642a49e00fd086ae56fb6bb83f96737ceab6481b58def40948ecc3d583cc5cb9c55254840db23060852b1d4f5129e813034dafc742ed0fb2b35e599d367a0c56adc95826c1d712a06512d1d5b9b8571531eba3c3a16ffcb8d2333666964d639613345d37e5092f0b16b14b60be9f66840829dde6d4d81c2f448fd4453476cbb976af1232162cdf0e4ac0838799a6ed38e605e929b8fa8f088407f8c7d8b51d5327a8d795845b000b30ea037ae3b398e12cfec902bd96271de8e70868091b7154fbdf8676c030e8e4918b7368c800594e5b1bf98b82516e6ef9bef047393d4a411d7e132430e163f89d5f245e026d63bbbf4547f75dfa15267ad76470465b658d47bb741a2040409a3611e2665c7e2d1b1eccd1947153a7c637e601a50d084dac8377b79506a8d94b198faba7230fbfcc27184e56e4f6c9195a784d8acb5b0dad1a0fd34c043b12ac446f900592c0aa3b5e17b76595caf7fd4f9e1bc449ae96dbcbfb8463b898ed41a583fb739578188bf32e68206e31a2b65438f394c46557c0e32caadad32236c08a7cc48994bb564c87aec72f18f8c8fade95aa09c00f966d787d2a2a51445ca1dc4774af351cddb4eb06788424542882b0be9bb501b6e64def02f81008cfa0145ba3ee3fdb44e7e6a95f9621be42f78757765fd9fb4ef27fcfef6e623e072a0de459b8a58fd7d3fb406b132c8da962ee33c0685632496d1805536c9fb723536d2ae9ef1ede525fc83fe4642e7b901e11b9e53c78c98d891ffe7d7edd292275f6e6da72ec09cbdd614296b396b9093ca37559000734754f1667dbd8776b6461aa6029f01b17ce6b5cc923e9e6e3b6cf9aa392c1929d90401e6597f7c7361c695ef8bb564b6acd1b81820416dd32bc92263e79697f3ff231ddde47a275e29ea227e1617844bebc885b1e82f3edb7d2e4ea1ed40a0b03a1020415dfd599063b992e1da06b63b21714c8591c30db9a4dfd2ed502ae0afc98a2e0f9484e5d9d536f3f440c2f5a44684aee77ccf9dce814fef4a42fe922a696fe6e95bb91bc5e9d414247db0df980d887d885a909276cbd0fae15dd11815aad2b0ba427f097879db493d8473b5c09cb2a9a06de661a35de414c443351f82a4fa75b97b65b346f6484af9d3d4df48922dbe42be809012e87816fb5d711ac19541cfaef55cae4782cf1ca02a9b70264a830fe5bbfc33661808aec81d49a46667d4ba3183d4e1a273450f5bc85f91e10babb5edb372c691aede2a144fa505353b869aef949992d860c07bbb5da208c7effbe68f61cae876cabb80ca02efc43afcc59a25ae1df0828ca8f2959bee9accbadec501bcd356b540e28e8cc3974b50248f2e0c3dd8ff964779fa2b2c08633830514a60f5178ac9f3009b3683790e3bf9c392e1b2297cd0f2ee5796178a98dedfce3760d5ceaaaa527982fd7e1e4cdf92745f055bfd35a6bb95eebe58a7c56ae286216121cac24fba0107542740c4d12f019199d0eee6ee9d5e29cf032633d3d122640ab3de8197756ebdc25ed1749337b929bc39a5a3708489565b96e8ca173ed5f5d55f282488deb1b359a6affe95bd1b04651c84f8a59c4fda5d660e37898c6358b877c6bb9aa45461adae8fec2ab99daa9dc5a14558b80d4c97bb7d65a2f3119bc45bcd05226b2bf7d14b5e15501be062634ce9419fbde562826a04a14020b1912c644c8b2cee86522bc2b41874d0bcc41e803947b87cd5d11941274df822dda74e4dabab2a606adde2c1c3fb635c4e2f2edb1d75b3b3167eb24e08c4f9047e747b11f005fafe419045d7b73bd2eeff0f955d2e5e0d63e55a5d04355a6e51def9f1c968b7da868e833fe838578ef41195b6e507a39785aef547161ce40a55dee80d686dbd683d8da86cce96509d42b80bc0c4cea46b6c8a933b723d6a821bb542844ccb1b6f417f6ab42daffd74eaef8f375469a09e6427ee38cc5b709a4766bc714b7e28558ab1141d928591db84011cd31e2a0cb1e3ef4d35828ed77f5877df691d56b32dd1cf08aa08d63efbe3c2bf9020091587f288cb216dbc8460d42bc61e607f4f59a76cad7fcc0e6b0815dbe2150045efff71fde21b8b5496241f86aa789147caf5", 0x1000}, {&(0x7f0000000740)="21be475d897ebdcc3be8df840ceadc263b84ca8beb5f42dd91f8c3943f6f33e181a21343c1bf9ea32399017292a2f1d72b347183f6b1b401cc68b3e39ff0f2711df450857efd7fea37c9c8ffff5481b9b0474c7087e03f728acd6fd0979821e579c02558decee8c09a37e53eb0579523bff76675306c7919e08e6e78f6e4ee881259bf1dfcf77bbb9d828272d705303dc25cf219e0fa0c50b00216b95a9f6b7c1578912da09bd8008d60326dc6b4b3801843c65963fee90cd0b2a0c28220a0b2ac06f7210f398134180ec1c738b7282b9f92d2ee7dd0d9971fb84592f338a6e172d16b51427cd890e3", 0xe9}, {&(0x7f0000000580)="eca982c9148e0398f86c6d935adbbce09453d3ab91aa787f50c1c9246f19d7a08303e33ea5", 0x25}, {&(0x7f0000000840)="509a1a812709ed01f037e2ad72999a1ba6cbc1a62a7a39635225d1b54b864353637250cb076f252d6119f41d99e04ce554b275d28105b06b5f74c20cb3454248a85ca5cd38e375f3606a31637b7443afccd6106d4da8432383ae17d43481851f5c5c4364d18b3ddf3cf1e7dbfb77323963307c0f760eed7cdcdb3e4c8c47b32e6edaf16c8406395cf965886f26fab3810ef28fc235b7a6ae3f0994b293325d9b837e84e668fb1d9aab535d1f4eae94639b1b0aa9d09e560b2e0cb4db24e9717a3dc57b0680e4293008b721dc594e9047d86c5f11ec8959e3f61a26deaece420699a83949dc61cbaeaf", 0xe9}], 0x7}}, {{&(0x7f00000022c0)={0x2, 0x20, @private=0xa010101}, 0x10, &(0x7f0000000600)=[{&(0x7f0000002300)="ef", 0x1}], 0x1}}, {{&(0x7f0000000680)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000000ac0)=[{&(0x7f0000000700)="b5", 0x1}], 0x1}}], 0x3, 0x1005)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f0000000080)=0x3, 0x4)
r2 = openat$sequencer(0xffffff9c, &(0x7f0000000000), 0x121041, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x1)
ioctl$UI_DEV_CREATE(r3, 0x4008556c)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000480)={{0x1, 0x1, 0x18, <r4=>r3, {0x0, 0xee01}}, './file0\x00'})
ioctl$TUNSETLINK(r4, 0x400454cd, 0x308)
ioctl$SNDCTL_FM_4OP_ENABLE(r2, 0x4004510f, &(0x7f0000000240)=0xfffffffd)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x3, [0x0, 0x0, 0x0]}, &(0x7f00000001c0)=0x10)
syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @mcast2, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0)
syz_open_dev$vbi(&(0x7f0000000f40), 0x3, 0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', <r6=>0x0})
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x410400, 0x45)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x2}, {0xe, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0x2a382)
r9 = memfd_create(&(0x7f0000000180)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6*t\xc8\xf4>q%\xa4\x81\xe2\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\x1cf\xf0\xf2xW?\x8e\xd9\x06\xc7\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1\xf2Y<\xe2\x84g-V\x97\xc6^\xbbg}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9\x00\x00QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\x87\x9d\x1f\x1bA\xa5\x87\x11\x86_\x81\xda\xac\xc8\xdbT8\x04\x16a\xed\xce\xe8\xcc\xed\b^\xb4\x18\xe9$\xbb.\xef\x96\x06G\xf1(E\xdbd\x96\xfb\nC\xeb\b><+l\xfdG\x8e\t\x96rT|\xe3\x13\x19\xe3%g\xa7n\xa93\xf5>\x81R\xe7`\x83N\xf4\xa7\xc8:\x8eY\x0e@\x1b\x17Y>b\x85\xd3\x12I\xbf\xac\x9eM\x884Z\xaf\xf3\'\x8aj\"\xd1~k\x7f%\x96\xf95&\x84A%\x97\xb8\x18\xa7\x88\xe3w', 0x1)
pwritev(r9, &(0x7f0000000600)=[{&(0x7f00000000c0)="10", 0x1}], 0x1, 0xc00, 0x0)
ioctl$LOOP_CHANGE_FD(r8, 0x4c00, r9)
ioctl$LOOP_SET_STATUS(r8, 0x4c02, &(0x7f0000000000)={0x0, {}, 0x0, {}, 0x0, 0x0, 0x25, 0xd, "eeddb7c25540993ad642248c7b0157ce0dc9b4e500476312cd6cb416f686ce0058265f66cdddf2e9ce8bb87ae03e87a61fb648d5c6a3e9977956be87176a30a9", "a863a5170a11d26a730cb3d1e9fb18cb0e58986d58e881bbe5e4230de84eea7a", [0x3, 0x800]})

463.399768ms ago: executing program 3 (id=4244):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x80001)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc25c4111, &(0x7f0000000080)={0x0, [[0x7, 0xe, 0x81, 0x1, 0x400, 0xffffffff, 0x7045, 0x2], [0x200, 0x6, 0x19, 0x5d, 0x80000000, 0x6, 0x7abd, 0x4], [0x9, 0x9, 0x5, 0xfffffff7, 0x1, 0x7, 0x0, 0xc]], '\x00', [{0x1, 0xa, 0x0, 0x1, 0x0, 0x1}, {0xffff, 0x5, 0x0, 0x1, 0x1}, {0x8, 0x4, 0x0, 0x1, 0x0, 0x1}, {0x2, 0xd432, 0x0, 0x1}, {0x9, 0x7ff, 0x1, 0x1, 0x1}, {0x7, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x103, 0x3, 0x1}, {0x80000000, 0x3, 0x1, 0x1, 0x1}, {0x4, 0x9, 0x0, 0x0, 0x1}, {0x3, 0xa5c, 0x1, 0x0, 0x1}, {0x2, 0x9, 0x0, 0x0, 0x1, 0x1}, {0x800, 0x9000, 0x0, 0x1}], '\x00', 0x7})
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc25c4111, &(0x7f00000002c0)={0x81, [[0x1, 0xffff, 0x7, 0x9, 0xf8e8, 0x4, 0x9, 0x9], [0x4, 0x2, 0x3, 0x6, 0x3, 0x6, 0x8001, 0x5], [0xf3, 0x1, 0x7, 0x55, 0xb1, 0x5, 0xfffffff2, 0x6]], '\x00', [{0xa, 0xd, 0x0, 0x1, 0x1}, {0x83, 0xffffffff, 0x1, 0x1, 0x0, 0x1}, {0x0, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x8001, 0xffffffbf, 0x0, 0x0, 0x0, 0x1}, {0x9, 0xca, 0x0, 0x0, 0x0, 0x1}, {0x7, 0x2, 0x0, 0x1, 0x1, 0x1}, {0x5, 0x8000, 0x1, 0x1, 0x1}, {0x5, 0x0, 0x1, 0x0, 0x1}, {0x7f, 0x8, 0x0, 0x1, 0x0, 0x1}, {0x0, 0xc, 0x0, 0x1, 0x0, 0x1}, {0x5, 0x7, 0x1, 0x1, 0x1, 0x1}, {0x7, 0x80, 0x1}], '\x00', 0x6})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000018c0)=@newlink={0x50, 0x10, 0x403, 0x40000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adf9a5}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}, @IFLA_MTU={0x8, 0x4, 0xffe1}]}, 0x50}}, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x80001) (async)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc25c4111, &(0x7f0000000080)={0x0, [[0x7, 0xe, 0x81, 0x1, 0x400, 0xffffffff, 0x7045, 0x2], [0x200, 0x6, 0x19, 0x5d, 0x80000000, 0x6, 0x7abd, 0x4], [0x9, 0x9, 0x5, 0xfffffff7, 0x1, 0x7, 0x0, 0xc]], '\x00', [{0x1, 0xa, 0x0, 0x1, 0x0, 0x1}, {0xffff, 0x5, 0x0, 0x1, 0x1}, {0x8, 0x4, 0x0, 0x1, 0x0, 0x1}, {0x2, 0xd432, 0x0, 0x1}, {0x9, 0x7ff, 0x1, 0x1, 0x1}, {0x7, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x103, 0x3, 0x1}, {0x80000000, 0x3, 0x1, 0x1, 0x1}, {0x4, 0x9, 0x0, 0x0, 0x1}, {0x3, 0xa5c, 0x1, 0x0, 0x1}, {0x2, 0x9, 0x0, 0x0, 0x1, 0x1}, {0x800, 0x9000, 0x0, 0x1}], '\x00', 0x7}) (async)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc25c4111, &(0x7f00000002c0)={0x81, [[0x1, 0xffff, 0x7, 0x9, 0xf8e8, 0x4, 0x9, 0x9], [0x4, 0x2, 0x3, 0x6, 0x3, 0x6, 0x8001, 0x5], [0xf3, 0x1, 0x7, 0x55, 0xb1, 0x5, 0xfffffff2, 0x6]], '\x00', [{0xa, 0xd, 0x0, 0x1, 0x1}, {0x83, 0xffffffff, 0x1, 0x1, 0x0, 0x1}, {0x0, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x8001, 0xffffffbf, 0x0, 0x0, 0x0, 0x1}, {0x9, 0xca, 0x0, 0x0, 0x0, 0x1}, {0x7, 0x2, 0x0, 0x1, 0x1, 0x1}, {0x5, 0x8000, 0x1, 0x1, 0x1}, {0x5, 0x0, 0x1, 0x0, 0x1}, {0x7f, 0x8, 0x0, 0x1, 0x0, 0x1}, {0x0, 0xc, 0x0, 0x1, 0x0, 0x1}, {0x5, 0x7, 0x1, 0x1, 0x1, 0x1}, {0x7, 0x80, 0x1}], '\x00', 0x6}) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000018c0)=@newlink={0x50, 0x10, 0x403, 0x40000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adf9a5}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}, @IFLA_MTU={0x8, 0x4, 0xffe1}]}, 0x50}}, 0x0) (async)

358.687323ms ago: executing program 3 (id=4245):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310301000000000000000900000008000300", @ANYRES32=r2], 0x24}, 0x1, 0x0, 0x0, 0x20000095}, 0x200480c4)
getsockopt$IP_SET_OP_GET_BYNAME(r0, 0x1, 0x53, &(0x7f0000000040)={0x6, 0x7, 'syz2\x00'}, &(0x7f0000000100)=0x28)

238.37156ms ago: executing program 3 (id=4246):
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e06006220"], 0x9)
symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000080)=ANY=[])
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

95.617709ms ago: executing program 1 (id=4247):
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0xa, 0x5, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
shutdown(r0, 0x1)
socket(0x10, 0x3, 0x5000000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x822042, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x9d44, 0x7, 0xfffffffffffffffe, 0x1, 0x400}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)=@dellink={0x34, 0x11, 0x1, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x442, 0x1080}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x64000850)
syz_usb_connect(0x6, 0xfffffffffffffc98, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000008c0)=[{{&(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000040)}, {&(0x7f0000000140)="4370bad3b9f08204ce5b5ab67481e036d255f65b3e77cdb979779a0d78c67828", 0x20}], 0x2}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000380)}, {0x0}, {&(0x7f0000000540)="aeb549e84a12617b9f13e93c4f669343f597f11024d061a104aee0e4b8704453d7ea21720466ec54d642e79d5909d6a0f7b83430a12a3146eabb1f63139c90d4495ddcf44d1059f179c980efd850ba32aab8ad3aea49e52c8f6905192438c4ca7eb13314cd632af768f6", 0x6a}, {0x0}, {&(0x7f00000006c0)="8982e58c8e9063dbfe347ae26baa91ba6fed9305b165e33ebe1fa8aef8985ee950af5080b65629939aebaca01f49559d781675ca6c8350bda7a291d3b6a5fa", 0x3f}], 0x5, &(0x7f0000000300)}}], 0x2, 0x4000000)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x50, 0x0, &(0x7f0000000340))
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
mq_notify(r5, &(0x7f0000000000)={0x110c23c000, 0x3, 0x2, @thr={0x0, 0x0}})

0s ago: executing program 0 (id=4248):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_kcm_SIOCKCMUNATTACH(r1, 0x8901, &(0x7f0000000040))
sendmsg$inet(r0, &(0x7f0000002740)={0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f0000000080)="90", 0x1}], 0x1}, 0x24004011)

kernel console output (not intermixed with test programs):

T7308] usbhid 5-1:0.0: can't add hid device: -71
[ 1222.195641][ T7308] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1222.215640][ T7308] usb 5-1: USB disconnect, device number 7
[ 1222.341600][ T7311] playstation 0003:054C:0DF2.0026: hidraw0: USB HID v0.09 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[ 1222.525564][ T7311] playstation 0003:054C:0DF2.0026: Invalid byte count transferred, expected 20 got 1
[ 1222.543425][ T7311] playstation 0003:054C:0DF2.0026: Failed to retrieve DualSense pairing info: -22
[ 1222.566633][ T7311] playstation 0003:054C:0DF2.0026: Failed to get MAC address from DualSense
[ 1222.585486][ T7311] playstation 0003:054C:0DF2.0026: Failed to create dualsense.
[ 1222.600488][ T7311] playstation 0003:054C:0DF2.0026: probe with driver playstation failed with error -22
[ 1222.743071][T17602] usb 2-1: USB disconnect, device number 108
[ 1222.837363][T19719] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3971'.
[ 1223.095477][ T7311] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[ 1223.245471][ T7311] usb 4-1: Using ep0 maxpacket: 16
[ 1223.252301][ T7311] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1223.268080][ T7311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1223.283079][ T7311] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1223.308414][ T7311] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1223.321684][ T7311] usb 4-1: Product: syz
[ 1223.329477][ T7311] usb 4-1: Manufacturer: syz
[ 1223.330005][T19725] FAULT_INJECTION: forcing a failure.
[ 1223.330005][T19725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1223.334120][ T7311] usb 4-1: SerialNumber: syz
[ 1223.341109][ T7311] usb 4-1: config 0 descriptor??
[ 1223.356613][T19725] CPU: 1 UID: 0 PID: 19725 Comm: syz.1.3973 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1223.356647][T19725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1223.356664][T19725] Call Trace:
[ 1223.356675][T19725]  <TASK>
[ 1223.356687][T19725]  dump_stack_lvl+0x189/0x250
[ 1223.356726][T19725]  ? __pfx____ratelimit+0x10/0x10
[ 1223.356772][T19725]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1223.356802][T19725]  ? __pfx__printk+0x10/0x10
[ 1223.356839][T19725]  ? __might_fault+0xb0/0x130
[ 1223.356889][T19725]  should_fail_ex+0x414/0x560
[ 1223.356920][T19725]  _copy_from_user+0x2d/0xb0
[ 1223.356943][T19725]  get_compat_msghdr+0xad/0x4a0
[ 1223.356981][T19725]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1223.357027][T19725]  ___sys_sendmsg+0x193/0x2a0
[ 1223.357062][T19725]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1223.357141][T19725]  ? __fget_files+0x2a/0x420
[ 1223.357181][T19725]  ? __fget_files+0x3a0/0x420
[ 1223.357232][T19725]  __sys_sendmsg+0x164/0x220
[ 1223.357272][T19725]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1223.357328][T19725]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1223.357364][T19725]  __do_fast_syscall_32+0xb6/0x2b0
[ 1223.357400][T19725]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1223.357436][T19725]  do_fast_syscall_32+0x34/0x80
[ 1223.357470][T19725]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1223.357501][T19725] RIP: 0023:0xf711e539
[ 1223.357523][T19725] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1223.357548][T19725] RSP: 002b:00000000f550e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1223.357575][T19725] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[ 1223.357592][T19725] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1223.357608][T19725] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1223.357622][T19725] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1223.357637][T19725] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1223.357670][T19725]  </TASK>
[ 1223.568250][ T7311] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1223.577620][ T7311] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[ 1224.415655][T19734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1224.424466][T19734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1224.850164][T19741] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3978'.
[ 1224.865468][T19444] Bluetooth: hci5: command 0x0405 tx timeout
[ 1224.920461][T17602] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[ 1225.089790][T17602] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1225.099346][T17602] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1225.115556][T17602] usb 2-1: Product: syz
[ 1225.116051][ T7311] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1225.125488][T17602] usb 2-1: Manufacturer: syz
[ 1225.136840][T17602] usb 2-1: SerialNumber: syz
[ 1225.144513][ T7311] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[ 1225.153006][ T7311] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[ 1225.161874][ T7311] em28xx 4-1:0.0: No AC97 audio processor
[ 1225.168055][T17602] usb 2-1: config 0 descriptor??
[ 1225.525577][ T7311] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 1225.685474][ T7311] usb 5-1: Using ep0 maxpacket: 8
[ 1225.693919][ T7311] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1225.708688][ T7311] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1225.741680][ T7311] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1225.782307][ T7311] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1225.800706][ T7311] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1225.840823][ T7311] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1225.853612][ T7311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1226.079325][T17602] usb 4-1: USB disconnect, device number 96
[ 1226.086990][T17602] em28xx 4-1:0.0: Disconnecting em28xx
[ 1226.112575][T17602] em28xx 4-1:0.0: Freeing device
[ 1226.164788][ T7311] usb 5-1: GET_CAPABILITIES returned 0
[ 1226.177570][ T7311] usbtmc 5-1:16.0: can't read capabilities
[ 1226.251314][T19761] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1226.625565][ T7311] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[ 1226.822857][ T7311] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1226.844739][ T7311] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1226.859390][ T7311] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[ 1226.869722][ T7311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1226.882982][ T7311] usb 4-1: config 0 descriptor??
[ 1226.989778][T19769] netlink: 'syz.5.3985': attribute type 1 has an invalid length.
[ 1227.147023][T19773] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1227.174722][T19773] bond1: (slave vxcan3): Error -95 calling set_mac_address
[ 1227.249049][T19769] macvlan2: entered promiscuous mode
[ 1227.266109][T19769] macvlan2: entered allmulticast mode
[ 1227.283161][T19769] bond1: entered promiscuous mode
[ 1227.292804][T19769] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1227.315636][T19769] bond1: left promiscuous mode
[ 1227.338943][ T7311] kovaplus 0003:1E7D:2D50.0027: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.3-1/input0
[ 1227.804303][T17602] usb 5-1: USB disconnect, device number 8
[ 1228.280935][T19736] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1228.298296][ T7308] usb 2-1: USB disconnect, device number 109
[ 1229.367155][ T7311] kovaplus 0003:1E7D:2D50.0027: couldn't init struct kovaplus_device
[ 1229.386919][ T7311] kovaplus 0003:1E7D:2D50.0027: couldn't install mouse
[ 1229.417134][ T7311] kovaplus 0003:1E7D:2D50.0027: probe with driver kovaplus failed with error -71
[ 1229.462333][ T7311] usb 4-1: USB disconnect, device number 97
[ 1229.835735][ T7311] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[ 1230.015947][ T7311] usb 4-1: Using ep0 maxpacket: 8
[ 1230.026988][ T7311] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1230.035698][ T7311] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1230.059593][ T7311] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1230.077709][ T7311] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1230.098473][ T7311] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1230.113502][ T7311] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1230.133211][ T7311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1230.563359][ T7311] usb 4-1: GET_CAPABILITIES returned 0
[ 1230.570224][ T7311] usbtmc 4-1:16.0: can't read capabilities
[ 1231.233582][T19819] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[ 1231.900606][T19832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4002'.
[ 1232.240340][T19832] bond0: (slave wlan1): Releasing backup interface
[ 1233.376543][ T7311] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[ 1233.536617][ T7318] usb 4-1: USB disconnect, device number 98
[ 1233.620805][   T30] audit: type=1326 audit(1754630116.607:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000
[ 1233.753613][   T30] audit: type=1326 audit(1754630116.637:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000
[ 1233.812538][   T30] audit: type=1326 audit(1754630116.637:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000
[ 1233.863537][   T30] audit: type=1326 audit(1754630116.637:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000
[ 1233.981717][T19852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4007'.
[ 1234.205623][   T30] audit: type=1326 audit(1754630116.637:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000
[ 1234.293029][   T30] audit: type=1326 audit(1754630116.637:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000
[ 1234.419836][   T30] audit: type=1326 audit(1754630116.677:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000
[ 1234.642163][   T30] audit: type=1326 audit(1754630116.677:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000
[ 1234.678569][   T30] audit: type=1326 audit(1754630116.677:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000
[ 1234.745672][   T30] audit: type=1326 audit(1754630116.687:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19845 comm="syz.3.4006" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000
[ 1235.653741][T19862] FAULT_INJECTION: forcing a failure.
[ 1235.653741][T19862] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1235.831850][T19864] bond0: entered promiscuous mode
[ 1236.129943][T19862] CPU: 1 UID: 0 PID: 19862 Comm: syz.1.4011 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1236.129977][T19862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1236.129987][T19862] Call Trace:
[ 1236.129994][T19862]  <TASK>
[ 1236.130001][T19862]  dump_stack_lvl+0x189/0x250
[ 1236.130026][T19862]  ? __pfx____ratelimit+0x10/0x10
[ 1236.130047][T19862]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1236.130066][T19862]  ? __pfx__printk+0x10/0x10
[ 1236.130090][T19862]  ? __might_fault+0xb0/0x130
[ 1236.130121][T19862]  should_fail_ex+0x414/0x560
[ 1236.130143][T19862]  _copy_from_user+0x2d/0xb0
[ 1236.130159][T19862]  get_compat_msghdr+0xad/0x4a0
[ 1236.130186][T19862]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1236.130218][T19862]  ___sys_sendmsg+0x193/0x2a0
[ 1236.130245][T19862]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1236.130295][T19862]  ? __fget_files+0x2a/0x420
[ 1236.130318][T19862]  ? __fget_files+0x3a0/0x420
[ 1236.130350][T19862]  __sys_sendmsg+0x164/0x220
[ 1236.130376][T19862]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1236.130411][T19862]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1236.130434][T19862]  __do_fast_syscall_32+0xb6/0x2b0
[ 1236.130456][T19862]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1236.130479][T19862]  do_fast_syscall_32+0x34/0x80
[ 1236.130500][T19862]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1236.130521][T19862] RIP: 0023:0xf711e539
[ 1236.130535][T19862] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1236.130556][T19862] RSP: 002b:00000000f550e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1236.130572][T19862] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[ 1236.130583][T19862] RDX: 0000000004000004 RSI: 0000000000000000 RDI: 0000000000000000
[ 1236.130593][T19862] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1236.130602][T19862] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1236.130611][T19862] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1236.130631][T19862]  </TASK>
[ 1236.144043][T19864] mac80211_hwsim hwsim16 wlan1: entered promiscuous mode
[ 1236.385879][T19864] bond0: entered allmulticast mode
[ 1236.404492][T19864] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode
[ 1236.447656][T19864] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1236.628081][T19873] FAULT_INJECTION: forcing a failure.
[ 1236.628081][T19873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1236.649102][T19873] CPU: 0 UID: 0 PID: 19873 Comm: syz.4.4016 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1236.649134][T19873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1236.649149][T19873] Call Trace:
[ 1236.649158][T19873]  <TASK>
[ 1236.649168][T19873]  dump_stack_lvl+0x189/0x250
[ 1236.649199][T19873]  ? __pfx____ratelimit+0x10/0x10
[ 1236.649226][T19873]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1236.649253][T19873]  ? __pfx__printk+0x10/0x10
[ 1236.649284][T19873]  ? __might_fault+0xb0/0x130
[ 1236.649327][T19873]  should_fail_ex+0x414/0x560
[ 1236.649357][T19873]  _copy_from_user+0x2d/0xb0
[ 1236.649379][T19873]  get_compat_msghdr+0xad/0x4a0
[ 1236.649417][T19873]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1236.649463][T19873]  ___sys_sendmsg+0x193/0x2a0
[ 1236.649512][T19873]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1236.649578][T19873]  ? __fget_files+0x2a/0x420
[ 1236.649612][T19873]  ? __fget_files+0x3a0/0x420
[ 1236.649657][T19873]  __sys_sendmsg+0x164/0x220
[ 1236.649691][T19873]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1236.649741][T19873]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1236.649772][T19873]  __do_fast_syscall_32+0xb6/0x2b0
[ 1236.649810][T19873]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1236.649842][T19873]  do_fast_syscall_32+0x34/0x80
[ 1236.649871][T19873]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1236.649898][T19873] RIP: 0023:0xf7f37539
[ 1236.649916][T19873] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1236.649954][T19873] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1236.649977][T19873] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004380
[ 1236.649992][T19873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1236.650005][T19873] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1236.650018][T19873] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1236.650031][T19873] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1236.650062][T19873]  </TASK>
[ 1236.977602][ T7311] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[ 1237.136068][ T7311] usb 2-1: Using ep0 maxpacket: 8
[ 1237.148592][ T7311] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1237.162538][ T7311] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1237.172622][ T7311] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1237.193034][ T7311] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1237.209141][ T7311] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1237.223101][ T7311] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1237.232403][ T7311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1237.265159][T19889] FAULT_INJECTION: forcing a failure.
[ 1237.265159][T19889] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1237.266585][ T7318] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[ 1237.278839][T19889] CPU: 0 UID: 0 PID: 19889 Comm: syz.5.4020 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1237.278874][T19889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1237.278891][T19889] Call Trace:
[ 1237.278902][T19889]  <TASK>
[ 1237.278918][T19889]  dump_stack_lvl+0x189/0x250
[ 1237.278955][T19889]  ? __pfx____ratelimit+0x10/0x10
[ 1237.278986][T19889]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1237.279019][T19889]  ? __pfx__printk+0x10/0x10
[ 1237.279054][T19889]  ? __might_fault+0xb0/0x130
[ 1237.279103][T19889]  should_fail_ex+0x414/0x560
[ 1237.279138][T19889]  _copy_from_user+0x2d/0xb0
[ 1237.279164][T19889]  get_compat_msghdr+0xad/0x4a0
[ 1237.279206][T19889]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1237.279258][T19889]  ___sys_sendmsg+0x193/0x2a0
[ 1237.279299][T19889]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1237.279378][T19889]  ? __fget_files+0x2a/0x420
[ 1237.279417][T19889]  ? __fget_files+0x3a0/0x420
[ 1237.279491][T19889]  __sys_sendmsg+0x164/0x220
[ 1237.279533][T19889]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1237.279589][T19889]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1237.279626][T19889]  __do_fast_syscall_32+0xb6/0x2b0
[ 1237.279662][T19889]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1237.279698][T19889]  do_fast_syscall_32+0x34/0x80
[ 1237.279731][T19889]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1237.279764][T19889] RIP: 0023:0xf704e539
[ 1237.279788][T19889] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1237.279811][T19889] RSP: 002b:00000000f543e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1237.279837][T19889] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[ 1237.279855][T19889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1237.279870][T19889] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1237.279884][T19889] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1237.279900][T19889] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1237.279935][T19889]  </TASK>
[ 1237.551794][ T7311] usb 2-1: GET_CAPABILITIES returned 0
[ 1237.562661][ T7311] usbtmc 2-1:16.0: can't read capabilities
[ 1237.656609][ T7318] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1237.666051][T19898] FAULT_INJECTION: forcing a failure.
[ 1237.666051][T19898] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1237.687903][ T7318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1237.694156][T19898] CPU: 0 UID: 0 PID: 19898 Comm: syz.5.4024 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1237.694196][T19898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1237.694213][T19898] Call Trace:
[ 1237.694223][T19898]  <TASK>
[ 1237.694234][T19898]  dump_stack_lvl+0x189/0x250
[ 1237.694271][T19898]  ? __pfx____ratelimit+0x10/0x10
[ 1237.694304][T19898]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1237.694337][T19898]  ? __pfx__printk+0x10/0x10
[ 1237.694373][T19898]  ? __might_fault+0xb0/0x130
[ 1237.694421][T19898]  should_fail_ex+0x414/0x560
[ 1237.694464][T19898]  _copy_from_user+0x2d/0xb0
[ 1237.694491][T19898]  __sys_sendto+0x25c/0x520
[ 1237.694529][T19898]  ? __pfx___sys_sendto+0x10/0x10
[ 1237.694559][T19898]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1237.694610][T19898]  ? __fget_files+0x3a0/0x420
[ 1237.694661][T19898]  ? ksys_write+0x22a/0x250
[ 1237.694698][T19898]  __ia32_sys_sendto+0xdd/0x100
[ 1237.694737][T19898]  __do_fast_syscall_32+0xb6/0x2b0
[ 1237.694772][T19898]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1237.694809][T19898]  do_fast_syscall_32+0x34/0x80
[ 1237.694843][T19898]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1237.694875][T19898] RIP: 0023:0xf704e539
[ 1237.694896][T19898] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1237.694921][T19898] RSP: 002b:00000000f543e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[ 1237.694948][T19898] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[ 1237.694967][T19898] RDX: 000000000000fef2 RSI: 0000000000000000 RDI: 0000000080000a80
[ 1237.694984][T19898] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000
[ 1237.694999][T19898] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1237.695016][T19898] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1237.695053][T19898]  </TASK>
[ 1237.894952][ T7318] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1237.904873][ T7318] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1237.918692][ T7318] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1237.927839][ T7318] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1237.949255][ T7318] usb 4-1: config 0 descriptor??
[ 1238.377355][T19909] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1238.400627][T19909] syzkaller0: entered promiscuous mode
[ 1238.407732][T19909] syzkaller0: entered allmulticast mode
[ 1238.426079][T19910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1238.456192][T19910] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1238.474787][T19909] FAULT_INJECTION: forcing a failure.
[ 1238.474787][T19909] name failslab, interval 1, probability 0, space 0, times 0
[ 1238.503571][T19909] CPU: 0 UID: 0 PID: 19909 Comm: syz.4.4028 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1238.503605][T19909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1238.503621][T19909] Call Trace:
[ 1238.503637][T19909]  <TASK>
[ 1238.503649][T19909]  dump_stack_lvl+0x189/0x250
[ 1238.503682][T19909]  ? __pfx____ratelimit+0x10/0x10
[ 1238.503711][T19909]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1238.503738][T19909]  ? __pfx__printk+0x10/0x10
[ 1238.503778][T19909]  ? __pfx___might_resched+0x10/0x10
[ 1238.503800][T19909]  ? fs_reclaim_acquire+0x7d/0x100
[ 1238.503845][T19909]  should_fail_ex+0x414/0x560
[ 1238.503877][T19909]  should_failslab+0xa8/0x100
[ 1238.503914][T19909]  __kmalloc_noprof+0xcb/0x4f0
[ 1238.503945][T19909]  ? kfree+0x4d/0x440
[ 1238.503970][T19909]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1238.504009][T19909]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1238.504045][T19909]  ? tomoyo_domain+0xd9/0x130
[ 1238.504085][T19909]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1238.504111][T19909]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1238.504138][T19909]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1238.504186][T19909]  ? __lock_acquire+0xab9/0xd20
[ 1238.504243][T19909]  ? __fget_files+0x2a/0x420
[ 1238.504283][T19909]  ? __fget_files+0x3a0/0x420
[ 1238.504316][T19909]  ? __fget_files+0x2a/0x420
[ 1238.504355][T19909]  security_file_ioctl_compat+0xcb/0x2d0
[ 1238.504386][T19909]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1238.504419][T19909]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1238.504449][T19909]  ? __fget_files+0x3a0/0x420
[ 1238.504490][T19909]  ? fput+0xa0/0xd0
[ 1238.504515][T19909]  ? ksys_write+0x22a/0x250
[ 1238.504555][T19909]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1238.504588][T19909]  __do_fast_syscall_32+0xb6/0x2b0
[ 1238.504637][T19909]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1238.504688][T19909]  do_fast_syscall_32+0x34/0x80
[ 1238.504719][T19909]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1238.504747][T19909] RIP: 0023:0xf7f37539
[ 1238.504767][T19909] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1238.504787][T19909] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1238.504812][T19909] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000008922
[ 1238.504827][T19909] RDX: 0000000080002280 RSI: 0000000000000000 RDI: 0000000000000000
[ 1238.504841][T19909] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1238.504854][T19909] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1238.504867][T19909] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1238.504899][T19909]  </TASK>
[ 1238.504943][T19909] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1238.783264][T19909] tipc: Resetting bearer <eth:syzkaller0>
[ 1238.791960][T19908] tipc: Resetting bearer <eth:syzkaller0>
[ 1238.870627][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.881671][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.900775][T19908] tipc: Disabling bearer <eth:syzkaller0>
[ 1238.936892][T19913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1238.962355][T19913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1238.987750][T19913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1239.026139][T19913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1239.049484][T19913] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1239.068627][T19913] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1239.092919][T19916] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1239.104822][T19916] syzkaller0: entered promiscuous mode
[ 1239.113576][T19916] syzkaller0: entered allmulticast mode
[ 1239.162355][T19916] tipc: Resetting bearer <eth:syzkaller0>
[ 1239.173855][T19914] tipc: Resetting bearer <eth:syzkaller0>
[ 1239.194597][T19914] tipc: Disabling bearer <eth:syzkaller0>
[ 1239.485010][T19919] tipc: Enabled bearer <ib:caif0>, priority 10
[ 1239.635526][ T7308] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1239.803016][ T7308] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1239.829089][ T7308] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1239.852101][ T7308] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1239.880597][ T7308] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1240.053100][ T7308] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1240.090143][ T7308] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1240.161757][ T7308] usb 5-1: config 0 descriptor??
[ 1240.178518][T19921] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22
[ 1240.249191][ T7318] usbhid 4-1:0.0: can't add hid device: -71
[ 1240.305597][ T7318] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1240.345063][ T7318] usb 4-1: USB disconnect, device number 99
[ 1240.412696][T19926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1240.433277][T19926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1240.483374][T19929] FAULT_INJECTION: forcing a failure.
[ 1240.483374][T19929] name failslab, interval 1, probability 0, space 0, times 0
[ 1240.511269][T19929] CPU: 0 UID: 0 PID: 19929 Comm: syz.3.4035 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1240.511302][T19929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1240.511317][T19929] Call Trace:
[ 1240.511327][T19929]  <TASK>
[ 1240.511337][T19929]  dump_stack_lvl+0x189/0x250
[ 1240.511370][T19929]  ? __pfx____ratelimit+0x10/0x10
[ 1240.511398][T19929]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1240.511426][T19929]  ? __pfx__printk+0x10/0x10
[ 1240.511460][T19929]  ? __pfx___might_resched+0x10/0x10
[ 1240.511483][T19929]  ? fs_reclaim_acquire+0x7d/0x100
[ 1240.511530][T19929]  should_fail_ex+0x414/0x560
[ 1240.511560][T19929]  should_failslab+0xa8/0x100
[ 1240.511596][T19929]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1240.511627][T19929]  ? alloc_pipe_info+0xe9/0x4d0
[ 1240.511663][T19929]  alloc_pipe_info+0xe9/0x4d0
[ 1240.511698][T19929]  splice_direct_to_actor+0xa5d/0xcc0
[ 1240.511748][T19929]  ? __pfx_aa_file_perm+0x10/0x10
[ 1240.511781][T19929]  ? __lock_acquire+0xab9/0xd20
[ 1240.511814][T19929]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1240.511846][T19929]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1240.511890][T19929]  do_splice_direct+0x181/0x270
[ 1240.511926][T19929]  ? __pfx_do_splice_direct+0x10/0x10
[ 1240.511959][T19929]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1240.512002][T19929]  ? rw_verify_area+0x255/0x4d0
[ 1240.512035][T19929]  do_sendfile+0x4da/0x7e0
[ 1240.512067][T19929]  ? __pfx_do_sendfile+0x10/0x10
[ 1240.512098][T19929]  ? __might_fault+0xb0/0x130
[ 1240.512133][T19929]  __ia32_compat_sys_sendfile+0x120/0x1d0
[ 1240.512175][T19929]  __do_fast_syscall_32+0xb6/0x2b0
[ 1240.512207][T19929]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1240.512239][T19929]  do_fast_syscall_32+0x34/0x80
[ 1240.512269][T19929]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1240.512297][T19929] RIP: 0023:0xf7ff3539
[ 1240.512317][T19929] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1240.512337][T19929] RSP: 002b:00000000f551655c EFLAGS: 00000206 ORIG_RAX: 00000000000000bb
[ 1240.512360][T19929] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000003
[ 1240.512375][T19929] RDX: 0000000080002080 RSI: 000000000000023b RDI: 0000000000000000
[ 1240.512389][T19929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1240.512401][T19929] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1240.512415][T19929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1240.512446][T19929]  </TASK>
[ 1240.763495][ T7311] tipc: Node number set to 2589170226
[ 1241.036102][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.043583][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.065458][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.077630][ T7311] usb 2-1: USB disconnect, device number 111
[ 1241.097766][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.105229][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.135854][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.154418][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.160389][T19938] tipc: Started in network mode
[ 1241.183242][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.186112][T19938] tipc: Node identity 963310dd4763, cluster identity 4711
[ 1241.193470][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.222135][T19938] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1241.235693][ T7308] plantronics 0003:047F:FFFF.0028: unknown main item tag 0x0
[ 1241.251836][T19942] syzkaller0: entered promiscuous mode
[ 1241.273693][ T7308] plantronics 0003:047F:FFFF.0028: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1241.274841][T19942] syzkaller0: entered allmulticast mode
[ 1241.330638][ T7308] usb 5-1: USB disconnect, device number 9
[ 1241.354824][T19938] tipc: Resetting bearer <eth:syzkaller0>
[ 1241.389751][T19938] tipc: Resetting bearer <eth:syzkaller0>
[ 1241.415226][T19945] fido_id[19945]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[ 1241.437617][T19938] tipc: Disabling bearer <eth:syzkaller0>
[ 1241.606239][ T7311] usb 2-1: new full-speed USB device number 112 using dummy_hcd
[ 1241.783965][ T7311] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1241.815907][ T7311] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1241.860208][ T7311] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1241.905569][ T7311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1241.913620][ T7311] usb 2-1: Product: syz
[ 1241.933623][ T7311] usb 2-1: Manufacturer: syz
[ 1241.954192][ T7311] usb 2-1: SerialNumber: syz
[ 1242.562530][T19961] FAULT_INJECTION: forcing a failure.
[ 1242.562530][T19961] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1242.578833][T19961] CPU: 1 UID: 0 PID: 19961 Comm: syz.4.4046 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1242.578866][T19961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1242.578881][T19961] Call Trace:
[ 1242.578890][T19961]  <TASK>
[ 1242.578900][T19961]  dump_stack_lvl+0x189/0x250
[ 1242.578933][T19961]  ? __pfx____ratelimit+0x10/0x10
[ 1242.578963][T19961]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1242.578992][T19961]  ? __pfx__printk+0x10/0x10
[ 1242.579024][T19961]  ? __might_fault+0xb0/0x130
[ 1242.579082][T19961]  should_fail_ex+0x414/0x560
[ 1242.579114][T19961]  _copy_from_user+0x2d/0xb0
[ 1242.579139][T19961]  get_compat_msghdr+0xad/0x4a0
[ 1242.579179][T19961]  ? __pfx_get_compat_msghdr+0x10/0x10
[ 1242.579231][T19961]  ___sys_sendmsg+0x193/0x2a0
[ 1242.579268][T19961]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1242.579348][T19961]  ? __fget_files+0x2a/0x420
[ 1242.579381][T19961]  ? __fget_files+0x3a0/0x420
[ 1242.579427][T19961]  __sys_sendmsg+0x164/0x220
[ 1242.579462][T19961]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1242.579513][T19961]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1242.579545][T19961]  __do_fast_syscall_32+0xb6/0x2b0
[ 1242.579577][T19961]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1242.579610][T19961]  do_fast_syscall_32+0x34/0x80
[ 1242.579640][T19961]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1242.579668][T19961] RIP: 0023:0xf7f37539
[ 1242.579688][T19961] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1242.579710][T19961] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1242.579733][T19961] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[ 1242.579748][T19961] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1242.579761][T19961] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1242.579774][T19961] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1242.579787][T19961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1242.579818][T19961]  </TASK>
[ 1242.862845][T19963] netlink: 428 bytes leftover after parsing attributes in process `syz.4.4047'.
[ 1243.194242][   T30] kauditd_printk_skb: 461 callbacks suppressed
[ 1243.194268][   T30] audit: type=1326 audit(1754630126.177:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19975 comm="syz.4.4052" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f37539 code=0x0
[ 1243.253279][T19979] fuse: Bad value for 'fd'
[ 1243.253328][T19978] trusted_key: syz.4.4052 sent an empty control message without MSG_MORE.
[ 1243.990585][T19986] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4055'.
[ 1244.002625][T19986] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4055'.
[ 1244.070411][T19988] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4056'.
[ 1244.155524][T17598] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[ 1244.320606][T17598] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1244.338810][T17598] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1244.350199][T17598] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1244.363650][T17598] usb 4-1: config 0 descriptor??
[ 1244.580152][ T7311] usb 2-1: 0:2 : does not exist
[ 1244.591790][T20000] FAULT_INJECTION: forcing a failure.
[ 1244.591790][T20000] name failslab, interval 1, probability 0, space 0, times 0
[ 1244.608438][T20000] CPU: 1 UID: 0 PID: 20000 Comm: syz.5.4059 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1244.608470][T20000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1244.608483][T20000] Call Trace:
[ 1244.608492][T20000]  <TASK>
[ 1244.608501][T20000]  dump_stack_lvl+0x189/0x250
[ 1244.608532][T20000]  ? __pfx____ratelimit+0x10/0x10
[ 1244.608561][T20000]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1244.608589][T20000]  ? __pfx__printk+0x10/0x10
[ 1244.608626][T20000]  ? __pfx___might_resched+0x10/0x10
[ 1244.608646][T20000]  ? fs_reclaim_acquire+0x7d/0x100
[ 1244.608684][T20000]  should_fail_ex+0x414/0x560
[ 1244.608714][T20000]  should_failslab+0xa8/0x100
[ 1244.608749][T20000]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1244.608777][T20000]  ? vm_area_dup+0x2b/0x680
[ 1244.608808][T20000]  ? finish_task_switch+0x32b/0x950
[ 1244.608841][T20000]  vm_area_dup+0x2b/0x680
[ 1244.608881][T20000]  __split_vma+0x1a9/0xa00
[ 1244.608918][T20000]  ? __pfx___split_vma+0x10/0x10
[ 1244.608953][T20000]  ? do_raw_spin_lock+0x121/0x290
[ 1244.608980][T20000]  ? can_vma_merge_left+0x195/0x6b0
[ 1244.609020][T20000]  vma_modify+0x13b3/0x1970
[ 1244.609066][T20000]  vma_modify_flags+0x1e8/0x230
[ 1244.609095][T20000]  ? __pfx_vma_modify_flags+0x10/0x10
[ 1244.609146][T20000]  mlock_fixup+0x22a/0x360
[ 1244.609179][T20000]  apply_vma_lock_flags+0x2aa/0x3c0
[ 1244.609206][T20000]  ? vfs_write+0x8d8/0xa90
[ 1244.609239][T20000]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[ 1244.609275][T20000]  ? __pfx_down_write_killable+0x10/0x10
[ 1244.609309][T20000]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1244.609337][T20000]  ? __pfx_vfs_write+0x10/0x10
[ 1244.609371][T20000]  do_mlock+0x528/0x740
[ 1244.609406][T20000]  ? __pfx_do_mlock+0x10/0x10
[ 1244.609431][T20000]  ? fput+0xa0/0xd0
[ 1244.609454][T20000]  ? ksys_write+0x22a/0x250
[ 1244.609492][T20000]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1244.609527][T20000]  __ia32_sys_mlock+0x5f/0x70
[ 1244.609552][T20000]  __do_fast_syscall_32+0xb6/0x2b0
[ 1244.609583][T20000]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1244.609615][T20000]  do_fast_syscall_32+0x34/0x80
[ 1244.609645][T20000]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1244.609672][T20000] RIP: 0023:0xf704e539
[ 1244.609690][T20000] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1244.609710][T20000] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000096
[ 1244.609732][T20000] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000
[ 1244.609748][T20000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1244.609761][T20000] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1244.609774][T20000] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1244.609787][T20000] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1244.609819][T20000]  </TASK>
[ 1244.896660][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1244.915581][ T7311] usb 2-1: USB disconnect, device number 112
[ 1245.125245][ T6021] udevd[6021]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1245.316120][T17598] keytouch 0003:0926:3333.0029: fixing up Keytouch IEC report descriptor
[ 1245.353914][T17598] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0029/input/input39
[ 1245.416786][T20010] binfmt_misc: register: failed to install interpreter file ./file0
[ 1245.631289][T17598] keytouch 0003:0926:3333.0029: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[ 1245.696490][T20017] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4064'.
[ 1245.763347][ T7318] usb 2-1: new full-speed USB device number 113 using dummy_hcd
[ 1245.983875][ T7318] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1245.996212][ T7318] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1246.022596][ T7318] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[ 1246.047251][ T7318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1246.119473][ T7318] usb 2-1: SerialNumber: syz
[ 1246.177911][ T7318] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[ 1246.270078][ T7318] usb-storage 2-1:1.0: USB Mass Storage device detected
[ 1246.378375][ T7318] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[ 1246.934967][ T7318] scsi host1: usb-storage 2-1:1.0
[ 1247.203927][T20038] FAULT_INJECTION: forcing a failure.
[ 1247.203927][T20038] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1247.228678][T20038] CPU: 0 UID: 0 PID: 20038 Comm: syz.4.4068 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1247.228708][T20038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1247.228718][T20038] Call Trace:
[ 1247.228725][T20038]  <TASK>
[ 1247.228732][T20038]  dump_stack_lvl+0x189/0x250
[ 1247.228776][T20038]  ? __pfx____ratelimit+0x10/0x10
[ 1247.228822][T20038]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1247.228846][T20038]  ? __pfx__printk+0x10/0x10
[ 1247.228869][T20038]  ? __might_fault+0xb0/0x130
[ 1247.228902][T20038]  should_fail_ex+0x414/0x560
[ 1247.228944][T20038]  _copy_from_user+0x2d/0xb0
[ 1247.228967][T20038]  get_old_timespec32+0x88/0x130
[ 1247.228997][T20038]  ? __pfx_get_old_timespec32+0x10/0x10
[ 1247.229029][T20038]  __sys_recvmmsg+0xee/0x280
[ 1247.229076][T20038]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1247.229107][T20038]  ? ksys_write+0x22a/0x250
[ 1247.229145][T20038]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1247.229173][T20038]  __do_fast_syscall_32+0xb6/0x2b0
[ 1247.229195][T20038]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1247.229244][T20038]  do_fast_syscall_32+0x34/0x80
[ 1247.229274][T20038]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1247.229301][T20038] RIP: 0023:0xf7f37539
[ 1247.229318][T20038] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1247.229333][T20038] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1247.229349][T20038] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0
[ 1247.229360][T20038] RDX: 00000000000003b4 RSI: 0000000002040000 RDI: 0000000080003700
[ 1247.229371][T20038] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1247.229384][T20038] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1247.229398][T20038] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1247.229429][T20038]  </TASK>
[ 1247.600907][ T7311] usb 4-1: USB disconnect, device number 100
[ 1247.782678][T20047] loop7: detected capacity change from 0 to 6
[ 1247.849630][T20049] fuse: Unknown parameter '0000000000000000000000000000000000000000'
[ 1247.923875][ T7308] IPVS: starting estimator thread 0...
[ 1247.979076][T20043] Dev loop7: unable to read RDB block 6
[ 1247.987503][T20043]  loop7: unable to read partition table
[ 1247.998947][T20043] loop7: partition table beyond EOD, truncated
[ 1248.005393][T20043] loop_reread_partitions: partition scan of loop7 (îÝ·ÂU@™:ÖB$Œ{
WÎÉ´å) failed (rc=-5)
[ 1248.025509][T20050] IPVS: using max 26 ests per chain, 62400 per kthread
[ 1248.345460][ T7311] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[ 1248.570589][ T7311] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1248.590973][ T7311] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1248.624126][ T7311] usb 4-1: New USB device found, idVendor=046d, idProduct=c283, bcdDevice= 0.00
[ 1248.695031][ T7311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1248.787051][ T7311] usb 4-1: config 0 descriptor??
[ 1249.035697][T20052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1249.049838][T20052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1249.234958][T20052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1249.247076][T20052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1249.313746][ T7311] usbhid 4-1:0.0: can't add hid device: -71
[ 1249.350859][ T7311] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1249.438014][ T7311] usb 4-1: USB disconnect, device number 101
[ 1249.856230][T20063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4075'.
[ 1249.970286][ T7318] usb 2-1: USB disconnect, device number 113
[ 1250.277464][T20074] FAULT_INJECTION: forcing a failure.
[ 1250.277464][T20074] name failslab, interval 1, probability 0, space 0, times 0
[ 1250.292282][T20074] CPU: 1 UID: 0 PID: 20074 Comm: syz.1.4080 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1250.292331][T20074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1250.292345][T20074] Call Trace:
[ 1250.292355][T20074]  <TASK>
[ 1250.292365][T20074]  dump_stack_lvl+0x189/0x250
[ 1250.292397][T20074]  ? __pfx____ratelimit+0x10/0x10
[ 1250.292425][T20074]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1250.292452][T20074]  ? __pfx__printk+0x10/0x10
[ 1250.292502][T20074]  ? __pfx___might_resched+0x10/0x10
[ 1250.292524][T20074]  ? fs_reclaim_acquire+0x7d/0x100
[ 1250.292563][T20074]  should_fail_ex+0x414/0x560
[ 1250.292595][T20074]  should_failslab+0xa8/0x100
[ 1250.292629][T20074]  __kmalloc_noprof+0xcb/0x4f0
[ 1250.292658][T20074]  ? kfree+0x4d/0x440
[ 1250.292682][T20074]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1250.292721][T20074]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1250.292756][T20074]  ? tomoyo_domain+0xd9/0x130
[ 1250.292796][T20074]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1250.292823][T20074]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1250.292866][T20074]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1250.292916][T20074]  ? __lock_acquire+0xab9/0xd20
[ 1250.292969][T20074]  ? __fget_files+0x2a/0x420
[ 1250.293006][T20074]  ? __fget_files+0x3a0/0x420
[ 1250.293037][T20074]  ? __fget_files+0x2a/0x420
[ 1250.293072][T20074]  security_file_ioctl_compat+0xcb/0x2d0
[ 1250.293101][T20074]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1250.293132][T20074]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1250.293161][T20074]  ? __fget_files+0x3a0/0x420
[ 1250.293199][T20074]  ? fput+0xa0/0xd0
[ 1250.293223][T20074]  ? ksys_write+0x22a/0x250
[ 1250.293261][T20074]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1250.293291][T20074]  __do_fast_syscall_32+0xb6/0x2b0
[ 1250.293321][T20074]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1250.293351][T20074]  do_fast_syscall_32+0x34/0x80
[ 1250.293380][T20074]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1250.293426][T20074] RIP: 0023:0xf711e539
[ 1250.293446][T20074] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1250.293466][T20074] RSP: 002b:00000000f550e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1250.293489][T20074] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000008914
[ 1250.293509][T20074] RDX: 0000000080002280 RSI: 0000000000000000 RDI: 0000000000000000
[ 1250.293523][T20074] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1250.293536][T20074] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1250.293549][T20074] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1250.293581][T20074]  </TASK>
[ 1250.293715][T20074] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1251.144205][T20097] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4087'.
[ 1251.475459][ T7311] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 1251.635462][ T7311] usb 4-1: Using ep0 maxpacket: 8
[ 1251.642508][ T7311] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1251.651111][ T7311] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1251.661369][ T7311] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1251.671630][ T7311] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1251.681700][ T7311] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1251.694760][ T7311] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1251.703970][ T7311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1251.859108][T20104] netlink: 144 bytes leftover after parsing attributes in process `syz.4.4090'.
[ 1251.991782][ T7311] usb 4-1: GET_CAPABILITIES returned 0
[ 1252.007973][ T7311] usbtmc 4-1:16.0: can't read capabilities
[ 1252.481465][T20117] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[ 1253.021869][T20123] netlink: 'syz.4.4097': attribute type 29 has an invalid length.
[ 1253.089823][T20125] FAULT_INJECTION: forcing a failure.
[ 1253.089823][T20125] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1253.190561][T20125] CPU: 0 UID: 0 PID: 20125 Comm: syz.3.4096 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1253.190592][T20125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1253.190606][T20125] Call Trace:
[ 1253.190616][T20125]  <TASK>
[ 1253.190626][T20125]  dump_stack_lvl+0x189/0x250
[ 1253.190659][T20125]  ? __pfx____ratelimit+0x10/0x10
[ 1253.190688][T20125]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1253.190716][T20125]  ? __pfx__printk+0x10/0x10
[ 1253.190760][T20125]  should_fail_ex+0x414/0x560
[ 1253.190790][T20125]  _copy_to_user+0x31/0xb0
[ 1253.190814][T20125]  simple_read_from_buffer+0xe1/0x170
[ 1253.190851][T20125]  proc_fail_nth_read+0x1b3/0x220
[ 1253.190878][T20125]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1253.190905][T20125]  ? rw_verify_area+0x2a6/0x4d0
[ 1253.190932][T20125]  ? __lock_acquire+0xab9/0xd20
[ 1253.190960][T20125]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1253.190986][T20125]  vfs_read+0x200/0x980
[ 1253.191013][T20125]  ? fdget_pos+0x247/0x320
[ 1253.191036][T20125]  ? __pfx___mutex_lock+0x10/0x10
[ 1253.191065][T20125]  ? __pfx_vfs_read+0x10/0x10
[ 1253.191094][T20125]  ? __fget_files+0x2a/0x420
[ 1253.191133][T20125]  ? __fget_files+0x3a0/0x420
[ 1253.191165][T20125]  ? __fget_files+0x2a/0x420
[ 1253.191208][T20125]  ksys_read+0x145/0x250
[ 1253.191240][T20125]  ? __pfx_ksys_read+0x10/0x10
[ 1253.191273][T20125]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1253.191312][T20125]  __do_fast_syscall_32+0xb6/0x2b0
[ 1253.191341][T20125]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1253.191372][T20125]  do_fast_syscall_32+0x34/0x80
[ 1253.191403][T20125]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1253.191431][T20125] RIP: 0023:0xf7ff3539
[ 1253.191451][T20125] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1253.191472][T20125] RSP: 002b:00000000f5516590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1253.191500][T20125] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5516620
[ 1253.191516][T20125] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[ 1253.191529][T20125] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1253.191542][T20125] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1253.191556][T20125] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1253.191588][T20125]  </TASK>
[ 1253.626289][T20127] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4098'.
[ 1253.672066][T20130] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1253.680995][T20130] syzkaller0: entered promiscuous mode
[ 1253.687290][T20130] syzkaller0: entered allmulticast mode
[ 1253.694559][T20131] FAULT_INJECTION: forcing a failure.
[ 1253.694559][T20131] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1253.734664][T20131] CPU: 0 UID: 0 PID: 20131 Comm: syz.0.4100 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1253.734695][T20131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1253.734710][T20131] Call Trace:
[ 1253.734719][T20131]  <TASK>
[ 1253.734729][T20131]  dump_stack_lvl+0x189/0x250
[ 1253.734764][T20131]  ? __pfx____ratelimit+0x10/0x10
[ 1253.734793][T20131]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1253.734819][T20131]  ? __pfx__printk+0x10/0x10
[ 1253.734852][T20131]  ? __might_fault+0xb0/0x130
[ 1253.734893][T20131]  should_fail_ex+0x414/0x560
[ 1253.734924][T20131]  _copy_from_user+0x2d/0xb0
[ 1253.734946][T20131]  ? semctl_main+0xee/0x15f0
[ 1253.734972][T20131]  semctl_main+0x6f5/0x15f0
[ 1253.734999][T20131]  ? semctl_main+0xee/0x15f0
[ 1253.735033][T20131]  ? __pfx_semctl_main+0x10/0x10
[ 1253.735132][T20131]  compat_ksys_semctl+0x3bd/0x520
[ 1253.735162][T20131]  ? __pfx_compat_ksys_semctl+0x10/0x10
[ 1253.735189][T20131]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1253.735224][T20131]  ? __fget_files+0x3a0/0x420
[ 1253.735283][T20131]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1253.735319][T20131]  __do_fast_syscall_32+0xb6/0x2b0
[ 1253.735351][T20131]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1253.735382][T20131]  do_fast_syscall_32+0x34/0x80
[ 1253.735411][T20131]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1253.735439][T20131] RIP: 0023:0xf706e539
[ 1253.735458][T20131] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1253.735479][T20131] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 000000000000018a
[ 1253.735502][T20131] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[ 1253.735517][T20131] RDX: 0000000000000011 RSI: 0000000080000680 RDI: 0000000000000000
[ 1253.735532][T20131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1253.735545][T20131] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1253.735559][T20131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1253.735598][T20131]  </TASK>
[ 1254.153968][T20137] tipc: Resetting bearer <eth:syzkaller0>
[ 1254.255636][T20130] tipc: Resetting bearer <eth:syzkaller0>
[ 1254.345073][T20130] tipc: Disabling bearer <eth:syzkaller0>
[ 1254.401698][ T8300] ip6gretap1: left allmulticast mode
[ 1254.408019][ T8300] ip6gretap1: left promiscuous mode
[ 1254.413721][ T8300] bridge0: port 1(ip6gretap1) entered disabled state
[ 1254.973809][T20154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1254.996958][T20154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1255.037070][T20154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1255.105860][T20154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1255.219928][T20154] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1255.283283][T20154] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1256.012052][T20167] FAULT_INJECTION: forcing a failure.
[ 1256.012052][T20167] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1256.046133][T20167] CPU: 0 UID: 0 PID: 20167 Comm: syz.1.4111 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1256.046165][T20167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1256.046178][T20167] Call Trace:
[ 1256.046188][T20167]  <TASK>
[ 1256.046197][T20167]  dump_stack_lvl+0x189/0x250
[ 1256.046229][T20167]  ? __pfx____ratelimit+0x10/0x10
[ 1256.046257][T20167]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1256.046284][T20167]  ? __pfx__printk+0x10/0x10
[ 1256.046337][T20167]  should_fail_ex+0x414/0x560
[ 1256.046368][T20167]  _copy_to_user+0x31/0xb0
[ 1256.046391][T20167]  copy_to_sockptr+0x5e/0xa0
[ 1256.046423][T20167]  sk_getsockopt+0x1fe2/0x2530
[ 1256.046460][T20167]  ? __pfx_sk_getsockopt+0x10/0x10
[ 1256.046503][T20167]  ? lockdep_hardirqs_on+0x90/0x150
[ 1256.046532][T20167]  ? __pfx___might_resched+0x10/0x10
[ 1256.046559][T20167]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1256.046583][T20167]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1256.046624][T20167]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1256.046650][T20167]  ? __lock_acquire+0xab9/0xd20
[ 1256.046697][T20167]  do_sock_getsockopt+0x237/0x450
[ 1256.046727][T20167]  ? lockdep_hardirqs_on+0x90/0x150
[ 1256.046756][T20167]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1256.046787][T20167]  ? lockdep_hardirqs_on+0x90/0x150
[ 1256.046812][T20167]  ? __fget_files+0x2a/0x420
[ 1256.046843][T20167]  ? __fget_files+0x3a0/0x420
[ 1256.046874][T20167]  ? __fget_files+0x2a/0x420
[ 1256.046914][T20167]  __ia32_sys_getsockopt+0x1a5/0x250
[ 1256.046945][T20167]  ? lockdep_hardirqs_on+0x90/0x150
[ 1256.046973][T20167]  ? lockdep_hardirqs_on+0x90/0x150
[ 1256.047002][T20167]  __do_fast_syscall_32+0xb6/0x2b0
[ 1256.047033][T20167]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1256.047064][T20167]  do_fast_syscall_32+0x34/0x80
[ 1256.047094][T20167]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1256.047121][T20167] RIP: 0023:0xf711e539
[ 1256.047141][T20167] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1256.047159][T20167] RSP: 002b:00000000f550e55c EFLAGS: 00000206 ORIG_RAX: 000000000000016d
[ 1256.047181][T20167] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000001
[ 1256.047195][T20167] RDX: 000000000000001c RSI: 0000000000000000 RDI: 00000000800002c0
[ 1256.047208][T20167] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1256.047220][T20167] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1256.047233][T20167] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1256.047262][T20167]  </TASK>
[ 1256.331840][ T8300] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1256.435900][ T8300] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1256.445122][ T8300] bond0 (unregistering): Released all slaves
[ 1256.476829][ T7308] usb 4-1: USB disconnect, device number 102
[ 1256.561956][T20164] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1256.572480][T20165] syzkaller0: entered promiscuous mode
[ 1256.587362][T20165] syzkaller0: entered allmulticast mode
[ 1256.671242][T20169] tipc: Resetting bearer <eth:syzkaller0>
[ 1256.717871][ T8300] tipc: Disabling bearer <eth:syzkaller0>
[ 1256.752432][ T8300] tipc: Left network mode
[ 1256.804800][T20159] tipc: Resetting bearer <eth:syzkaller0>
[ 1256.942876][T20185] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4114'.
[ 1256.986215][T20159] tipc: Disabling bearer <eth:syzkaller0>
[ 1257.257787][T20191] FAULT_INJECTION: forcing a failure.
[ 1257.257787][T20191] name failslab, interval 1, probability 0, space 0, times 0
[ 1257.295861][T20191] CPU: 0 UID: 0 PID: 20191 Comm: syz.0.4118 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1257.295892][T20191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1257.295906][T20191] Call Trace:
[ 1257.295915][T20191]  <TASK>
[ 1257.295925][T20191]  dump_stack_lvl+0x189/0x250
[ 1257.295958][T20191]  ? __pfx____ratelimit+0x10/0x10
[ 1257.295986][T20191]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1257.296022][T20191]  ? __pfx__printk+0x10/0x10
[ 1257.296065][T20191]  ? __pfx___might_resched+0x10/0x10
[ 1257.296086][T20191]  ? fs_reclaim_acquire+0x7d/0x100
[ 1257.296125][T20191]  should_fail_ex+0x414/0x560
[ 1257.296155][T20191]  should_failslab+0xa8/0x100
[ 1257.296189][T20191]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1257.296218][T20191]  ? security_inode_alloc+0x39/0x330
[ 1257.296257][T20191]  security_inode_alloc+0x39/0x330
[ 1257.296293][T20191]  inode_init_always_gfp+0x9ed/0xdc0
[ 1257.296333][T20191]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1257.296357][T20191]  alloc_inode+0x82/0x1b0
[ 1257.296390][T20191]  do_accept+0x111/0x680
[ 1257.296422][T20191]  ? __pfx_do_accept+0x10/0x10
[ 1257.296472][T20191]  __sys_accept4+0x11c/0x1c0
[ 1257.296502][T20191]  ? __pfx___sys_accept4+0x10/0x10
[ 1257.296527][T20191]  ? ksys_write+0x22a/0x250
[ 1257.296568][T20191]  __ia32_sys_accept4+0x9a/0xb0
[ 1257.296599][T20191]  __do_fast_syscall_32+0xb6/0x2b0
[ 1257.296630][T20191]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1257.296662][T20191]  do_fast_syscall_32+0x34/0x80
[ 1257.296693][T20191]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1257.296722][T20191] RIP: 0023:0xf706e539
[ 1257.296741][T20191] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1257.296762][T20191] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 000000000000016c
[ 1257.296786][T20191] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[ 1257.296801][T20191] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 0000000000000000
[ 1257.296815][T20191] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1257.296828][T20191] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1257.296841][T20191] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1257.296873][T20191]  </TASK>
[ 1257.371101][T20170] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1257.617838][T20196] FAULT_INJECTION: forcing a failure.
[ 1257.617838][T20196] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1257.658287][T20196] CPU: 0 UID: 0 PID: 20196 Comm: syz.5.4119 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1257.658320][T20196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1257.658334][T20196] Call Trace:
[ 1257.658344][T20196]  <TASK>
[ 1257.658354][T20196]  dump_stack_lvl+0x189/0x250
[ 1257.658388][T20196]  ? __pfx____ratelimit+0x10/0x10
[ 1257.658417][T20196]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1257.658445][T20196]  ? __pfx__printk+0x10/0x10
[ 1257.658492][T20196]  should_fail_ex+0x414/0x560
[ 1257.658525][T20196]  _copy_from_user+0x2d/0xb0
[ 1257.658548][T20196]  alg_setkey+0xb8/0x190
[ 1257.658576][T20196]  alg_setsockopt+0x3da/0x4a0
[ 1257.658600][T20196]  ? __pfx_alg_setsockopt+0x10/0x10
[ 1257.658625][T20196]  do_sock_setsockopt+0x17c/0x1b0
[ 1257.658663][T20196]  __ia32_sys_setsockopt+0x13f/0x1b0
[ 1257.658701][T20196]  __do_fast_syscall_32+0xb6/0x2b0
[ 1257.658733][T20196]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1257.658766][T20196]  do_fast_syscall_32+0x34/0x80
[ 1257.658796][T20196]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1257.658824][T20196] RIP: 0023:0xf704e539
[ 1257.658844][T20196] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1257.658863][T20196] RSP: 002b:00000000f543e55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[ 1257.658887][T20196] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117
[ 1257.658902][T20196] RDX: 0000000000000001 RSI: 0000000080000000 RDI: 0000000000000020
[ 1257.658916][T20196] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1257.658929][T20196] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1257.658942][T20196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1257.658974][T20196]  </TASK>
[ 1258.216132][ T8300] hsr_slave_0: left promiscuous mode
[ 1258.276733][ T8300] hsr_slave_1: left promiscuous mode
[ 1258.297561][ T8300] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1258.328947][ T8300] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1258.605565][T17598] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 1258.857102][T17598] usb 5-1: Using ep0 maxpacket: 16
[ 1258.882477][T17598] usb 5-1: config 75 has an invalid interface number: 136 but max is 0
[ 1258.891173][T17598] usb 5-1: config 75 has no interface number 0
[ 1258.917945][T17598] usb 5-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=bc.ca
[ 1258.935763][T17598] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1258.985597][T17598] usb 5-1: Product: syz
[ 1259.005465][T17598] usb 5-1: Manufacturer: syz
[ 1259.029933][T17598] usb 5-1: SerialNumber: syz
[ 1260.142850][T20223] input: syz1 as /devices/virtual/input/input41
[ 1260.349926][T20226] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4127'.
[ 1260.543718][ T8300] team0 (unregistering): Port device team_slave_1 removed
[ 1260.868133][T20229] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4126'.
[ 1260.898614][T20229] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1261.270807][ T8300] team0 (unregistering): Port device team_slave_0 removed
[ 1262.151253][T20245] FAULT_INJECTION: forcing a failure.
[ 1262.151253][T20245] name failslab, interval 1, probability 0, space 0, times 0
[ 1262.177302][T20245] CPU: 1 UID: 0 PID: 20245 Comm: syz.5.4132 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1262.177333][T20245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1262.177348][T20245] Call Trace:
[ 1262.177357][T20245]  <TASK>
[ 1262.177367][T20245]  dump_stack_lvl+0x189/0x250
[ 1262.177403][T20245]  ? __pfx____ratelimit+0x10/0x10
[ 1262.177431][T20245]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1262.177458][T20245]  ? __pfx__printk+0x10/0x10
[ 1262.177494][T20245]  ? __pfx___might_resched+0x10/0x10
[ 1262.177521][T20245]  should_fail_ex+0x414/0x560
[ 1262.177550][T20245]  should_failslab+0xa8/0x100
[ 1262.177601][T20245]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1262.177634][T20245]  ? __alloc_skb+0x112/0x2d0
[ 1262.177674][T20245]  __alloc_skb+0x112/0x2d0
[ 1262.177709][T20245]  netlink_sendmsg+0x5c6/0xb30
[ 1262.177748][T20245]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1262.177780][T20245]  ? __import_iovec+0x5d4/0x7f0
[ 1262.177799][T20245]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1262.177831][T20245]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1262.177855][T20245]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1262.177885][T20245]  __sock_sendmsg+0x219/0x270
[ 1262.177914][T20245]  ____sys_sendmsg+0x505/0x830
[ 1262.177952][T20245]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1262.178002][T20245]  ___sys_sendmsg+0x21f/0x2a0
[ 1262.178036][T20245]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1262.178106][T20245]  ? __fget_files+0x2a/0x420
[ 1262.178137][T20245]  ? __fget_files+0x3a0/0x420
[ 1262.178181][T20245]  __sys_sendmsg+0x164/0x220
[ 1262.178215][T20245]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1262.178264][T20245]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1262.178295][T20245]  __do_fast_syscall_32+0xb6/0x2b0
[ 1262.178325][T20245]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1262.178356][T20245]  do_fast_syscall_32+0x34/0x80
[ 1262.178385][T20245]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1262.178412][T20245] RIP: 0023:0xf704e539
[ 1262.178432][T20245] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1262.178451][T20245] RSP: 002b:00000000f541d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1262.178473][T20245] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[ 1262.178488][T20245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1262.178501][T20245] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1262.178513][T20245] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1262.178525][T20245] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1262.178555][T20245]  </TASK>
[ 1262.670161][T20247] input: syz1 as /devices/virtual/input/input42
[ 1263.015867][T17598] ftdi_sio 5-1:75.136: FTDI USB Serial Device converter detected
[ 1263.024980][T17598] ftdi_sio ttyUSB0: unknown device type: 0xbcca
[ 1263.073860][T17598] usb 5-1: USB disconnect, device number 10
[ 1263.111377][T17598] ftdi_sio 5-1:75.136: device disconnected
[ 1263.360951][ T8300] IPVS: stop unused estimator thread 0...
[ 1263.488049][T17598] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 1263.645478][T17598] usb 5-1: Using ep0 maxpacket: 8
[ 1263.659263][T17598] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1263.678477][T17598] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1263.689633][T17598] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1263.702948][T17598] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1263.714267][T17598] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1263.731771][T17598] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1263.741904][T17598] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1264.023033][T20275] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1264.032435][T20275] mac80211_hwsim hwsim22 syzkaller0: entered promiscuous mode
[ 1264.043118][T20275] mac80211_hwsim hwsim22 syzkaller0: entered allmulticast mode
[ 1264.051526][T17598] usb 5-1: GET_CAPABILITIES returned 0
[ 1264.058861][T17598] usbtmc 5-1:16.0: can't read capabilities
[ 1264.514025][T20284] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4143'.
[ 1264.924774][T20295] FAULT_INJECTION: forcing a failure.
[ 1264.924774][T20295] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1264.949201][T20295] CPU: 0 UID: 0 PID: 20295 Comm: syz.3.4146 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1264.949235][T20295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1264.949249][T20295] Call Trace:
[ 1264.949259][T20295]  <TASK>
[ 1264.949269][T20295]  dump_stack_lvl+0x189/0x250
[ 1264.949303][T20295]  ? __pfx____ratelimit+0x10/0x10
[ 1264.949332][T20295]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1264.949360][T20295]  ? __pfx__printk+0x10/0x10
[ 1264.949423][T20295]  ? fs_reclaim_acquire+0x7d/0x100
[ 1264.949468][T20295]  should_fail_ex+0x414/0x560
[ 1264.949501][T20295]  prepare_alloc_pages+0x213/0x610
[ 1264.949533][T20295]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1264.949561][T20295]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1264.949584][T20295]  ? try_to_migrate+0x3bc/0x670
[ 1264.949610][T20295]  ? __pfx___might_resched+0x10/0x10
[ 1264.949634][T20295]  ? __pfx_try_to_migrate_one+0x10/0x10
[ 1264.949657][T20295]  ? __pfx_folio_not_mapped+0x10/0x10
[ 1264.949690][T20295]  __folio_alloc_noprof+0x18/0x120
[ 1264.949716][T20295]  migrate_pages_batch+0x81b/0x3620
[ 1264.949758][T20295]  ? __pfx_alloc_migration_target+0x10/0x10
[ 1264.949794][T20295]  ? __pfx_migrate_pages_batch+0x10/0x10
[ 1264.949846][T20295]  migrate_pages+0x1bcc/0x2930
[ 1264.949899][T20295]  ? __pfx_alloc_migration_target+0x10/0x10
[ 1264.949930][T20295]  ? __pfx_migrate_pages+0x10/0x10
[ 1264.949949][T20295]  ? find_vma+0xe7/0x160
[ 1264.949977][T20295]  ? __pfx_find_vma+0x10/0x10
[ 1264.950010][T20295]  ? queue_pages_test_walk+0x423/0x790
[ 1264.950041][T20295]  ? walk_page_range_mm+0x57e/0x660
[ 1264.950083][T20295]  ? __pfx___up_read+0x10/0x10
[ 1264.950119][T20295]  do_migrate_pages+0x5ee/0x800
[ 1264.950163][T20295]  ? __pfx_do_migrate_pages+0x10/0x10
[ 1264.950216][T20295]  ? security_capable+0xbd/0x2e0
[ 1264.950252][T20295]  __se_sys_migrate_pages+0x544/0x650
[ 1264.950285][T20295]  ? __pfx___se_sys_migrate_pages+0x10/0x10
[ 1264.950320][T20295]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1264.950350][T20295]  __do_fast_syscall_32+0xb6/0x2b0
[ 1264.950382][T20295]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1264.950419][T20295]  do_fast_syscall_32+0x34/0x80
[ 1264.950449][T20295]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1264.950478][T20295] RIP: 0023:0xf7ff3539
[ 1264.950497][T20295] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1264.950518][T20295] RSP: 002b:00000000f54d455c EFLAGS: 00000206 ORIG_RAX: 0000000000000126
[ 1264.950541][T20295] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000003
[ 1264.950557][T20295] RDX: 0000000080000040 RSI: 0000000080000300 RDI: 0000000000000000
[ 1264.950571][T20295] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1264.950584][T20295] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1264.950597][T20295] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1264.950628][T20295]  </TASK>
[ 1265.992309][T20312] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1266.055611][T17591] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[ 1266.189394][T20316] FAULT_INJECTION: forcing a failure.
[ 1266.189394][T20316] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1266.256760][T20316] CPU: 1 UID: 0 PID: 20316 Comm: syz.0.4152 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1266.256783][T20316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1266.256792][T20316] Call Trace:
[ 1266.256799][T20316]  <TASK>
[ 1266.256806][T20316]  dump_stack_lvl+0x189/0x250
[ 1266.256830][T20316]  ? __pfx____ratelimit+0x10/0x10
[ 1266.256851][T20316]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1266.256870][T20316]  ? __pfx__printk+0x10/0x10
[ 1266.256893][T20316]  ? __might_fault+0xb0/0x130
[ 1266.256942][T20316]  should_fail_ex+0x414/0x560
[ 1266.256965][T20316]  _copy_from_user+0x2d/0xb0
[ 1266.256981][T20316]  kstrtouint_from_user+0xc4/0x170
[ 1266.257006][T20316]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1266.257044][T20316]  proc_fail_nth_write+0x88/0x200
[ 1266.257063][T20316]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1266.257087][T20316]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1266.257107][T20316]  vfs_write+0x27e/0xa90
[ 1266.257136][T20316]  ? __pfx_vfs_write+0x10/0x10
[ 1266.257158][T20316]  ? __fget_files+0x2a/0x420
[ 1266.257187][T20316]  ? __fget_files+0x3a0/0x420
[ 1266.257210][T20316]  ? __fget_files+0x2a/0x420
[ 1266.257241][T20316]  ksys_write+0x145/0x250
[ 1266.257265][T20316]  ? __pfx_ksys_write+0x10/0x10
[ 1266.257301][T20316]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1266.257330][T20316]  __do_fast_syscall_32+0xb6/0x2b0
[ 1266.257353][T20316]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1266.257376][T20316]  do_fast_syscall_32+0x34/0x80
[ 1266.257398][T20316]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1266.257419][T20316] RIP: 0023:0xf706e539
[ 1266.257433][T20316] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1266.257448][T20316] RSP: 002b:00000000f543d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1266.257464][T20316] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f543d620
[ 1266.257475][T20316] RDX: 0000000000000001 RSI: 00000000f73d4ff4 RDI: 0000000000000000
[ 1266.257485][T20316] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1266.257494][T20316] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1266.257504][T20316] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1266.257526][T20316]  </TASK>
[ 1266.505499][T17591] usb 2-1: Using ep0 maxpacket: 16
[ 1266.750340][T17591] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1266.769073][T17591] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[ 1266.825479][T17591] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1266.844313][T17591] usb 2-1: config 0 descriptor??
[ 1266.855892][T20320] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4155'.
[ 1267.238854][T20333] FAULT_INJECTION: forcing a failure.
[ 1267.238854][T20333] name failslab, interval 1, probability 0, space 0, times 0
[ 1267.282154][T20333] CPU: 0 UID: 0 PID: 20333 Comm: syz.5.4159 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1267.282178][T20333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1267.282188][T20333] Call Trace:
[ 1267.282195][T20333]  <TASK>
[ 1267.282206][T20333]  dump_stack_lvl+0x189/0x250
[ 1267.282232][T20333]  ? __pfx____ratelimit+0x10/0x10
[ 1267.282252][T20333]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1267.282272][T20333]  ? __pfx__printk+0x10/0x10
[ 1267.282299][T20333]  ? __pfx___might_resched+0x10/0x10
[ 1267.282319][T20333]  should_fail_ex+0x414/0x560
[ 1267.282341][T20333]  should_failslab+0xa8/0x100
[ 1267.282367][T20333]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1267.282390][T20333]  ? kvm_uevent_notify_change+0x227/0x3a0
[ 1267.282411][T20333]  kvm_uevent_notify_change+0x227/0x3a0
[ 1267.282429][T20333]  ? __pfx_kvm_vm_release+0x10/0x10
[ 1267.282446][T20333]  kvm_put_kvm+0xa8/0x1670
[ 1267.282463][T20333]  ? _raw_spin_unlock_irq+0x45/0x50
[ 1267.282502][T20333]  ? kvm_irqfd_release+0x196/0x1c0
[ 1267.282525][T20333]  ? __pfx_kvm_vm_release+0x10/0x10
[ 1267.282541][T20333]  kvm_vm_release+0x43/0x50
[ 1267.282557][T20333]  __fput+0x44c/0xa70
[ 1267.282582][T20333]  task_work_run+0x1d4/0x260
[ 1267.282606][T20333]  ? __pfx_task_work_run+0x10/0x10
[ 1267.282631][T20333]  ? exit_to_user_mode_loop+0x40/0x110
[ 1267.282656][T20333]  exit_to_user_mode_loop+0xec/0x110
[ 1267.282681][T20333]  __do_fast_syscall_32+0x1f4/0x2b0
[ 1267.282703][T20333]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1267.282725][T20333]  do_fast_syscall_32+0x34/0x80
[ 1267.282747][T20333]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1267.282767][T20333] RIP: 0023:0xf704e539
[ 1267.282781][T20333] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1267.282796][T20333] RSP: 002b:00000000f543e55c EFLAGS: 00000206 ORIG_RAX: 000000000000003f
[ 1267.282812][T20333] RAX: 0000000000000004 RBX: 0000000000000005 RCX: 0000000000000004
[ 1267.282822][T20333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1267.282831][T20333] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1267.282840][T20333] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1267.282849][T20333] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1267.282870][T20333]  </TASK>
[ 1267.782200][T17591] usbhid 2-1:0.0: can't add hid device: -71
[ 1267.795275][T17591] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1267.808311][T17591] usb 2-1: USB disconnect, device number 114
[ 1268.044755][T20340] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[ 1268.104586][T20343] netlink: 196 bytes leftover after parsing attributes in process `syz.0.4163'.
[ 1268.116342][T20340] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1268.364591][T20350] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4164'.
[ 1268.660135][T20357] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4167'.
[ 1269.062742][T20371] FAULT_INJECTION: forcing a failure.
[ 1269.062742][T20371] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1269.093382][T20373] input: syz1 as /devices/virtual/input/input43
[ 1269.244344][T20371] CPU: 0 UID: 0 PID: 20371 Comm: syz.3.4171 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1269.244377][T20371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1269.244391][T20371] Call Trace:
[ 1269.244401][T20371]  <TASK>
[ 1269.244411][T20371]  dump_stack_lvl+0x189/0x250
[ 1269.244445][T20371]  ? __pfx____ratelimit+0x10/0x10
[ 1269.244473][T20371]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1269.244501][T20371]  ? __pfx__printk+0x10/0x10
[ 1269.244545][T20371]  should_fail_ex+0x414/0x560
[ 1269.244576][T20371]  _copy_to_user+0x31/0xb0
[ 1269.244601][T20371]  simple_read_from_buffer+0xe1/0x170
[ 1269.244639][T20371]  proc_fail_nth_read+0x1b3/0x220
[ 1269.244667][T20371]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1269.244697][T20371]  ? rw_verify_area+0x2a6/0x4d0
[ 1269.244724][T20371]  ? __lock_acquire+0xab9/0xd20
[ 1269.244755][T20371]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1269.244783][T20371]  vfs_read+0x200/0x980
[ 1269.244816][T20371]  ? fdget_pos+0x247/0x320
[ 1269.244840][T20371]  ? __pfx___mutex_lock+0x10/0x10
[ 1269.244870][T20371]  ? __pfx_vfs_read+0x10/0x10
[ 1269.244901][T20371]  ? __fget_files+0x2a/0x420
[ 1269.244938][T20371]  ? __fget_files+0x3a0/0x420
[ 1269.244970][T20371]  ? __fget_files+0x2a/0x420
[ 1269.245013][T20371]  ksys_read+0x145/0x250
[ 1269.245044][T20371]  ? __pfx_ksys_read+0x10/0x10
[ 1269.245078][T20371]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1269.245116][T20371]  __do_fast_syscall_32+0xb6/0x2b0
[ 1269.245147][T20371]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1269.245179][T20371]  do_fast_syscall_32+0x34/0x80
[ 1269.245209][T20371]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1269.245236][T20371] RIP: 0023:0xf7ff3539
[ 1269.245255][T20371] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1269.245275][T20371] RSP: 002b:00000000f5516590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1269.245298][T20371] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5516620
[ 1269.245313][T20371] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[ 1269.245326][T20371] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1269.245337][T20371] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1269.245350][T20371] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1269.245382][T20371]  </TASK>
[ 1269.761754][T20377] FAULT_INJECTION: forcing a failure.
[ 1269.761754][T20377] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1269.775109][T20377] CPU: 0 UID: 0 PID: 20377 Comm: syz.1.4172 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1269.775132][T20377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1269.775142][T20377] Call Trace:
[ 1269.775149][T20377]  <TASK>
[ 1269.775156][T20377]  dump_stack_lvl+0x189/0x250
[ 1269.775180][T20377]  ? __pfx____ratelimit+0x10/0x10
[ 1269.775200][T20377]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1269.775220][T20377]  ? __pfx__printk+0x10/0x10
[ 1269.775243][T20377]  ? __might_fault+0xb0/0x130
[ 1269.775275][T20377]  should_fail_ex+0x414/0x560
[ 1269.775303][T20377]  _copy_from_user+0x2d/0xb0
[ 1269.775329][T20377]  kstrtouint_from_user+0xc4/0x170
[ 1269.775362][T20377]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1269.775429][T20377]  proc_fail_nth_write+0x88/0x200
[ 1269.775449][T20377]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1269.775472][T20377]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1269.775491][T20377]  vfs_write+0x27e/0xa90
[ 1269.775520][T20377]  ? __pfx_vfs_write+0x10/0x10
[ 1269.775542][T20377]  ? __fget_files+0x2a/0x420
[ 1269.775570][T20377]  ? __fget_files+0x3a0/0x420
[ 1269.775593][T20377]  ? __fget_files+0x2a/0x420
[ 1269.775624][T20377]  ksys_write+0x145/0x250
[ 1269.775647][T20377]  ? __pfx_ksys_write+0x10/0x10
[ 1269.775672][T20377]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1269.775695][T20377]  __do_fast_syscall_32+0xb6/0x2b0
[ 1269.775717][T20377]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1269.775740][T20377]  do_fast_syscall_32+0x34/0x80
[ 1269.775761][T20377]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1269.775782][T20377] RIP: 0023:0xf711e539
[ 1269.775796][T20377] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1269.775811][T20377] RSP: 002b:00000000f54ed590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1269.775827][T20377] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54ed620
[ 1269.775838][T20377] RDX: 0000000000000001 RSI: 00000000f7484ff4 RDI: 0000000000000000
[ 1269.775847][T20377] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1269.775855][T20377] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1269.775864][T20377] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1269.775886][T20377]  </TASK>
[ 1269.998949][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1270.265924][T17591] usb 5-1: USB disconnect, device number 11
[ 1270.728514][T20383] tipc: Resetting bearer <eth:syzkaller0>
[ 1270.822929][T20393] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4175'.
[ 1270.901841][T20395] FAULT_INJECTION: forcing a failure.
[ 1270.901841][T20395] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1270.953124][T20395] CPU: 1 UID: 0 PID: 20395 Comm: syz.0.4179 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1270.953157][T20395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1270.953171][T20395] Call Trace:
[ 1270.953188][T20395]  <TASK>
[ 1270.953198][T20395]  dump_stack_lvl+0x189/0x250
[ 1270.953231][T20395]  ? __pfx____ratelimit+0x10/0x10
[ 1270.953259][T20395]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1270.953286][T20395]  ? __pfx__printk+0x10/0x10
[ 1270.953321][T20395]  ? fs_reclaim_acquire+0x7d/0x100
[ 1270.953367][T20395]  should_fail_ex+0x414/0x560
[ 1270.953399][T20395]  prepare_alloc_pages+0x213/0x610
[ 1270.953430][T20395]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1270.953459][T20395]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1270.953494][T20395]  ? policy_nodemask+0x27c/0x720
[ 1270.953524][T20395]  ? __lock_acquire+0xab9/0xd20
[ 1270.953562][T20395]  alloc_pages_mpol+0x232/0x4a0
[ 1270.953602][T20395]  vma_alloc_folio_noprof+0xe4/0x200
[ 1270.953639][T20395]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1270.953687][T20395]  folio_prealloc+0x30/0x180
[ 1270.953721][T20395]  __handle_mm_fault+0x2ab9/0x5440
[ 1270.953770][T20395]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1270.953820][T20395]  ? find_vma+0xe7/0x160
[ 1270.953849][T20395]  ? __pfx_find_vma+0x10/0x10
[ 1270.953882][T20395]  handle_mm_fault+0x40a/0x8e0
[ 1270.953924][T20395]  do_user_addr_fault+0x764/0x1390
[ 1270.953979][T20395]  exc_page_fault+0x76/0xf0
[ 1270.954009][T20395]  asm_exc_page_fault+0x26/0x30
[ 1270.954031][T20395] RIP: 0010:rep_movs_alternative+0x33/0x90
[ 1270.954054][T20395] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 0a 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[ 1270.954074][T20395] RSP: 0018:ffffc9001be27b88 EFLAGS: 00050246
[ 1270.954095][T20395] RAX: 000002ff00000002 RBX: 0000000000000008 RCX: 0000000000000008
[ 1270.954109][T20395] RDX: 0000000000000000 RSI: ffffc9001be27c80 RDI: 0000000080002800
[ 1270.954124][T20395] RBP: ffffc9001be27d30 R08: ffffc9001be27c87 R09: 1ffff920037c4f90
[ 1270.954141][T20395] R10: dffffc0000000000 R11: fffff520037c4f91 R12: 0000000080002808
[ 1270.954158][T20395] R13: 00007ffffffff000 R14: ffffc9001be27c80 R15: 0000000080002800
[ 1270.954200][T20395]  _copy_to_user+0x8a/0xb0
[ 1270.954223][T20395]  ? do_fcntl+0x81e/0x1910
[ 1270.954249][T20395]  do_fcntl+0x13c2/0x1910
[ 1270.954278][T20395]  ? do_fcntl+0x81e/0x1910
[ 1270.954305][T20395]  ? __pfx_do_fcntl+0x10/0x10
[ 1270.954337][T20395]  ? __fget_files+0x2a/0x420
[ 1270.954379][T20395]  ? tomoyo_file_fcntl+0x78/0x210
[ 1270.954418][T20395]  ? bpf_lsm_file_fcntl+0x9/0x20
[ 1270.954452][T20395]  do_compat_fcntl64+0x477/0x720
[ 1270.954479][T20395]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1270.954514][T20395]  ? __pfx_do_compat_fcntl64+0x10/0x10
[ 1270.954549][T20395]  ? fput+0xa0/0xd0
[ 1270.954573][T20395]  ? ksys_write+0x22a/0x250
[ 1270.954613][T20395]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1270.954646][T20395]  __do_fast_syscall_32+0xb6/0x2b0
[ 1270.954677][T20395]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1270.954709][T20395]  do_fast_syscall_32+0x34/0x80
[ 1270.954738][T20395]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1270.954765][T20395] RIP: 0023:0xf706e539
[ 1270.954783][T20395] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1270.954801][T20395] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000037
[ 1270.954823][T20395] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000010
[ 1270.954838][T20395] RDX: 0000000080002800 RSI: 0000000000000000 RDI: 0000000000000000
[ 1270.954853][T20395] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1270.954866][T20395] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1270.954880][T20395] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1270.954912][T20395]  </TASK>
[ 1271.359440][T20398] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[ 1271.366018][T20398] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1271.373696][T20398] vhci_hcd vhci_hcd.0: Device attached
[ 1271.388071][T20403] FAULT_INJECTION: forcing a failure.
[ 1271.388071][T20403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1271.403470][ T7318] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1271.424068][T20403] CPU: 1 UID: 0 PID: 20403 Comm: syz.4.4181 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1271.424100][T20403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1271.424116][T20403] Call Trace:
[ 1271.424125][T20403]  <TASK>
[ 1271.424135][T20403]  dump_stack_lvl+0x189/0x250
[ 1271.424169][T20403]  ? __pfx____ratelimit+0x10/0x10
[ 1271.424198][T20403]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1271.424226][T20403]  ? __pfx__printk+0x10/0x10
[ 1271.424267][T20403]  ? __might_fault+0xb0/0x130
[ 1271.424311][T20403]  should_fail_ex+0x414/0x560
[ 1271.424343][T20403]  _copy_from_iter+0x1db/0x16f0
[ 1271.424387][T20403]  ? policy_nodemask+0x27c/0x720
[ 1271.424418][T20403]  ? __pfx__copy_from_iter+0x10/0x10
[ 1271.424458][T20403]  ? set_page_refcounted+0xa0/0x1e0
[ 1271.424491][T20403]  ? page_copy_sane+0x4e/0x280
[ 1271.424524][T20403]  copy_page_from_iter+0xdd/0x170
[ 1271.424562][T20403]  tun_get_user+0x1d7b/0x3e20
[ 1271.424603][T20403]  ? tun_get_user+0x6f6/0x3e20
[ 1271.424645][T20403]  ? aa_file_perm+0x44d/0x1550
[ 1271.424678][T20403]  ? __pfx_tun_get_user+0x10/0x10
[ 1271.424709][T20403]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1271.424748][T20403]  ? __lock_acquire+0xab9/0xd20
[ 1271.424788][T20403]  ? ref_tracker_alloc+0x318/0x460
[ 1271.424813][T20403]  ? __lock_acquire+0xab9/0xd20
[ 1271.424848][T20403]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1271.424882][T20403]  ? tun_get+0x1c/0x2f0
[ 1271.424920][T20403]  ? tun_get+0x1c/0x2f0
[ 1271.424950][T20403]  ? tun_get+0x1c/0x2f0
[ 1271.424987][T20403]  tun_chr_write_iter+0x113/0x200
[ 1271.425022][T20403]  vfs_write+0x548/0xa90
[ 1271.425057][T20403]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1271.425090][T20403]  ? __pfx_vfs_write+0x10/0x10
[ 1271.425131][T20403]  ? __fget_files+0x2a/0x420
[ 1271.425175][T20403]  ksys_write+0x145/0x250
[ 1271.425209][T20403]  ? __pfx_ksys_write+0x10/0x10
[ 1271.425243][T20403]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1271.425280][T20403]  __do_fast_syscall_32+0xb6/0x2b0
[ 1271.425317][T20403]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1271.425348][T20403]  do_fast_syscall_32+0x34/0x80
[ 1271.425378][T20403]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1271.425405][T20403] RIP: 0023:0xf7f37539
[ 1271.425426][T20403] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1271.425445][T20403] RSP: 002b:00000000f5456520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1271.425468][T20403] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000180
[ 1271.425483][T20403] RDX: 0000000000000036 RSI: 00000000f73c4ff4 RDI: 0000000000000000
[ 1271.425498][T20403] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1271.425511][T20403] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1271.425525][T20403] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1271.425557][T20403]  </TASK>
[ 1271.706273][T17598] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 1271.788361][ T7318] usb 4-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1271.799373][ T7318] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1271.806203][ T7318] usb 4-1: New USB device found, idVendor=046d, idProduct=c283, bcdDevice= 0.00
[ 1271.815282][ T7318] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1271.835314][T20405] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4182'.
[ 1271.835471][T17602] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[ 1271.865407][T17598] usb 2-1: Using ep0 maxpacket: 16
[ 1271.872076][ T7318] usb 4-1: config 0 descriptor??
[ 1271.878619][T17598] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1271.890224][T17598] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1272.017630][T17598] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1272.026904][T17598] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1272.034992][T17598] usb 2-1: Product: syz
[ 1272.051786][T17598] usb 2-1: Manufacturer: syz
[ 1272.056553][T17598] usb 2-1: SerialNumber: syz
[ 1272.068412][T17598] usb 2-1: config 0 descriptor??
[ 1272.106541][T20392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1272.123460][T20392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1272.140653][T17598] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1272.185866][T17598] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[ 1272.205693][ T7318] usbhid 4-1:0.0: can't add hid device: -71
[ 1272.211771][ T7318] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1272.273693][ T7318] usb 4-1: USB disconnect, device number 103
[ 1272.399316][T20399] vhci_hcd: connection reset by peer
[ 1272.407034][T14999] vhci_hcd: stop threads
[ 1272.411409][T14999] vhci_hcd: release socket
[ 1272.420914][T14999] vhci_hcd: disconnect device
[ 1272.742621][T17598] em28xx 2-1:0.0: chip ID is em2870
[ 1272.810590][T20425] FAULT_INJECTION: forcing a failure.
[ 1272.810590][T20425] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1272.832940][T20425] CPU: 0 UID: 0 PID: 20425 Comm: syz.3.4188 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1272.832974][T20425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1272.832988][T20425] Call Trace:
[ 1272.832997][T20425]  <TASK>
[ 1272.833008][T20425]  dump_stack_lvl+0x189/0x250
[ 1272.833041][T20425]  ? __pfx____ratelimit+0x10/0x10
[ 1272.833070][T20425]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1272.833098][T20425]  ? __pfx__printk+0x10/0x10
[ 1272.833130][T20425]  ? __might_fault+0xb0/0x130
[ 1272.833174][T20425]  should_fail_ex+0x414/0x560
[ 1272.833205][T20425]  _copy_from_iter+0x1db/0x16f0
[ 1272.833248][T20425]  ? policy_nodemask+0x27c/0x720
[ 1272.833279][T20425]  ? __pfx__copy_from_iter+0x10/0x10
[ 1272.833319][T20425]  ? set_page_refcounted+0xa0/0x1e0
[ 1272.833353][T20425]  ? page_copy_sane+0x4e/0x280
[ 1272.833387][T20425]  copy_page_from_iter+0xdd/0x170
[ 1272.833425][T20425]  tun_get_user+0x1d7b/0x3e20
[ 1272.833466][T20425]  ? tun_get_user+0x6f6/0x3e20
[ 1272.833508][T20425]  ? aa_file_perm+0x44d/0x1550
[ 1272.833541][T20425]  ? __pfx_tun_get_user+0x10/0x10
[ 1272.833572][T20425]  ? _parse_integer_limit+0x1ae/0x1f0
[ 1272.833611][T20425]  ? __lock_acquire+0xab9/0xd20
[ 1272.833652][T20425]  ? ref_tracker_alloc+0x318/0x460
[ 1272.833678][T20425]  ? __lock_acquire+0xab9/0xd20
[ 1272.833713][T20425]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1272.833746][T20425]  ? tun_get+0x1c/0x2f0
[ 1272.833784][T20425]  ? tun_get+0x1c/0x2f0
[ 1272.833814][T20425]  ? tun_get+0x1c/0x2f0
[ 1272.833850][T20425]  tun_chr_write_iter+0x113/0x200
[ 1272.833895][T20425]  vfs_write+0x548/0xa90
[ 1272.833931][T20425]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1272.833964][T20425]  ? __pfx_vfs_write+0x10/0x10
[ 1272.834005][T20425]  ? __fget_files+0x2a/0x420
[ 1272.834050][T20425]  ksys_write+0x145/0x250
[ 1272.834083][T20425]  ? __pfx_ksys_write+0x10/0x10
[ 1272.834118][T20425]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1272.834150][T20425]  __do_fast_syscall_32+0xb6/0x2b0
[ 1272.834182][T20425]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1272.834214][T20425]  do_fast_syscall_32+0x34/0x80
[ 1272.834244][T20425]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1272.834273][T20425] RIP: 0023:0xf7ff3539
[ 1272.834293][T20425] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1272.834314][T20425] RSP: 002b:00000000f5516520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1272.834338][T20425] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000080
[ 1272.834354][T20425] RDX: 000000000000002a RSI: 00000000f7484ff4 RDI: 0000000000000000
[ 1272.834368][T20425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1272.834382][T20425] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1272.834396][T20425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1272.834427][T20425]  </TASK>
[ 1273.115044][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1273.147596][ T7308] usb 2-1: USB disconnect, device number 115
[ 1273.155129][ T7308] em28xx 2-1:0.0: Disconnecting em28xx
[ 1273.163532][T20426] fuse: Bad value for 'fd'
[ 1273.166300][ T7308] em28xx 2-1:0.0: Freeing device
[ 1273.373096][T20430] syzkaller0: entered promiscuous mode
[ 1273.385426][T20430] syzkaller0: entered allmulticast mode
[ 1273.999301][T20440] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4194'.
[ 1274.335700][ T7308] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 1274.429825][T20450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4193'.
[ 1274.515402][ T7308] usb 4-1: Using ep0 maxpacket: 32
[ 1274.575821][ T7308] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[ 1274.584735][ T7308] usb 4-1: config 0 has no interface number 0
[ 1274.593909][ T7308] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1274.660586][ T7308] usb 4-1: config 0 interface 85 has no altsetting 0
[ 1274.677475][ T7308] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1274.688803][ T7308] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1274.746218][ T7308] usb 4-1: Product: syz
[ 1274.753745][ T7308] usb 4-1: Manufacturer: syz
[ 1274.759006][ T7308] usb 4-1: SerialNumber: syz
[ 1274.775887][ T7308] usb 4-1: config 0 descriptor??
[ 1275.045623][T17598] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 1275.467866][T17598] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1275.594517][T17598] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1275.600000][ T7308] appletouch 4-1:0.85: Geyser mode initialized.
[ 1275.610857][ T7308] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input44
[ 1275.612354][T20457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1275.633398][T17598] usb 5-1: New USB device found, idVendor=046d, idProduct=c283, bcdDevice= 0.00
[ 1275.646397][T20457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1275.655196][T17598] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1275.703814][T17598] usb 5-1: config 0 descriptor??
[ 1275.765951][ T7308] usb 4-1: USB disconnect, device number 104
[ 1275.842062][ T7308] appletouch 4-1:0.85: input: appletouch disconnected
[ 1275.926112][T20456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1275.939599][T20456] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1275.968291][T17598] usbhid 5-1:0.0: can't add hid device: -71
[ 1275.989405][T17598] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1276.017532][T17598] usb 5-1: USB disconnect, device number 12
[ 1276.539839][T20464] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1276.676334][T20474] FAULT_INJECTION: forcing a failure.
[ 1276.676334][T20474] name failslab, interval 1, probability 0, space 0, times 0
[ 1276.689601][T20474] CPU: 0 UID: 0 PID: 20474 Comm: syz.4.4202 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1276.689633][T20474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1276.689648][T20474] Call Trace:
[ 1276.689658][T20474]  <TASK>
[ 1276.689669][T20474]  dump_stack_lvl+0x189/0x250
[ 1276.689703][T20474]  ? __pfx____ratelimit+0x10/0x10
[ 1276.689733][T20474]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1276.689771][T20474]  ? __pfx__printk+0x10/0x10
[ 1276.689810][T20474]  ? __pfx___might_resched+0x10/0x10
[ 1276.689838][T20474]  should_fail_ex+0x414/0x560
[ 1276.689869][T20474]  should_failslab+0xa8/0x100
[ 1276.689906][T20474]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1276.689938][T20474]  ? __alloc_skb+0x112/0x2d0
[ 1276.689970][T20474]  __alloc_skb+0x112/0x2d0
[ 1276.690002][T20474]  netlink_sendmsg+0x5c6/0xb30
[ 1276.690054][T20474]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1276.690087][T20474]  ? __import_iovec+0x5d4/0x7f0
[ 1276.690106][T20474]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1276.690139][T20474]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1276.690163][T20474]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1276.690193][T20474]  __sock_sendmsg+0x219/0x270
[ 1276.690221][T20474]  ____sys_sendmsg+0x505/0x830
[ 1276.690265][T20474]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1276.690335][T20474]  ___sys_sendmsg+0x21f/0x2a0
[ 1276.690372][T20474]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1276.690445][T20474]  ? __fget_files+0x2a/0x420
[ 1276.690478][T20474]  ? __fget_files+0x3a0/0x420
[ 1276.690524][T20474]  __sys_sendmsg+0x164/0x220
[ 1276.690560][T20474]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1276.690611][T20474]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1276.690643][T20474]  __do_fast_syscall_32+0xb6/0x2b0
[ 1276.690674][T20474]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1276.690706][T20474]  do_fast_syscall_32+0x34/0x80
[ 1276.690737][T20474]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1276.690772][T20474] RIP: 0023:0xf7f37539
[ 1276.690791][T20474] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1276.690812][T20474] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1276.690836][T20474] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[ 1276.690852][T20474] RDX: 0000000024000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1276.690866][T20474] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1276.690879][T20474] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1276.690893][T20474] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1276.690924][T20474]  </TASK>
[ 1276.949255][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1277.147739][T17602] vhci_hcd: vhci_device speed not set
[ 1277.475406][ T7308] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 1277.635462][ T7308] usb 5-1: Using ep0 maxpacket: 32
[ 1277.642717][ T7308] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[ 1277.651222][ T7308] usb 5-1: config 0 has no interface number 0
[ 1277.657589][ T7308] usb 5-1: config 0 interface 89 has no altsetting 0
[ 1277.667021][ T7308] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 1277.680236][ T7308] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1277.688819][ T7308] usb 5-1: Product: syz
[ 1277.691448][T20482] FAULT_INJECTION: forcing a failure.
[ 1277.691448][T20482] name failslab, interval 1, probability 0, space 0, times 0
[ 1277.693009][ T7308] usb 5-1: Manufacturer: syz
[ 1277.710897][ T7308] usb 5-1: SerialNumber: syz
[ 1277.711118][T20482] CPU: 1 UID: 0 PID: 20482 Comm: syz.3.4205 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1277.711151][T20482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1277.711166][T20482] Call Trace:
[ 1277.711178][T20482]  <TASK>
[ 1277.711190][T20482]  dump_stack_lvl+0x189/0x250
[ 1277.711228][T20482]  ? __pfx____ratelimit+0x10/0x10
[ 1277.711261][T20482]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1277.711294][T20482]  ? __pfx__printk+0x10/0x10
[ 1277.711333][T20482]  ? __pfx___might_resched+0x10/0x10
[ 1277.711357][T20482]  ? fs_reclaim_acquire+0x7d/0x100
[ 1277.711403][T20482]  should_fail_ex+0x414/0x560
[ 1277.711449][T20482]  should_failslab+0xa8/0x100
[ 1277.711490][T20482]  __kmalloc_noprof+0xcb/0x4f0
[ 1277.711522][T20482]  ? tomoyo_encode+0x28b/0x550
[ 1277.711562][T20482]  tomoyo_encode+0x28b/0x550
[ 1277.711605][T20482]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1277.711644][T20482]  ? tomoyo_domain+0xd9/0x130
[ 1277.711689][T20482]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1277.711720][T20482]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1277.711756][T20482]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1277.711785][T20482]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1277.711837][T20482]  ? hook_file_ioctl_compat+0xe8/0x3c0
[ 1277.711902][T20482]  ? __fget_files+0x2a/0x420
[ 1277.711946][T20482]  ? __fget_files+0x3a0/0x420
[ 1277.711980][T20482]  ? __fget_files+0x2a/0x420
[ 1277.712024][T20482]  security_file_ioctl_compat+0xcb/0x2d0
[ 1277.712057][T20482]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1277.712094][T20482]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1277.712128][T20482]  ? __fget_files+0x3a0/0x420
[ 1277.712174][T20482]  ? fput+0xa0/0xd0
[ 1277.712200][T20482]  ? ksys_write+0x22a/0x250
[ 1277.712245][T20482]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1277.712281][T20482]  __do_fast_syscall_32+0xb6/0x2b0
[ 1277.712317][T20482]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1277.712353][T20482]  do_fast_syscall_32+0x34/0x80
[ 1277.712399][T20482]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1277.712441][T20482] RIP: 0023:0xf7ff3539
[ 1277.712464][T20482] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1277.712488][T20482] RSP: 002b:00000000f54d455c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1277.712515][T20482] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000541b
[ 1277.712532][T20482] RDX: 0000000080000380 RSI: 0000000000000000 RDI: 0000000000000000
[ 1277.712546][T20482] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1277.712561][T20482] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1277.712575][T20482] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1277.712609][T20482]  </TASK>
[ 1277.712785][T20482] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1277.736275][ T7308] usb 5-1: config 0 descriptor??
[ 1278.029552][ T7308] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 1278.049688][ T7308] em28xx 5-1:0.89: Video interface 89 found: bulk
[ 1278.560639][T20496] netlink: 'syz.3.4210': attribute type 5 has an invalid length.
[ 1278.635166][ T7308] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[ 1278.865547][T17602] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 1279.015427][T17602] usb 4-1: Using ep0 maxpacket: 32
[ 1279.021707][T17602] usb 4-1: too many configurations: 255, using maximum allowed: 8
[ 1279.047139][T17602] usb 4-1: New USB device found, idVendor=0e41, idProduct=534d, bcdDevice=85.bd
[ 1279.057572][T17602] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=254
[ 1279.066062][T17602] usb 4-1: Product: syz
[ 1279.070268][T17602] usb 4-1: Manufacturer: syz
[ 1279.074903][T17602] usb 4-1: SerialNumber: syz
[ 1279.084420][T17602] usb 4-1: config 0 descriptor??
[ 1279.276876][T20502] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4213'.
[ 1279.301190][T17602] usb 4-1: USB disconnect, device number 105
[ 1279.462299][T20476] wg0: entered promiscuous mode
[ 1279.504656][ T7308] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 1279.519025][ T7308] em28xx 5-1:0.89: board has no eeprom
[ 1279.597239][ T7308] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[ 1279.604507][ T7308] em28xx 5-1:0.89: analog set to bulk mode.
[ 1279.611046][T17591] em28xx 5-1:0.89: Registering V4L2 extension
[ 1279.627668][ T7308] usb 5-1: USB disconnect, device number 13
[ 1279.651008][ T7308] em28xx 5-1:0.89: Disconnecting em28xx
[ 1279.705877][T17591] em28xx 5-1:0.89: Config register raw data: 0xffffffed
[ 1279.713668][T17591] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[ 1279.728979][T17591] em28xx 5-1:0.89: No AC97 audio processor
[ 1279.750595][T17591] usb 5-1: Decoder not found
[ 1279.755249][T17591] em28xx 5-1:0.89: failed to create media graph
[ 1279.767684][T17591] em28xx 5-1:0.89: V4L2 device video103 deregistered
[ 1279.783918][T17591] em28xx 5-1:0.89: Registering snapshot button...
[ 1279.793327][T17591] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.89/input/input45
[ 1279.823242][T17591] em28xx 5-1:0.89: Remote control support is not available for this card.
[ 1279.848543][ T7308] em28xx 5-1:0.89: Closing input extension
[ 1279.858054][ T7308] em28xx 5-1:0.89: Deregistering snapshot button
[ 1279.908492][ T7308] em28xx 5-1:0.89: Freeing device
[ 1279.940695][T20512] netlink: 'syz.3.4217': attribute type 5 has an invalid length.
[ 1280.133108][T20515] netlink: 'syz.1.4216': attribute type 2 has an invalid length.
[ 1280.225560][T20521] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4216'.
[ 1280.516916][T20520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4218'.
[ 1280.617738][T20527] FAULT_INJECTION: forcing a failure.
[ 1280.617738][T20527] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1280.631079][T20527] CPU: 1 UID: 0 PID: 20527 Comm: syz.4.4220 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1280.631109][T20527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1280.631124][T20527] Call Trace:
[ 1280.631133][T20527]  <TASK>
[ 1280.631143][T20527]  dump_stack_lvl+0x189/0x250
[ 1280.631176][T20527]  ? __pfx____ratelimit+0x10/0x10
[ 1280.631203][T20527]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1280.631236][T20527]  ? __pfx__printk+0x10/0x10
[ 1280.631268][T20527]  ? __might_fault+0xb0/0x130
[ 1280.631311][T20527]  should_fail_ex+0x414/0x560
[ 1280.631342][T20527]  _copy_from_user+0x2d/0xb0
[ 1280.631365][T20527]  kstrtouint_from_user+0xc4/0x170
[ 1280.631399][T20527]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1280.631449][T20527]  proc_fail_nth_write+0x88/0x200
[ 1280.631476][T20527]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1280.631509][T20527]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1280.631544][T20527]  vfs_write+0x27e/0xa90
[ 1280.631584][T20527]  ? __pfx_vfs_write+0x10/0x10
[ 1280.631616][T20527]  ? __fget_files+0x2a/0x420
[ 1280.631655][T20527]  ? __fget_files+0x3a0/0x420
[ 1280.631688][T20527]  ? __fget_files+0x2a/0x420
[ 1280.631731][T20527]  ksys_write+0x145/0x250
[ 1280.631765][T20527]  ? __pfx_ksys_write+0x10/0x10
[ 1280.631799][T20527]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1280.631832][T20527]  __do_fast_syscall_32+0xb6/0x2b0
[ 1280.631862][T20527]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1280.631895][T20527]  do_fast_syscall_32+0x34/0x80
[ 1280.631924][T20527]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1280.631951][T20527] RIP: 0023:0xf7f37539
[ 1280.631970][T20527] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1280.631992][T20527] RSP: 002b:00000000f5435590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1280.632014][T20527] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5435620
[ 1280.632030][T20527] RDX: 0000000000000001 RSI: 00000000f73c4ff4 RDI: 0000000000000000
[ 1280.632043][T20527] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1280.632055][T20527] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1280.632068][T20527] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1280.632101][T20527]  </TASK>
[ 1281.337466][T20541] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[ 1281.635520][T17602] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 1281.798406][T17602] usb 5-1: config 0 has an invalid interface number: 9 but max is 0
[ 1281.810842][T17602] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1281.821396][T17602] usb 5-1: config 0 has no interface number 0
[ 1281.827797][T17602] usb 5-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=45.e8
[ 1281.837201][T17602] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1281.850024][T17602] usb 5-1: config 0 descriptor??
[ 1281.859889][T17602] rndis_host 5-1:0.9: More than one union descriptor, skipping ...
[ 1281.869162][T17602] usb 5-1: bad CDC descriptors
[ 1281.875392][T17602] cdc_acm 5-1:0.9: More than one union descriptor, skipping ...
[ 1281.935648][ T7308] usb 2-1: new full-speed USB device number 116 using dummy_hcd
[ 1282.089500][ T7308] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1282.100527][T20554] FAULT_INJECTION: forcing a failure.
[ 1282.100527][T20554] name failslab, interval 1, probability 0, space 0, times 0
[ 1282.125376][ T7308] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1282.145235][T20554] CPU: 0 UID: 0 PID: 20554 Comm: syz.0.4231 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1282.145267][T20554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1282.145282][T20554] Call Trace:
[ 1282.145291][T20554]  <TASK>
[ 1282.145301][T20554]  dump_stack_lvl+0x189/0x250
[ 1282.145337][T20554]  ? __pfx____ratelimit+0x10/0x10
[ 1282.145365][T20554]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1282.145392][T20554]  ? __pfx__printk+0x10/0x10
[ 1282.145426][T20554]  ? __pfx___might_resched+0x10/0x10
[ 1282.145448][T20554]  ? fs_reclaim_acquire+0x7d/0x100
[ 1282.145488][T20554]  should_fail_ex+0x414/0x560
[ 1282.145519][T20554]  should_failslab+0xa8/0x100
[ 1282.145554][T20554]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1282.145586][T20554]  ? __alloc_skb+0x112/0x2d0
[ 1282.145620][T20554]  __alloc_skb+0x112/0x2d0
[ 1282.145654][T20554]  alloc_skb_with_frags+0xca/0x890
[ 1282.145687][T20554]  ? __lock_acquire+0xab9/0xd20
[ 1282.145732][T20554]  sock_alloc_send_pskb+0x857/0x990
[ 1282.145775][T20554]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[ 1282.145797][T20554]  ? post_alloc_hook+0x253/0x2a0
[ 1282.145833][T20554]  ? get_page_from_freelist+0x21e4/0x22c0
[ 1282.145863][T20554]  queue_oob+0xbf/0x4f0
[ 1282.145891][T20554]  ? __pfx_queue_oob+0x10/0x10
[ 1282.145921][T20554]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[ 1282.145953][T20554]  unix_stream_sendmsg+0xc3f/0xdf0
[ 1282.145987][T20554]  ? __lock_acquire+0xab9/0xd20
[ 1282.146027][T20554]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[ 1282.146053][T20554]  ? __asan_memset+0x22/0x50
[ 1282.146079][T20554]  ? __import_iovec+0x5d4/0x7f0
[ 1282.146098][T20554]  ? aa_sock_msg_perm+0xda/0x1d0
[ 1282.146139][T20554]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1282.146162][T20554]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[ 1282.146186][T20554]  __sock_sendmsg+0x219/0x270
[ 1282.146215][T20554]  ____sys_sendmsg+0x505/0x830
[ 1282.146253][T20554]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1282.146304][T20554]  ___sys_sendmsg+0x21f/0x2a0
[ 1282.146346][T20554]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1282.146419][T20554]  ? __fget_files+0x2a/0x420
[ 1282.146451][T20554]  ? __fget_files+0x3a0/0x420
[ 1282.146495][T20554]  __sys_sendmsg+0x164/0x220
[ 1282.146530][T20554]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1282.146580][T20554]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1282.146613][T20554]  __do_fast_syscall_32+0xb6/0x2b0
[ 1282.146643][T20554]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1282.146676][T20554]  do_fast_syscall_32+0x34/0x80
[ 1282.146706][T20554]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1282.146734][T20554] RIP: 0023:0xf706e539
[ 1282.146753][T20554] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1282.146773][T20554] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1282.146796][T20554] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002740
[ 1282.146811][T20554] RDX: 0000000024004011 RSI: 0000000000000000 RDI: 0000000000000000
[ 1282.146825][T20554] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1282.146837][T20554] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1282.146850][T20554] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1282.146881][T20554]  </TASK>
[ 1282.461363][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1282.576861][ T7308] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1282.586017][ T7308] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1282.594086][ T7308] usb 2-1: Product: syz
[ 1282.602528][ T7308] usb 2-1: Manufacturer: syz
[ 1282.607186][ T7308] usb 2-1: SerialNumber: syz
[ 1282.828715][ T7308] usb 2-1: 0:2 : does not exist
[ 1282.838833][ T7308] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[ 1282.863139][T20567] FAULT_INJECTION: forcing a failure.
[ 1282.863139][T20567] name failslab, interval 1, probability 0, space 0, times 0
[ 1282.880649][ T7308] usb 2-1: USB disconnect, device number 116
[ 1282.888468][T20567] CPU: 0 UID: 0 PID: 20567 Comm: syz.5.4236 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1282.888500][T20567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1282.888515][T20567] Call Trace:
[ 1282.888525][T20567]  <TASK>
[ 1282.888535][T20567]  dump_stack_lvl+0x189/0x250
[ 1282.888568][T20567]  ? __pfx____ratelimit+0x10/0x10
[ 1282.888596][T20567]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1282.888624][T20567]  ? __pfx__printk+0x10/0x10
[ 1282.888663][T20567]  ? __pfx___might_resched+0x10/0x10
[ 1282.888691][T20567]  should_fail_ex+0x414/0x560
[ 1282.888723][T20567]  should_failslab+0xa8/0x100
[ 1282.888758][T20567]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1282.888789][T20567]  ? mas_alloc_nodes+0x2e9/0x8e0
[ 1282.888821][T20567]  mas_alloc_nodes+0x2e9/0x8e0
[ 1282.888858][T20567]  mas_preallocate+0x3ad/0x6f0
[ 1282.888898][T20567]  ? __pfx_mas_preallocate+0x10/0x10
[ 1282.888937][T20567]  ? __mas_set_range+0x12f/0x3c0
[ 1282.888971][T20567]  __split_vma+0x2fa/0xa00
[ 1282.889009][T20567]  ? __pfx___split_vma+0x10/0x10
[ 1282.889048][T20567]  ? can_vma_merge_left+0x195/0x6b0
[ 1282.889081][T20567]  vma_modify+0x13b3/0x1970
[ 1282.889122][T20567]  vma_modify_flags+0x1e8/0x230
[ 1282.889152][T20567]  ? __pfx_vma_modify_flags+0x10/0x10
[ 1282.889198][T20567]  ? may_expand_vm+0x1af/0x2f0
[ 1282.889235][T20567]  mprotect_fixup+0x407/0x9c0
[ 1282.889266][T20567]  ? __pfx_mprotect_fixup+0x10/0x10
[ 1282.889285][T20567]  ? common_file_perm+0x1b5/0x230
[ 1282.889325][T20567]  do_mprotect_pkey+0x8cd/0xce0
[ 1282.889357][T20567]  ? ksys_write+0x1cb/0x250
[ 1282.889398][T20567]  ? __pfx_do_mprotect_pkey+0x10/0x10
[ 1282.889462][T20567]  __ia32_sys_mprotect+0x7f/0x90
[ 1282.889487][T20567]  __do_fast_syscall_32+0xb6/0x2b0
[ 1282.889519][T20567]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1282.889551][T20567]  do_fast_syscall_32+0x34/0x80
[ 1282.889581][T20567]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1282.889610][T20567] RIP: 0023:0xf704e539
[ 1282.889630][T20567] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1282.889651][T20567] RSP: 002b:00000000f543e55c EFLAGS: 00000206 ORIG_RAX: 000000000000007d
[ 1282.889674][T20567] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000
[ 1282.889690][T20567] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[ 1282.889703][T20567] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1282.889716][T20567] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1282.889730][T20567] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1282.889763][T20567]  </TASK>
[ 1283.152519][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1283.405133][T20579] FAULT_INJECTION: forcing a failure.
[ 1283.405133][T20579] name failslab, interval 1, probability 0, space 0, times 0
[ 1283.426019][T20579] CPU: 0 UID: 0 PID: 20579 Comm: syz.3.4239 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1283.426052][T20579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1283.426067][T20579] Call Trace:
[ 1283.426076][T20579]  <TASK>
[ 1283.426085][T20579]  dump_stack_lvl+0x189/0x250
[ 1283.426118][T20579]  ? __pfx____ratelimit+0x10/0x10
[ 1283.426147][T20579]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1283.426174][T20579]  ? __pfx__printk+0x10/0x10
[ 1283.426213][T20579]  ? __pfx___might_resched+0x10/0x10
[ 1283.426241][T20579]  should_fail_ex+0x414/0x560
[ 1283.426283][T20579]  should_failslab+0xa8/0x100
[ 1283.426319][T20579]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1283.426352][T20579]  ? __alloc_skb+0x112/0x2d0
[ 1283.426388][T20579]  __alloc_skb+0x112/0x2d0
[ 1283.426422][T20579]  netlink_sendmsg+0x5c6/0xb30
[ 1283.426464][T20579]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1283.426498][T20579]  ? __import_iovec+0x5d4/0x7f0
[ 1283.426518][T20579]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1283.426551][T20579]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1283.426577][T20579]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1283.426607][T20579]  __sock_sendmsg+0x219/0x270
[ 1283.426636][T20579]  ____sys_sendmsg+0x505/0x830
[ 1283.426676][T20579]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1283.426728][T20579]  ___sys_sendmsg+0x21f/0x2a0
[ 1283.426764][T20579]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1283.426837][T20579]  ? __fget_files+0x2a/0x420
[ 1283.426870][T20579]  ? __fget_files+0x3a0/0x420
[ 1283.426916][T20579]  __sys_sendmsg+0x164/0x220
[ 1283.426951][T20579]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1283.427003][T20579]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1283.427035][T20579]  __do_fast_syscall_32+0xb6/0x2b0
[ 1283.427066][T20579]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1283.427097][T20579]  do_fast_syscall_32+0x34/0x80
[ 1283.427126][T20579]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1283.427154][T20579] RIP: 0023:0xf7ff3539
[ 1283.427173][T20579] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1283.427194][T20579] RSP: 002b:00000000f551655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1283.427217][T20579] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1283.427232][T20579] RDX: 00000000200480c4 RSI: 0000000000000000 RDI: 0000000000000000
[ 1283.427246][T20579] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1283.427265][T20579] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1283.427279][T20579] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1283.427310][T20579]  </TASK>
[ 1283.687612][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1283.838908][T20586] ip6gre1: entered promiscuous mode
[ 1283.891627][ T6021] udevd[6021]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1284.013055][T20590] loop7: detected capacity change from 0 to 6
[ 1284.062578][ T6021] Dev loop7: unable to read RDB block 6
[ 1284.068540][ T6021]  loop7: unable to read partition table
[ 1284.074524][ T6021] loop7: partition table beyond EOD, truncated
[ 1284.084129][T20590] Dev loop7: unable to read RDB block 6
[ 1284.092614][T20590]  loop7: unable to read partition table
[ 1284.100683][T20590] loop7: partition table beyond EOD, truncated
[ 1284.109209][T20590] loop_reread_partitions: partition scan of loop7 (îÝ·ÂU@™:ÖB$Œ{
WÎÉ´å) failed (rc=-5)
[ 1284.235696][T17602] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 1284.296887][T20600] 
[ 1284.299282][T20600] =====================================================
[ 1284.306237][T20600] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[ 1284.313728][T20600] 6.16.0-syzkaller-11952-g6e64f4580381 #0 Not tainted
[ 1284.320513][T20600] -----------------------------------------------------
[ 1284.327468][T20600] syz.0.4248/20600 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 1284.335221][T20600] ffffffff8de0c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0x12b/0x420
[ 1284.343995][T20600] 
[ 1284.343995][T20600] and this task is already holding:
[ 1284.351387][T20600] ffff888031368620 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420
[ 1284.360154][T20600] which would create a new lock dependency:
[ 1284.366066][T20600]  (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
[ 1284.373741][T20600] 
[ 1284.373741][T20600] but this new dependency connects a SOFTIRQ-irq-safe lock:
[ 1284.383311][T20600]  (&dev->event_lock#2){..-.}-{3:3}
[ 1284.383388][T20600] 
[ 1284.383388][T20600] ... which became SOFTIRQ-irq-safe at:
[ 1284.396338][T20600]   lock_acquire+0x120/0x360
[ 1284.400991][T20600]   _raw_spin_lock_irqsave+0xa7/0xf0
[ 1284.406315][T20600]   input_inject_event+0xa5/0x340
[ 1284.411392][T20600]   led_trigger_event+0x138/0x210
[ 1284.416458][T20600]   kbd_bh+0x1c6/0x2e0
[ 1284.420569][T20600]   tasklet_action_common+0x369/0x580
[ 1284.425976][T20600]   handle_softirqs+0x283/0x870
[ 1284.430858][T20600]   __irq_exit_rcu+0xca/0x1f0
[ 1284.435570][T20600]   irq_exit_rcu+0x9/0x30
[ 1284.439925][T20600]   sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1284.445701][T20600]   asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1284.451806][T20600]   _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1284.457652][T20600]   do_con_write+0x4169/0x5200
[ 1284.462527][T20600]   con_write+0x24/0x40
[ 1284.466699][T20600]   n_tty_write+0xd2c/0x1200
[ 1284.471293][T20600]   file_tty_write+0x554/0xa20
[ 1284.476066][T20600]   vfs_write+0x548/0xa90
[ 1284.480409][T20600]   ksys_write+0x145/0x250
[ 1284.484853][T20600]   __do_fast_syscall_32+0xb6/0x2b0
[ 1284.490063][T20600]   do_fast_syscall_32+0x34/0x80
[ 1284.495011][T20600]   entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1284.501434][T20600] 
[ 1284.501434][T20600] to a SOFTIRQ-irq-unsafe lock:
[ 1284.508450][T20600]  (tasklist_lock){.+.+}-{3:3}
[ 1284.508479][T20600] 
[ 1284.508479][T20600] ... which became SOFTIRQ-irq-unsafe at:
[ 1284.521133][T20600] ...
[ 1284.521142][T20600]   lock_acquire+0x120/0x360
[ 1284.528332][T20600]   _raw_read_lock+0x36/0x50
[ 1284.532924][T20600]   __do_wait+0xde/0x740
[ 1284.537183][T20600]   do_wait+0x1f8/0x520
[ 1284.541405][T20600]   kernel_wait+0xab/0x170
[ 1284.545833][T20600]   call_usermodehelper_exec_work+0xbe/0x230
[ 1284.551827][T20600]   process_scheduled_works+0xade/0x17b0
[ 1284.557459][T20600]   worker_thread+0x8a0/0xda0
[ 1284.562139][T20600]   kthread+0x70e/0x8a0
[ 1284.566300][T20600]   ret_from_fork+0x3fc/0x770
[ 1284.570985][T20600]   ret_from_fork_asm+0x1a/0x30
[ 1284.575848][T20600] 
[ 1284.575848][T20600] other info that might help us debug this:
[ 1284.575848][T20600] 
[ 1284.586078][T20600] Chain exists of:
[ 1284.586078][T20600]   &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock
[ 1284.586078][T20600] 
[ 1284.599136][T20600]  Possible interrupt unsafe locking scenario:
[ 1284.599136][T20600] 
[ 1284.607451][T20600]        CPU0                    CPU1
[ 1284.612825][T20600]        ----                    ----
[ 1284.618275][T20600]   lock(tasklist_lock);
[ 1284.622525][T20600]                                local_irq_disable();
[ 1284.629276][T20600]                                lock(&dev->event_lock#2);
[ 1284.636492][T20600]                                lock(&f_owner->lock);
[ 1284.643356][T20600]   <Interrupt>
[ 1284.646829][T20600]     lock(&dev->event_lock#2);
[ 1284.651709][T20600] 
[ 1284.651709][T20600]  *** DEADLOCK ***
[ 1284.651709][T20600] 
[ 1284.659847][T20600] 2 locks held by syz.0.4248/20600:
[ 1284.665040][T20600]  #0: ffff88807b3ffdc0 (&u->lock){+.+.}-{3:3}, at: queue_oob+0x1b0/0x4f0
[ 1284.673587][T20600]  #1: ffff888031368620 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420
[ 1284.682749][T20600] 
[ 1284.682749][T20600] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[ 1284.693153][T20600]    -> (&dev->event_lock#2){..-.}-{3:3} {
[ 1284.698999][T20600]       IN-SOFTIRQ-W at:
[ 1284.703244][T20600]                           lock_acquire+0x120/0x360
[ 1284.709928][T20600]                           _raw_spin_lock_irqsave+0xa7/0xf0
[ 1284.717325][T20600]                           input_inject_event+0xa5/0x340
[ 1284.724437][T20600]                           led_trigger_event+0x138/0x210
[ 1284.731559][T20600]                           kbd_bh+0x1c6/0x2e0
[ 1284.737722][T20600]                           tasklet_action_common+0x369/0x580
[ 1284.745191][T20600]                           handle_softirqs+0x283/0x870
[ 1284.752130][T20600]                           __irq_exit_rcu+0xca/0x1f0
[ 1284.758897][T20600]                           irq_exit_rcu+0x9/0x30
[ 1284.765319][T20600]                           sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1284.773135][T20600]                           asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1284.781293][T20600]                           _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1284.789206][T20600]                           do_con_write+0x4169/0x5200
[ 1284.796069][T20600]                           con_write+0x24/0x40
[ 1284.802320][T20600]                           n_tty_write+0xd2c/0x1200
[ 1284.809002][T20600]                           file_tty_write+0x554/0xa20
[ 1284.815862][T20600]                           vfs_write+0x548/0xa90
[ 1284.822297][T20600]                           ksys_write+0x145/0x250
[ 1284.828806][T20600]                           __do_fast_syscall_32+0xb6/0x2b0
[ 1284.836100][T20600]                           do_fast_syscall_32+0x34/0x80
[ 1284.843134][T20600]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1284.851644][T20600]       INITIAL USE at:
[ 1284.855803][T20600]                          lock_acquire+0x120/0x360
[ 1284.862409][T20600]                          _raw_spin_lock_irqsave+0xa7/0xf0
[ 1284.869695][T20600]                          input_inject_event+0xa5/0x340
[ 1284.876721][T20600]                          kbd_led_trigger_activate+0xbc/0x100
[ 1284.884281][T20600]                          led_trigger_set+0x52d/0x950
[ 1284.891159][T20600]                          led_trigger_set_default+0x260/0x2a0
[ 1284.898753][T20600]                          led_classdev_register_ext+0x73d/0x930
[ 1284.906492][T20600]                          input_leds_connect+0x517/0x790
[ 1284.913617][T20600]                          input_register_device+0xcfd/0x1140
[ 1284.921087][T20600]                          atkbd_connect+0x72e/0xa00
[ 1284.927774][T20600]                          serio_driver_probe+0x82/0xd0
[ 1284.934716][T20600]                          really_probe+0x26a/0x9e0
[ 1284.941307][T20600]                          __driver_probe_device+0x18c/0x2f0
[ 1284.948702][T20600]                          driver_probe_device+0x4f/0x430
[ 1284.955832][T20600]                          __driver_attach+0x452/0x700
[ 1284.962720][T20600]                          bus_for_each_dev+0x230/0x2b0
[ 1284.969670][T20600]                          serio_handle_event+0x1f9/0x8d0
[ 1284.976795][T20600]                          process_scheduled_works+0xade/0x17b0
[ 1284.984429][T20600]                          worker_thread+0x8a0/0xda0
[ 1284.991107][T20600]                          kthread+0x70e/0x8a0
[ 1284.997284][T20600]                          ret_from_fork+0x3fc/0x770
[ 1285.003963][T20600]                          ret_from_fork_asm+0x1a/0x30
[ 1285.010826][T20600]     }
[ 1285.013599][T20600]     ... key      at: [<ffffffff99e25060>] input_allocate_device.__key.5+0x0/0x20
[ 1285.022905][T20600]   -> (&client->buffer_lock){....}-{3:3} {
[ 1285.028823][T20600]      INITIAL USE at:
[ 1285.032891][T20600]                        lock_acquire+0x120/0x360
[ 1285.039333][T20600]                        _raw_spin_lock+0x2e/0x40
[ 1285.045756][T20600]                        evdev_pass_values+0xb9/0xbd0
[ 1285.052615][T20600]                        evdev_events+0x1e6/0x340
[ 1285.059040][T20600]                        input_pass_values+0x285/0x890
[ 1285.066007][T20600]                        input_event_dispose+0x330/0x6b0
[ 1285.073055][T20600]                        input_inject_event+0x1dd/0x340
[ 1285.080012][T20600]                        evdev_write+0x2fc/0x480
[ 1285.086355][T20600]                        vfs_write+0x27e/0xa90
[ 1285.092621][T20600]                        ksys_write+0x145/0x250
[ 1285.098875][T20600]                        __do_fast_syscall_32+0xb6/0x2b0
[ 1285.105913][T20600]                        do_fast_syscall_32+0x34/0x80
[ 1285.112695][T20600]                        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1285.120949][T20600]    }
[ 1285.123620][T20600]    ... key      at: [<ffffffff99e25300>] evdev_open.__key.25+0x0/0x20
[ 1285.131970][T20600]    ... acquired at:
[ 1285.135955][T20600]    lock_acquire+0x120/0x360
[ 1285.140666][T20600]    _raw_spin_lock+0x2e/0x40
[ 1285.145363][T20600]    evdev_pass_values+0xb9/0xbd0
[ 1285.150400][T20600]    evdev_events+0x1e6/0x340
[ 1285.155090][T20600]    input_pass_values+0x285/0x890
[ 1285.160228][T20600]    input_event_dispose+0x330/0x6b0
[ 1285.165524][T20600]    input_inject_event+0x1dd/0x340
[ 1285.170730][T20600]    evdev_write+0x2fc/0x480
[ 1285.175333][T20600]    vfs_write+0x27e/0xa90
[ 1285.179781][T20600]    ksys_write+0x145/0x250
[ 1285.184296][T20600]    __do_fast_syscall_32+0xb6/0x2b0
[ 1285.189626][T20600]    do_fast_syscall_32+0x34/0x80
[ 1285.194660][T20600]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1285.201177][T20600] 
[ 1285.203502][T20600]  -> (&new->fa_lock){....}-{3:3} {
[ 1285.208735][T20600]     INITIAL USE at:
[ 1285.212722][T20600]                      lock_acquire+0x120/0x360
[ 1285.218976][T20600]                      _raw_write_lock_irq+0xa2/0xf0
[ 1285.225660][T20600]                      fasync_remove_entry+0xf1/0x1c0
[ 1285.232432][T20600]                      tty_fasync+0x13c/0x350
[ 1285.238514][T20600]                      __fput+0x8a2/0xa70
[ 1285.244237][T20600]                      task_work_run+0x1d4/0x260
[ 1285.250582][T20600]                      exit_to_user_mode_loop+0xec/0x110
[ 1285.257619][T20600]                      __do_fast_syscall_32+0x1f4/0x2b0
[ 1285.264578][T20600]                      do_fast_syscall_32+0x34/0x80
[ 1285.271182][T20600]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1285.279261][T20600]     INITIAL READ USE at:
[ 1285.283676][T20600]                           lock_acquire+0x120/0x360
[ 1285.290377][T20600]                           _raw_read_lock_irqsave+0xaf/0x100
[ 1285.297840][T20600]                           kill_fasync+0x199/0x4d0
[ 1285.304433][T20600]                           lease_break_callback+0x26/0x30
[ 1285.311753][T20600]                           __break_lease+0x6a2/0x1620
[ 1285.318606][T20600]                           vfs_truncate+0x428/0x520
[ 1285.325308][T20600]                           do_sys_truncate+0xdb/0x190
[ 1285.332182][T20600]                           __ia32_compat_sys_truncate+0x5b/0x70
[ 1285.339913][T20600]                           __do_fast_syscall_32+0xb6/0x2b0
[ 1285.347222][T20600]                           do_fast_syscall_32+0x34/0x80
[ 1285.354266][T20600]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1285.362771][T20600]   }
[ 1285.365358][T20600]   ... key      at: [<ffffffff99b25f80>] fasync_insert_entry.__key+0x0/0x20
[ 1285.374132][T20600]   ... acquired at:
[ 1285.378022][T20600]    lock_acquire+0x120/0x360
[ 1285.382714][T20600]    _raw_read_lock_irqsave+0xaf/0x100
[ 1285.388183][T20600]    kill_fasync+0x199/0x4d0
[ 1285.392787][T20600]    evdev_pass_values+0x627/0xbd0
[ 1285.397934][T20600]    evdev_events+0x1e6/0x340
[ 1285.402619][T20600]    input_pass_values+0x285/0x890
[ 1285.407742][T20600]    input_event_dispose+0x330/0x6b0
[ 1285.413033][T20600]    input_inject_event+0x1dd/0x340
[ 1285.418233][T20600]    evdev_write+0x2fc/0x480
[ 1285.422833][T20600]    vfs_write+0x27e/0xa90
[ 1285.427261][T20600]    ksys_write+0x145/0x250
[ 1285.431774][T20600]    __do_fast_syscall_32+0xb6/0x2b0
[ 1285.437069][T20600]    do_fast_syscall_32+0x34/0x80
[ 1285.442104][T20600]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1285.448640][T20600] 
[ 1285.450969][T20600] -> (&f_owner->lock){....}-{3:3} {
[ 1285.456200][T20600]    INITIAL USE at:
[ 1285.460096][T20600]                    lock_acquire+0x120/0x360
[ 1285.466180][T20600]                    _raw_write_lock_irq+0xa2/0xf0
[ 1285.472690][T20600]                    __f_setown+0x67/0x370
[ 1285.478501][T20600]                    tty_fasync+0x2dc/0x350
[ 1285.484409][T20600]                    do_vfs_ioctl+0x1061/0x1430
[ 1285.490654][T20600]                    __ia32_compat_sys_ioctl+0x4bd/0x840
[ 1285.497685][T20600]                    __do_fast_syscall_32+0xb6/0x2b0
[ 1285.504371][T20600]                    do_fast_syscall_32+0x34/0x80
[ 1285.510799][T20600]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1285.518704][T20600]    INITIAL READ USE at:
[ 1285.523041][T20600]                         lock_acquire+0x120/0x360
[ 1285.529568][T20600]                         _raw_read_lock_irqsave+0xaf/0x100
[ 1285.536875][T20600]                         send_sigio+0x38/0x370
[ 1285.543150][T20600]                         kill_fasync+0x24d/0x4d0
[ 1285.549573][T20600]                         lease_break_callback+0x26/0x30
[ 1285.556610][T20600]                         __break_lease+0x6a2/0x1620
[ 1285.563291][T20600]                         vfs_truncate+0x428/0x520
[ 1285.569810][T20600]                         do_sys_truncate+0xdb/0x190
[ 1285.576505][T20600]                         __ia32_compat_sys_truncate+0x5b/0x70
[ 1285.584060][T20600]                         __do_fast_syscall_32+0xb6/0x2b0
[ 1285.591184][T20600]                         do_fast_syscall_32+0x34/0x80
[ 1285.598046][T20600]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1285.606378][T20600]  }
[ 1285.608895][T20600]  ... key      at: [<ffffffff99b25f60>] file_f_owner_allocate.__key+0x0/0x20
[ 1285.617768][T20600]  ... acquired at:
[ 1285.621570][T20600]    lock_acquire+0x120/0x360
[ 1285.626259][T20600]    _raw_read_lock_irqsave+0xaf/0x100
[ 1285.631730][T20600]    send_sigio+0x38/0x370
[ 1285.636154][T20600]    kill_fasync+0x24d/0x4d0
[ 1285.640750][T20600]    lease_break_callback+0x26/0x30
[ 1285.645959][T20600]    __break_lease+0x6a2/0x1620
[ 1285.650816][T20600]    vfs_truncate+0x428/0x520
[ 1285.655509][T20600]    do_sys_truncate+0xdb/0x190
[ 1285.660368][T20600]    __ia32_compat_sys_truncate+0x5b/0x70
[ 1285.666097][T20600]    __do_fast_syscall_32+0xb6/0x2b0
[ 1285.671395][T20600]    do_fast_syscall_32+0x34/0x80
[ 1285.676431][T20600]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1285.682939][T20600] 
[ 1285.685267][T20600] 
[ 1285.685267][T20600] the dependencies between the lock to be acquired
[ 1285.685276][T20600]  and SOFTIRQ-irq-unsafe lock:
[ 1285.698792][T20600] -> (tasklist_lock){.+.+}-{3:3} {
[ 1285.703928][T20600]    HARDIRQ-ON-R at:
[ 1285.707910][T20600]                     lock_acquire+0x120/0x360
[ 1285.714080][T20600]                     _raw_read_lock+0x36/0x50
[ 1285.720241][T20600]                     __do_wait+0xde/0x740
[ 1285.726076][T20600]                     do_wait+0x1f8/0x520
[ 1285.731816][T20600]                     kernel_wait+0xab/0x170
[ 1285.737804][T20600]                     call_usermodehelper_exec_work+0xbe/0x230
[ 1285.745363][T20600]                     process_scheduled_works+0xade/0x17b0
[ 1285.752564][T20600]                     worker_thread+0x8a0/0xda0
[ 1285.758810][T20600]                     kthread+0x70e/0x8a0
[ 1285.764536][T20600]                     ret_from_fork+0x3fc/0x770
[ 1285.770793][T20600]                     ret_from_fork_asm+0x1a/0x30
[ 1285.777220][T20600]    SOFTIRQ-ON-R at:
[ 1285.781205][T20600]                     lock_acquire+0x120/0x360
[ 1285.787370][T20600]                     _raw_read_lock+0x36/0x50
[ 1285.793619][T20600]                     __do_wait+0xde/0x740
[ 1285.799436][T20600]                     do_wait+0x1f8/0x520
[ 1285.805162][T20600]                     kernel_wait+0xab/0x170
[ 1285.811152][T20600]                     call_usermodehelper_exec_work+0xbe/0x230
[ 1285.818709][T20600]                     process_scheduled_works+0xade/0x17b0
[ 1285.825909][T20600]                     worker_thread+0x8a0/0xda0
[ 1285.832154][T20600]                     kthread+0x70e/0x8a0
[ 1285.837881][T20600]                     ret_from_fork+0x3fc/0x770
[ 1285.844130][T20600]                     ret_from_fork_asm+0x1a/0x30
[ 1285.850559][T20600]    INITIAL USE at:
[ 1285.854459][T20600]                    lock_acquire+0x120/0x360
[ 1285.860546][T20600]                    _raw_write_lock_irq+0xa2/0xf0
[ 1285.867054][T20600]                    copy_process+0x224f/0x3c00
[ 1285.873313][T20600]                    kernel_clone+0x21e/0x840
[ 1285.879388][T20600]                    user_mode_thread+0xdd/0x140
[ 1285.885718][T20600]                    rest_init+0x23/0x300
[ 1285.891446][T20600]                    start_kernel+0x3a9/0x410
[ 1285.897521][T20600]                    x86_64_start_reservations+0x24/0x30
[ 1285.904568][T20600]                    x86_64_start_kernel+0x143/0x1c0
[ 1285.911292][T20600]                    common_startup_64+0x13e/0x147
[ 1285.917831][T20600]    INITIAL READ USE at:
[ 1285.922206][T20600]                         lock_acquire+0x120/0x360
[ 1285.928729][T20600]                         _raw_read_lock+0x36/0x50
[ 1285.935244][T20600]                         __do_wait+0xde/0x740
[ 1285.941423][T20600]                         do_wait+0x1f8/0x520
[ 1285.947499][T20600]                         kernel_wait+0xab/0x170
[ 1285.953853][T20600]                         call_usermodehelper_exec_work+0xbe/0x230
[ 1285.961761][T20600]                         process_scheduled_works+0xade/0x17b0
[ 1285.969314][T20600]                         worker_thread+0x8a0/0xda0
[ 1285.975906][T20600]                         kthread+0x70e/0x8a0
[ 1285.981978][T20600]                         ret_from_fork+0x3fc/0x770
[ 1285.988567][T20600]                         ret_from_fork_asm+0x1a/0x30
[ 1285.995338][T20600]  }
[ 1285.997840][T20600]  ... key      at: [<ffffffff8de0c058>] tasklist_lock+0x18/0x40
[ 1286.005572][T20600]  ... acquired at:
[ 1286.009375][T20600]    lock_acquire+0x120/0x360
[ 1286.014072][T20600]    _raw_read_lock+0x36/0x50
[ 1286.018753][T20600]    send_sigurg+0x12b/0x420
[ 1286.023347][T20600]    sk_send_sigurg+0x6c/0x2e0
[ 1286.028112][T20600]    queue_oob+0x420/0x4f0
[ 1286.032543][T20600]    unix_stream_sendmsg+0xc3f/0xdf0
[ 1286.037828][T20600]    __sock_sendmsg+0x219/0x270
[ 1286.042691][T20600]    ____sys_sendmsg+0x505/0x830
[ 1286.047638][T20600]    ___sys_sendmsg+0x21f/0x2a0
[ 1286.052504][T20600]    __sys_sendmsg+0x164/0x220
[ 1286.057281][T20600]    __do_fast_syscall_32+0xb6/0x2b0
[ 1286.062580][T20600]    do_fast_syscall_32+0x34/0x80
[ 1286.067633][T20600]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1286.074158][T20600] 
[ 1286.076500][T20600] 
[ 1286.076500][T20600] stack backtrace:
[ 1286.082394][T20600] CPU: 1 UID: 0 PID: 20600 Comm: syz.0.4248 Not tainted 6.16.0-syzkaller-11952-g6e64f4580381 #0 PREEMPT(full) 
[ 1286.082417][T20600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1286.082430][T20600] Call Trace:
[ 1286.082439][T20600]  <TASK>
[ 1286.082448][T20600]  dump_stack_lvl+0x189/0x250
[ 1286.082473][T20600]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1286.082496][T20600]  ? __pfx__printk+0x10/0x10
[ 1286.082526][T20600]  validate_chain+0x1f05/0x2140
[ 1286.082556][T20600]  __lock_acquire+0xab9/0xd20
[ 1286.082585][T20600]  ? send_sigurg+0x12b/0x420
[ 1286.082605][T20600]  lock_acquire+0x120/0x360
[ 1286.082632][T20600]  ? send_sigurg+0x12b/0x420
[ 1286.082653][T20600]  ? _raw_read_lock_irqsave+0xbb/0x100
[ 1286.082678][T20600]  _raw_read_lock+0x36/0x50
[ 1286.082698][T20600]  ? send_sigurg+0x12b/0x420
[ 1286.082717][T20600]  send_sigurg+0x12b/0x420
[ 1286.082739][T20600]  sk_send_sigurg+0x6c/0x2e0
[ 1286.082761][T20600]  queue_oob+0x420/0x4f0
[ 1286.082782][T20600]  ? __pfx_queue_oob+0x10/0x10
[ 1286.082801][T20600]  ? __schedule+0x17ae/0x4cc0
[ 1286.082823][T20600]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[ 1286.082849][T20600]  unix_stream_sendmsg+0xc3f/0xdf0
[ 1286.082877][T20600]  ? __lock_acquire+0xab9/0xd20
[ 1286.082907][T20600]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[ 1286.082928][T20600]  ? __asan_memset+0x22/0x50
[ 1286.082949][T20600]  ? __import_iovec+0x5d4/0x7f0
[ 1286.082965][T20600]  ? aa_sock_msg_perm+0xda/0x1d0
[ 1286.082992][T20600]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1286.083013][T20600]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[ 1286.083032][T20600]  __sock_sendmsg+0x219/0x270
[ 1286.083053][T20600]  ____sys_sendmsg+0x505/0x830
[ 1286.083083][T20600]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1286.083114][T20600]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1286.083146][T20600]  ___sys_sendmsg+0x21f/0x2a0
[ 1286.083174][T20600]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1286.083215][T20600]  ? __fget_files+0x2a/0x420
[ 1286.083243][T20600]  ? __fget_files+0x3a0/0x420
[ 1286.083275][T20600]  __sys_sendmsg+0x164/0x220
[ 1286.083304][T20600]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1286.083337][T20600]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1286.083362][T20600]  __do_fast_syscall_32+0xb6/0x2b0
[ 1286.083388][T20600]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1286.083412][T20600]  do_fast_syscall_32+0x34/0x80
[ 1286.083437][T20600]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1286.083461][T20600] RIP: 0023:0xf706e539
[ 1286.083477][T20600] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1286.083495][T20600] RSP: 002b:00000000f545e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1286.083515][T20600] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002740
[ 1286.083529][T20600] RDX: 0000000024004011 RSI: 0000000000000000 RDI: 0000000000000000
[ 1286.083541][T20600] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1286.083552][T20600] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1286.083563][T20600] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1286.083581][T20600]  </TASK>
[ 1286.419431][T17598] usb 5-1: USB disconnect, device number 14
[ 1286.505404][T17602] usb 4-1: Using ep0 maxpacket: 32
[ 1286.512136][T17602] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[ 1286.521203][T17602] usb 4-1: config 0 has no interface number 0
[ 1286.527422][T17602] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1286.538428][T17602] usb 4-1: config 0 interface 85 has no altsetting 0
[ 1286.557349][T17602] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1286.567452][T17602] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1286.575568][T17602] usb 4-1: Product: syz
[ 1286.579742][T17602] usb 4-1: Manufacturer: syz
[ 1286.584327][T17602] usb 4-1: SerialNumber: syz
[ 1286.590301][T17602] usb 4-1: config 0 descriptor??
[ 1287.204356][T17602] appletouch 4-1:0.85: Geyser mode initialized.
[ 1287.211696][T17602] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input47
[ 1287.408596][T17602] usb 4-1: USB disconnect, device number 106
[ 1287.419935][T17602] appletouch 4-1:0.85: input: appletouch disconnected