last executing test programs:

10.204681074s ago: executing program 0 (id=2509):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="400e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "0100"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, &(0x7f0000000400)={0x40, 0x16, 0x2, "0e90"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000002c0)={0x40, 0x7, 0x1, "87"}, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, &(0x7f0000000240)={0x14, &(0x7f0000000140)={0x0, 0x8, 0x19, {0x19, 0x9, "0649f12680ac0030346b90891caec25f452898d5e32840"}}, &(0x7f00000001c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1421}}}, &(0x7f0000000300)={0x1c, &(0x7f0000000580)={0x40, 0x10, 0xfb, "9d90e3c97e542e5314ff3edfefd448cb3e601659061f6b8a2d92d26111594720f40d66896b896f0211336003b7b2c81bcf1e77238bd9e24e7e00cc3a13420a2ae4240af279a89a617e1c5f7e7685b650407c3936d1ba7c9ad85848aad05535ab8b536f87f79b74e6a7e4afdd4766ed31c06ecb76c916ffd33bb097004e5066bf03e0d2c1d9752381d00217c315e7a0ca401b3a022f835df034cc4315fc359b7dd315f9f4731f5838ae7b2c59220f8b96ae96bbcdf5c59dd689c0c1796e44a02d9233a10d30de1ff3f98f5c8b301e477baf9c27c470baecd9c48af3930e9a7f202844f96bf22d219b0a4126fdb8a23c5b3ba53868270a5ef00500a7"}, &(0x7f0000000b40)={0xa1, 0x1, 0x400, "488acca02cb727b9e0678411e2d867b8d94aa16c103ab5277b7ec1b0cddbbbe8a0b70bf4e81e0af4b5b6604a3b0f5c8802dc96c9cfddf33f59442ec4bcbdaa8fe009c311cc9d0e63f886af0492a6348ee4516cd7e11c80198a896d62877c8838dcae4e5da6d30997a0cab53bb06db8c69499bd4b63fda2afd8ae5facbefe15f772f9b0a6418cad84ecc1682b8ac6bb96c243f8c26531976145af8a7ff2c11ec4586ed860812f409131f9562c1356b4049faf5ff2c220030155fb51489f11b2bb93f46e5318613da625ec0ed0a0168a14a9a01439d0df5077ae1e969282dc3e2b1b49dce24ff118cc51484bc72749e41ebf2e480d703142eb3c7f1a6720b6af8d8cdc0b9e5f4225d9c66e331e9fd9d0c7a84f5108638383fbd5ef4152e6c54484972bf7af934c1e6c326f80209d138bafefe9a83175951e3b292147e966ead1bccd2b756cadf71ee65fe1e5c1dfb90a933a310ae222e91d8ab08ce7cde3bd3fc82c74353655364bd32d8ac74d525bc453763cc4a763c63f94c4339c164d0ab4d8baa20047b6ec6ca4c10c0f626370c730c79170d3311b6ffc03ec8da33fccd0e57ae74deb3c0ecbf9e0620e09f577776f04d4a80f313bacdb6a894201fc698b5f90f31ee7ea5d95e9a93aaa2f8f06ffe47c01bfe51c2e6111e1d5840e1ff17d49188972d6134502d248b1355aa86a7c096c3684de12d34f09011e8b60c35ce462f1d4283d808f8a7a99b7ac73893042463c2298d99425dffb628630ac8de47afe5adbf05e3842a277f4644bcd83050dbf343353bb1f4e38f831bd62132f3892acd733e31424a3b6ba466a4744a208272cf77363de93b8560eec60891c6f7b73531d07d2379a4aa3fef2359ec9a54a761813cee146700a5dc752ee3b95280e44650b8130adc56ebbf54a257dd826a992b7b5516ccf24aa2bc6e9efd0cb200d00a83a8aa33c70407e6782b2f01f49745bb537e7be2f07bc2756824ec496857eaf541d53324fe23bd34da51fc5f26fb52f20f94d3e82e48c0c6d9708e6692da5fd72dd2ca70171cab34dd24a010ed5da873f8c104cd807aaa74881d330271bc72fd5784497050e53648003584a9eb77861841151c7eb5d8391df75ea004b853cebd53aaa76b13bd1cb04e77056d0c217f9239e6f15c03e89ba50958bf7ceaac13128091016a2ad381a8a407c848a5c135652db1f405345668ef23a60d267fb5296b3090311c221b8911c7d1f7f28f640421ba26e0f36ba1e4579ed3388858fe9ce0d440a7e74928f779036d20fd9a8b4bd334eb4b3a642e4a9e416920fe4c2f86560e22bbd1ac743908ba8ceb1b0852ba03bda456dc5268eca2ff4697fd4dc883c882a6d1d1465529054e04a9b17f249d12690e2fa961522cf9780423612fc238eeac2f995f56e5131cd79a66a49daf5d6c4044effd91ce0c6b63a5fed40dba5c001"}, &(0x7f0000000280)={0x21, 0x0, 0x1, "e6"}})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

9.633881324s ago: executing program 1 (id=2513):
r0 = socket(0x10, 0x3, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f00000000c0)='sit0\x00') (async)
faccessat2(0xffffffffffffffff, 0x0, 0x2, 0x1000)
unshare(0x6a040000)
fsopen(0x0, 0x0) (async)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000840)) (async)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x40000000040201, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x400, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) (async)
r4 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0) (async)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r3, 0xc0884113, &(0x7f0000000380)={0x1, 0x20, 0xfffffd0a, 0x10001, 0x0, 0xfffffffffdfffffb, 0x7, 0x0, 0xfbfffffffffffffd, 0xfffffffffffffffd, 0xffffffbb}) (async)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r3, 0xc0984124, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3})

7.502496946s ago: executing program 3 (id=2524):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4043, 0x1ff)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0])
unshare(0x26020480)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, 0x0, 0x3000c041)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000600000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)

7.468955011s ago: executing program 2 (id=2525):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001000000018000180140002006e657464657673696d3000000000000005000b0000000000080011"], 0x3c}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303000000000000000000000100000800010001"], 0x1c}}, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000140), 0x0, 0xffffffffffffffb5, &(0x7f0000000340)={&(0x7f0000000280)={'sha224-avx2\x00'}})
sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c2000000203030000000000a70000e7ffffff0f080001a2ea000000"], 0x1c}}, 0x0)
r3 = getpid()
r4 = syz_pidfd_open(r3, 0x0)
open_by_handle_at(r4, &(0x7f0000002580)=@ocfs2={0xc, 0xfe, {0x3, 0x0, 0x7}}, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
read$FUSE(r5, &(0x7f0000012300)={0x2020}, 0x2020)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x3, 0x3, 0x301, 0x0, 0x0, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x20008015}, 0x4040)

7.424500675s ago: executing program 2 (id=2526):
socket$alg(0x26, 0x5, 0x0)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
statfs(&(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) (fail_nth: 3)

6.906265662s ago: executing program 0 (id=2527):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x6, @mcast1}, 0x1c)
sendto$inet6(r0, &(0x7f0000000e80)="0d0ad7c36d6617110e434332d6ac582208222cfb7c37ce1148f448455bc37f5f70c92774dcb201629979039d7c8943b207e5bdf9ab8eed9ace110469c51f4f211dd9fad815eb5b273ac04e1edc679bcdf0a0d24482de5454be9003cb80714a95e136bb704ee58e707d1e69b3c3a1c2c37f9c0402e14abdeb32086a49aff25e5c0f0131d59b4783316b9fa2c71c51ce76942d5f519145c9e3bf0d4182b4a62970b2ce81d35a7afc8384b387b8e21f2051d90d92323a710cabe5275d335b64453e759251a140de480541d8dd7662a14296a59eba99b95bfdf5b22992c323865b471d13ad79867e2692fd4eece299a81e2b33336b6801f51c2ae8d73e4df90c9bd70cd535b72cbdf67754acdc44b3780450308d9c5527c3314eb7b2cc38b61e96403a30a8ba0c8a357aa04d3c62bc51bcf55cf214f44a909b29c30c18c3a43c86472612086664a80f2aa8490e58352732acb96eb46deab42895d1957a6029ad86e7a5ced6bde89c158aaee721954beeebe5973059007f7dd5459029af6d3f1d73d35f07d19b7cedfc80d1d7ef37f8b113f564afd0f093202929fef43e788619ca522c7f679dd2f27949d879b4dab46581a0e054b4ed1db37e43f528748b56ec5a54b7af198d4ae551046f7814fe3a5cbc1cc7cb6655fc198939b049f3c02443148c588e34d6ebef81096b4e48f468016d2bde0828664c0874d71e2d88b3bc04079d4a504255a83c3f07a4f1c3e5a4c66f55f36e51e344392487c8299d8d1bfb568780c0d57df48990cb5d6b35c3f7445f80312186d8598faf61072d4eefc961fb5a7e72b971c8f94a8346effd27362cee8d72a98b55e317de280d2d63ee83ca7140b7913122d402c536d914c8510c81d08f0ad1c952f5b7ad5e7ef72d7c58cb4d5bafbea535b381df6ebe94c62cf782cf7ab81c017c296a88ca91d641b45748d230cf5e87e5dbee4764ea4d131ae022e6bbf3ffc3ea7b264737d9db44354bfffa63d79bc403d3ac23fb615edc382d18b0daf1bbb2fbd708d1830ddac1c3f098b8cb1ef9a0019d804bf5d953110f12f3b9a8b9b7e0c61cb5d34116add1fc9a92721ffa5fdc83e1488cf88aa6e56ad2dd55e0aadd827cc7b4e7242f01241f49e905e5e7451092c28c3f6560a6a0002e5d91fc253a5a8fd8f27e42f4f02f5849528b7d93df9b0c568022acaff410e797e88d2f8eeadbba66e423335b843df734d203fa62a861b712da8f33d5ea721767871aa2cd53e659e505507de9a54d7e6fa3c20bbfb28cd6dd2b314dabbb59e9ce15c0a94ec3b3efc54eaaa27bd7576a687dcaf58dc182662539943014a02e76dc89f48c9f83cc7199038418f965ad3dc866098b89cabcac8691b0f51ffb71902337e49293309c4480a8f1b32411cc1b55a0ec0fe2c2572fe9d488a25bfc12ba74048e1d7beee93321c7aa49ea17cb9728dc46e5272154b3b995feacbacb8885621b335274af4df9365f8c8121ff323b572d320c8fc46acd6218b9579d43005e7b0506ccb14d9a0dac4cc6efaf5366c44342eaea8b5a11457f5afbea913ce4975ab67e6a85bc46e714ca5741da38a7cceb9e85d77fd03f83f7a5ecc7241e69e2bda327f769b48ba5f13662585c72778d12bd0e9a62a3d0dbe376d1aee81e6845c2cf23f42c458ae5668c8d387bf9ab224bc9703f1c08347be810d2f19278fe8d97560b3c9f1816667d0461a25e778eb1404dcaac1ed0a6a0745f3a5d2dc1b6babf98f5135d531cb26334ef2fec4c78c95b7193935139664fc65f17b047eb3dc39e251ba52ce33f8099719f1a789db1690347355e7b02d4c522692b9597fd31abb90f973ae4eb0bd0d900cdd887ff01d4845d7f0aee39b220a65a5aeee0fd386054070723c841c042d5339cc6325f07f0f733d124c6524f388ef7419f42c06278b8fceaa3a16b202dfb539b129762397e29cdd679ca6240272fa0c3e2e8c0a27aaa407f30b4024d0638dfca1bc9483db3ccc2880f", 0x5c6, 0x6d91fb6102d8910c, 0x0, 0xfffffffffffffe38)
sendto$inet6(r0, 0x0, 0x0, 0x40012, 0x0, 0x0)

6.601273217s ago: executing program 0 (id=2528):
socket$alg(0x26, 0x5, 0x0)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
statfs(&(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

6.60070674s ago: executing program 2 (id=2529):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80281, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000180)={0x0, 0x1c0, 0x380, &(0x7f0000000580)=[0x20006bd1a312, 0xec66, 0xff, 0x8, 0x100, 0x800000000000009, 0x0, 0x4, 0x10000, 0x100, 0x9004, 0x6, 0x8, 0x5, 0x5, 0x49, 0x3ff, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x3, 0x2, 0x0, 0x7, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x8, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x7, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x9, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0x7fff, 0x6, 0x28000000, 0x5, 0x8061d, 0x3, 0x8, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2b, 0x8, 0x2293332d, 0x6, 0x5, 0x0, 0xd, 0x2, 0x5, 0x981, 0x2, 0x5, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8000000000008, 0x1, 0x53e0f0fe, 0xeb4, 0x0, 0xfffffffffffffffe, 0xb692, 0xcc, 0xc, 0x3]})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000004c0)={0x0, 0x1f, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r4, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r2, &(0x7f0000001240)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001200)={&(0x7f0000001180)={0x44, 0x2, 0x8, 0x101, 0x0, 0x0, {0x9, 0x0, 0x4}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x1b}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x90)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000500)={0x2, 0x8, 0xf7, 0x6, 0x5, 0x0, 0x70bd26, 0x25dfdbfc, [@sadb_address={0x3, 0x7, 0x6c, 0xa0, 0x0, @in={0x2, 0x4e22, @local}}]}, 0x28}}, 0x4044084)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000000)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000080)={@host})
connect$can_bcm(r3, &(0x7f0000001100)={0x1d, r4}, 0x10)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r5, 0x7b2, &(0x7f00000010c0)={&(0x7f00000000c0)=[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], 0x1, 0x400})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r8 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r8, 0x3516, 0x0, 0x0, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000040)=0x10000)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x8001, 0x2)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000200)={@hyper})

6.291105877s ago: executing program 0 (id=2530):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xf)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f00000000c0)={0x1, 0x1, [@multicast]})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x9, 0x400)
ioctl$SNDRV_PCM_IOCTL_RESET(r2, 0x4141, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
capset(0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$inet6_sctp(0xa, 0x801, 0x84)
sendmsg$key(r4, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000001580)={{{@in6=@private1, @in=@local, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x20, 0x11}, {0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x10, 0x9}, {}, 0x6, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x4d2, 0x33}, 0x0, @in=@loopback, 0x3506, 0x0, 0x2, 0xb7, 0x2, 0xfffffff9}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x1c)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x19)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r7, 0x4068aea3, &(0x7f0000000000)={0xa3, 0x0, 0xfffffffffffffffe})
ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(r7, 0xc008aec1, &(0x7f0000000240))
syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0))
mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000, 0x4, &(0x7f0000fff000/0x1000)=nil)

6.013351554s ago: executing program 3 (id=2531):
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0xa0502, 0x49)
io_setup(0x1, &(0x7f00000016c0))
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
clock_getres(0xeaffffff, 0x0)
r3 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0), &(0x7f0000000100))
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000700)="f7", 0x1}], 0x1}, 0x4000000)
io_uring_enter(r3, 0x46f3, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f00000001c0)=0x1)
ioctl$VIDIOC_S_FREQUENCY(r5, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0x4009})

5.744384652s ago: executing program 2 (id=2532):
socket$l2tp6(0xa, 0x2, 0x73)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={0x0, 0x0, 0x8}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd000020062726964"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
recvmsg$can_raw(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000300)=""/144, 0x90}, {&(0x7f00000003c0)=""/15, 0xf}, {&(0x7f0000000b00)=""/130, 0x82}, {0x0}, {0x0}, {&(0x7f00000008c0)=""/235, 0xeb}], 0x6, &(0x7f0000000280)=""/7, 0x7}, 0x2040)
splice(0xffffffffffffffff, &(0x7f0000001680)=0xfffffffffffffffc, 0xffffffffffffffff, 0x0, 0x807, 0x5)
ioctl$VIDIOC_SUBDEV_G_FMT(0xffffffffffffffff, 0xc0585604, &(0x7f0000000140)={0x1, 0x0, {0x4, 0x2, 0x201e, 0x4, 0x0, 0x0, 0x1, 0x4}})
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r2, 0xc01c64ae, &(0x7f0000000100)={0x0, 0x4, 0x9, 0x3, 0x8, 0xa, 0xfffffffc})
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x71)
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000200)={<r3=>0x0})
ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000240)={r3, 0x2})
unshare(0x40000080)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x8000002)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
timer_create(0x4, &(0x7f0000000400)={0x0, 0x2b, 0x1}, &(0x7f00000018c0))
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f00000020c0)='./file0\x00', 0x208402, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESOCT=r1, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c00fc39b6428afb8fecb3e4954d54bd403b91b26c0b5c8c7639b55d1c3dbaf0256ce3609fcd03bf86bcac0167d4a9cd1171cd8ad7b587df149a29f5b00e1893fc8e2062d3a87ed0817cb7c28ed24e26d4050d000000000000f50000000000000000000000af3889106865d8e70624"], 0x0, 0x0, 0x0)
syz_fuse_handle_req(r5, &(0x7f0000006180)="3ea4e4305830d12dd9009ddb857b480e92a48b3e45093694091ed788285937ce7b2473522335a690d828b02ab613f956aecae781037db019ffda49138a514ee99a088fd6a2a0028ea055aef75e65cdadd3589c49eb6088bdec10b6d405a915a037c1f8037e1b9301fe4296ab789db8c69c3636af08fbaffd5106dd3788c626c35510cc0ebafc64e8b300d0ffa3bcea4d2e036bbc8dae2e46312e9a637b3002b8931a66cbc28a30ee3287a18f1d162a5985f7ef467a43a807cb75d34504dce996e2a3f1bb43e867f141ed07ef08e0aea605cb5b10346efd6b41a23ea6741dba1e2416380b330788486bba4e359fc0d094cc5301530c1228fcd0e378e0260dbdd56788ad718cac668467d4c50a9878c501cabe3389dcf76acf0267489de4aec621656bdd3878de387af2a3dfa7dbf460daffbef878ce2536a57b05bc44a1e01ef54cca3ad250298c95a52ae9927030eb1096e00f265283a30b4ede2c934dc62c46929761e230567d2ba5999495a5a0977e3156a44365b177a07cae07864be9765ba56bc7ecb29264e6dad2e41eebfeb1ef4115b923c49a8e0919db1de67b1cc4c2f30a672d64efac91e63d7bbf75784aa49346338b22504452b36266eb5e924d4b215ce5037da7b98f09a8dcd086f36787cdd6fab9ce916d12b7b939f113be8b1872a75aa0d8977fe598227998c8b5fa3be8831006f6071d2522b1c9be03873844b0a6e2ca1489f2391981ed762f743e4bc35fd1ca7158bd995a7b801d8525ce381de5497916d59183636f72e9b58c72179f678d1d4434a1fd39d304c3b62cfca763ee8c6108bdca364a438145775a76462927207a7ae654801635dfe3c1915d2ab57a11675724b17c0becb9b20f95d5beea1dd5a6eb66ea864a7d22bdefdc6e13a2a4a8c7780b4250c92dd9bd99453f24268cedca6963ab64c024e56e6f3ae74cf8d1eb5bc3c7292f5fc7d37b4c48ca981b8f54528dedac99a19c1181698b1982668c49b1a6b55142944a0edf891659ea82570ceefe2ca50a95e7df6496acb6bd979ae4b5b6327a201288b8ddadfe0cb91bdd64e74f06deb0133385f5c9cb6e8e554e4fd29126f550adc440e6d42de1bd3ba0ed5d0ebc91bdaeecc7f253190a21eeb51a14b2d949fe86626a88fd33ccd40379f67de81341d225a116e60770ab972ed872c124cd7c0db88709a48487c1c9fa6442997431b99a1ac224a8523430ddcfd699ad27e16bbb54db40785b869328e8e804ed5fc2f4b3e4548a9e60d5b73b2ac8564e8424e0dd292924feb14fb76ed19b1d76edafb1bd5585717a9eb73a8bef605e3ef3f6f8518faab6559f5b4b7d2c07f73edf67d3780d8b5b2042788e5d2f7c7184a80a1951323632b62101094bd80acfae621e56cef19cd059c9ff72fe564944bf8063137fdc7905cb63489cf8d250bda94f453c94fb2f6f33f972c0ffc4830bc8d7fb98c4ed8ef2fa6e147002d488d97122d579a9b214b09f792279021a20a36a05c74c9a668bbc4ee5bba0d8f7e96fe9a61feb01b7c0537e47894c3e7b5d19ce1568f8d9f49f3adf9c02ac941a3edf68c841f29fbe82450c2bbdcb7270dd2f5722666bd21c0839541c907ff43da0a10a05e47ac636d4f9c59e2abfb00d31621ac3f0455723563e402bd3ec56a2b7e59a82262119b02eedda2baef71a5d5efd2533b7e6fc01d6cae9d514fe63b30fdbd92548760f876f8d77e7fd8500f83e6f4e6290e4df64c73d6ab61737797b05235dea939163cf55f322939014acef81d248baa46e1ffbca5a699f0824988b4313ae222bc8d3a3c1e875054a9494c9beac817179749b5cceabbb7cc40bdb8e18d598b683943a61fe105b868896d78e1e3a802774170ef3c1f339b6d20cfb5a260fa197aad2e18146ef53fa9c783772dc9e251c2140fe89709d007c5343681cdf4569d5f3190c0d799504aa0a9001e26a11708fbe929f63ff691a3a0c7a06125d3b3d13b3241abee4fa8c6d27b26eaa58b454e34fe20128a15cf7f96bfec32904af4b2e04c26bf9393d45b0d66a1a2f15780a67ff34daa1bad27262ec78f27f9ff77157ed5201bf257e1d1d06f2cd3a4cbc02bb9003caebc7e7e9fe7a256de9fc2cce105644c833ee659e3f6d526142d154a881cb70ba8df353a5714bfee5480cf8bff86c62c3a56d45f821d99413f8ea8207a41b7d577e5a1788d051c8c19cc1fc8be844f18227b7eeed330a213a58009c7ea3cfd5c77093b5315c90d36fe15ecd9d9e7e4208aac31abc3928d162449ee68f04aa2aaf5b8711529b97944a873085ed6b59b53b2ef8a397733d5207eb27a81c646eb7079aff7403181b0d658abcdc3445096844b3139ee23cb30f9527b5c84105604e8aa57b32e0470dffa95719415b74ce519ac27b20a38045a9792043d3c5b426deb70b3418d9475c6b85580e7e414c5a9ff35ce7c6fe2f2d5ee8d0aef619d8c2c06e0af87a9bad9dfa2f6ddb57c2e636563a9ee58c8613be2b329f4c16efbe56ae671e712e90712cc4f519276cd7cfa3e421e87ace7e5469665b4345322c77de68639a6f561a0d203d4823d4c3a84f1b2b04c60cd2fe855652c1000b0f5e1bcc2355496522a5046a849d407b5d86123432a41d64b549c1713dc3f0b4a787420c9d3dd3052dbac55dc15ca6584d08bbcc7ece7144fc179d302c5e0833b1f667e0f4110ad9b31f5b7e19e11fc1bf5ea0f9a81806ab5bfa8caff29b84c53c04a85d175c05a74d55b548ae69bb365760ebd841cfd094ce2d7cbf447285f53f5e7cb4ccda0a607c9cf7c3aec55966aca8b8ce33eb30a138c3e4d85e4def697e0e00defa03f2c501010baa3470450bec0acdfcdc7f530584e7c2600ba58722303a11c9387edcfbdc85f1128155374f9844f381c2a8a15bb7df67db46f30b9232d3d6037d86dbbbed316bcc5be6fb3ab78a19c9df2889188c7321ffed7795dfd67f3853e516cbaef5d079aac33cbd2cd920b560945744ae03611257ccc66e9523de5282efbf9871092795c05685cfe8749ff4a4cf42aa19fe4f935a71ba462860f1243824fc2888cccc6866f1c81f05bf993b58621cc8f9c6e72a7db971e1bb40632d75c119acbcdcb88b5f1ed4fa5162da82ea66c21f2064867d86abf308a1c65c0a16879d56e2e76ac4110acca20be3abb731effad3aef7f0da4acb9aed0283111670d5ceeba5a551dff13de90acc9dc3176923ad1791a73eb41a3f5c260e4df26a1b8782fa85e5cbf5c20a62bec97da4096264fafafc9f5dcb9a8ca2990a144d6bd138cddcba35fe3cd2609f0189d37e2d76f6d96ea2ba1d5ec9b42c94f254904cd938ea2004b43a111c2f5b53eca1bdb68f8e84fb5834098ea5dd6388d41c987763c8b2c9733f758dd74ce5eeda6cf28137a4d83a66f05d90fb1c9acb0214eb7e5d0869b201330b6fd1a2948e0ad0af0c4f3deb08fa875223ba27f1d42f63da665eaeac81ea9eca52ae1afaed3f4252976019de7d61059e29c8220e88a2d9a4e6202839c74dda2ae43ee2514b55aa812889e4f8e153f9859af16f130053024a8bac43fad387cd526ef42bea5cad61230bbf89db7946a03101d18dc1ae46d046212ec5285564e65d876283fb937d6e38caaceb5716c8b2628b3a349058fe27fa58d53d6e5a769996217960e50846b2cd1b9fbc686f157e19d69a2050098097d45c2879e89e6fa3c5c79339fa3881fd228c29588befa5eb769a1cc1b67e8426b386ee0e6a80d7dd261b0ffb14b321190f1a390c6a0e8052a750d4cb587720ae43f6ffbd7f9328985b2aece118d4838c2eb55e8592823f74550b5d49377464890903f2650999fecb01fce6f6e51eae4f193bfab5f35b854cb0221e75898f111e94d5861fb15086889a5f804df2f7fd41cd49b663d352c59c6e8455f8287aab47cfba4d860c81ae1f61eb8bba8f18bfec3da3eec80bf39a6ff8d028650da69c108f98cdd8359756ff2b911fa688131121523187f1e449baeb64e332558c9d5ad9794e514a4239fe3277749506d69b3ba9df2c48d0111c526674e1ec144de88c58c93ef06da80e14675d0b14842a1ca644af3d7fd5907a46ae58df07f060088573683d14ab5310d471e139a47f8080fc282f16eae908671f35a9c1a7b2941ec86e85e15207e824437f8f79b173cde14b9fdcb9ecd82b224d45f724df18760a2913d907ed48a696367985713ab99d2416213f9991766161ce075aa6da4a7fba3a47c67d04ad7e669afada886f046363fb03a0cc795e5a1840e419967b1a19f40be8bf2a512015d486d00c4026ea86324b5b541ef8388f070800421c137d8ebe7c9a539b529a4af69165c1a6ea23534ce8efa7efb2ac55969df429f3b32d2f2aecb5087359c1b83224e4cfa2c583a1e147dc0202334a2c953383cc69e3a807299d86358b6f42a499eaa5d5680cd670fb49af6488c7cce6efae45682f98d63371eced65de02a82bf560a335ba630283dd77bd3d15296bc21bc337fc1b6d34d77ea7f681055459447f01b65623218dbadbd1958a249ebb76fea35d56299a017c4d7920fb0433d5769bc5130d8a5ed950f8084ba0036078374b82ad14a232f137214bcaa82ea7fcf7393ff4226aa1effda1d44a6100896ebcffb9414baf53c77c84113ef99f89f9f282b19b0e057893ef9c81399e1db0e3a25549dbdc69895e5eebbc545e468401d18dd20afd2913f89c3c0d95d54d5145f5cf434287e01b73b2646a7dc42e0f64fcdc1f3853aa41a6242c6cbafebfd62d147dce9368259beefe4d28179750893fcbdab5956f582372c1c616db2a23537a353e08e275fece1a7c0c0bd9483160fc643ceed9d687d520e944923f1eeccfe7f2e5e1c5876810efa0deb7f00c8f606ca5c14e3bab922243d013288622cad6667696e6759742376f7546339ad37a9246c98a6500686aaec51e2391285e7bdac34fbd4a1df2147bbee2d56c7189b4aeb3880bbc63e6b922b27133497be09318b064166ee8b5ca1c360dc510592bb3077293ff7e48bbfd2221a8c823eef8e677b51b40c7a8bfed1def9e19af5a418b65567ad9cecf4c16232683740dfceef0bde563a0942db0d77493b2d683d413d9fbd0ac8fca1ecaf6e57fd7ae680a493d8c697d3cc038cfcfc55a9a30152ce450dfec029a4edbd38f10222149a87d358f881847d4daf8b182d6b1313d616a767dbd9d71c7a3ca896021216665fcb2c8fbddb593013118cc8ab5044bd6f99bb278ad871917c9b1684cecb2d0e8babaf33fd98c02d8451aa48f3b2a6d6e9a5d12910c7aff613cbcdda418a76abff697229b47783577d0ce2f0041e1360a10f607612405b9b06180d85617ff9c5993a986b32071cf4c43b97f53eef9311929cb8035ec5c2f65cdc40bd757d612de5b9a7eca6e7e70365dd47256ff9f6e22e91ff22bbbee51e153d5321dc76ee8a664505da2039da1fc87e3727f085a47ce3eb52b95edb41ea295b79752c672348621e4d49c48b7d065d116cd1ebe6203e9ed62a9d3367eec2ed7cf3e4762b5f71c6ab34a953482414b762a455ded6e0ede9e07c3b9915aa51aded822c57a72ee3ed236b7c8c3b26db5092baba5d4d385d1e3c0e0d860da91b33a85c20e30da31b890f85a88a5c105e8aa32d6033beafff9ff510a7c7fa566b86eb473c702fcf08449c581650c42b90843b1baabbe95b476983fc98397abb52450a65505212b25c94a2fe3d64816eb9a76e8e8e945b7dd544aa039e61fc6331d88ee4ba297bf0d59a04c95579b62f316da65064247cc1d45792f1510103708d636c53f201b1dc2004a479bccef0bab9bff46eaaedbaa445417ee040c568ca95e606d9d9431798e91491f48434551cb8d8b4b81b389d43845e04d98dc0edbb74eae8d13ef3f662a26d7e548218952bfb4d697bd5c3700cea776ac3eb0ebae5c101bc341688371e31bda8cf7819ff4fa3a478faf97582d497112e510b2986f4238d3d4219024ac82eddc2dfe6d42dd1652ec09548768cb0a46e475493a75a75c54c47ec1e6265d34a87634e09394c77a41b01f374a79333951eec0423e037e0a5dd3cd12dbcc25fbb028613aa7382bade63c1d300b0a6d021f65fca7905e622eb54bde35d59c169f970e3de01272229e78382c7e87cc052da8b7b2dda1d29bc42fd2b7091feab28c14dd9cca5c8946afd8a466c681025128d3f752a8bfd2a8bc0c1bd89c01ad7803d8fe9ea1247e25d8ec18e0c18b8e6293b85cca5535a075b799519623d98a9bb393df5f17065a7f11142320e3138fae891346ca10040fda33128909b485ca1fa733f7d44e424d8dabe3f38d4249c3cb3f22d10521e536be978ff2dee276098db46b56e782596a68d5144ea1f2dff227956f4f860135ec2e0cee212a51b63c60e775fa2e0a7dbcb6f3d27f09dbaf55343bd2af3aee72ed39e15919d3e5b2bc67710c88a68806f1713313887e72e6af52f7de7009399b81cadfe76bff2b61e53b259218bf854d52644bd8e722e170bf9b109ee819b960b8d9da0d2dacf48083bd8a766d3818eae48ba408e18c63c8b59e282553a71f62083e6a007ffa6ce8ad271b7202da28f1d6be4332f404c1e2b98acc4d783785c1eab14361db6382594a9bbc3304f121f198948c91fe58d96aa6a8e12cc3f46f283e635548d96341fe3052aed45be1970010bb76325873b7902f0f73bf21fbe0a5cef6ec0b50902174c3515c89421a496737024b22db73916c4a41d294b8eec3913421b784a2629132461d4e6d5498a88b87abe2e385df8688b70b075e2139def62c18c60f96c1715e203850155ea7bc8d67e77428e9c96a3edf06d984f29959217633a907e7aa0f9792313fd30c6f767b79981ccbf1bf87942cf082090761f9faf5afb90f56a80908cdf34387d3c9ac4d27321b8b2c64f66eb3bc0f7937b0771b68eee977d5f3682fedb04e51868e4e588eb625a71db0057655af47806eaa6b875304738f1129d95ef85921db8b584af8e389297c8d59eb4f5f784474e5e293f48c5cc45e490878c31d32bcbfc88d51f96eee3cfaaea0e443505825a52603a06aa8cdc8920af575650833e7715dc2205ecba7e304eb121cb0d65609b853974fe9ddee9b9cb9fe4d1c08fed5b2f3d0f51e104635dba4857520e0cf319438659cb765bbbe6bed3a6451a85e3efe32707b2c84d7fbb99cd80b3529605b221b808cf34bfe776607cb4074cb9371306c74f3c38a4b48f8a8da8a02be28a08f5a0da463aa85863ef54276c4f414667d3812deb6b0e882381932585e3d08c6f3c2c13b9987088b345e1216b3d525c99820c0b6688d9c0271f648da1881e58fbf5bc02acf226d9e90a64911ebb27b415f3ff4f7bdeb9fdd5bb1f39a99f909f80af444b902d1bd96562882da6e0ce9efb2adfdcd78803164a5ebacd12d6246571066e8f05a37d9eebbf41a88926b6bcb287f4ef47728ec00bd96ccd72eefd5815fa9e2840a100e08be686e6b664c938a0eaa7588e87d69809af59268f3c4e92a98a663f83481668e0f3ee684a6728fa38c75cf66ac73dcee17dfa5ca94601b1e5ff91215492270e24c4abe4dce8686e99d3c64e7c3f5972152da99388bb59e282a1e300627e542cfea5a390dd11f0c95f52702982c0e8c690c1e7bca2ecffb7287b617090ace76f818fa8a9078978e1e249a7f4fa281fb3174fec950f6b9afaabb3279e22c9c37a4ea1c05df6c49c1b89b2ed23ca3673f388f502edd3edc358549c039eeec6ca4ae3404bbfb688c3d90cbd4a092e035ec48c3bb1ef08e2b1b6326622419356669a8399954dcbeddb197de9fb5407e105d800b6cfa91de41b2eb3ad2ead5487b9c7b11e76f2ad08711b00cb8f3da6794398a961853bdcbde90086ff13d69154442c8caa36d56862581a9f326f85c6722be613caf2329d4ff9734c99016390e793b6ef90c540ad3c7478d7b221a71e0f10575ce5f666e2425903f3c358c4dc5b29133da5027b541898b501cfa144e166d1b1d7470d05aeda051a1cd5bc3bafee7ccf8564682cd728d0dfaa4f731438de2ca3095f105c0bad8f3b039a427729ba1f96238403e3d1c8a2bdf1730253d6c78e42f4dc5a6079e95ea5013a9d335e628ee7d2dd1c7f2d25342b2be5c9fef9fd5eeddc8665c1a39705231538d0f3a19e9c021a7d6d2d1c6b3f4b483e6198ca6d269db9e82746c5ea36c70f29fc98462ecaeed27547de6435a82112b2ec9a8c1e759f82d04810824d97f1ca45071f6ac242b90b218f2c2c9b4cd42b56dbeb5e947a8e8b476749ab8cc7d910fdb17529440107a565737b69440cac0b418858d62fb7af804c5e483faa849a6375ea62581eff9c4dd3ccacdbab7af9fe9b2be75cb2e322c296cb91a792ab424f77ff348d07dfc2a5c5af476cc7c44de169dc1702ddbd5e4d7fb11172d8eab6df3b70c7b66fec5177a533ed44641c291ed9d8cea6832c24c3cd279c9f3bbb355fe47364d23af48cf8a86d27727ab2adf771641ff447291fa9ba99cf5c2cec5c968d565aabe16cd07d752f7d5b2c78e77cbd2dcb2bc151a35207026c98b755eb0e6fdc94628de7653f7a461e0b51f5c089fc4db6deca2243e3e5532bcc279dfccd2651db61565968dfce800e995626a4bf045e3522b996dee4bd10980ede518f4a5d986f41c53f0e2820853337869645c31c41c9563f1c01ce651e916f7472b04929feecd09ff768bdf74f0b40a0c58555f2a390db9bb7990dc31f995ac4bbf1f90271cd4b90ef7fcd096c34040fbd4a74aefdc5a6b8edf38da8084c87564b10e6e2cd7d0ea6849cff02c06e4df741c278f0d29ed6c6c739376e1c262f9d780fec67aeb519cfa669c9d6487ba527e0ccf5012954dbb3ecdbd3f5be1c018784cf83b3bd040e7116be8401e760f82cfc86ac19a18f28c894662f8dd13b1aea577c81bf2447753b57853765eae4353b65475e10c3b36bf0d0dc3199dabff76a06f70b173fac295db1f52100547050f052b9d287155bc8b04435ef35902395ae894bed80080fd3becba14c51da2cf34e2999cdbbf652dc6862e8e65f675b1d7e5da57fbfb497e8111dfe77164372d707a5857325c47afb462f7a38f617d158e8a28fda6d121e532e44b2ca9cef3c34a7a8d748c4edd061b62f6ab7344317b0dbd8ce4836142719a7c0835901236180840246527f3ba39cb64614e95d4af008d281b53853532abdc663051d041af7d1aa9766ab185efb77fcf278f09577e01e507a2034f435b66cab7692a1733d1ad3d5d566396fcacfd1bbdf542e35136a49e2d3cbc21ce157ff051a0c1b636b159f370366565a8ddadaa1502b425ef27a1ff070c52bd17595ee507dc984aeb14d2aba07fe786f3733e3527d5bbfcacfb09d3d5cf94738d1b13d2590b1bb1ea2eb400e9605f90b4b23c125622da85ece62e4493938099a4058e0b3dda2532c6d62bd033ee7a1cd7683620a6501e3ca420f9a64f462bbd4f125d154beff38c8f4a1278f9d6194289234d7e9fd397feb24fe1a8636e334d1342fa590b4578b3c677aae57119bea99ff7a5635b98ee867a282e5f3444b70415c0c33942f041c28589ba0de67d7b7ebe43ec6656f60c82c9d75bc8dac80791cd59a9c576ccf726cc97befcb9aeedf32b9ec6f4aaf043ab9bfc4712ee6bc4906dcd9766658ce56fea361518bb54ccca4bbb82eb64e417a37899ab31736ffddf51f97aa710b29f18ada97a200bd65d655364149db2c41cf32bac2c4bf799bb2356335a4fa01016da72bc7dd99b3f902f8b80a89d19bb04f8c49cdc5a78b17b52d52c06f18baa9839332f3ae59909748cd4dac49c1901f3c2dec64ccb40a49fed1699fe1140f8602384a930fed2ed6f9c120c9e6158aae34d8ec8a4fb0cb7ae19c2865e3939b499b5a08183c342ff4af2b3400980879aaa6e29784e90bfc915b9f31e79b742420952bda798a8b88c77134cc5752630e57fa23f9b174535e3244c9fa475d1b2829fdb768d22d6564e55556fd3750bbb223f3b5748a57c899d324f359c3842fddf8055e1b40588365393b84aa798fcc8b321ba1eeac33d340eda01fdf697e81bb5b55852f6b355a7dd2082cf087949cf9fbbf697af8f81c20f25a1c0b92fcb06dddc50c5d9e989a15a2fb7d0544f1844e3f46711165bab1658615f440b71f93ddb713ba91e8f4d91dd17243082d61cf43fd08861d42f41f1ebc68be633bfcc79b14cdfd7b171ed4b282a926055ce26e7fcf40d1e8e7d05ce6660fdb825dff76d735bce7b43c98e5b6c4763ccff99b45c1439859ccfc61756c298eef7424c465aadcd71455448827e39e5ec21293f2007617fae73b74de8efe349c726a9dac11524720fed5214101b4f26ad6fec2215a54980512a57358545899c6898692d805134d606b3022d16954747d247db0093dbec65fa7d101439ccee58a8790ee0daec0976a743d8f7aabbaf8d9945e95ceede27387e2faebe8d1eae6feedb78cdf016c6c5888e56ab4830b002513f87aed9bb4988784c0debd8f566ea9c8467bab4a52a52de9e262f16ffe222ac1ac6f6d5de557eead4554f03bc8ebd681daa2ae6cf93587d32dcf53a184f5019f0fad0729095a5788b04fc6987064b80c6bba46e36fdd767ca9c6819445e95ec7d60c3f9b2716c206a589e413fd7bf1d8fd3f1245ff54d6db4d7b45f20cb4f6dc8bcde65484d70ac38921f89261d27fc85203b801867850457a3b61fd55e805bd3c40a336bf87101d8914d21c8c968e934ce265cca3efe21d3ae1b78848f7b50a9a2e9b51bfca2ff7e0292ede0aa013af1c09242d6e53f23a216b8ccc64402a46eef3411c06cabb5435b1d2d8ddffc2c3dbbbb0e707e03ae0c518414dc7304dec25084891255011dd133d235e663ff38ee78c9abb93c9f692c5195222c881e35431d638367c7e570c962646424dae41fa2b2af118a93add1e088aaf7e1dd108c7096f4f9868a8af02cc15db7493ef011d320c6d64f6de56a51748e9dc4b7bd1bd515d3e9522a65e87e25477f71a6bddaf7ee5a01d424ac153efaa52f1e56fbef9f66efe5642f7dae41e419a64be65635a088885717942d475daa806ab151b087525446227d0d75a493d5a98486365b3981b3bb77a7c6c6ed44a120a98d0f2d35e8ce83837004c39bf09ac5723b1d7d7392f6e94462e86de853c6841027c697236331e19aa45693b2dbeffea7b00f0b284e49b04935327b9808576b397cb48d6b1960d06058f1cf2d0641d7c99e79dc9d47efd1d5bde85bb51ffe4a687c2d364713ee0ca4981f371c7a418b61118431984324f84f8cdd6e2849c00c1f14b1732a08ffa08d39c312dd809f15c8a651cbec053e870ac04c131946d80a8e684c8f309881f98220d7e532773d4d8304ae53428390ca7914a408030fae3b47619352d8a1edc33856530f806b8efe61bedcbe199aca4dbe79bdacb08b361e31f59c00463071fb19edbc0cb84c59130770fcd17643f7c37c1f54753f40fbeeeee31b22d89944ac6ee913e63145e3e35f804d2cbd08d9f2e278be717872a4fae63d8a8b462f715c3191d394a67a724fab2e4ec31c439fb2fa01295aeb56910fd406316bdfed587c1b42a733542a55793303e59dc23a40bc9b9f5713a3dc21b95b591ac9863f31a4ecd160e7d9b7b2ec2b137e67", 0x2000, &(0x7f0000001ec0)={&(0x7f0000002300)={0x50, 0x0, 0xffffffffffffffff, {0x7, 0x29, 0x9f53, 0x0, 0x691a, 0x48e, 0x1001000, 0x7fff, 0x0, 0x0, 0x80, 0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f0000002240)={0x30, 0x5, 0x0, {0x0, 0x1, 0x2, 0x101}}, 0x30)
write$sysctl(r4, &(0x7f0000000580)='1\x00', 0x2)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12011900000000406a0563000000000000010902"], 0x0)
write$sysctl(r4, &(0x7f00000000c0)='2\x00', 0x2)

5.615903042s ago: executing program 4 (id=2533):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000300)={@multicast, @link_local, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x7, 0x8, 0x5, 0x0, 0x0, [0x0]}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0xfffc}}}}}}, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000300)) (async)
syz_usb_connect(0x3, 0x62, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a2405c2"], 0x0) (async)
syz_usb_connect$uac1(0x0, 0xf8, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe6, 0x3, 0x1, 0x9, 0x50, 0x67, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xcae, 0xa3}, [@output_terminal={0x9, 0x24, 0x3, 0x4, 0x306, 0x4, 0x5, 0x8}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x1, "ebf202ab"}, @extension_unit={0xd, 0x24, 0x8, 0x2, 0x9, 0x6, "1e2308b16284"}, @feature_unit={0xb, 0x24, 0x6, 0x2, 0x2, 0x2, [0xa, 0x1], 0x29}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x100, 0x3, 0x6, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xd, 0x3, 0x3, 0x10, 'p!'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0xfe, 0x2, 0x6, 0x2, "", "a9"}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x3, 0x4af6, 0x9, "b7d44c2af785a462"}, @format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0xfffe, 0x200, 0x6, "535ebc66fd"}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x4, 0x1, 0x7, 0x2, "1e", "14dd63"}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0xe, 0x5, 0x5, {0x7, 0x25, 0x1, 0x80, 0x5, 0x6}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x6, 0x4, 0x96, 0x41, "8b7c2d"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x4, 0x1, 0x0, 0xc9, "56c9", '?'}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x8, 0x2a, 0xfb, {0x7, 0x25, 0x1, 0x0, 0xb, 0xffff}}}}}}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0xde, 0x1, 0x2, 0x10, 0x2e}, 0x5, &(0x7f0000000140)={0x5, 0xf, 0x5}, 0x4, [{0x2d, &(0x7f0000000180)=@string={0x2d, 0x3, "c757835a6475dfb1d0fc28bbf3d969f6fa9f4dea74fb1a60f877609bcdb40d5ec24b40190eb7fe812a2b3e"}}, {0x95, &(0x7f00000001c0)=@string={0x95, 0x3, "41ef61c00235f59b413086ccd807433804e0c83cc95793152281a0a23f1d5a7ef8c291eea3f3553ae65791ce2f1cb6ef35b1406b70d724b1145a2617108d92cdc50fe7d52c7a6fd0d4f7bf907d7419e5b8fa98729d230d33949fd7e4a1a4719acecd9a4c9911a2b209d64b83a48907a335f2c7cee874eddd0aecc4e48b41905dc580a2b7f1951edf09ef33aeaf0471e42c13b2"}}, {0xa4, &(0x7f0000000280)=@string={0xa4, 0x3, "90f3cc6f464e556e0add641cd70a27a2a4d3620cec0c5f6eeb06bd053fb1d860fdf31c6feaf8e20dcdb45b75cace36d90aab018438d523b30e137e08ecb5e2212fb45462fededf2d3d50c4637f6b69ed590bed9daa16bde960093d333dd13631b6a1faf1c758a696bdb845d272bef5f671010137a155cbca0b163c8bb888da581f0d6c3d731ab82e677f48ee61b39dd81672e7f400fb845747ac4a3a98006cc2f529"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x80c}}]})

4.292820853s ago: executing program 1 (id=2534):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
r2 = syz_open_dev$video4linux(&(0x7f0000000100), 0xc3c, 0x40)
ioctl$VIDIOC_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f00000004c0)={0x0, @bt={0x2, 0x8, 0x1, 0x1, 0x6, 0x1, 0x1c6, 0x4, 0x2, 0x9, 0x1, 0x700, 0x2, 0x8, 0x1e, 0x21, {0x6, 0x9}, 0x4, 0x58}})
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
socket$inet6_sctp(0xa, 0x1, 0x84)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)}, 0x48043)
r3 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x2}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r6, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x2, 0xffffffff}}, 0x10)
r7 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r7, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12\x00'}, 0x58)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000002c0)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
write$tun(r8, &(0x7f00000000c0)=ANY=[@ANYBLOB="000086dd000311000400000000006eec00be10a42f01fe8000000000000000000000000000aaff020000000000000000000000000001330022eb"], 0x10da)
r9 = dup(r0)
setsockopt$SO_BINDTODEVICE(r9, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r10 = socket(0xa, 0x3, 0xff)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001", @ANYRES32=r0, @ANYRESHEX=0x0, @ANYBLOB="6dd5af93be1bdb4ad17e3edb66ba949034ae986095b293ddd007b3f3485079af27a4d10e41aeaa277aeee2a2d5f29eddcac98e398fb6e57ebc21f44fdf57960af4cb8fae1f6a8521dbe41020881e24600d20836e0272aa8cad427edee3889df118ba169879c933b6a3b5c8e7e14ea1649efe2475a9e66be097d5f92ce2ce000e06f0531d0d89e1f444dd162f63", @ANYRESHEX=r5, @ANYRESHEX=r8], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r11, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a808682b7fc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c00008008000340000000023f0000000e0a010200000000000000000a0000000900010073797a31000000000900020073797a31"], 0xdc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r10, &(0x7f00000000c0)={0xa, 0x4e20, 0x48843e0c, @loopback, 0x12df}, 0x1c)

3.969682169s ago: executing program 3 (id=2535):
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0xa0502, 0x49)
io_setup(0x1, &(0x7f00000016c0))
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
clock_getres(0xeaffffff, 0x0)
r3 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0), &(0x7f0000000100))
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000700)="f7", 0x1}], 0x1}, 0x4000000)
io_uring_enter(r3, 0x46f3, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f00000001c0)=0x1)
ioctl$VIDIOC_S_FREQUENCY(r5, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0x4009})

3.909153807s ago: executing program 1 (id=2536):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) (async)
r2 = socket$netlink(0x10, 0x3, 0x0) (async)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) (async)
getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r4, @ANYBLOB="00001000252155b21c0012000c000100626f6e64"], 0x3c}}, 0x40000) (async)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
recvmsg$can_j1939(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x2040) (async)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0xf11, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x11b5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x5, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40045}, 0x0)

3.677941953s ago: executing program 1 (id=2537):
r0 = socket(0x10, 0x3, 0x9)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x3c1, 0x3, 0x328, 0x0, 0x2b8, 0xb0000010, 0x0, 0x5c8f0200, 0x258, 0x3a8, 0x3a8, 0x258, 0x3a8, 0x3, 0x0, {[{{@ipv6={@private1, @local, [], [], 'vlan1\x00', 'veth0_to_team\x00'}, 0x0, 0x118, 0x160, 0x700, {}, [@inet=@rpfilter={{0x28}, {0x4}}, @common=@unspec=@limit={{0x48}, {0x0, 0x3}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x400, 0x1c, 0xfffffff9, 'syz1\x00', {0x80}}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x7, 0xffff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x388)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x8, 0x0, &(0x7f00000007c0)=[@release={0x40046306, 0x2}], 0x0, 0x0, 0x0})
ioctl$TIOCGWINSZ(0xffffffffffffffff, 0x5413, 0x0)
r6 = syz_io_uring_setup(0xbdc, &(0x7f0000000000)={0x0, 0xd20a, 0x10, 0x3, 0x40004334}, &(0x7f00000006c0)=<r7=>0x0, &(0x7f00000000c0))
unshare(0xe000480)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r6, 0x847ba, 0x0, 0xe, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r8=>0xffffffffffffffff})
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)

2.788804383s ago: executing program 3 (id=2538):
r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x6c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000002c00ef5f"], 0x14}, 0x1, 0x0, 0x0, 0x20008081}, 0x800)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r4=>0x0})
sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010000305fcffffff00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b0001006d616373", @ANYRES32=r4], 0x48}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1)
r5 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x1000001000001, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000000)={0x980914, 0x8})
fcntl$notify(r0, 0x402, 0x5)
pidfd_send_signal(0xffffffffffffffff, 0x15, &(0x7f0000000040)={0x15, 0x8001, 0x9}, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x0, 0x0}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})

2.741009223s ago: executing program 1 (id=2539):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000808, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x3d10, 0x4)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000003fc0)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x22000, 0x0)

2.637297949s ago: executing program 1 (id=2540):
r0 = syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000e780cc08c0070515c5b80102030109023400010000800009040000038e4ee2000905000000041a06010905010300021007c109050c04400003030f07059acb"], 0x0)
syz_usb_disconnect(r0)
syz_usb_control_io$uac1(r0, &(0x7f0000000140)={0x14, &(0x7f00000018c0)={0x40, 0xe, 0xe, {0xe, 0xa, "1fff240a91ed16158aef554d"}}, &(0x7f0000000400)={0x0, 0x3, 0xe1, @string={0xe1, 0x3, "8d90fba7160ee722224e59d2652c6f5d2a958a1f3f0d0e1d49f935f045ff5d4715c74ed97d2e0082b9bd6e753a86b4ec1721fce9d762752473b6f524f50341a9693a420dec38cc6c451a040be6a3049070ff530d16f114d7941def3daa3d53d6021bd7827319804afd2fc7aa540a8ef9960058b3a0ebf61345464c4aa79b1ff2310a60bcdf74ede8d5b9c5868b701dd8663275c6a0d4babfc4518d4a42802cd03ebc9bedd1eea2965e0b65b1959dbd6f75660564728ab90a4c54bdc65a819b6c86418726198f4028859fc88cf6e4c224273641625eee07b9a439724706b3ce"}}}, &(0x7f00000006c0)={0x44, &(0x7f0000000500)={0x0, 0xa, 0xe6, "764631ac9908cb71513f9191498f4669fd0d4b3441b1933aed2e4ce7d07ef129ab845fa6287304f7eabdd6e81e87bdca660cd543fe97f150ce0a599c94a3473f6f4001e16343c2d5b8e4b59c471a78a05338fe8d7a15a90f36a17bc10dfc2afaa582b0c9784fb73e51709ae8a7525842a0c5fd874ccb1b92f1cc8c2f3c659e0f023fe98b34d2b0b2f06a27194db33afd9ec7de8452fd8e573032ea7ba1d1ee45d60e2a7116501f198819c7a84ce6f497d9838222d8f9bcfe4bc06593e382f49723277a994ff98ebe60051c6d1d1c993dc0b9690aa8e449af663022d52cfcbe33d8627def37c5"}, &(0x7f0000000180)={0x0, 0xa, 0x1}, &(0x7f00000001c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000240)={0x20, 0x81, 0x3, "2187ee"}, &(0x7f0000000280)=ANY=[@ANYBLOB="6522275123ae5f5b"], &(0x7f0000000600)={0x20, 0x83, 0x2, "cb96"}, &(0x7f0000000640)={0x20, 0x84, 0x1, "1a"}, &(0x7f0000000680)={0x20, 0x85, 0x3, 'p~8'}})
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0)
unshare(0x2a020400)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r1)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x2, 0x0, 0x7b, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0xffffffff}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x0, 0xb}}}}}}}]}}, 0x0)
ioctl$EVIOCRMFF(r1, 0xc0085508, &(0x7f0000000500)=0x18)
r2 = mq_open(&(0x7f0000000000)=']$\\ ', 0x40, 0x6, 0x0)
mq_notify(r2, &(0x7f0000000040)={0x0, 0xd, 0x1, @thr={&(0x7f0000000800)="713be5ea95eda7a5d7f1eac807758a1102c98ad468f5b8a53844ad5825ef750896c6a37a3d18d3b337877fffd7e2019ff6c79bae7857fdb185a696264c2c6b165b003775c3383e5a74f6cd4d3992bc360124be6f0f23281dd6ea5aa0ffead5287256e30f5f87fe5283ab2de1f1ede0d6bc29758453b3f5a54ee666baa6565e3296f5e34818b893ac", &(0x7f00000008c0)="5255860cc251f2db3bdd13f3212b07d3ef6098f9b0d2bf9ed476fd7cb5277c01d8e1501a9ce4c6ee484fb3ff0a0098ea9b5c43681b784665cef855aefa97819c78078f4835305e8d5ec876109f974e8fc902512fff40ff504e329cd40d1593ae083341b043d530cdcdfcf478f1eac48bd5cfa3912ecf28dff76ce573b25cc073ae0b8af4a250fe31caadba15dde73a50d8d0c01ac3844ad03ea3ead7aabaa866498128abfb96053ce9ace9b1dc7fa9d9bf90692c90e55fc5a9faad98ae44bf94c57333fce90884acbbd56960b15e6be18b2421b144f4cb8bca445322bf0f27b965f99c7e786fb2c5231040eb4115596412968d34fa4f5c7dad83e02e0b4f5e1d073667645b5c919b66f9e231e26497af7bec3d2d5f1b9392a1396560bf3dbdf89f7c8fd55f4ee2c1debe01314f65d96c6cfffb9dced7e165b526d305fd9958c91d86d8e53909bd1d74f96a6bff1ab00ab540afdb2e2ac73810e1eb4e0a5c959a502e9534b1f3d72277c8ccebce9cd3f3b425a15ecddd13f18736079d5d3a9a2abbf8a4cf8eec030041755c1c386f60da1a2187f6cca43fa9ce731adc9dccdd82e1437e72ced152509bd4f4647d87d439119ab9982a33c644c1ec37cf11f5cbbf71056b7c8d165c303d956c823208648af63476bb6e24ee6f42a97d0f38a34933e900ae33b40d7e9ff3c0fdf85a04bc7fdf546fa5153e122d033be4f423c995583cf4982d2ac2ea0bf6048091b3b2e6846a34a17dbf5b94065f9e373da5d931e4e80da9742e84d903a1c4618237aa985df88a51b747b531f12165bc54b5fb93ba5d59dfd159f84c65b8691b7953e4ff126f74e40a7c2fed06352d8c17c45d25035f3b4d722c2106031524d40d79113085fae82846077192ac99744581124a9eabd4043f3d4293cb5b403a36119df5253687ff61c047d452d1f9962456b3ba0bd9e2a96abd262b329d724483ba73ec5ba68532737db3cd21a18237a902791035dc6c534bfc6e5a019341b66428b9d581a18e14979a4bb5f6549c23091edff37b13968129180c6c56b81dfcbf5bf772f32203a91a71b8feddbd42dd97a7b2026a050007006a3b1b7bfbd9ededc174cca254e8a52028138a879406a49c2fd67346abf89e308b86440850dcc9ffe99b11bbbd080abfee68f90fa447f5e621915e63fd579408ca27fa7b54026151fd6a0e60a551eb8ed921b675f9e9989726c8b2010748d6d83f670dcb53ff185e6f7b5b0da1f09d68ac8dc0b3a73c7a85944a3709d0018abd8794e933716a9ba695e6ecb70aaacfa20d1524f98181134033abf5be42bc60e59bca05f2c7ca6302237164c4c019918599e7ee63437f5d938d170986abd51a6725718af0996a4f23789e4d03e9010db118d9814b88ca4853c16354003c9932e325874eb638c9f83f428d3fce95341d77f5bd4b15242b38d95c27d4f5d565821ce9430b4f78923742152e863b7ca0b99f2a9d01603ce811bcfeb63f8c13595421ae3f6fbac52a7226cf383afe3ce06e599eb074b34afa59d9378ce544a4bdb63e73fbe799036445ed41254ddd4352c6391e0939277e90e75674c7ff669c9ae918b99b0cc26cfe692a4bd8ae376b3bea54989bfc142af236550449ad3ff5af9a11973067c4556b9dfdbc3ee395025a5241053dc6da54d726f05c907aa615648aa1fb05628ab1ea9d8d9417aa082db7a16a61cab70b28f5577ac681966724fc6704b2baedf17968546a0d9e478e8094fd606e960436890eafd035c23cf8d8ee414bf4aca5dd8bc20059f0b7898a883cfbf22afada20afcfed4ff3fc9919b03e9fda9e21efe98769aff24c49837b7a08d900cfb664acd1b03c39bb256463a8cfebb60d849e95a1f34d3976d337e01a28f0ee6d6335c357e8339105c2b34e94be0987660b062dd147b9b4d0aa8007484ed828f672d9a5dce1fceca0449053de4a5230753a8435016c7da8ca4169534f42bb122b4323a0c8109a9900bf1f5a2f0a6c75dadca34cf0f3f120f115046a48006e887a90400b0b4a52be8e1aa2e0ec96631d6800b91bddb628245a6af11ff800f363c3b27b5c734a82c4554619b151048fe0d26e960b0a4054c7f5218e3857c1651391726d952df3ede8b444a8178f0a5185f558c976a024b544b7227947a3a8904f6119a5265e9f023404e676cb46e82196bd2feca1eb13d111c057c0593242c438c28d843268e4fd3d0956cf2f50956ffe715aa6fe1621d3b4d808294e65b68104908fcf275fe9470f9dcad374794d0b1675bc1a6e8d4f27751f45914983b235fe44b2202a58092016dca5a0566dcb6bc16b01c152371423111b26800df397ea7cce769ac11d12297c5f09cd7dada46469519bfee8cb3b376ad23bbe5c3a9d640b254f90ee464acc29acd65aa828ff3ee184622a4370513893e4dcf8e532b3d08126a22737abc40c9ceb59d18dbae119adffcf75e85add74ce9d047d85ed3b58287cce82c0fd41955810a26184e7f1d3fc44f837c201cbf1a92798d9aa71e24c57c3bb331e4dc61411d531c98eab2d498c55c3a45711fc2c964cafeea483e8538261743b1497428d979257bfe556994676f3af7ffe9bbc4e0adc51e550c34df6de947690300cc6f109761401023ca60176b0356c5aea604338c626555bb1754036104fdcc93d7a9f1b72b85e4188228dd420349ca79408fb6d5f60201b5e46cb3b78d0ae9302734ede367f8a28dcdf4ef7006d0c3bb46a4c9f4f97e9e7a59d92d2cd875f55d1ffcc3d2d8589521a4324ca162b7c613500ff9dd42ddda3f7002734535d0706246c3dd8d8752fd62f85e346bbabd828a4296dd6dd54ac21d075f345f022703ef9f577758dbc5fac8f59b03304201b73b3ef62866e150da984557a4d8d8504420d53897fc4c978c641d500b5577cd710d475ea6e7cc651c18f9f910c3fd11f17a293c081dd65613fa813c825f1f7804655eb0a83b9218f17a6bbadd7e96044acf188a4034f8469755b15d3ec365eec3055c20aa92bf05ca5aacdf5628f565ccafaed95471e3cf29c44d20bfd66fdf1c8dc0f8b5f72331291834c5b4f61a467048c924505c32f8f70b1ce443d951fcfc4b4d62826e760cdefde5ee3de87cf946b24fb79e96a230c6334b0b3088ee7f5eca5f974ec82becf0c055042697d3656d56a5616db4275834a6f62c2933614b03e1a487e59ff5882236e1a01b2bc566cf63bcda5ccdfabd25ac534df45e0ef0b3b79305f49b04c19994af364d583950e62bd80190f5cc9be35a9c237feafb7c8759445e76e5cbdafab79125626587fb482d4e012d5c84e540ba2a94c90dcb4b97af517625e865aea4e7a003b45f474b77d88ea441a261ba5770979b7f2d020234578e332cc9b292fdb58a86d96a7697c3af769d3e0daf47f07d2f45a4b2633ad6dc72684e1f70de0758497556c71a112890a6aa71eb73218682bc9c24efee0a202c1db9c2157a97f53bea7add9b3254fdb8ba6df9e3be9620a95e0d49314f32a7ecc68334010bf7fbdd874e7c4586bb133674414e7a4e1ff572e9224629d19deeadd66c3763c6390e2913a9d3a64e4a7b3b26826b5d889815f02bd12021fc8912160876cf563c89277f75806adcc3f45dc3a466d8dcf3a9f33dd6ebe7b00fff64462bc1ded3c3a6db535d1f78a5cb7beede1d21dbfe38c94df305d5812d130a858ac41b7f02a746f248196ee3db24cf2b26f6c8cf01ae5077aa82b3440650fe76b6dea70b33033c529cc83c74477d56331990262f79514ef70b0585dc5127e7a51b0e1d850a62cb50ea76301991c454b500187a86147584c88884dbd4764f1e8677415ee613f4749bf23d8a1abaf438d948b66deeba6c01edb699193e438a056a49e964f0b8e978e0dd78b4363ea71be246b61b0527c025bc490e3714dc14a338e42f2a4861ab77283a389e18507051e6a7d236c87a5cbd341b0d677325a33a95c89da8f0e15a67860bde69c99d2b434b61cda71d719702bc728ab619594c22cead5af32f04b9e46a48420d83bb157d5619a79986062c084dc17f8642d9f0cf6d8355f2b1c1766af03f9321015683e26e325520e969bfcce355861dbcf2cbd876ce3cfb63d3c337f516d0d00b7d57471a5ec86f9cd7cee686eec038277fb404af7768070bfb444c06983067fb644c6014f31c2b7a09efa3858b7f3f4dd4dd5c0406763e52ebc32a7c789c492b1bb1c6f7051b830147ce5be5338dbca71cbd3890578bd327a14d59b7683d6283b4db5da4d0e71762aff0e9f610131d6699798df854bef42a75f5d78df5be550e3efd3d33ef9ea115cb933209d4c66d8e066aa07e0451944c330251f92e95eb02b58aa0f34026979caf878b00e40927ab18cfc32001e501b8196992d043b0f70b90146f6932fe996d7d14bf67536a88276558f41b3c75eefd4c3f3a21617b433c91247c0a8415c1503a698c6b2c00b3430defa5f876a9248725f2e73c68e5f0ea70f729ac2b2515c8577db675cc02b8801b7cbb8d4610a743507eaa39e3fe38ede2eba2e2cc99440544b4923f1c7db1951e6ec1fae90e8b3e1150d1eb9eea630a62a40882fadf3530014c3ac4ff2bd04f8c1a387dd5ac26c6048410e8bd7001f41472f042207dbb4c88f04464bcfe19b3abac8068a2ee7c11c56b51c46c503caf3afe2e8e00df35189fface6012c182db4d5d73a4853e74b51a303f24376ee118724f33f92472405ea844f0088237d42e8ccae4eadca517408618785889984f664224b219e62cea39883f15dbde7ad5c310435d43886d370b18e43ce9aff182e8a7b74fabed633e595a0973553ec8ee78dfcbba34983d06b2aaa1ef884985da406e412b07c62dc6a61e28af59c72eff5a26a3b5c6f71e541a824bd7feb7d986739588c2c534dfa6ad7f68cc7ba97a4112eeb2492638cf4b157bbfb4c1d23d7f1818f0dd045009f7f4fdee443771ac9755d64b2ac6cff633190349314195cf375d96c334974635390e94eb1affb8f59771b8291267ba3789a690c4f6ec9524e97e001bc17384de6875f178e0dd439b9e018c870234f44f3220dbca67370c5becae9d045478c0083fcc73662562b1f4060dd5aadf9b750799f1ac01fc6845f4bb8909da6fb5d1f407b731600e887b970ee8dfc02d06d8ea47502f5fcd1b9a338914c05d773cd23972f29e4aee11b00d7f99435825540d81af716babf291fb19cba3f370cefa5b3fc9b63a35a2c3916120e31031713cfcd7d5d00fb108f31abe3a9f6e860cf8b5908bc13f31a32b694ff0fbdc99a3ff4b13dce2eca98a2de6fca6d2376abcdd4c0a1f857f081ad0d285807cf7bef953ad84911de7e52abd1d7287184d0fe745fbd5be9a86b9cf0d445e4f42ca52507ab7ed78998d3f14fefdf1e38a6d5b0bdef0fe3cce6b2304035a56ba07ecc206aa82100c89d6d3548fb7a6a600b59519fd14398f436d068f5662ec9b68b8d5822a24f6ce4440945ed2d2b3f82a70c5fd0019205412e1e066b9565fb867358a4312944e05dd2283347ae8a84639e70e4e3de60df2e75afdbfdfdd1d1ed6623401fc7b56ee8d32dd6f25709125e1d8874159c64dd057b65bb484d9cf38586ed86b9baf72705fcea28e2c6be0c76317c25b6759d7015e1f258ce76df0814ad2bbd99555fcab94b56c2b431cfc28a8a32c459152897d26ec500ec8e6d57586ade19f550a52ccba275e905466acd5eece22c6bf71742abf46973ee1dc1cccbdbc02c6ee544ff030e65eb876d6dad1d4cb8d17954a5e8ae7f249aace693f04c23ca681449e4c03b87e1ff4e640c97ed2f8b9c666b47a050a681b1ad63c4"}})
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x169a41, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000440)={r5, 0x0, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78d09843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3c741dd17c18e8438ef2a565e04603323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r5)
syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r4}, &(0x7f0000000180), &(0x7f00000001c0))
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000001cc0)={0x0, 0x5, 0x0, &(0x7f0000001900)=[{}, {}, {}, {<r7=>0x80000000}, {}], 0x2, 0x0, &(0x7f0000001b00)=[{}, {}], 0x6, 0x0, &(0x7f0000001c00)=[{}, {}, {}, {}, {}, {}], 0x1, 0x0, &(0x7f0000000100)=[{}]})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000001e00)={0x80000000, &(0x7f0000001d40), &(0x7f0000001d80)=[{}, {{<r8=>0x80000000}}]})
ioctl$MEDIA_IOC_ENUM_LINKS(0xffffffffffffffff, 0xc0287c02, &(0x7f0000001f00)={0x80000000, &(0x7f0000001e40)=[{0x80000000, <r9=>0x0}], &(0x7f0000001e80)})
ioctl$MEDIA_IOC_SETUP_LINK(r4, 0xc0347c03, &(0x7f0000001f40)={{r7, 0x0, 0x0, [0xa8, 0x4]}, {r8, r9, 0xa, [0x5, 0x81]}, 0x2, [0x8001, 0x7]})
r10 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r10, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=ANY=[@ANYRES64=r0], 0x14}}, 0x0)
socket(0x1e, 0x4, 0x0)
accept4(r10, &(0x7f0000001f80)=@tipc=@name, &(0x7f0000002000)=0x80, 0x800)
r11 = syz_io_uring_setup(0x378c, &(0x7f0000000380)={0x0, 0x4093, 0x10100, 0x10000003, 0x13a}, &(0x7f0000000000)=<r12=>0x0, &(0x7f0000000200)=<r13=>0x0)
syz_io_uring_submit(r12, r13, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x4126}})
io_uring_enter(r11, 0x38c5, 0x2000000, 0x0, 0x0, 0x0)

2.624053183s ago: executing program 4 (id=2541):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x4043, 0x1ff)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0])
unshare(0x26020480)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x3000c041)
r4 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000600000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)

2.485587066s ago: executing program 3 (id=2542):
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_open_dev$vim2m(&(0x7f0000000080), 0x9, 0x2)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet(0xa, 0x801, 0x84)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000))
socket$inet_sctp(0x2, 0x5, 0x84)
syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f00000000c0)=0xfff, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) (fail_nth: 3)

1.926584191s ago: executing program 0 (id=2543):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x1, 0x5}, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r2, 0x84, 0x81, &(0x7f0000000080)=""/4096, &(0x7f0000001200)=0x1000)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x1}, 0x8)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x7, &(0x7f00000001c0)=0x7, 0x4)

1.902280202s ago: executing program 3 (id=2544):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x2, "19fde941"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3445}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0x24, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00031200000012033f"], 0x0, 0x0}, 0x0)

1.837126363s ago: executing program 0 (id=2545):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x2, 0xffffffff, 0x874f, 0x10880, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x4, 0xf}, 0x50)
r1 = syz_open_dev$video4linux(&(0x7f0000000100), 0x36, 0x101100)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000280)={0x9c0000, 0x3fd, 0x5, 0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x99096a, 0xfffffffc, '\x00', @p_u8=0x0}})
fadvise64(r0, 0x3, 0x4000000000000005, 0x4)
r2 = gettid()
syz_open_procfs$namespace(r2, &(0x7f0000001000)='ns/ipc\x00')
r3 = syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYRES8=r2], 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="000a110000000b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.624633833s ago: executing program 2 (id=2546):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x62040)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
getsockopt$inet6_int(r2, 0x29, 0x19, 0x0, &(0x7f00007d0000))
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x37})
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
dup3(r0, r0, 0x80000)
unshare(0x8040480)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
poll(&(0x7f00000001c0)=[{r3, 0x1000}], 0x1, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r0, &(0x7f0000000100)="b8", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x8, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000240)={0x0, 0x6}, 0x8)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x20, &(0x7f00000001c0)={&(0x7f0000001480)=ANY=[@ANYBLOB="cc000000190001000000000000000000e0000002000000000000000000000000ac14143100000000000000000000000000000000000000000a00000029000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000009000000000000000000008000000000000000000000000002000000000000000000000000000000000080ffffffffffffffff0700000000000000000000000000000008001f20020000000c0015005c0735100300"/116], 0xcc}}, 0x2008010)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040))

1.473650396s ago: executing program 2 (id=2547):
r0 = socket(0x11, 0x3, 0x0)
ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x2, 0x80805, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f00000009c0)={0x20, 0x80, 0x1c, {0x1, 0x28, 0xe4d, 0x80, 0x3fc, 0xfffd, 0x5, 0xfffffffe, 0x800, 0x7543, 0x0, 0x6}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000800)=ANY=[@ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r2], 0x3c}}, 0x10)
arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x1cfe)
sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f00000006c0)=[{0x0, 0xdd12}], 0x1}, 0x20048821)

1.268072754s ago: executing program 4 (id=2548):
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x80}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
openat$sysfs(0xffffffffffffff9c, 0x0, 0xa0502, 0x49)
io_setup(0x1, &(0x7f00000016c0))
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
clock_getres(0xeaffffff, 0x0)
r3 = syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0), &(0x7f0000000100))
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000700)="f7", 0x1}], 0x1}, 0x4000000)
io_uring_enter(r3, 0x46f3, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f00000001c0)=0x1)
ioctl$VIDIOC_S_FREQUENCY(r5, 0x402c5639, &(0x7f0000000040)={0x0, 0x2, 0x4009})

249.915741ms ago: executing program 4 (id=2549):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x2002c884}, 0x8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00003bf000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000080)="f30f09b800228ed00f20e00fbedc650ff8210f21a1f30fc7b400000f20c06635100000000fb5c0646664660f380817f2660f35bad104527c000000650fc7af95de8ec0", 0x43}], 0x1, 0x46, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b70500000000000061103000000000000fa000000000000095000000000000001f495ff727520cccddfad6fab92a770b445d050000006edc1b5613c5e35079725d19e88b662c2596b2f0b40aa9de45cf931a7ddaae7bdd97a9787684a5a6bbe879d6561715a194eb15d509b1837f6d317d12dd2c98f05e43aa14b3655a78009367bac65148a671b0ffd1c946b31202b7c73e0f1c5df29d57ed708602599a04fde318753c358d42ba7c52b4e20bc5c0e91fbc96da558c38891cd5bc38b6db9863a1273811976d15ba39fe2700"/218], &(0x7f00000002c0)='GPL\x00', 0x5, 0x22, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0xfffffffffffffe21}, 0x2a)
syz_emit_ethernet(0x80, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "6ed6c4", 0x4a, 0x2f, 0xff, @private2, @remote, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x88a8, 0x0, 0xfffc}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x9, 0x9, 0x9]}, {0xa888, 0x88be, 0x8000000, {{0x0, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0xfe}, 0x1, {0x1}}}, {0x8, 0x22eb, 0x4, {{0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x6}}}}}}}}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={<r4=>0xffffffffffffffff, 0x7f, 0xffffffffffffff80, 0xfffffffffffffffc})
r5 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200), r5)
sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000500)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="000027bd7000fddbdf250100000014000180080009003800000200000000002400028000010000e006000006000e004e2400010000000000800f751320acbf223baa550c4341bd6b4c97d31930a4794ca7e5fcc05ae0b68b73898ed12e8bbdf6f75c216c7b11e58057dd0d41f8f3aca120921172befa794cce34b3bf77c7f3c5bc107199645a766f7055ae8ed12a2d409f3f05e7af603f9d278357987e52a960e4"], 0x4c}, 0x1, 0x0, 0x0, 0xc042040}, 0x50)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r7, 0x3b82, &(0x7f0000000180)={0x18, r8, 0x1, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}]})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r8})
r9 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r10 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
r11 = fsmount(r10, 0x0, 0x6)
fchdir(r11)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r11, 0xc02064b2, &(0x7f00000003c0)={0x5, 0x7, 0x5})
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(0xffffffffffffffff, 0xc2604111, &(0x7f0000003740)={0x9277, [[0x4, 0x3, 0x2, 0x1f, 0x7f, 0x5, 0x7, 0x3], [0x7, 0x5, 0xd6e, 0x9, 0x80000001, 0xe9, 0x80000001, 0x2], [0x1, 0x7, 0x5, 0x54, 0x3, 0x5, 0x3, 0x1]], '\x00', [{0x6, 0xfffff000, 0x0, 0x1, 0x0, 0x1}, {0x3ff, 0x7fff, 0x1, 0x0, 0x1, 0x1}, {0x9, 0xb3f, 0x1, 0x1, 0x1}, {0x4, 0x1ff, 0x1, 0x1}, {0x5, 0x5, 0x1, 0x0, 0x0, 0x1}, {0x2, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x2}, {0x3, 0xffffe63f, 0x0, 0x1, 0x0, 0x1}, {0x5, 0x8b, 0x1, 0x0, 0x1}, {0x2, 0x3f0, 0x1, 0x0, 0x0, 0x1}, {0x0, 0xbf2d, 0x0, 0x1, 0x0, 0x1}, {0x6, 0x2, 0x1, 0x1, 0x0, 0x1}], '\x00', 0x9})
ioctl$vim2m_VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000400)={0xf0f02a, 0x105})
sendmsg$IPVS_CMD_GET_INFO(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[@ANYBLOB="f7d0bd8c5b6c142a2dde644b5eba42914cfbb01147b5c2664e9a0367ab4dda04aad9c4b775ecd1054fcaf27fb5ed69f71ef1012762b0bdf359de6737a4bffba8a677ee729fed7c70046cf4d1e9b4d72f8f53e70a8ae219beb04e5ea3022b6a0d2ca12dbcd265808978a1c8d4adce3813a856d6173eac2515ae749f653e086f0b206e", @ANYRES16=r6, @ANYBLOB="000429bd7000fbdbdf250f0000005000018006000100020000000800050000000000c3000800ff7f000008000800060000000800050000000000070006007272000008000b00736970000700060072720000090006006e6f6e6500000000080005009a0000001400028006000e004e2300000800030001000000400001800600020000000000080005000400000007000600666f000014000300ac14141000000000000000000000000008000b007369700008000b007369700004000380000005000400000038000380080001000300000000000600fe88000000000000000000000000010108000500ac1414401400020076657468315f766c616e00000000000005000800790000002000018014000300ac1414aa000000000000000000000000060001000200000014000280080003000200000006000f0001000000"], 0x138}, 0x1, 0x0, 0x0, 0x80}, 0x4004050)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

109.331253ms ago: executing program 4 (id=2550):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000000a1c0)=ANY=[], 0x3bfc}, 0x1, 0x0, 0x0, 0x4000}, 0x40040)

0s ago: executing program 4 (id=2551):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x4008, 0x40000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$sequencer(0xffffff9c, 0x0, 0xa0000, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r2)
sendmsg$DEVLINK_CMD_TRAP_SET(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000540)={0x224, r5, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}]}, 0x224}, 0x1, 0x0, 0x0, 0x1}, 0x20048840)
ioctl$SNDCTL_MIDI_INFO(r4, 0xc074510c, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r6, 0x40047451, &(0x7f0000000300)=0x3)
ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r6, &(0x7f0000000080)=[{&(0x7f00000004c0)="00214717a70700000000030600710a5e31163ceb9d0471200000000500000000000000ffff03425d4d50e7182ce0ab6d000041a15be2d9d13cd1cb0c238e61cfd6a5d7cd0eaa50e027db032ddbfe85e53b87eb950a45", 0x56}], 0x1, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

             L      syzkaller #0 PREEMPT(full) 
[  633.200397][T15377] Tainted: [L]=SOFTLOCKUP
[  633.200405][T15377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  633.200418][T15377] Call Trace:
[  633.200428][T15377]  <TASK>
[  633.200437][T15377]  dump_stack_lvl+0x189/0x250
[  633.200466][T15377]  ? __pfx____ratelimit+0x10/0x10
[  633.200496][T15377]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.200519][T15377]  ? __pfx__printk+0x10/0x10
[  633.200550][T15377]  ? fs_reclaim_acquire+0x7d/0x100
[  633.200590][T15377]  should_fail_ex+0x414/0x560
[  633.200624][T15377]  prepare_alloc_pages+0x213/0x610
[  633.200663][T15377]  __alloc_frozen_pages_noprof+0x123/0x370
[  633.200688][T15377]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  633.200712][T15377]  ? __lock_acquire+0x6b6/0x2cf0
[  633.200738][T15377]  ? policy_nodemask+0x27c/0x720
[  633.200755][T15377]  ? __lock_acquire+0x6b6/0x2cf0
[  633.200781][T15377]  alloc_pages_mpol+0x232/0x4a0
[  633.200806][T15377]  vma_alloc_folio_noprof+0xe4/0x200
[  633.200829][T15377]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  633.200863][T15377]  folio_prealloc+0x30/0x180
[  633.200893][T15377]  __handle_mm_fault+0x2ad2/0x5420
[  633.200937][T15377]  ? __pfx___handle_mm_fault+0x10/0x10
[  633.200981][T15377]  ? find_vma+0xe7/0x160
[  633.201006][T15377]  ? __pfx_find_vma+0x10/0x10
[  633.201035][T15377]  handle_mm_fault+0x40a/0x8e0
[  633.201079][T15377]  do_user_addr_fault+0x764/0x1380
[  633.201117][T15377]  exc_page_fault+0x82/0x100
[  633.201141][T15377]  asm_exc_page_fault+0x26/0x30
[  633.201160][T15377] RIP: 0010:put_cmsg+0x1d8/0x5f0
[  633.201190][T15377] Code: 63 f3 0f 84 9e 00 00 00 49 8d 6e f0 0f 1f 44 00 00 e8 0c 38 97 f8 48 b8 00 f0 ff ff ff 7f 00 00 49 39 c5 4c 0f 47 e8 0f 01 cb <4d> 89 75 00 8b 44 24 08 41 89 45 08 8b 44 24 0c 41 89 45 0c 49 83
[  633.201211][T15377] RSP: 0018:ffffc900049bf580 EFLAGS: 00050287
[  633.201230][T15377] RAX: 00007ffffffff000 RBX: 0000000000000018 RCX: ffff88803154db80
[  633.201245][T15377] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000000000000043
[  633.201258][T15377] RBP: 0000000000000008 R08: ffffc900049bf660 R09: 0000000000000000
[  633.201271][T15377] R10: ffffc900049bf660 R11: fffff52000937ecd R12: dffffc0000000000
[  633.201287][T15377] R13: 0000200000001fc0 R14: 0000000000000018 R15: ffffc900049bf660
[  633.201333][T15377]  tipc_sk_anc_data_recv+0x336/0x6f0
[  633.201363][T15377]  ? __pfx_tipc_wait_for_rcvmsg+0x10/0x10
[  633.201396][T15377]  ? __pfx_tipc_sk_anc_data_recv+0x10/0x10
[  633.201437][T15377]  tipc_recvmsg+0x6e6/0x13c0
[  633.201483][T15377]  ? __pfx_tipc_recvmsg+0x10/0x10
[  633.201519][T15377]  ? __lock_acquire+0x6b6/0x2cf0
[  633.201537][T15377]  ? aa_sock_msg_perm+0xf1/0x1b0
[  633.201560][T15377]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  633.201588][T15377]  ? security_socket_recvmsg+0x7e/0x2e0
[  633.201615][T15377]  ? __pfx_tipc_recvmsg+0x10/0x10
[  633.201643][T15377]  sock_recvmsg+0x22c/0x270
[  633.201678][T15377]  ____sys_recvmsg+0x1c9/0x460
[  633.201713][T15377]  ? __pfx_____sys_recvmsg+0x10/0x10
[  633.201755][T15377]  ? import_iovec+0x74/0xa0
[  633.201782][T15377]  ___sys_recvmsg+0x1b5/0x510
[  633.201813][T15377]  ? __pfx____sys_recvmsg+0x10/0x10
[  633.201865][T15377]  ? __fget_files+0x3a0/0x420
[  633.201898][T15377]  do_recvmmsg+0x307/0x770
[  633.201933][T15377]  ? __pfx_do_recvmmsg+0x10/0x10
[  633.201972][T15377]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  633.202013][T15377]  __x64_sys_recvmmsg+0x190/0x240
[  633.202042][T15377]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  633.202077][T15377]  ? do_syscall_64+0xbe/0xf80
[  633.202102][T15377]  do_syscall_64+0xfa/0xf80
[  633.202123][T15377]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.202143][T15377]  ? clear_bhb_loop+0x60/0xb0
[  633.202168][T15377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.202187][T15377] RIP: 0033:0x7f0a54d8f749
[  633.202205][T15377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.202222][T15377] RSP: 002b:00007f0a55b98038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  633.202242][T15377] RAX: ffffffffffffffda RBX: 00007f0a54fe5fa0 RCX: 00007f0a54d8f749
[  633.202257][T15377] RDX: 0000000000000001 RSI: 0000200000000800 RDI: 0000000000000003
[  633.202271][T15377] RBP: 00007f0a55b98090 R08: 0000000000000000 R09: 0000000000000000
[  633.202284][T15377] R10: 0000000040002122 R11: 0000000000000246 R12: 0000000000000001
[  633.202297][T15377] R13: 00007f0a54fe6038 R14: 00007f0a54fe5fa0 R15: 00007f0a5510fa28
[  633.202332][T15377]  </TASK>
[  634.578895][   T10] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  634.768639][   T10] usb 2-1: Using ep0 maxpacket: 16
[  634.775840][   T10] usb 2-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  634.786711][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  634.814754][   T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  634.824491][T15392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2305'.
[  634.848626][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.856702][   T10] usb 2-1: Product: syz
[  634.869192][   T10] usb 2-1: Manufacturer: syz
[  634.873823][   T10] usb 2-1: SerialNumber: syz
[  635.104368][   T10] usb 2-1: 0:2 : does not exist
[  635.121371][   T10] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  635.154852][   T10] usb 2-1: USB disconnect, device number 89
[  635.192540][ T7223] udevd[7223]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  635.320538][T15402] fuse: Bad value for 'fd'
[  636.100097][T15412] openvswitch: netlink: Duplicate key (type 21).
[  636.438735][ T5939] usb 1-1: new full-speed USB device number 119 using dummy_hcd
[  636.661899][ T5939] usb 1-1: unable to get BOS descriptor or descriptor too short
[  636.678701][ T5939] usb 1-1: not running at top speed; connect to a high speed hub
[  636.688068][ T5939] usb 1-1: config 9 has an invalid interface number: 198 but max is 0
[  636.706878][ T5939] usb 1-1: config 9 has no interface number 0
[  636.714031][ T5939] usb 1-1: config 9 interface 198 has no altsetting 0
[  636.724352][ T5939] usb 1-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=6f.2b
[  636.741267][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.750921][ T5939] usb 1-1: Product: syz
[  636.755132][ T5939] usb 1-1: Manufacturer: syz
[  636.760468][ T5939] usb 1-1: SerialNumber: syz
[  636.977527][ T5939] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state.
[  636.987933][ T5939] dvb-usb: bulk message failed: -22 (3/0)
[  637.012930][ T5939] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  637.026140][ T5939] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 error while loading driver (-19)
[  637.035199][ T5939] dvb_usb_umt_010 1-1:9.198: probe with driver dvb_usb_umt_010 failed with error -22
[  637.052425][ T5939] usb 1-1: USB disconnect, device number 119
[  637.188687][   T10] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  637.350133][   T10] usb 2-1: config 0 has an invalid interface number: 69 but max is 0
[  637.358290][   T10] usb 2-1: config 0 has no interface number 0
[  637.367752][   T10] usb 2-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  637.377972][   T10] usb 2-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  637.391899][   T10] usb 2-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  637.412167][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.421155][   T10] usb 2-1: Product: syz
[  637.425525][   T10] usb 2-1: Manufacturer: syz
[  637.430377][   T10] usb 2-1: SerialNumber: syz
[  637.437975][   T10] usb 2-1: config 0 descriptor??
[  637.451366][T15421] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  637.463674][   T10] cyberjack 2-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  637.481385][   T10] usb 2-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  637.665354][   T30] audit: type=1326 audit(1764955794.803:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15422 comm="syz.2.2316" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0a54d8f749 code=0x0
[  637.848819][   T10] usb 1-1: new low-speed USB device number 120 using dummy_hcd
[  637.906050][   T30] audit: type=1400 audit(1764955795.043:460): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=15420 comm="syz.1.2315"
[  637.908689][T15421] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  637.963975][ T5939] usb 2-1: USB disconnect, device number 90
[  637.977994][ T5939] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  638.009239][   T10] usb 1-1: device descriptor read/64, error -71
[  638.013686][ T5939] cyberjack 2-1:0.69: device disconnected
[  638.478762][   T10] usb 1-1: new low-speed USB device number 121 using dummy_hcd
[  638.618682][   T10] usb 1-1: device descriptor read/64, error -71
[  638.642834][T15436] netlink: 63 bytes leftover after parsing attributes in process `syz.1.2321'.
[  638.733760][   T10] usb usb1-port1: attempt power cycle
[  638.898675][ T5939] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[  639.050796][ T5939] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  639.062752][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  639.073954][ T5939] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  639.083264][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.093568][ T5939] usb 4-1: config 0 descriptor??
[  639.098785][   T10] usb 1-1: new low-speed USB device number 122 using dummy_hcd
[  639.135271][   T10] usb 1-1: device descriptor read/8, error -71
[  639.354971][T15438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  639.364409][T15444] fuse: Unknown parameter 'ff'
[  639.396422][   T10] usb 1-1: new low-speed USB device number 123 using dummy_hcd
[  639.418814][T15438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  639.435882][   T10] usb 1-1: device descriptor read/8, error -71
[  639.526846][ T5939] ath6kl: Failed to submit usb control message: -71
[  639.537662][ T5939] ath6kl: unable to send the bmi data to the device: -71
[  639.548450][ T5939] ath6kl: Unable to send get target info: -71
[  639.558055][ T5939] ath6kl: Failed to init ath6kl core: -71
[  639.567055][   T10] usb usb1-port1: unable to enumerate USB device
[  639.567706][ T5939] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  639.590437][ T5939] usb 4-1: USB disconnect, device number 127
[  640.123113][T15458] syzkaller0: entered promiscuous mode
[  640.128861][T15458] syzkaller0: entered allmulticast mode
[  640.137415][T15458] FAULT_INJECTION: forcing a failure.
[  640.137415][T15458] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  640.151768][T15458] CPU: 0 UID: 0 PID: 15458 Comm: syz.3.2329 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  640.151798][T15458] Tainted: [L]=SOFTLOCKUP
[  640.151804][T15458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  640.151824][T15458] Call Trace:
[  640.151831][T15458]  <TASK>
[  640.151839][T15458]  dump_stack_lvl+0x189/0x250
[  640.151863][T15458]  ? __pfx____ratelimit+0x10/0x10
[  640.151898][T15458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  640.151917][T15458]  ? __pfx__printk+0x10/0x10
[  640.151950][T15458]  should_fail_ex+0x414/0x560
[  640.151978][T15458]  _copy_from_user+0x2d/0xb0
[  640.151997][T15458]  __copy_msghdr+0x3c5/0x5b0
[  640.152021][T15458]  ___sys_sendmsg+0x1a5/0x2a0
[  640.152042][T15458]  ? __pfx____sys_sendmsg+0x10/0x10
[  640.152068][T15458]  ? rcu_read_lock_any_held+0xb3/0x120
[  640.152110][T15458]  ? __fget_files+0x2a/0x420
[  640.152127][T15458]  ? __fget_files+0x3a0/0x420
[  640.152151][T15458]  __x64_sys_sendmsg+0x19b/0x260
[  640.152173][T15458]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  640.152207][T15458]  ? __pfx_ksys_write+0x10/0x10
[  640.152233][T15458]  ? do_syscall_64+0xbe/0xf80
[  640.152253][T15458]  do_syscall_64+0xfa/0xf80
[  640.152269][T15458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.152286][T15458]  ? clear_bhb_loop+0x60/0xb0
[  640.152306][T15458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.152322][T15458] RIP: 0033:0x7f891658f749
[  640.152337][T15458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.152352][T15458] RSP: 002b:00007f89174a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  640.152370][T15458] RAX: ffffffffffffffda RBX: 00007f89167e5fa0 RCX: 00007f891658f749
[  640.152383][T15458] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000008
[  640.152393][T15458] RBP: 00007f89174a5090 R08: 0000000000000000 R09: 0000000000000000
[  640.152404][T15458] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.152419][T15458] R13: 00007f89167e6038 R14: 00007f89167e5fa0 R15: 00007f891690fa28
[  640.152444][T15458]  </TASK>
[  640.527749][T15460] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  640.573930][T15465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2332'.
[  640.590037][T15465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2332'.
[  640.681876][T15469] netlink: 'syz.0.2335': attribute type 1 has an invalid length.
[  640.696453][T15469] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2335'.
[  640.708627][ T5939] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  640.729685][T15473] FAULT_INJECTION: forcing a failure.
[  640.729685][T15473] name failslab, interval 1, probability 0, space 0, times 0
[  640.743249][T15473] CPU: 0 UID: 0 PID: 15473 Comm: syz.3.2336 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  640.743269][T15473] Tainted: [L]=SOFTLOCKUP
[  640.743273][T15473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  640.743280][T15473] Call Trace:
[  640.743285][T15473]  <TASK>
[  640.743290][T15473]  dump_stack_lvl+0x189/0x250
[  640.743308][T15473]  ? __pfx____ratelimit+0x10/0x10
[  640.743325][T15473]  ? __pfx_dump_stack_lvl+0x10/0x10
[  640.743337][T15473]  ? __pfx__printk+0x10/0x10
[  640.743354][T15473]  ? __pfx___might_resched+0x10/0x10
[  640.743366][T15473]  ? fs_reclaim_acquire+0x7d/0x100
[  640.743386][T15473]  should_fail_ex+0x414/0x560
[  640.743403][T15473]  should_failslab+0xa8/0x100
[  640.743415][T15473]  kmem_cache_alloc_node_noprof+0x77/0x710
[  640.743430][T15473]  ? __alloc_skb+0x255/0x430
[  640.743442][T15473]  ? napi_skb_cache_get+0x4a5/0x780
[  640.743452][T15473]  ? napi_skb_cache_get+0x151/0x780
[  640.743473][T15473]  __alloc_skb+0x255/0x430
[  640.743485][T15473]  ? __pfx___alloc_skb+0x10/0x10
[  640.743497][T15473]  ? netlink_autobind+0xdb/0x300
[  640.743511][T15473]  ? netlink_autobind+0x2c2/0x300
[  640.743527][T15473]  netlink_sendmsg+0x5c6/0xb30
[  640.743546][T15473]  ? __pfx_netlink_sendmsg+0x10/0x10
[  640.743561][T15473]  ? aa_sock_msg_perm+0xf1/0x1b0
[  640.743576][T15473]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  640.743592][T15473]  ? __pfx_netlink_sendmsg+0x10/0x10
[  640.743605][T15473]  __sock_sendmsg+0x21c/0x270
[  640.743623][T15473]  ____sys_sendmsg+0x505/0x820
[  640.743639][T15473]  ? __pfx_____sys_sendmsg+0x10/0x10
[  640.743656][T15473]  ? import_iovec+0x74/0xa0
[  640.743670][T15473]  ___sys_sendmsg+0x21f/0x2a0
[  640.743684][T15473]  ? __pfx____sys_sendmsg+0x10/0x10
[  640.743699][T15473]  ? rcu_read_lock_any_held+0xb3/0x120
[  640.743727][T15473]  ? __fget_files+0x2a/0x420
[  640.743737][T15473]  ? __fget_files+0x3a0/0x420
[  640.743753][T15473]  __x64_sys_sendmsg+0x19b/0x260
[  640.743767][T15473]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  640.743784][T15473]  ? __pfx_ksys_write+0x10/0x10
[  640.743801][T15473]  ? do_syscall_64+0xbe/0xf80
[  640.743813][T15473]  do_syscall_64+0xfa/0xf80
[  640.743823][T15473]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.743834][T15473]  ? clear_bhb_loop+0x60/0xb0
[  640.743846][T15473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.743856][T15473] RIP: 0033:0x7f891658f749
[  640.743866][T15473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.743875][T15473] RSP: 002b:00007f89174a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  640.743887][T15473] RAX: ffffffffffffffda RBX: 00007f89167e5fa0 RCX: 00007f891658f749
[  640.743895][T15473] RDX: 0000000004000084 RSI: 0000200000000040 RDI: 0000000000000003
[  640.743903][T15473] RBP: 00007f89174a5090 R08: 0000000000000000 R09: 0000000000000000
[  640.743909][T15473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.743916][T15473] R13: 00007f89167e6038 R14: 00007f89167e5fa0 R15: 00007f891690fa28
[  640.743932][T15473]  </TASK>
[  640.888071][T15476] trusted_key: syz.0.2335 sent an empty control message without MSG_MORE.
[  641.078684][ T5939] usb 5-1: Using ep0 maxpacket: 16
[  641.087436][ T5939] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  641.096763][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.104960][ T5939] usb 5-1: Product: syz
[  641.109714][ T5939] usb 5-1: Manufacturer: syz
[  641.114502][ T5939] usb 5-1: SerialNumber: syz
[  641.127142][ T5939] r8152-cfgselector 5-1: Unknown version 0x0000
[  641.133673][ T5939] r8152-cfgselector 5-1: config 0 descriptor??
[  641.236733][   T30] audit: type=1800 audit(1764955798.373:461): pid=15478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2334" name="file0" dev="fuse" ino=0 res=0 errno=0
[  642.300267][T15506] FAULT_INJECTION: forcing a failure.
[  642.300267][T15506] name failslab, interval 1, probability 0, space 0, times 0
[  642.322142][T15506] CPU: 0 UID: 0 PID: 15506 Comm: syz.2.2345 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  642.322174][T15506] Tainted: [L]=SOFTLOCKUP
[  642.322182][T15506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  642.322194][T15506] Call Trace:
[  642.322202][T15506]  <TASK>
[  642.322211][T15506]  dump_stack_lvl+0x189/0x250
[  642.322239][T15506]  ? __pfx____ratelimit+0x10/0x10
[  642.322266][T15506]  ? __pfx_dump_stack_lvl+0x10/0x10
[  642.322288][T15506]  ? __pfx__printk+0x10/0x10
[  642.322317][T15506]  ? __pfx___might_resched+0x10/0x10
[  642.322340][T15506]  ? fs_reclaim_acquire+0x7d/0x100
[  642.322373][T15506]  should_fail_ex+0x414/0x560
[  642.322405][T15506]  should_failslab+0xa8/0x100
[  642.322426][T15506]  kmem_cache_alloc_node_noprof+0x77/0x710
[  642.322453][T15506]  ? __alloc_skb+0x255/0x430
[  642.322472][T15506]  ? napi_skb_cache_get+0x4a5/0x780
[  642.322492][T15506]  ? napi_skb_cache_get+0x151/0x780
[  642.322516][T15506]  __alloc_skb+0x255/0x430
[  642.322539][T15506]  ? __pfx___alloc_skb+0x10/0x10
[  642.322562][T15506]  ? netlink_autobind+0xdb/0x300
[  642.322587][T15506]  ? netlink_autobind+0x2c2/0x300
[  642.322618][T15506]  netlink_sendmsg+0x5c6/0xb30
[  642.322653][T15506]  ? __pfx_netlink_sendmsg+0x10/0x10
[  642.322682][T15506]  ? aa_sock_msg_perm+0xf1/0x1b0
[  642.322708][T15506]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  642.322737][T15506]  ? __pfx_netlink_sendmsg+0x10/0x10
[  642.322765][T15506]  __sock_sendmsg+0x21c/0x270
[  642.322797][T15506]  ____sys_sendmsg+0x505/0x820
[  642.322828][T15506]  ? __pfx_____sys_sendmsg+0x10/0x10
[  642.322862][T15506]  ? import_iovec+0x74/0xa0
[  642.322890][T15506]  ___sys_sendmsg+0x21f/0x2a0
[  642.322917][T15506]  ? __pfx____sys_sendmsg+0x10/0x10
[  642.322948][T15506]  ? rcu_read_lock_any_held+0xb3/0x120
[  642.323002][T15506]  ? __fget_files+0x2a/0x420
[  642.323033][T15506]  ? __fget_files+0x3a0/0x420
[  642.323064][T15506]  __x64_sys_sendmsg+0x19b/0x260
[  642.323091][T15506]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  642.323126][T15506]  ? __pfx_ksys_write+0x10/0x10
[  642.323158][T15506]  ? do_syscall_64+0xbe/0xf80
[  642.323182][T15506]  do_syscall_64+0xfa/0xf80
[  642.323203][T15506]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.323222][T15506]  ? clear_bhb_loop+0x60/0xb0
[  642.323247][T15506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.323267][T15506] RIP: 0033:0x7f0a54d8f749
[  642.323286][T15506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  642.323305][T15506] RSP: 002b:00007f0a55b98038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  642.323327][T15506] RAX: ffffffffffffffda RBX: 00007f0a54fe5fa0 RCX: 00007f0a54d8f749
[  642.323341][T15506] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  642.323352][T15506] RBP: 00007f0a55b98090 R08: 0000000000000000 R09: 0000000000000000
[  642.323365][T15506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  642.323376][T15506] R13: 00007f0a54fe6038 R14: 00007f0a54fe5fa0 R15: 00007f0a5510fa28
[  642.323403][T15506]  </TASK>
[  642.656881][   T10] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[  642.841479][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  642.854185][   T10] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  642.868052][   T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  642.877544][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.885629][   T10] usb 2-1: Product: syz
[  642.890303][   T10] usb 2-1: Manufacturer: syz
[  642.895211][   T10] usb 2-1: SerialNumber: syz
[  642.910635][   T10] cdc_mbim 2-1:1.0: skipping garbage
[  642.918736][ T5920] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  643.083667][ T5920] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  643.102114][ T5920] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  643.111640][ T5920] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  643.120982][ T5920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.136209][T15498] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  643.155071][ T5920] usb 3-1: config 0 descriptor??
[  643.171971][ T5920] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  643.183662][ T5920] dvb-usb: bulk message failed: -22 (3/0)
[  643.226368][ T5920] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  643.248361][ T5920] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  643.264868][ T5920] usb 3-1: media controller created
[  643.278361][ T5920] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  643.300664][ T5920] dvb-usb: bulk message failed: -22 (6/0)
[  643.308153][ T5920] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  643.337448][ T5920] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input52
[  643.357804][ T5920] dvb-usb: schedule remote query interval to 150 msecs.
[  643.368047][ T5920] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  643.519474][ T5920] dvb-usb: bulk message failed: -22 (1/0)
[  643.534085][ T5920] dvb-usb: error while querying for an remote control event.
[  643.708663][ T5920] dvb-usb: bulk message failed: -22 (1/0)
[  643.726445][ T5920] dvb-usb: error while querying for an remote control event.
[  643.753755][T15498] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  643.769322][   T10] cdc_mbim 2-1:1.0: setting tx_max = 16384
[  643.792779][   T10] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device
[  643.834569][   T10] wwan wwan0: port wwan0mbim0 attached
[  643.896861][ T5939] r8152-cfgselector 5-1: Unknown version 0x0000
[  643.912071][   T10] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, ca:e6:e9:9f:2e:8b
[  643.917421][ T5939] r8152-cfgselector 5-1: bad CDC descriptors
[  643.938752][ T5920] dvb-usb: bulk message failed: -22 (1/0)
[  643.953276][ T5920] dvb-usb: error while querying for an remote control event.
[  643.973125][T15498] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2342'.
[  643.983104][ T5939] r8152-cfgselector 5-1: USB disconnect, device number 101
[  644.018985][   T10] usb 2-1: USB disconnect, device number 91
[  644.026241][   T10] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[  644.071611][T15521] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2350'.
[  644.139286][ T5920] dvb-usb: bulk message failed: -22 (1/0)
[  644.141545][   T10] wwan wwan0: port wwan0mbim0 disconnected
[  644.151881][ T5920] dvb-usb: error while querying for an remote control event.
[  644.332862][ T5939] dvb-usb: bulk message failed: -22 (1/0)
[  644.342262][ T5939] dvb-usb: error while querying for an remote control event.
[  644.357560][T15524] kvm: kvm [15523]: vcpu0, guest rIP: 0x140 Unhandled WRMSR(0x11e) = 0x900000000000
[  644.371659][T15524] kvm: kvm [15523]: vcpu0, guest rIP: 0x140 Unhandled WRMSR(0x186) = 0x100000000000
[  644.382179][T15524] kvm: kvm [15523]: vcpu0, guest rIP: 0x140 Unhandled WRMSR(0x187) = 0x800000000000
[  644.623253][   T30] audit: type=1800 audit(1764955801.763:462): pid=15533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2352" name="file0" dev="fuse" ino=0 res=0 errno=0
[  644.643040][ T5939] dvb-usb: bulk message failed: -22 (1/0)
[  644.643110][ T5939] dvb-usb: error while querying for an remote control event.
[  644.799090][ T5939] dvb-usb: bulk message failed: -22 (1/0)
[  644.805112][ T5939] dvb-usb: error while querying for an remote control event.
[  644.978746][ T5939] dvb-usb: bulk message failed: -22 (1/0)
[  644.984759][ T5939] dvb-usb: error while querying for an remote control event.
[  645.159281][ T5939] dvb-usb: bulk message failed: -22 (1/0)
[  645.169639][ T5939] dvb-usb: error while querying for an remote control event.
[  645.358784][ T5939] dvb-usb: bulk message failed: -22 (1/0)
[  645.372816][ T5939] dvb-usb: error while querying for an remote control event.
[  645.538982][ T5939] dvb-usb: bulk message failed: -22 (1/0)
[  645.550394][ T5939] dvb-usb: error while querying for an remote control event.
[  645.719799][ T5923] dvb-usb: bulk message failed: -22 (1/0)
[  645.725581][ T5923] dvb-usb: error while querying for an remote control event.
[  645.760269][ T5939] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  645.768687][ T5920] usb 5-1: new full-speed USB device number 102 using dummy_hcd
[  645.810862][ T5923] usb 3-1: USB disconnect, device number 5
[  645.850638][ T5923] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  645.903277][T15580] syzkaller0: entered promiscuous mode
[  645.910675][T15580] syzkaller0: entered allmulticast mode
[  645.939807][ T5939] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  645.951667][ T5939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  645.963092][ T5939] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  645.972448][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  645.982459][ T5920] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  645.991626][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.000968][ T5920] usb 5-1: Product: syz
[  646.005220][ T5920] usb 5-1: Manufacturer: syz
[  646.011102][ T5939] usb 2-1: config 0 descriptor??
[  646.016272][ T5920] usb 5-1: SerialNumber: syz
[  646.030848][ T5920] usb 5-1: config 0 descriptor??
[  646.059219][ T5920] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  646.302950][T15570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.336575][T15570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.360041][ T5965] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  646.365613][T15595] FAULT_INJECTION: forcing a failure.
[  646.365613][T15595] name failslab, interval 1, probability 0, space 0, times 0
[  646.382286][T15595] CPU: 0 UID: 0 PID: 15595 Comm: syz.0.2367 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  646.382319][T15595] Tainted: [L]=SOFTLOCKUP
[  646.382327][T15595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  646.382342][T15595] Call Trace:
[  646.382351][T15595]  <TASK>
[  646.382360][T15595]  dump_stack_lvl+0x189/0x250
[  646.382390][T15595]  ? __pfx____ratelimit+0x10/0x10
[  646.382422][T15595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  646.382446][T15595]  ? __pfx__printk+0x10/0x10
[  646.382481][T15595]  ? __pfx___might_resched+0x10/0x10
[  646.382504][T15595]  ? fs_reclaim_acquire+0x7d/0x100
[  646.382539][T15595]  should_fail_ex+0x414/0x560
[  646.382574][T15595]  should_failslab+0xa8/0x100
[  646.382596][T15595]  __kmalloc_noprof+0xcb/0x800
[  646.382625][T15595]  ? tomoyo_encode+0x28b/0x550
[  646.382655][T15595]  tomoyo_encode+0x28b/0x550
[  646.382686][T15595]  tomoyo_realpath_from_path+0x58d/0x5d0
[  646.382723][T15595]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  646.382745][T15595]  tomoyo_path_number_perm+0x1e8/0x5a0
[  646.382770][T15595]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  646.382807][T15595]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  646.382847][T15595]  ? __fget_files+0x2a/0x420
[  646.382874][T15595]  ? __fget_files+0x3a0/0x420
[  646.382894][T15595]  ? __fget_files+0x2a/0x420
[  646.382920][T15595]  security_file_ioctl+0xcb/0x2d0
[  646.382952][T15595]  __se_sys_ioctl+0x47/0x170
[  646.382989][T15595]  do_syscall_64+0xfa/0xf80
[  646.383012][T15595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.383032][T15595]  ? clear_bhb_loop+0x60/0xb0
[  646.383054][T15595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.383072][T15595] RIP: 0033:0x7fec05b8f749
[  646.383090][T15595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  646.383110][T15595] RSP: 002b:00007fec06999038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  646.383132][T15595] RAX: ffffffffffffffda RBX: 00007fec05de5fa0 RCX: 00007fec05b8f749
[  646.383149][T15595] RDX: 0000200000000440 RSI: 00000000c0f85403 RDI: 0000000000000003
[  646.383163][T15595] RBP: 00007fec06999090 R08: 0000000000000000 R09: 0000000000000000
[  646.383175][T15595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  646.383188][T15595] R13: 00007fec05de6038 R14: 00007fec05de5fa0 R15: 00007fec05f0fa28
[  646.383221][T15595]  </TASK>
[  646.383244][T15595] ERROR: Out of memory at tomoyo_realpath_from_path.
[  646.515213][ T5939] ath6kl: Failed to submit usb control message: -71
[  646.646802][ T5939] ath6kl: unable to send the bmi data to the device: -71
[  646.654955][ T5939] ath6kl: Unable to send get target info: -71
[  646.665252][ T5965] usb 3-1: config 7 has an invalid interface number: 8 but max is 1
[  646.675905][ T5965] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  646.686443][ T5939] ath6kl: Failed to init ath6kl core: -71
[  646.692311][ T5965] usb 3-1: config 7 has 1 interface, different from the descriptor's value: 2
[  646.703298][ T5939] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  646.712031][ T5965] usb 3-1: config 7 has no interface number 0
[  646.718204][ T5965] usb 3-1: config 7 interface 8 altsetting 149 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  646.754630][ T5939] usb 2-1: USB disconnect, device number 92
[  646.766928][ T5965] usb 3-1: config 7 interface 8 altsetting 149 has 2 endpoint descriptors, different from the interface descriptor's value: 15
[  646.784335][ T5965] usb 3-1: config 7 interface 8 has no altsetting 0
[  646.795549][ T5965] usb 3-1: New USB device found, idVendor=05c6, idProduct=9080, bcdDevice=6e.23
[  646.807719][ T5965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.816258][ T5965] usb 3-1: Product: syz
[  646.822685][ T5965] usb 3-1: Manufacturer: Ꙟਝ᫼䤫俀㠝슭ぎ౥轰祹锖芯쌰皖褭ᨤ퓂鉨퇴W誏箼꾝७臉ڜษ삊抟უ즦䔏㣧䡜갘ꑻ䢥牔쐥鮡∥隴릳撜潷埛娎毺枭⡁ᢤಟ큀⃙彌瘏氣设☷ⶤꀼ뜯톗ꍬ묠ⳓ⢧⶘㹍썕挄ꀟ車饒鷒點ꕛ⚜헊䶺䑲ₕࣄ쳳︍
[  646.823943][T15597] FAULT_INJECTION: forcing a failure.
[  646.823943][T15597] name failslab, interval 1, probability 0, space 0, times 0
[  646.852393][ T5965] usb 3-1: SerialNumber: syz
[  646.878897][T15597] CPU: 1 UID: 0 PID: 15597 Comm: syz.0.2368 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  646.878932][T15597] Tainted: [L]=SOFTLOCKUP
[  646.878940][T15597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  646.878955][T15597] Call Trace:
[  646.878964][T15597]  <TASK>
[  646.878973][T15597]  dump_stack_lvl+0x189/0x250
[  646.879004][T15597]  ? __pfx____ratelimit+0x10/0x10
[  646.879036][T15597]  ? __pfx_dump_stack_lvl+0x10/0x10
[  646.879061][T15597]  ? __pfx__printk+0x10/0x10
[  646.879092][T15597]  ? __pfx___might_resched+0x10/0x10
[  646.879115][T15597]  ? fs_reclaim_acquire+0x7d/0x100
[  646.879151][T15597]  should_fail_ex+0x414/0x560
[  646.879186][T15597]  should_failslab+0xa8/0x100
[  646.879210][T15597]  kmem_cache_alloc_node_noprof+0x77/0x710
[  646.879239][T15597]  ? __alloc_skb+0x255/0x430
[  646.879259][T15597]  ? napi_skb_cache_get+0x4a5/0x780
[  646.879281][T15597]  ? napi_skb_cache_get+0x151/0x780
[  646.879307][T15597]  __alloc_skb+0x255/0x430
[  646.879332][T15597]  ? __pfx___alloc_skb+0x10/0x10
[  646.879363][T15597]  alloc_skb_with_frags+0xca/0x890
[  646.879391][T15597]  ? __lock_acquire+0x6b6/0x2cf0
[  646.879421][T15597]  sock_alloc_send_pskb+0x84d/0x980
[  646.879467][T15597]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  646.879499][T15597]  ? dev_get_by_index+0x22/0x2e0
[  646.879532][T15597]  ? dev_get_by_index+0x22/0x2e0
[  646.879566][T15597]  packet_sendmsg+0x33a0/0x5080
[  646.879604][T15597]  ? audit_net_cb+0x1a1/0x970
[  646.879717][T15597]  ? __pfx___might_resched+0x10/0x10
[  646.879752][T15597]  ? aa_sk_perm+0x15f/0x920
[  646.879775][T15597]  ? __pfx_packet_sendmsg+0x10/0x10
[  646.879801][T15597]  ? aa_sk_perm+0x7ee/0x920
[  646.879829][T15597]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  646.879862][T15597]  ? aa_sock_msg_perm+0xf1/0x1b0
[  646.879888][T15597]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  646.879914][T15597]  ? __pfx_packet_sendmsg+0x10/0x10
[  646.879938][T15597]  __sock_sendmsg+0x21c/0x270
[  646.879966][T15597]  __sys_sendto+0x3bd/0x520
[  646.879988][T15597]  ? __pfx___sys_sendto+0x10/0x10
[  646.880009][T15597]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  646.880044][T15597]  ? __fget_files+0x3a0/0x420
[  646.880077][T15597]  ? ksys_write+0x22a/0x250
[  646.880107][T15597]  ? __pfx_ksys_write+0x10/0x10
[  646.880138][T15597]  __x64_sys_sendto+0xde/0x100
[  646.880170][T15597]  do_syscall_64+0xfa/0xf80
[  646.880193][T15597]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.880213][T15597]  ? clear_bhb_loop+0x60/0xb0
[  646.880238][T15597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.880258][T15597] RIP: 0033:0x7fec05b8f749
[  646.880277][T15597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  646.880296][T15597] RSP: 002b:00007fec06999038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  646.880318][T15597] RAX: ffffffffffffffda RBX: 00007fec05de5fa0 RCX: 00007fec05b8f749
[  646.880335][T15597] RDX: 00000000000005ea RSI: 0000200000000240 RDI: 0000000000000007
[  646.880349][T15597] RBP: 00007fec06999090 R08: 00002000000001c0 R09: 0000000000000014
[  646.880363][T15597] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001
[  646.880376][T15597] R13: 00007fec05de6038 R14: 00007fec05de5fa0 R15: 00007fec05f0fa28
[  646.880409][T15597]  </TASK>
[  647.284368][T15599] fuse: Unknown parameter 'ff'
[  647.393730][T15605] netlink: 'syz.0.2371': attribute type 8 has an invalid length.
[  647.422080][ T5965] usb 3-1: USB disconnect, device number 6
[  647.525480][T15610] netlink: 'syz.0.2371': attribute type 8 has an invalid length.
[  647.666027][   T30] audit: type=1800 audit(1764955804.803:463): pid=15611 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2370" name="file0" dev="fuse" ino=0 res=0 errno=0
[  647.708825][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  647.868625][   T10] usb 4-1: Using ep0 maxpacket: 8
[  647.880259][   T10] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  647.889254][   T10] usb 4-1: config 179 has no interface number 0
[  647.896952][   T10] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  647.909197][   T10] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  647.936212][   T10] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  647.955812][   T10] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  647.988650][   T10] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  648.037552][   T10] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  648.054981][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  648.070308][T15608] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  648.093684][T15613] xt_CT: You must specify a L4 protocol and not use inversions on it
[  648.300492][   T10] usb 4-1: USB disconnect, device number 2
[  648.306467][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  648.306518][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  648.418670][ T5965] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  648.475828][T15623] netlink: 'syz.1.2377': attribute type 1 has an invalid length.
[  648.486112][T15623] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2377'.
[  648.595099][ T5965] usb 3-1: Using ep0 maxpacket: 16
[  648.602971][ T5965] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  648.614319][ T5965] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  648.624461][ T5965] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  648.637839][ T5965] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  648.647182][ T5965] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  648.663932][ T5965] usb 3-1: config 0 descriptor??
[  648.698740][   T10] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  648.757869][T15628] netlink: 'syz.1.2379': attribute type 1 has an invalid length.
[  648.786222][T15628] 8021q: adding VLAN 0 to HW filter on device bond3
[  648.802748][T15628] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2379'.
[  648.814974][T15628] bond3: entered allmulticast mode
[  648.848659][   T10] usb 1-1: Using ep0 maxpacket: 8
[  648.849432][T15628] bond3: (slave dummy0): making interface the new active one
[  648.863438][T15628] dummy0: entered allmulticast mode
[  648.871882][   T10] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  648.882258][T15628] bond3: (slave dummy0): Enslaving as an active interface with an up link
[  648.891040][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.901284][   T10] usb 1-1: Product: syz
[  648.908685][   T10] usb 1-1: Manufacturer: syz
[  648.909998][T15631] FAULT_INJECTION: forcing a failure.
[  648.909998][T15631] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.926542][   T10] usb 1-1: SerialNumber: syz
[  648.926755][T15631] CPU: 1 UID: 0 PID: 15631 Comm: syz.3.2380 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  648.926796][T15631] Tainted: [L]=SOFTLOCKUP
[  648.926804][T15631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  648.926823][T15631] Call Trace:
[  648.926832][T15631]  <TASK>
[  648.926841][T15631]  dump_stack_lvl+0x189/0x250
[  648.926868][T15631]  ? __pfx____ratelimit+0x10/0x10
[  648.926897][T15631]  ? __pfx_dump_stack_lvl+0x10/0x10
[  648.926920][T15631]  ? __pfx__printk+0x10/0x10
[  648.926959][T15631]  should_fail_ex+0x414/0x560
[  648.926992][T15631]  _copy_to_user+0x31/0xb0
[  648.927016][T15631]  simple_read_from_buffer+0xe1/0x170
[  648.927040][T15631]  proc_fail_nth_read+0x1b3/0x220
[  648.927080][T15631]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  648.927111][T15631]  ? rw_verify_area+0x2a6/0x4d0
[  648.927136][T15631]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  648.927164][T15631]  vfs_read+0x200/0xa30
[  648.927189][T15631]  ? fdget_pos+0x247/0x320
[  648.927212][T15631]  ? __pfx___mutex_lock+0x10/0x10
[  648.927233][T15631]  ? __pfx_vfs_read+0x10/0x10
[  648.927260][T15631]  ? __fget_files+0x2a/0x420
[  648.927283][T15631]  ? __fget_files+0x3a0/0x420
[  648.927302][T15631]  ? __fget_files+0x2a/0x420
[  648.927331][T15631]  ksys_read+0x145/0x250
[  648.927359][T15631]  ? __pfx_ksys_read+0x10/0x10
[  648.927389][T15631]  ? do_syscall_64+0xbe/0xf80
[  648.927411][T15631]  do_syscall_64+0xfa/0xf80
[  648.927432][T15631]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.927451][T15631]  ? clear_bhb_loop+0x60/0xb0
[  648.927474][T15631]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.927492][T15631] RIP: 0033:0x7f891658e15c
[  648.927516][T15631] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  648.927534][T15631] RSP: 002b:00007f89174a5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  648.927555][T15631] RAX: ffffffffffffffda RBX: 00007f89167e5fa0 RCX: 00007f891658e15c
[  648.927569][T15631] RDX: 000000000000000f RSI: 00007f89174a50a0 RDI: 0000000000000004
[  648.927582][T15631] RBP: 00007f89174a5090 R08: 0000000000000000 R09: 0000000000000000
[  648.927594][T15631] R10: 0000000000010022 R11: 0000000000000246 R12: 0000000000000001
[  648.927606][T15631] R13: 00007f89167e6038 R14: 00007f89167e5fa0 R15: 00007f891690fa28
[  648.927638][T15631]  </TASK>
[  649.166897][T15636] fuse: Unknown parameter 'ff'
[  649.175260][   T10] usb 1-1: config 0 descriptor??
[  649.184556][   T10] gspca_main: sq905-2.14.0 probing 2770:9120
[  649.292194][T15640] netlink: 360 bytes leftover after parsing attributes in process `syz.1.2383'.
[  649.341384][ T5965] usbhid 3-1:0.0: can't add hid device: -71
[  649.347592][ T5965] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  649.370120][ T5920] gspca_stk1135: reg_w 0x352 err -71
[  649.376481][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  649.392459][ T5920] gspca_stk1135: Sensor write failed
[  649.397812][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  649.410305][ T5920] gspca_stk1135: Sensor write failed
[  649.433848][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  649.441600][ T5965] usb 3-1: USB disconnect, device number 7
[  649.448680][ T5837] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  649.450642][ T5920] gspca_stk1135: Sensor read failed
[  649.475254][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  649.483902][ T5920] gspca_stk1135: Sensor read failed
[  649.489521][ T5920] gspca_stk1135: Detected sensor type unknown (0x0)
[  649.496144][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  649.503044][ T5920] gspca_stk1135: Sensor read failed
[  649.508275][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  649.567510][ T5920] gspca_stk1135: Sensor read failed
[  649.577739][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  649.594047][   T10] gspca_sq905: sq905_command: usb_control_msg failed 2 (-71)
[  649.598633][ T5920] gspca_stk1135: Sensor write failed
[  649.608877][ T5837] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  649.629592][ T5920] gspca_stk1135: serial bus timeout: status=0x00
[  649.633987][   T10] sq905 1-1:0.0: probe with driver sq905 failed with error -71
[  649.643859][ T5837] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  649.676108][   T10] usb 1-1: USB disconnect, device number 124
[  649.682460][ T5837] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  649.696621][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  649.715528][ T5920] gspca_stk1135: Sensor write failed
[  649.731818][ T5920] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  649.732675][ T5837] usb 4-1: config 0 descriptor??
[  649.747579][ T5920] usb 5-1: USB disconnect, device number 102
[  649.778696][ T5965] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  650.226116][ T5837] ath6kl: Failed to read usb control message: -71
[  650.255588][ T5837] ath6kl: Unable to read the bmi data from the device: -71
[  650.273949][T15654] netlink: 'syz.0.2386': attribute type 1 has an invalid length.
[  650.280476][ T5837] ath6kl: Unable to recv target info: -71
[  650.304556][T15656] FAULT_INJECTION: forcing a failure.
[  650.304556][T15656] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  650.327147][ T5837] ath6kl: Failed to init ath6kl core: -71
[  650.341626][T15654] 8021q: adding VLAN 0 to HW filter on device bond2
[  650.350847][ T5837] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  650.373732][T15656] CPU: 0 UID: 0 PID: 15656 Comm: syz.4.2387 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  650.373771][T15656] Tainted: [L]=SOFTLOCKUP
[  650.373778][T15656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  650.373791][T15656] Call Trace:
[  650.373799][T15656]  <TASK>
[  650.373808][T15656]  dump_stack_lvl+0x189/0x250
[  650.373837][T15656]  ? __pfx____ratelimit+0x10/0x10
[  650.373866][T15656]  ? __pfx_dump_stack_lvl+0x10/0x10
[  650.373889][T15656]  ? __pfx__printk+0x10/0x10
[  650.373915][T15656]  ? __might_fault+0xb0/0x130
[  650.373953][T15656]  should_fail_ex+0x414/0x560
[  650.373986][T15656]  _copy_to_iter+0x404/0x1790
[  650.374020][T15656]  ? __pfx__copy_to_iter+0x10/0x10
[  650.374039][T15656]  ? traverse+0x544/0x580
[  650.374080][T15656]  seq_read_iter+0x2e9/0xe20
[  650.374114][T15656]  ? __asan_memset+0x22/0x50
[  650.374142][T15656]  seq_read+0x369/0x480
[  650.374175][T15656]  ? __pfx_seq_read+0x10/0x10
[  650.374220][T15656]  ? __pfx_seq_read+0x10/0x10
[  650.374244][T15656]  proc_reg_read+0x1e9/0x2e0
[  650.374267][T15656]  vfs_readv+0x5aa/0x850
[  650.374289][T15656]  ? __pfx_proc_reg_read+0x10/0x10
[  650.374310][T15656]  ? __pfx_vfs_readv+0x10/0x10
[  650.374345][T15656]  ? __fget_files+0x2a/0x420
[  650.374379][T15656]  ? __fget_files+0x3a0/0x420
[  650.374398][T15656]  ? __fget_files+0x2a/0x420
[  650.374426][T15656]  __x64_sys_preadv+0x197/0x2a0
[  650.374457][T15656]  ? __pfx___x64_sys_preadv+0x10/0x10
[  650.374490][T15656]  ? do_syscall_64+0xbe/0xf80
[  650.374514][T15656]  do_syscall_64+0xfa/0xf80
[  650.374532][T15656]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.374552][T15656]  ? clear_bhb_loop+0x60/0xb0
[  650.374575][T15656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.374593][T15656] RIP: 0033:0x7fb38998f749
[  650.374611][T15656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.374628][T15656] RSP: 002b:00007fb38a8fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  650.374650][T15656] RAX: ffffffffffffffda RBX: 00007fb389be5fa0 RCX: 00007fb38998f749
[  650.374666][T15656] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000004
[  650.374678][T15656] RBP: 00007fb38a8fc090 R08: 0000000000000000 R09: 0000000000000000
[  650.374689][T15656] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001
[  650.374701][T15656] R13: 00007fb389be6038 R14: 00007fb389be5fa0 R15: 00007fb389d0fa28
[  650.374731][T15656]  </TASK>
[  650.384658][T15660] netlink: 'syz.1.2388': attribute type 1 has an invalid length.
[  650.426529][ T5837] usb 4-1: USB disconnect, device number 3
[  650.437472][T15660] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2388'.
[  650.579332][T15662] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2389'.
[  650.612133][ T5965] usb 3-1: unable to read config index 0 descriptor/start: -71
[  650.621824][   T10] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[  650.647546][ T5965] usb 3-1: can't read configurations, error -71
[  650.828651][   T10] usb 1-1: Using ep0 maxpacket: 32
[  650.836403][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  650.866158][   T10] usb 1-1: config 128 has an invalid interface number: 127 but max is 3
[  650.883397][   T10] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  650.903969][   T10] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4
[  650.931565][   T10] usb 1-1: config 128 has no interface number 0
[  650.947320][   T10] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 1828, setting to 1024
[  650.961363][   T10] usb 1-1: config 128 interface 127 has no altsetting 0
[  651.030326][   T10] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  651.044502][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.049723][T15675] fuse: Unknown parameter 'ff'
[  651.053122][   T10] usb 1-1: Product: syz
[  651.061710][   T10] usb 1-1: Manufacturer: syz
[  651.068777][   T10] usb 1-1: SerialNumber: syz
[  651.115660][T15658] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  651.190614][ T5920] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  651.330526][T15654] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2386'.
[  651.359286][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  651.374591][ T5920] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  651.394437][ T5920] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  651.410779][T15654] bond2: entered allmulticast mode
[  651.439158][T15658] bond2: (slave dummy0): making interface the new active one
[  651.447437][T15658] dummy0: entered allmulticast mode
[  651.467126][T15658] bond2: (slave dummy0): Enslaving as an active interface with an up link
[  651.521031][ T5920] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  651.581023][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.616171][ T5920] usb 5-1: Product: syz
[  651.623985][ T5920] usb 5-1: Manufacturer: syz
[  651.628775][ T5920] usb 5-1: SerialNumber: syz
[  651.723253][   T10] usb 1-1: USB disconnect, device number 125
[  651.792151][ T7223] udevd[7223]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  652.229870][ T5920] usb 5-1: 0:2 : does not exist
[  652.281333][ T5920] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  652.293714][T15693] FAULT_INJECTION: forcing a failure.
[  652.293714][T15693] name failslab, interval 1, probability 0, space 0, times 0
[  652.336940][T15693] CPU: 0 UID: 0 PID: 15693 Comm: syz.1.2397 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  652.336973][T15693] Tainted: [L]=SOFTLOCKUP
[  652.336979][T15693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  652.336990][T15693] Call Trace:
[  652.336997][T15693]  <TASK>
[  652.337005][T15693]  dump_stack_lvl+0x189/0x250
[  652.337031][T15693]  ? __pfx____ratelimit+0x10/0x10
[  652.337055][T15693]  ? __pfx_dump_stack_lvl+0x10/0x10
[  652.337081][T15693]  ? __pfx__printk+0x10/0x10
[  652.337114][T15693]  ? __pfx___might_resched+0x10/0x10
[  652.337147][T15693]  should_fail_ex+0x414/0x560
[  652.337184][T15693]  should_failslab+0xa8/0x100
[  652.337211][T15693]  __kmalloc_noprof+0xcb/0x800
[  652.337250][T15693]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  652.337290][T15693]  tomoyo_realpath_from_path+0xe3/0x5d0
[  652.337319][T15693]  ? tomoyo_domain+0xd8/0x130
[  652.337353][T15693]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  652.337377][T15693]  tomoyo_path_number_perm+0x1e8/0x5a0
[  652.337402][T15693]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  652.337443][T15693]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  652.337487][T15693]  ? __fget_files+0x2a/0x420
[  652.337515][T15693]  ? __fget_files+0x3a0/0x420
[  652.337536][T15693]  ? __fget_files+0x2a/0x420
[  652.337564][T15693]  security_file_ioctl+0xcb/0x2d0
[  652.337600][T15693]  __se_sys_ioctl+0x47/0x170
[  652.337635][T15693]  do_syscall_64+0xfa/0xf80
[  652.337657][T15693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.337681][T15693]  ? clear_bhb_loop+0x60/0xb0
[  652.337704][T15693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.337721][T15693] RIP: 0033:0x7f166418f749
[  652.337745][T15693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  652.337762][T15693] RSP: 002b:00007f1664fc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  652.337788][T15693] RAX: ffffffffffffffda RBX: 00007f16643e5fa0 RCX: 00007f166418f749
[  652.337803][T15693] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  652.337820][T15693] RBP: 00007f1664fc9090 R08: 0000000000000000 R09: 0000000000000000
[  652.337833][T15693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  652.337844][T15693] R13: 00007f16643e6038 R14: 00007f16643e5fa0 R15: 00007f166450fa28
[  652.337881][T15693]  </TASK>
[  652.337894][T15693] ERROR: Out of memory at tomoyo_realpath_from_path.
[  652.348826][ T5920] usb 5-1: USB disconnect, device number 103
[  652.738674][   T10] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[  652.959087][   T10] usb 1-1: Using ep0 maxpacket: 8
[  652.981770][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  653.012525][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  653.036623][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  653.061826][T15702] syzkaller0: entered promiscuous mode
[  653.067334][T15702] syzkaller0: entered allmulticast mode
[  653.068640][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00
[  653.113808][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.133324][T15708] netlink: 'syz.2.2401': attribute type 1 has an invalid length.
[  653.152400][   T10] usb 1-1: config 0 descriptor??
[  653.175096][T15708] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2401'.
[  653.195652][T15704] syzkaller0: entered promiscuous mode
[  653.196350][T15702] FAULT_INJECTION: forcing a failure.
[  653.196350][T15702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  653.201299][T15704] syzkaller0: entered allmulticast mode
[  653.220441][T15702] CPU: 0 UID: 0 PID: 15702 Comm: syz.3.2399 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  653.220477][T15702] Tainted: [L]=SOFTLOCKUP
[  653.220485][T15702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  653.220498][T15702] Call Trace:
[  653.220507][T15702]  <TASK>
[  653.220517][T15702]  dump_stack_lvl+0x189/0x250
[  653.220545][T15702]  ? __pfx____ratelimit+0x10/0x10
[  653.220574][T15702]  ? __pfx_dump_stack_lvl+0x10/0x10
[  653.220597][T15702]  ? __pfx__printk+0x10/0x10
[  653.220639][T15702]  should_fail_ex+0x414/0x560
[  653.220673][T15702]  _copy_from_user+0x2d/0xb0
[  653.220697][T15702]  __copy_msghdr+0x3c5/0x5b0
[  653.220726][T15702]  ___sys_sendmsg+0x1a5/0x2a0
[  653.220752][T15702]  ? __pfx____sys_sendmsg+0x10/0x10
[  653.220784][T15702]  ? rcu_read_lock_any_held+0xb3/0x120
[  653.220838][T15702]  ? __fget_files+0x2a/0x420
[  653.220857][T15702]  ? __fget_files+0x3a0/0x420
[  653.220888][T15702]  __x64_sys_sendmsg+0x19b/0x260
[  653.220916][T15702]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  653.220950][T15702]  ? __pfx_ksys_write+0x10/0x10
[  653.220982][T15702]  ? do_syscall_64+0xbe/0xf80
[  653.221005][T15702]  do_syscall_64+0xfa/0xf80
[  653.221026][T15702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.221046][T15702]  ? clear_bhb_loop+0x60/0xb0
[  653.221070][T15702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.221090][T15702] RIP: 0033:0x7f891658f749
[  653.221108][T15702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  653.221127][T15702] RSP: 002b:00007f89174a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  653.221149][T15702] RAX: ffffffffffffffda RBX: 00007f89167e5fa0 RCX: 00007f891658f749
[  653.221171][T15702] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  653.221184][T15702] RBP: 00007f89174a5090 R08: 0000000000000000 R09: 0000000000000000
[  653.221197][T15702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.221210][T15702] R13: 00007f89167e6038 R14: 00007f89167e5fa0 R15: 00007f891690fa28
[  653.221243][T15702]  </TASK>
[  653.688181][   T10] apple 0003:05AC:027A.003B: hidraw0: USB HID v0.07 Device [HID 05ac:027a] on usb-dummy_hcd.0-1/input0
[  653.728661][ T5837] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  653.786963][T15724] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2406'.
[  653.818871][ T5965] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  653.833397][   T30] audit: type=1800 audit(1764955810.973:464): pid=15722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2402" name="file0" dev="fuse" ino=0 res=0 errno=0
[  653.869440][ T5837] usb 3-1: device descriptor read/64, error -71
[  653.947490][   T10] usb 1-1: USB disconnect, device number 126
[  654.126430][ T5965] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  654.138127][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  654.188755][ T5837] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  654.206632][ T5965] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  654.226015][ T5965] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.257557][ T5965] usb 5-1: config 0 descriptor??
[  654.328791][ T5837] usb 3-1: device descriptor read/64, error -71
[  654.408658][ T5920] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  654.452057][ T5837] usb usb3-port1: attempt power cycle
[  654.579134][ T5920] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD4, changing to 0x84
[  654.605296][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 51544, setting to 1024
[  654.616733][ T5920] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024
[  654.630446][ T5920] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  654.645730][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.656267][ T5920] usb 4-1: Product: syz
[  654.666288][ T5920] usb 4-1: Manufacturer: syz
[  654.676159][ T5920] usb 4-1: SerialNumber: syz
[  654.689195][ T5965] ath6kl: Failed to read usb control message: -71
[  654.695717][ T5965] ath6kl: Unable to read the bmi data from the device: -71
[  654.706331][ T5920] usb 4-1: config 0 descriptor??
[  654.737162][ T5965] ath6kl: Unable to recv target info: -71
[  654.743878][T15730] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  654.752387][ T5965] ath6kl: Failed to init ath6kl core: -71
[  654.777212][ T5965] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  654.796681][ T5965] usb 5-1: USB disconnect, device number 104
[  654.809023][ T5837] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  654.859317][ T5837] usb 3-1: device descriptor read/8, error -71
[  654.891410][T15750] netlink: 'syz.1.2413': attribute type 1 has an invalid length.
[  654.915527][T15750] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2413'.
[  654.979521][T15730] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  655.141528][ T5837] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  655.179901][ T5837] usb 3-1: device descriptor read/8, error -71
[  655.204549][   T10] usb 4-1: USB disconnect, device number 4
[  655.299122][ T5837] usb usb3-port1: unable to enumerate USB device
[  655.460720][   T30] audit: type=1800 audit(1764955812.593:465): pid=15764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2415" name="file0" dev="fuse" ino=0 res=0 errno=0
[  655.841879][   T30] audit: type=1326 audit(1764955812.983:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15752 comm="syz.1.2414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f166418f749 code=0x7fc00000
[  656.098705][ T5920] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  656.144979][T15776] FAULT_INJECTION: forcing a failure.
[  656.144979][T15776] name failslab, interval 1, probability 0, space 0, times 0
[  656.167275][T15776] CPU: 0 UID: 0 PID: 15776 Comm: syz.1.2420 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  656.167304][T15776] Tainted: [L]=SOFTLOCKUP
[  656.167308][T15776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  656.167317][T15776] Call Trace:
[  656.167327][T15776]  <TASK>
[  656.167338][T15776]  dump_stack_lvl+0x189/0x250
[  656.167367][T15776]  ? __pfx____ratelimit+0x10/0x10
[  656.167397][T15776]  ? __pfx_dump_stack_lvl+0x10/0x10
[  656.167419][T15776]  ? __pfx__printk+0x10/0x10
[  656.167449][T15776]  ? __pfx___might_resched+0x10/0x10
[  656.167468][T15776]  ? fs_reclaim_acquire+0x7d/0x100
[  656.167502][T15776]  should_fail_ex+0x414/0x560
[  656.167536][T15776]  should_failslab+0xa8/0x100
[  656.167552][T15776]  __kmalloc_noprof+0xcb/0x800
[  656.167567][T15776]  ? tomoyo_encode+0x28b/0x550
[  656.167584][T15776]  tomoyo_encode+0x28b/0x550
[  656.167599][T15776]  tomoyo_realpath_from_path+0x58d/0x5d0
[  656.167614][T15776]  ? tomoyo_domain+0xd8/0x130
[  656.167630][T15776]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  656.167641][T15776]  tomoyo_path_number_perm+0x1e8/0x5a0
[  656.167653][T15776]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  656.167672][T15776]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  656.167693][T15776]  ? __fget_files+0x2a/0x420
[  656.167707][T15776]  ? __fget_files+0x3a0/0x420
[  656.167717][T15776]  ? __fget_files+0x2a/0x420
[  656.167729][T15776]  security_file_ioctl+0xcb/0x2d0
[  656.167747][T15776]  __se_sys_ioctl+0x47/0x170
[  656.167763][T15776]  do_syscall_64+0xfa/0xf80
[  656.167775][T15776]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.167786][T15776]  ? clear_bhb_loop+0x60/0xb0
[  656.167798][T15776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.167812][T15776] RIP: 0033:0x7f166418f749
[  656.167823][T15776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  656.167833][T15776] RSP: 002b:00007f1664fc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  656.167845][T15776] RAX: ffffffffffffffda RBX: 00007f16643e5fa0 RCX: 00007f166418f749
[  656.167853][T15776] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  656.167860][T15776] RBP: 00007f1664fc9090 R08: 0000000000000000 R09: 0000000000000000
[  656.167867][T15776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  656.167873][T15776] R13: 00007f16643e6038 R14: 00007f16643e5fa0 R15: 00007f166450fa28
[  656.167890][T15776]  </TASK>
[  656.167932][T15776] ERROR: Out of memory at tomoyo_realpath_from_path.
[  656.591429][ T5920] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  656.618745][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.654262][ T5920] usb 4-1: Product: syz
[  656.658466][ T5920] usb 4-1: Manufacturer: syz
[  656.671298][ T5920] usb 4-1: SerialNumber: syz
[  656.703845][ T5920] usb 4-1: config 0 descriptor??
[  656.723320][ T5920] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  656.745739][ T5920] usb 4-1: setting power ON
[  656.761991][ T5920] dvb-usb: bulk message failed: -22 (2/0)
[  656.802255][ T5920] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  656.827887][ T5920] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-19)
[  656.848066][ T5920] dvb_usb_cxusb 4-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  656.922668][   T10] usb 4-1: USB disconnect, device number 5
[  657.285371][T15791] netlink: 'syz.4.2424': attribute type 1 has an invalid length.
[  657.303784][T15791] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2424'.
[  657.396744][T15793] FAULT_INJECTION: forcing a failure.
[  657.396744][T15793] name failslab, interval 1, probability 0, space 0, times 0
[  657.443917][T15793] CPU: 0 UID: 0 PID: 15793 Comm: syz.4.2425 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  657.443951][T15793] Tainted: [L]=SOFTLOCKUP
[  657.443959][T15793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  657.443972][T15793] Call Trace:
[  657.443980][T15793]  <TASK>
[  657.443990][T15793]  dump_stack_lvl+0x189/0x250
[  657.444019][T15793]  ? __pfx____ratelimit+0x10/0x10
[  657.444049][T15793]  ? __pfx_dump_stack_lvl+0x10/0x10
[  657.444072][T15793]  ? __pfx__printk+0x10/0x10
[  657.444103][T15793]  ? __pfx___might_resched+0x10/0x10
[  657.444125][T15793]  ? fs_reclaim_acquire+0x7d/0x100
[  657.444159][T15793]  should_fail_ex+0x414/0x560
[  657.444192][T15793]  should_failslab+0xa8/0x100
[  657.444213][T15793]  kmem_cache_alloc_node_noprof+0x77/0x710
[  657.444241][T15793]  ? __alloc_skb+0x255/0x430
[  657.444261][T15793]  ? napi_skb_cache_get+0x4a5/0x780
[  657.444279][T15793]  ? napi_skb_cache_get+0x151/0x780
[  657.444301][T15793]  __alloc_skb+0x255/0x430
[  657.444325][T15793]  ? __pfx___alloc_skb+0x10/0x10
[  657.444350][T15793]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  657.444373][T15793]  netlink_sendmsg+0x5c6/0xb30
[  657.444409][T15793]  ? __pfx_netlink_sendmsg+0x10/0x10
[  657.444438][T15793]  ? aa_sock_msg_perm+0xf1/0x1b0
[  657.444464][T15793]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  657.444492][T15793]  ? __pfx_netlink_sendmsg+0x10/0x10
[  657.444518][T15793]  __sock_sendmsg+0x21c/0x270
[  657.444549][T15793]  ____sys_sendmsg+0x505/0x820
[  657.444579][T15793]  ? __pfx_____sys_sendmsg+0x10/0x10
[  657.444611][T15793]  ? import_iovec+0x74/0xa0
[  657.444637][T15793]  ___sys_sendmsg+0x21f/0x2a0
[  657.444663][T15793]  ? __pfx____sys_sendmsg+0x10/0x10
[  657.444694][T15793]  ? rcu_read_lock_any_held+0xb3/0x120
[  657.444745][T15793]  ? __fget_files+0x2a/0x420
[  657.444765][T15793]  ? __fget_files+0x3a0/0x420
[  657.444796][T15793]  __x64_sys_sendmsg+0x19b/0x260
[  657.444827][T15793]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  657.444860][T15793]  ? __pfx_ksys_write+0x10/0x10
[  657.444896][T15793]  ? do_syscall_64+0xbe/0xf80
[  657.444919][T15793]  do_syscall_64+0xfa/0xf80
[  657.444940][T15793]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.444959][T15793]  ? clear_bhb_loop+0x60/0xb0
[  657.444983][T15793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  657.445002][T15793] RIP: 0033:0x7fb38998f749
[  657.445021][T15793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  657.445039][T15793] RSP: 002b:00007fb38a8fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  657.445060][T15793] RAX: ffffffffffffffda RBX: 00007fb389be5fa0 RCX: 00007fb38998f749
[  657.445075][T15793] RDX: 0000000004040080 RSI: 0000200000000000 RDI: 0000000000000003
[  657.445089][T15793] RBP: 00007fb38a8fc090 R08: 0000000000000000 R09: 0000000000000000
[  657.445102][T15793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  657.445114][T15793] R13: 00007fb389be6038 R14: 00007fb389be5fa0 R15: 00007fb389d0fa28
[  657.445146][T15793]  </TASK>
[  658.198645][ T5920] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  658.269175][ T5965] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  658.348657][ T5920] usb 3-1: Using ep0 maxpacket: 8
[  658.364604][ T5920] usb 3-1: unable to read config index 0 descriptor/start: -61
[  658.372660][ T5920] usb 3-1: can't read configurations, error -61
[  658.422797][ T5965] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  658.435677][ T5965] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.465455][ T5965] usb 5-1: Product: syz
[  658.474680][ T5965] usb 5-1: Manufacturer: syz
[  658.488192][ T5965] usb 5-1: SerialNumber: syz
[  658.524991][ T5920] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  658.560056][ T5965] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  658.599217][ T5939] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  658.691697][ T5920] usb 3-1: Using ep0 maxpacket: 8
[  658.700344][ T5920] usb 3-1: unable to read config index 0 descriptor/start: -61
[  658.708181][ T5920] usb 3-1: can't read configurations, error -61
[  658.728845][ T5920] usb usb3-port1: attempt power cycle
[  659.078692][ T5965] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  659.108720][ T5920] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  659.132261][ T5920] usb 3-1: Using ep0 maxpacket: 8
[  659.140169][ T5920] usb 3-1: unable to read config index 0 descriptor/start: -61
[  659.147802][ T5920] usb 3-1: can't read configurations, error -61
[  659.282644][   T10] usb 5-1: USB disconnect, device number 105
[  659.287907][ T5920] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  659.307680][ T5965] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.352530][ T5920] usb 3-1: Using ep0 maxpacket: 8
[  659.368759][ T5965] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  659.387892][ T5920] usb 3-1: unable to read config index 0 descriptor/start: -61
[  659.407511][ T5920] usb 3-1: can't read configurations, error -61
[  659.415087][ T5965] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  659.434865][ T5920] usb usb3-port1: unable to enumerate USB device
[  659.444482][ T5965] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  659.453390][ T5965] usb 4-1: Manufacturer: syz
[  659.460780][ T5965] usb 4-1: config 0 descriptor??
[  659.469776][ T5965] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  659.679189][ T5939] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  659.691854][ T5939] ath9k_htc: Failed to initialize the device
[  659.698830][   T10] usb 5-1: ath9k_htc: USB layer deinitialized
[  659.745088][   T30] audit: type=1326 audit(1764955816.883:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15806 comm="syz.0.2430" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fec05b8f749 code=0x0
[  660.178758][   T10] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  660.308861][   T10] usb 5-1: device descriptor read/64, error -71
[  660.548796][   T10] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  660.678692][   T10] usb 5-1: device descriptor read/64, error -71
[  660.788979][   T10] usb usb5-port1: attempt power cycle
[  660.888669][ T5837] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[  660.918995][ T5965] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  660.985835][T15822] netlink: 'syz.2.2435': attribute type 1 has an invalid length.
[  660.994825][T15822] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2435'.
[  661.040331][ T5837] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  661.051512][ T5837] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  661.063202][ T5837] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  661.074115][ T5837] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  661.080570][ T5965] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  661.090159][ T5837] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  661.099047][ T5965] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  661.109695][ T5837] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  661.119086][ T5965] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  661.127502][ T5837] usb 1-1: Manufacturer: syz
[  661.136587][ T5965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  661.142466][   T10] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  661.160373][ T5965] usb 2-1: config 0 descriptor??
[  661.171315][ T5837] usb 1-1: config 0 descriptor??
[  661.179260][   T10] usb 5-1: device descriptor read/8, error -71
[  661.358678][ T5920] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  661.411133][T15819] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.420237][T15819] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.430025][   T10] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  661.449649][   T10] usb 5-1: device descriptor read/8, error -71
[  661.498756][ T5920] usb 3-1: device descriptor read/64, error -71
[  661.555632][ T5965] ath6kl: Failed to submit usb control message: -71
[  661.559598][   T10] usb usb5-port1: unable to enumerate USB device
[  661.562670][ T5965] ath6kl: unable to send the bmi data to the device: -71
[  661.576484][ T5965] ath6kl: Unable to send get target info: -71
[  661.590154][ T5965] ath6kl: Failed to init ath6kl core: -71
[  661.597183][ T5965] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  661.601762][ T5837] hid_parser_main: 59 callbacks suppressed
[  661.601786][ T5837] appleir 0003:05AC:8243.003C: unknown main item tag 0x0
[  661.621796][ T5965] usb 2-1: USB disconnect, device number 93
[  661.649308][ T5837] appleir 0003:05AC:8243.003C: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  661.748687][ T5920] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  661.811243][ T5939] usb 4-1: USB disconnect, device number 6
[  661.878752][ T5920] usb 3-1: device descriptor read/64, error -71
[  661.942789][T15834] trusted_key: encrypted_key: insufficient parameters specified
[  661.988948][ T5920] usb usb3-port1: attempt power cycle
[  662.168455][T15845] FAULT_INJECTION: forcing a failure.
[  662.168455][T15845] name failslab, interval 1, probability 0, space 0, times 0
[  662.184298][T15845] CPU: 1 UID: 0 PID: 15845 Comm: syz.1.2442 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  662.184330][T15845] Tainted: [L]=SOFTLOCKUP
[  662.184337][T15845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  662.184348][T15845] Call Trace:
[  662.184363][T15845]  <TASK>
[  662.184371][T15845]  dump_stack_lvl+0x189/0x250
[  662.184401][T15845]  ? __pfx____ratelimit+0x10/0x10
[  662.184428][T15845]  ? __pfx_dump_stack_lvl+0x10/0x10
[  662.184451][T15845]  ? __pfx__printk+0x10/0x10
[  662.184482][T15845]  ? __pfx___might_resched+0x10/0x10
[  662.184502][T15845]  ? fs_reclaim_acquire+0x7d/0x100
[  662.184533][T15845]  should_fail_ex+0x414/0x560
[  662.184563][T15845]  should_failslab+0xa8/0x100
[  662.184583][T15845]  __kmalloc_cache_noprof+0x6f/0x6f0
[  662.184610][T15845]  ? sctp_association_new+0x89/0x25c0
[  662.184635][T15845]  sctp_association_new+0x89/0x25c0
[  662.184657][T15845]  ? sctp_has_association+0x1cd/0x1f0
[  662.184677][T15845]  ? sctp_has_association+0x2f/0x1f0
[  662.184711][T15845]  sctp_connect_new_asoc+0x2c5/0x690
[  662.184734][T15845]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  662.184755][T15845]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  662.184775][T15845]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  662.184793][T15845]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  662.184813][T15845]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  662.184832][T15845]  ? security_sctp_bind_connect+0x7e/0x2e0
[  662.184866][T15845]  sctp_sendmsg+0x155c/0x2810
[  662.184897][T15845]  ? __pfx_sctp_sendmsg+0x10/0x10
[  662.184914][T15845]  ? aa_sk_perm+0x15f/0x920
[  662.184938][T15845]  ? aa_sk_perm+0x7ee/0x920
[  662.184964][T15845]  ? __pfx_aa_sk_perm+0x10/0x10
[  662.184988][T15845]  ? sock_rps_record_flow+0x19/0x410
[  662.185017][T15845]  ? inet_sendmsg+0x2f4/0x370
[  662.185040][T15845]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  662.185072][T15845]  __sock_sendmsg+0x19c/0x270
[  662.185104][T15845]  __sys_sendto+0x3bd/0x520
[  662.185128][T15845]  ? __pfx___sys_sendto+0x10/0x10
[  662.185148][T15845]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  662.185182][T15845]  ? __fget_files+0x3a0/0x420
[  662.185213][T15845]  ? ksys_write+0x22a/0x250
[  662.185261][T15845]  ? __pfx_ksys_write+0x10/0x10
[  662.185291][T15845]  __x64_sys_sendto+0xde/0x100
[  662.185315][T15845]  do_syscall_64+0xfa/0xf80
[  662.185336][T15845]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.185357][T15845]  ? clear_bhb_loop+0x60/0xb0
[  662.185381][T15845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.185399][T15845] RIP: 0033:0x7f166418f749
[  662.185417][T15845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  662.185433][T15845] RSP: 002b:00007f1664fc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  662.185454][T15845] RAX: ffffffffffffffda RBX: 00007f16643e5fa0 RCX: 00007f166418f749
[  662.185468][T15845] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000003
[  662.185480][T15845] RBP: 00007f1664fc9090 R08: 00002000000000c0 R09: 0000000000000010
[  662.185493][T15845] R10: 000000002000c8d4 R11: 0000000000000246 R12: 0000000000000001
[  662.185505][T15845] R13: 00007f16643e6038 R14: 00007f16643e5fa0 R15: 00007f166450fa28
[  662.185536][T15845]  </TASK>
[  662.559140][ T5920] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  662.589671][ T5920] usb 3-1: device descriptor read/8, error -71
[  662.622371][T15853] FAULT_INJECTION: forcing a failure.
[  662.622371][T15853] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  662.626949][ T5837] usb 1-1: USB disconnect, device number 127
[  662.636112][ T5939] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  662.650238][T15853] CPU: 1 UID: 0 PID: 15853 Comm: syz.1.2446 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  662.650270][T15853] Tainted: [L]=SOFTLOCKUP
[  662.650277][T15853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  662.650289][T15853] Call Trace:
[  662.650297][T15853]  <TASK>
[  662.650305][T15853]  dump_stack_lvl+0x189/0x250
[  662.650334][T15853]  ? __pfx____ratelimit+0x10/0x10
[  662.650362][T15853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  662.650384][T15853]  ? __pfx__printk+0x10/0x10
[  662.650429][T15853]  should_fail_ex+0x414/0x560
[  662.650461][T15853]  _copy_from_user+0x2d/0xb0
[  662.650481][T15853]  __copy_msghdr+0x3c5/0x5b0
[  662.650507][T15853]  ___sys_sendmsg+0x1a5/0x2a0
[  662.650531][T15853]  ? __pfx____sys_sendmsg+0x10/0x10
[  662.650561][T15853]  ? rcu_read_lock_any_held+0xb3/0x120
[  662.650613][T15853]  ? __fget_files+0x2a/0x420
[  662.650632][T15853]  ? __fget_files+0x3a0/0x420
[  662.650660][T15853]  __x64_sys_sendmsg+0x19b/0x260
[  662.650685][T15853]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  662.650717][T15853]  ? __pfx_ksys_write+0x10/0x10
[  662.650745][T15853]  ? do_syscall_64+0xbe/0xf80
[  662.650769][T15853]  do_syscall_64+0xfa/0xf80
[  662.650790][T15853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.650811][T15853]  ? clear_bhb_loop+0x60/0xb0
[  662.650839][T15853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  662.650859][T15853] RIP: 0033:0x7f166418f749
[  662.650877][T15853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  662.650893][T15853] RSP: 002b:00007f1664fc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  662.650911][T15853] RAX: ffffffffffffffda RBX: 00007f16643e5fa0 RCX: 00007f166418f749
[  662.650925][T15853] RDX: 000000001000c0c0 RSI: 00002000000000c0 RDI: 0000000000000003
[  662.650939][T15853] RBP: 00007f1664fc9090 R08: 0000000000000000 R09: 0000000000000000
[  662.650951][T15853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  662.650962][T15853] R13: 00007f16643e6038 R14: 00007f16643e5fa0 R15: 00007f166450fa28
[  662.650994][T15853]  </TASK>
[  662.952580][ T5939] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  662.964498][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  662.975833][ T5939] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  662.985131][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.997783][ T5939] usb 4-1: config 0 descriptor??
[  663.002910][ T5920] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  663.029147][ T5920] usb 3-1: device descriptor read/8, error -71
[  663.160041][ T5920] usb usb3-port1: unable to enumerate USB device
[  663.451633][ T5939] ath6kl: Failed to read usb control message: -71
[  663.458138][ T5939] ath6kl: Unable to read the bmi data from the device: -71
[  663.465817][ T5920] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  663.489215][ T5939] ath6kl: Unable to recv target info: -71
[  663.535537][ T5939] ath6kl: Failed to init ath6kl core: -71
[  663.547794][ T5939] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  663.615278][ T5939] usb 4-1: USB disconnect, device number 7
[  663.643516][ T5920] usb 2-1: config 0 has no interfaces?
[  663.657005][ T5920] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  663.667613][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.698667][ T5920] usb 2-1: Product: syz
[  663.707723][ T5920] usb 2-1: Manufacturer: syz
[  663.717100][ T5920] usb 2-1: SerialNumber: syz
[  663.732246][ T5920] usb 2-1: config 0 descriptor??
[  663.839103][ T5965] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  663.992730][ T5965] usb 1-1: unable to get BOS descriptor or descriptor too short
[  664.001268][ T5965] usb 1-1: not running at top speed; connect to a high speed hub
[  664.004120][T15867] loop6: detected capacity change from 0 to 524288000
[  664.030230][ T5965] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[  664.063356][ T5965] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  664.073435][ T5965] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.084193][ T5965] usb 1-1: Product: syz
[  664.092071][ T5965] usb 1-1: Manufacturer: syz
[  664.096796][ T5965] usb 1-1: SerialNumber: syz
[  664.304691][T15882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2454'.
[  664.324323][ T5965] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  664.342367][T15882] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2454'.
[  664.400229][ T5965] usb 1-1: USB disconnect, device number 2
[  664.406325][T15885] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2453'.
[  664.490256][ T7223] udevd[7223]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  665.048773][ T5837] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  665.238694][ T5837] usb 3-1: device descriptor read/64, error -71
[  665.489188][ T5837] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  665.618249][T15914] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2466'.
[  665.633435][T15914] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2466'.
[  665.645473][ T5837] usb 3-1: device descriptor read/64, error -71
[  665.771395][ T5837] usb usb3-port1: attempt power cycle
[  665.808043][T15919] FAULT_INJECTION: forcing a failure.
[  665.808043][T15919] name failslab, interval 1, probability 0, space 0, times 0
[  665.822083][T15919] CPU: 0 UID: 0 PID: 15919 Comm: syz.4.2468 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  665.822116][T15919] Tainted: [L]=SOFTLOCKUP
[  665.822124][T15919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  665.822136][T15919] Call Trace:
[  665.822145][T15919]  <TASK>
[  665.822153][T15919]  dump_stack_lvl+0x189/0x250
[  665.822182][T15919]  ? __pfx____ratelimit+0x10/0x10
[  665.822223][T15919]  ? __pfx_dump_stack_lvl+0x10/0x10
[  665.822247][T15919]  ? __pfx__printk+0x10/0x10
[  665.822281][T15919]  ? __pfx___might_resched+0x10/0x10
[  665.822302][T15919]  ? fs_reclaim_acquire+0x7d/0x100
[  665.822336][T15919]  should_fail_ex+0x414/0x560
[  665.822370][T15919]  should_failslab+0xa8/0x100
[  665.822391][T15919]  __kmalloc_noprof+0xcb/0x800
[  665.822418][T15919]  ? tomoyo_encode+0x28b/0x550
[  665.822447][T15919]  tomoyo_encode+0x28b/0x550
[  665.822477][T15919]  tomoyo_realpath_from_path+0x58d/0x5d0
[  665.822504][T15919]  ? tomoyo_domain+0xd8/0x130
[  665.822535][T15919]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  665.822555][T15919]  tomoyo_path_number_perm+0x1e8/0x5a0
[  665.822579][T15919]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  665.822616][T15919]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  665.822657][T15919]  ? __fget_files+0x2a/0x420
[  665.822683][T15919]  ? __fget_files+0x3a0/0x420
[  665.822702][T15919]  ? __fget_files+0x2a/0x420
[  665.822727][T15919]  security_file_ioctl+0xcb/0x2d0
[  665.822760][T15919]  __se_sys_ioctl+0x47/0x170
[  665.822789][T15919]  do_syscall_64+0xfa/0xf80
[  665.822811][T15919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.822831][T15919]  ? clear_bhb_loop+0x60/0xb0
[  665.822855][T15919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.822874][T15919] RIP: 0033:0x7fb38998f749
[  665.822892][T15919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  665.822910][T15919] RSP: 002b:00007fb38a8fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  665.822932][T15919] RAX: ffffffffffffffda RBX: 00007fb389be5fa0 RCX: 00007fb38998f749
[  665.822947][T15919] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  665.822960][T15919] RBP: 00007fb38a8fc090 R08: 0000000000000000 R09: 0000000000000000
[  665.822973][T15919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.822986][T15919] R13: 00007fb389be6038 R14: 00007fb389be5fa0 R15: 00007fb389d0fa28
[  665.823020][T15919]  </TASK>
[  665.823047][T15919] ERROR: Out of memory at tomoyo_realpath_from_path.
[  666.241508][ T5965] usb 2-1: USB disconnect, device number 94
[  666.337916][T15926] FAULT_INJECTION: forcing a failure.
[  666.337916][T15926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  666.351346][ T5837] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  666.357827][T15926] CPU: 1 UID: 0 PID: 15926 Comm: syz.1.2471 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  666.357860][T15926] Tainted: [L]=SOFTLOCKUP
[  666.357868][T15926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  666.357881][T15926] Call Trace:
[  666.357889][T15926]  <TASK>
[  666.357899][T15926]  dump_stack_lvl+0x189/0x250
[  666.357928][T15926]  ? __pfx____ratelimit+0x10/0x10
[  666.357958][T15926]  ? __pfx_dump_stack_lvl+0x10/0x10
[  666.357981][T15926]  ? __pfx__printk+0x10/0x10
[  666.358019][T15926]  should_fail_ex+0x414/0x560
[  666.358052][T15926]  _copy_to_user+0x31/0xb0
[  666.358075][T15926]  simple_read_from_buffer+0xe1/0x170
[  666.358100][T15926]  proc_fail_nth_read+0x1b3/0x220
[  666.358131][T15926]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  666.358162][T15926]  ? rw_verify_area+0x2a6/0x4d0
[  666.358188][T15926]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  666.358216][T15926]  vfs_read+0x200/0xa30
[  666.358240][T15926]  ? fdget_pos+0x247/0x320
[  666.358265][T15926]  ? __pfx___mutex_lock+0x10/0x10
[  666.358286][T15926]  ? __pfx_vfs_read+0x10/0x10
[  666.358320][T15926]  ? __fget_files+0x2a/0x420
[  666.358345][T15926]  ? __fget_files+0x3a0/0x420
[  666.358363][T15926]  ? __fget_files+0x2a/0x420
[  666.358391][T15926]  ksys_read+0x145/0x250
[  666.358419][T15926]  ? __pfx_ksys_read+0x10/0x10
[  666.358449][T15926]  ? do_syscall_64+0xbe/0xf80
[  666.358472][T15926]  do_syscall_64+0xfa/0xf80
[  666.358493][T15926]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.358515][T15926]  ? clear_bhb_loop+0x60/0xb0
[  666.358551][T15926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.358570][T15926] RIP: 0033:0x7f166418e15c
[  666.358601][T15926] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  666.358620][T15926] RSP: 002b:00007f1664fc9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  666.358640][T15926] RAX: ffffffffffffffda RBX: 00007f16643e5fa0 RCX: 00007f166418e15c
[  666.358655][T15926] RDX: 000000000000000f RSI: 00007f1664fc90a0 RDI: 0000000000000004
[  666.358668][T15926] RBP: 00007f1664fc9090 R08: 0000000000000000 R09: 0000000000000000
[  666.358680][T15926] R10: 0000000040002122 R11: 0000000000000246 R12: 0000000000000001
[  666.358693][T15926] R13: 00007f16643e6038 R14: 00007f16643e5fa0 R15: 00007f166450fa28
[  666.358724][T15926]  </TASK>
[  666.589301][   T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  666.609257][ T5837] usb 3-1: device descriptor read/8, error -71
[  666.758876][   T10] usb 4-1: Using ep0 maxpacket: 32
[  666.772293][   T10] usb 4-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=26.2f
[  666.781748][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.790493][   T10] usb 4-1: Product: syz
[  666.794791][   T10] usb 4-1: Manufacturer: syz
[  666.800124][   T10] usb 4-1: SerialNumber: syz
[  666.807303][   T10] usb 4-1: config 0 descriptor??
[  666.816831][   T10] ums-onetouch 4-1:0.0: USB Mass Storage device detected
[  666.848804][ T5837] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  666.869355][ T5837] usb 3-1: device descriptor read/8, error -71
[  666.979157][ T5837] usb usb3-port1: unable to enumerate USB device
[  667.017969][ T5965] usb 4-1: USB disconnect, device number 8
[  667.624711][T15946] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2477'.
[  667.818889][ T5837] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  667.867699][T15955] FAULT_INJECTION: forcing a failure.
[  667.867699][T15955] name failslab, interval 1, probability 0, space 0, times 0
[  667.907132][T15955] CPU: 0 UID: 0 PID: 15955 Comm: syz.2.2481 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  667.907168][T15955] Tainted: [L]=SOFTLOCKUP
[  667.907176][T15955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  667.907189][T15955] Call Trace:
[  667.907198][T15955]  <TASK>
[  667.907208][T15955]  dump_stack_lvl+0x189/0x250
[  667.907235][T15955]  ? __pfx____ratelimit+0x10/0x10
[  667.907266][T15955]  ? __pfx_dump_stack_lvl+0x10/0x10
[  667.907290][T15955]  ? __pfx__printk+0x10/0x10
[  667.907320][T15955]  ? __pfx___might_resched+0x10/0x10
[  667.907343][T15955]  ? fs_reclaim_acquire+0x7d/0x100
[  667.907377][T15955]  should_fail_ex+0x414/0x560
[  667.907411][T15955]  should_failslab+0xa8/0x100
[  667.907433][T15955]  kmem_cache_alloc_node_noprof+0x77/0x710
[  667.907461][T15955]  ? __alloc_skb+0x255/0x430
[  667.907481][T15955]  ? napi_skb_cache_get+0x4a5/0x780
[  667.907501][T15955]  ? napi_skb_cache_get+0x151/0x780
[  667.907526][T15955]  __alloc_skb+0x255/0x430
[  667.907551][T15955]  ? __pfx___alloc_skb+0x10/0x10
[  667.907577][T15955]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  667.907600][T15955]  netlink_sendmsg+0x5c6/0xb30
[  667.907637][T15955]  ? __pfx_netlink_sendmsg+0x10/0x10
[  667.907666][T15955]  ? aa_sock_msg_perm+0xf1/0x1b0
[  667.907693][T15955]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  667.907721][T15955]  ? __pfx_netlink_sendmsg+0x10/0x10
[  667.907748][T15955]  __sock_sendmsg+0x21c/0x270
[  667.907779][T15955]  ____sys_sendmsg+0x505/0x820
[  667.907809][T15955]  ? __pfx_____sys_sendmsg+0x10/0x10
[  667.907842][T15955]  ? import_iovec+0x74/0xa0
[  667.907867][T15955]  ___sys_sendmsg+0x21f/0x2a0
[  667.907894][T15955]  ? __pfx____sys_sendmsg+0x10/0x10
[  667.907926][T15955]  ? rcu_read_lock_any_held+0xb3/0x120
[  667.907985][T15955]  ? __fget_files+0x2a/0x420
[  667.908005][T15955]  ? __fget_files+0x3a0/0x420
[  667.908035][T15955]  __x64_sys_sendmsg+0x19b/0x260
[  667.908063][T15955]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  667.908097][T15955]  ? __pfx_ksys_write+0x10/0x10
[  667.908128][T15955]  ? do_syscall_64+0xbe/0xf80
[  667.908151][T15955]  do_syscall_64+0xfa/0xf80
[  667.908173][T15955]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.908193][T15955]  ? clear_bhb_loop+0x60/0xb0
[  667.908217][T15955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.908237][T15955] RIP: 0033:0x7f0a54d8f749
[  667.908255][T15955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  667.908273][T15955] RSP: 002b:00007f0a55b98038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  667.908294][T15955] RAX: ffffffffffffffda RBX: 00007f0a54fe5fa0 RCX: 00007f0a54d8f749
[  667.908310][T15955] RDX: 0000000000004040 RSI: 00002000000000c0 RDI: 0000000000000003
[  667.908324][T15955] RBP: 00007f0a55b98090 R08: 0000000000000000 R09: 0000000000000000
[  667.908338][T15955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  667.908351][T15955] R13: 00007f0a54fe6038 R14: 00007f0a54fe5fa0 R15: 00007f0a5510fa28
[  667.908384][T15955]  </TASK>
[  668.292817][ T5837] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  668.302849][ T5837] usb 4-1: config 0 interface 0 has no altsetting 0
[  668.310004][ T5837] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  668.319246][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.333210][ T5837] usb 4-1: config 0 descriptor??
[  668.501075][T15968] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2487'.
[  668.578681][ T5965] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  668.691549][T15973] netlink: 116 bytes leftover after parsing attributes in process `syz.4.2489'.
[  668.728670][ T5965] usb 3-1: Using ep0 maxpacket: 8
[  668.736193][ T5965] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  668.746467][ T5965] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  668.760264][ T5965] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  668.772588][    C0] raw-gadget.1 gadget.3: ignoring, device is not running
[  668.776499][ T5965] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  668.800209][   T30] audit: type=1800 audit(1764955825.933:468): pid=15975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2486" name="file0" dev="fuse" ino=0 res=0 errno=0
[  668.800635][    C0] raw-gadget.1 gadget.3: ignoring, device is not running
[  668.835134][    C0] raw-gadget.1 gadget.3: ignoring, device is not running
[  668.878477][ T5837] usbhid 4-1:0.0: can't add hid device: -32
[  668.885331][ T5837] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[  668.948228][ T5965] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  668.957943][ T5965] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.960010][ T5837] usb 4-1: USB disconnect, device number 9
[  668.985692][ T5965] hub 3-1:1.0: bad descriptor, ignoring hub
[  668.998419][ T5965] hub 3-1:1.0: probe with driver hub failed with error -5
[  669.022169][ T5965] cdc_wdm 3-1:1.0: skipping garbage
[  669.028211][ T5965] cdc_wdm 3-1:1.0: skipping garbage
[  669.047012][ T5965] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  669.062563][ T5965] cdc_wdm 3-1:1.0: Unknown control protocol
[  669.288615][ T5965] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  669.520342][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  669.531825][ T5965] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  669.542128][ T5965] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  669.566703][ T5965] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  669.583504][ T5965] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.601551][ T5965] usb 5-1: config 0 descriptor??
[  669.643974][T15988] fuse: Bad value for 'group_id'
[  669.651119][T15988] fuse: Bad value for 'group_id'
[  669.818979][ T5920] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[  669.980986][ T5920] usb 2-1: unable to get BOS descriptor or descriptor too short
[  669.991433][   T30] audit: type=1326 audit(1764955827.133:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.004800][T15960] usb 3-1: reset high-speed USB device number 26 using dummy_hcd
[  670.030105][ T5920] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 192, changing to 11
[  670.037522][T15996] No such timeout policy "syz1"
[  670.042674][ T5920] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x2 has an invalid bInterval 250, changing to 11
[  670.052235][T15960] usb 3-1: device reset changed ep0 maxpacket size!
[  670.058129][   T30] audit: type=1326 audit(1764955827.133:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.077043][ T5837] usb 3-1: USB disconnect, device number 26
[  670.094714][ T5920] usb 2-1: config 1 interface 0 has no altsetting 0
[  670.096298][ T5965] plantronics 0003:047F:FFFF.003D: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  670.116671][   T30] audit: type=1326 audit(1764955827.163:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.142789][ T5920] usb 2-1: New USB device found, idVendor=1b96, idProduct=000b, bcdDevice= 0.40
[  670.152008][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.161228][ T5920] usb 2-1: Product: 㐊
[  670.171919][ T5920] usb 2-1: Manufacturer: 謒嫩뷓ꞝۅ袗昗킙醽弪Ὠ膨悢갛칀⸪팭≥⓫腈푗ᶽ㭊콘퍶鴖嘊켴ﻹ瓄槪紩ᲄ፦쯷撋곲隩嗉퇸芾禦奃늏즾찗驔鱭
[  670.190479][   T30] audit: type=1326 audit(1764955827.163:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.213330][ T5920] usb 2-1: SerialNumber: 倊
[  670.220304][   T30] audit: type=1326 audit(1764955827.163:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.244037][   T30] audit: type=1326 audit(1764955827.163:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.268413][   T30] audit: type=1326 audit(1764955827.163:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.291385][   T30] audit: type=1326 audit(1764955827.163:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.313840][ T5837] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  670.338639][   T30] audit: type=1326 audit(1764955827.163:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15995 comm="syz.3.2496" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f891658f749 code=0x7ffc0000
[  670.351337][T16000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.373096][T16000] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.483524][ T5837] usb 3-1: config 0 has no interfaces?
[  670.489314][ T5837] usb 3-1: New USB device found, idVendor=0471, idProduct=030c, bcdDevice=e4.df
[  670.490257][ T5920] usbhid 2-1:1.0: can't add hid device: -71
[  670.504874][ T5920] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  670.505098][ T5837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.518381][ T5920] usb 2-1: USB disconnect, device number 95
[  670.542952][ T5837] usb 3-1: config 0 descriptor??
[  670.789093][ T5837] usb 3-1: USB disconnect, device number 27
[  670.857306][T16002] FAULT_INJECTION: forcing a failure.
[  670.857306][T16002] name failslab, interval 1, probability 0, space 0, times 0
[  670.879897][T16002] CPU: 0 UID: 0 PID: 16002 Comm: syz.3.2497 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  670.879939][T16002] Tainted: [L]=SOFTLOCKUP
[  670.879947][T16002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  670.879959][T16002] Call Trace:
[  670.879967][T16002]  <TASK>
[  670.879976][T16002]  dump_stack_lvl+0x189/0x250
[  670.880004][T16002]  ? __pfx____ratelimit+0x10/0x10
[  670.880033][T16002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  670.880054][T16002]  ? __pfx__printk+0x10/0x10
[  670.880081][T16002]  ? __pfx___might_resched+0x10/0x10
[  670.880101][T16002]  ? fs_reclaim_acquire+0x7d/0x100
[  670.880131][T16002]  should_fail_ex+0x414/0x560
[  670.880166][T16002]  should_failslab+0xa8/0x100
[  670.880184][T16002]  kmem_cache_alloc_node_noprof+0x77/0x710
[  670.880209][T16002]  ? __alloc_skb+0x255/0x430
[  670.880228][T16002]  ? napi_skb_cache_get+0x4a5/0x780
[  670.880246][T16002]  ? napi_skb_cache_get+0x151/0x780
[  670.880270][T16002]  __alloc_skb+0x255/0x430
[  670.880291][T16002]  ? __pfx___alloc_skb+0x10/0x10
[  670.880315][T16002]  ? netlink_autobind+0xdb/0x300
[  670.880340][T16002]  ? netlink_autobind+0x2c2/0x300
[  670.880369][T16002]  netlink_sendmsg+0x5c6/0xb30
[  670.880401][T16002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.880430][T16002]  ? aa_sock_msg_perm+0xf1/0x1b0
[  670.880455][T16002]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  670.880485][T16002]  ? __pfx_netlink_sendmsg+0x10/0x10
[  670.880511][T16002]  __sock_sendmsg+0x21c/0x270
[  670.880542][T16002]  ____sys_sendmsg+0x505/0x820
[  670.880571][T16002]  ? __pfx_____sys_sendmsg+0x10/0x10
[  670.880605][T16002]  ? import_iovec+0x74/0xa0
[  670.880630][T16002]  ___sys_sendmsg+0x21f/0x2a0
[  670.880657][T16002]  ? __pfx____sys_sendmsg+0x10/0x10
[  670.880686][T16002]  ? rcu_read_lock_any_held+0xb3/0x120
[  670.880732][T16002]  ? __fget_files+0x2a/0x420
[  670.880750][T16002]  ? __fget_files+0x3a0/0x420
[  670.880780][T16002]  __x64_sys_sendmsg+0x19b/0x260
[  670.880807][T16002]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  670.880839][T16002]  ? __pfx_ksys_write+0x10/0x10
[  670.880870][T16002]  ? do_syscall_64+0xbe/0xf80
[  670.880894][T16002]  do_syscall_64+0xfa/0xf80
[  670.880914][T16002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.880942][T16002]  ? clear_bhb_loop+0x60/0xb0
[  670.880966][T16002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.880986][T16002] RIP: 0033:0x7f891658f749
[  670.881005][T16002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  670.881023][T16002] RSP: 002b:00007f89174a5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  670.881045][T16002] RAX: ffffffffffffffda RBX: 00007f89167e5fa0 RCX: 00007f891658f749
[  670.881060][T16002] RDX: 000000000000c094 RSI: 0000200000000200 RDI: 0000000000000003
[  670.881073][T16002] RBP: 00007f89174a5090 R08: 0000000000000000 R09: 0000000000000000
[  670.881086][T16002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  670.881098][T16002] R13: 00007f89167e6038 R14: 00007f89167e5fa0 R15: 00007f891690fa28
[  670.881130][T16002]  </TASK>
[  671.195827][T16005] netlink: 'syz.0.2498': attribute type 2 has an invalid length.
[  671.281932][T16009] FAULT_INJECTION: forcing a failure.
[  671.281932][T16009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  671.305469][T16009] CPU: 1 UID: 0 PID: 16009 Comm: syz.1.2500 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  671.305501][T16009] Tainted: [L]=SOFTLOCKUP
[  671.305509][T16009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  671.305519][T16009] Call Trace:
[  671.305526][T16009]  <TASK>
[  671.305535][T16009]  dump_stack_lvl+0x189/0x250
[  671.305562][T16009]  ? __pfx____ratelimit+0x10/0x10
[  671.305591][T16009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  671.305613][T16009]  ? __pfx__printk+0x10/0x10
[  671.305640][T16009]  ? __might_fault+0xb0/0x130
[  671.305672][T16009]  should_fail_ex+0x414/0x560
[  671.305712][T16009]  _copy_from_user+0x2d/0xb0
[  671.305734][T16009]  __sys_sendto+0x25c/0x520
[  671.305757][T16009]  ? __pfx___sys_sendto+0x10/0x10
[  671.305776][T16009]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  671.305811][T16009]  ? __fget_files+0x3a0/0x420
[  671.305839][T16009]  ? ksys_write+0x22a/0x250
[  671.305869][T16009]  ? __pfx_ksys_write+0x10/0x10
[  671.305900][T16009]  __x64_sys_sendto+0xde/0x100
[  671.305925][T16009]  do_syscall_64+0xfa/0xf80
[  671.305945][T16009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.305965][T16009]  ? clear_bhb_loop+0x60/0xb0
[  671.305988][T16009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.306006][T16009] RIP: 0033:0x7f166418f749
[  671.306022][T16009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.306040][T16009] RSP: 002b:00007f1664fc9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  671.306059][T16009] RAX: ffffffffffffffda RBX: 00007f16643e5fa0 RCX: 00007f166418f749
[  671.306078][T16009] RDX: 000000000000fce0 RSI: 00002000000002c0 RDI: 0000000000000003
[  671.306089][T16009] RBP: 00007f1664fc9090 R08: 0000200000000140 R09: 0000000000000014
[  671.306100][T16009] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  671.306111][T16009] R13: 00007f16643e6038 R14: 00007f16643e5fa0 R15: 00007f166450fa28
[  671.306136][T16009]  </TASK>
[  671.800223][T16024] ip6t_srh: unknown srh invflags 4000
[  671.821300][ T5837] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  671.928403][T16024] 8021q: adding VLAN 0 to HW filter on device team0
[  671.928790][   T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  671.970910][T16024] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  671.986512][ T5837] usb 2-1: Using ep0 maxpacket: 16
[  672.012285][ T5837] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10
[  672.021625][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.030325][ T5837] usb 2-1: Product: syz
[  672.034808][ T5837] usb 2-1: Manufacturer: syz
[  672.039871][ T5837] usb 2-1: SerialNumber: syz
[  672.076392][ T5837] usb 2-1: config 0 descriptor??
[  672.087473][ T5837] go7007 2-1:0.0: probe with driver go7007 failed with error -12
[  672.095398][   T10] usb 4-1: Using ep0 maxpacket: 32
[  672.105497][ T5973] usb 5-1: USB disconnect, device number 110
[  672.163632][   T10] usb 4-1: config 9 has an invalid interface number: 37 but max is 0
[  672.198263][   T10] usb 4-1: config 9 has no interface number 0
[  672.213365][   T10] usb 4-1: config 9 interface 37 has no altsetting 0
[  672.228644][   T10] usb 4-1: New USB device found, idVendor=0734, idProduct=043b, bcdDevice=d8.00
[  672.242529][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.352384][ T5837] usb 2-1: USB disconnect, device number 96
[  672.432964][   T10] usb 4-1: Product: х
[  672.439067][   T10] usb 4-1: Manufacturer: 틙䎞읖䅓丯椇࿄齶诉횷騃䘰핱謄ﶨ费䁅翐缳఻쑉齮梓ଟ純鏠搜䷤⾣夂叇쯴塀댱
[  672.460934][   T10] usb 4-1: SerialNumber: syz
[  673.158685][ T5920] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  673.308693][ T5920] usb 1-1: Using ep0 maxpacket: 32
[  673.318045][ T5920] usb 1-1: config 0 has an invalid interface number: 188 but max is 0
[  673.327875][ T5920] usb 1-1: config 0 has no interface number 0
[  673.334984][ T5920] usb 1-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  673.349660][ T5920] usb 1-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  673.359259][ T5920] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.367621][ T5920] usb 1-1: Product: syz
[  673.372443][ T5920] usb 1-1: Manufacturer: syz
[  673.379483][ T5920] usb 1-1: SerialNumber: syz
[  673.400964][ T5920] usb 1-1: config 0 descriptor??
[  673.415094][T16038] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  673.629139][T16038] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  673.838817][ T5837] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[  673.841542][ T5920] asix 1-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  673.863204][ T5920] asix 1-1:0.188: probe with driver asix failed with error -61
[  673.998891][ T5837] usb 2-1: Using ep0 maxpacket: 8
[  674.006788][ T5837] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  674.020971][ T5837] usb 2-1: config 0 has no interfaces?
[  674.031180][ T5837] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  674.046191][ T5837] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.079343][ T5837] usb 2-1: config 0 descriptor??
[  674.111510][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  674.111528][   T30] audit: type=1326 audit(1764955831.253:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16054 comm="syz.4.2515" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb38998f749 code=0x0
[  674.179441][T16058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2515'.
[  674.190321][T16058] netlink: 'syz.4.2515': attribute type 18 has an invalid length.
[  674.199058][T16058] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2515'.
[  674.472067][ T5837] usb 2-1: USB disconnect, device number 97
[  674.597132][   T10] gspca_main: spca506-2.14.0 probing 0734:043b
[  674.770002][   T10] usb 4-1: USB disconnect, device number 10
[  675.788009][T16090] FAULT_INJECTION: forcing a failure.
[  675.788009][T16090] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.862189][T16090] CPU: 0 UID: 0 PID: 16090 Comm: syz.2.2526 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  675.862221][T16090] Tainted: [L]=SOFTLOCKUP
[  675.862230][T16090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  675.862242][T16090] Call Trace:
[  675.862250][T16090]  <TASK>
[  675.862259][T16090]  dump_stack_lvl+0x189/0x250
[  675.862286][T16090]  ? __pfx____ratelimit+0x10/0x10
[  675.862315][T16090]  ? __pfx_dump_stack_lvl+0x10/0x10
[  675.862336][T16090]  ? __pfx__printk+0x10/0x10
[  675.862375][T16090]  should_fail_ex+0x414/0x560
[  675.862408][T16090]  _copy_to_user+0x31/0xb0
[  675.862431][T16090]  simple_read_from_buffer+0xe1/0x170
[  675.862455][T16090]  proc_fail_nth_read+0x1b3/0x220
[  675.862495][T16090]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  675.862524][T16090]  ? rw_verify_area+0x2a6/0x4d0
[  675.862547][T16090]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  675.862575][T16090]  vfs_read+0x200/0xa30
[  675.862601][T16090]  ? fdget_pos+0x247/0x320
[  675.862625][T16090]  ? __pfx___mutex_lock+0x10/0x10
[  675.862647][T16090]  ? __pfx_vfs_read+0x10/0x10
[  675.862675][T16090]  ? __fget_files+0x2a/0x420
[  675.862700][T16090]  ? __fget_files+0x3a0/0x420
[  675.862718][T16090]  ? __fget_files+0x2a/0x420
[  675.862751][T16090]  ksys_read+0x145/0x250
[  675.862780][T16090]  ? __pfx_ksys_read+0x10/0x10
[  675.862810][T16090]  ? do_syscall_64+0xbe/0xf80
[  675.862834][T16090]  do_syscall_64+0xfa/0xf80
[  675.862852][T16090]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.862871][T16090]  ? clear_bhb_loop+0x60/0xb0
[  675.862894][T16090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.862913][T16090] RIP: 0033:0x7f0a54d8e15c
[  675.862930][T16090] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  675.862947][T16090] RSP: 002b:00007f0a55b98030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  675.862969][T16090] RAX: ffffffffffffffda RBX: 00007f0a54fe5fa0 RCX: 00007f0a54d8e15c
[  675.862985][T16090] RDX: 000000000000000f RSI: 00007f0a55b980a0 RDI: 0000000000000004
[  675.862996][T16090] RBP: 00007f0a55b98090 R08: 0000000000000000 R09: 0000000000000000
[  675.863009][T16090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.863021][T16090] R13: 00007f0a54fe6038 R14: 00007f0a54fe5fa0 R15: 00007f0a5510fa28
[  675.863054][T16090]  </TASK>
[  676.112948][ T5837] usb 1-1: USB disconnect, device number 3
[  677.860219][T16122] fuse: Invalid uid '00000000000000000000005'
[  678.188620][ T5939] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  678.363085][ T5939] usb 3-1: config index 0 descriptor too short (expected 28277, got 36)
[  678.409463][ T5939] usb 3-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  678.440532][ T5939] usb 3-1: config 255 has no interfaces?
[  678.446215][ T5939] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  678.484409][ T5939] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  678.661916][T16132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  678.690642][T16132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  678.894005][ T5939] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  678.970401][T16136] netlink: 19 bytes leftover after parsing attributes in process `syz.1.2534'.
[  679.128602][ T5939] usb 5-1: Using ep0 maxpacket: 8
[  679.135337][ T5939] usb 5-1: config 0 has an invalid interface number: 31 but max is 0
[  679.147234][T16142] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2536'.
[  679.156370][ T5939] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.181366][ T5939] usb 5-1: config 0 has no interface number 0
[  679.193249][T16142] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  679.206227][ T5939] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  679.366467][ T5939] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.388042][ T5939] usb 5-1: Product: syz
[  679.401651][T16149] xt_NFQUEUE: number of queues (65535) out of range (got 65541)
[  679.409929][ T5939] usb 5-1: Manufacturer: syz
[  679.415317][ T5939] usb 5-1: SerialNumber: syz
[  679.472056][T16149] binder: 16148:16149 ioctl c0306201 200000000080 returned -14
[  679.491186][ T5939] usb 5-1: config 0 descriptor??
[  679.512789][ T5939] uvcvideo 5-1:0.31: Found UVC 0.00 device syz (046d:08c3)
[  679.534379][ T5939] uvcvideo 5-1:0.31: No valid video chain found.
[  679.710477][ T5939] usb 5-1: USB disconnect, device number 111
[  680.339110][T16155] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2538'.
[  680.530950][T16162] FAULT_INJECTION: forcing a failure.
[  680.530950][T16162] name failslab, interval 1, probability 0, space 0, times 0
[  680.546343][T16162] CPU: 1 UID: 0 PID: 16162 Comm: syz.3.2542 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  680.546374][T16162] Tainted: [L]=SOFTLOCKUP
[  680.546382][T16162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  680.546393][T16162] Call Trace:
[  680.546401][T16162]  <TASK>
[  680.546409][T16162]  dump_stack_lvl+0x189/0x250
[  680.546435][T16162]  ? __pfx____ratelimit+0x10/0x10
[  680.546464][T16162]  ? __pfx_dump_stack_lvl+0x10/0x10
[  680.546485][T16162]  ? __pfx__printk+0x10/0x10
[  680.546512][T16162]  ? __pfx___might_resched+0x10/0x10
[  680.546533][T16162]  ? fs_reclaim_acquire+0x7d/0x100
[  680.546565][T16162]  should_fail_ex+0x414/0x560
[  680.546603][T16162]  should_failslab+0xa8/0x100
[  680.546626][T16162]  kmem_cache_alloc_node_noprof+0x77/0x710
[  680.546654][T16162]  ? __alloc_skb+0x255/0x430
[  680.546673][T16162]  ? napi_skb_cache_get+0x4a5/0x780
[  680.546693][T16162]  ? napi_skb_cache_get+0x151/0x780
[  680.546718][T16162]  __alloc_skb+0x255/0x430
[  680.546741][T16162]  ? __pfx___alloc_skb+0x10/0x10
[  680.546771][T16162]  alloc_skb_with_frags+0xca/0x890
[  680.546798][T16162]  ? __lock_acquire+0x6b6/0x2cf0
[  680.546828][T16162]  sock_alloc_send_pskb+0x84d/0x980
[  680.546877][T16162]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  680.546908][T16162]  ? dev_get_by_index+0x22/0x2e0
[  680.546935][T16162]  ? dev_get_by_index+0x22/0x2e0
[  680.546969][T16162]  packet_sendmsg+0x33a0/0x5080
[  680.547006][T16162]  ? audit_net_cb+0x120/0x970
[  680.547047][T16162]  ? __pfx___might_resched+0x10/0x10
[  680.547071][T16162]  ? __lock_acquire+0x6b6/0x2cf0
[  680.547099][T16162]  ? aa_sk_perm+0x15f/0x920
[  680.547122][T16162]  ? __pfx_packet_sendmsg+0x10/0x10
[  680.547153][T16162]  ? aa_sk_perm+0x7ee/0x920
[  680.547179][T16162]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  680.547210][T16162]  ? aa_sock_msg_perm+0xf1/0x1b0
[  680.547232][T16162]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  680.547261][T16162]  ? __pfx_packet_sendmsg+0x10/0x10
[  680.547288][T16162]  __sock_sendmsg+0x21c/0x270
[  680.547322][T16162]  ____sys_sendmsg+0x52d/0x820
[  680.547352][T16162]  ? __pfx_____sys_sendmsg+0x10/0x10
[  680.547386][T16162]  ? import_iovec+0x74/0xa0
[  680.547412][T16162]  ___sys_sendmsg+0x21f/0x2a0
[  680.547439][T16162]  ? __pfx____sys_sendmsg+0x10/0x10
[  680.547500][T16162]  ? __fget_files+0x2a/0x420
[  680.547520][T16162]  ? __fget_files+0x3a0/0x420
[  680.547550][T16162]  __sys_sendmmsg+0x227/0x430
[  680.547578][T16162]  ? __pfx___sys_sendmmsg+0x10/0x10
[  680.547612][T16162]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  680.547652][T16162]  ? ksys_write+0x22a/0x250
[  680.547680][T16162]  ? __pfx_ksys_write+0x10/0x10
[  680.547713][T16162]  __x64_sys_sendmmsg+0xa0/0xc0
[  680.547739][T16162]  do_syscall_64+0xfa/0xf80
[  680.547760][T16162]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.547780][T16162]  ? clear_bhb_loop+0x60/0xb0
[  680.547805][T16162]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.547824][T16162] RIP: 0033:0x7f891658f749
[  680.547842][T16162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.547861][T16162] RSP: 002b:00007f89174a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  680.547882][T16162] RAX: ffffffffffffffda RBX: 00007f89167e5fa0 RCX: 00007f891658f749
[  680.547896][T16162] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000012
[  680.547909][T16162] RBP: 00007f89174a5090 R08: 0000000000000000 R09: 0000000000000000
[  680.547921][T16162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.547934][T16162] R13: 00007f89167e6038 R14: 00007f89167e5fa0 R15: 00007f891690fa28
[  680.547966][T16162]  </TASK>
[  680.808891][ T5837] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[  681.289361][ T5837] usb 2-1: Using ep0 maxpacket: 8
[  681.296175][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  681.325720][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  681.355053][ T5939] usb 3-1: USB disconnect, device number 28
[  681.405930][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  681.447941][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  681.460098][T16173] program syz.2.2546 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  681.478629][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  681.491881][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  681.499667][ T5973] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  681.556980][ T5837] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  681.569171][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.577476][ T5837] usb 2-1: Product: syz
[  681.583561][ T5837] usb 2-1: Manufacturer: syz
[  681.589938][ T5837] usb 2-1: SerialNumber: syz
[  681.611556][ T5837] usb 2-1: config 0 descriptor??
[  681.638630][ T5973] usb 1-1: device descriptor read/64, error -71
[  681.670562][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  681.698897][   T10] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  681.708730][   T10] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  681.722241][   T10] usb 4-1: Manufacturer: syz
[  681.743038][   T10] usb 4-1: config 0 descriptor??
[  681.770908][   T10] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  681.828117][ T5837] iowarrior 2-1:0.0: IOWarrior product=0x1505, serial= interface=0 now attached to iowarrior0
[  681.848957][ T5837] usb 2-1: USB disconnect, device number 98
[  681.880588][ T5939] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  681.888641][ T5973] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  682.018642][ T5973] usb 1-1: device descriptor read/64, error -71
[  682.041982][ T5939] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  682.053929][ T5939] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  682.069162][ T5939] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  682.078835][ T5939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.087044][ T5939] usb 3-1: Product: syz
[  682.093196][ T5939] usb 3-1: Manufacturer: syz
[  682.097876][ T5939] usb 3-1: SerialNumber: syz
[  682.112592][ T5939] cdc_mbim 3-1:1.0: skipping garbage
[  682.129066][ T5973] usb usb1-port1: attempt power cycle
[  682.311663][T16175] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  682.328619][ T5837] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[  682.468734][ T5973] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  682.492584][ T5973] usb 1-1: device descriptor read/8, error -71
[  682.518723][ T5837] usb 2-1: Using ep0 maxpacket: 8
[  682.526065][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  682.538377][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  682.551750][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  682.563716][ T5837] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  682.574597][ T5837] usb 2-1: config 0 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  682.591422][ T5837] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  682.601351][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.610767][ T5837] usb 2-1: Product: syz
[  682.615303][ T5837] usb 2-1: Manufacturer: syz
[  682.620102][ T5837] usb 2-1: SerialNumber: syz
[  682.635132][ T5837] usb 2-1: config 0 descriptor??
[  682.738698][ T5973] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  682.779563][ T5973] usb 1-1: device descriptor read/8, error -71
[  682.889752][ T5973] usb usb1-port1: unable to enumerate USB device
[  682.970738][T16175] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  682.979080][ T5939] cdc_mbim 3-1:1.0: setting tx_max = 16384
[  682.986357][ T5939] cdc_mbim 3-1:1.0: cdc-wdm0: USB WDM device
[  682.996190][ T5939] wwan wwan0: port wwan0mbim0 attached
[  683.013110][ T5939] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, ce:8e:49:82:54:dc
[  683.054827][T16159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  683.081020][T16159] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  683.090568][T16189] netlink: 'syz.4.2551': attribute type 1 has an invalid length.
[  683.091834][T16159] ------------[ cut here ]------------
[  683.104432][T16159] WARNING: mm/page_alloc.c:5159 at __alloc_frozen_pages_noprof+0x2c8/0x370, CPU#1: syz.1.2540/16159
[  683.115785][T16159] Modules linked in:
[  683.119813][T16159] CPU: 1 UID: 0 PID: 16159 Comm: syz.1.2540 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  683.130834][T16159] Tainted: [L]=SOFTLOCKUP
[  683.135173][T16159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  683.145339][T16159] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  683.152015][T16159] Code: 74 10 4c 89 e7 89 54 24 0c e8 e4 9b 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ba a5 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  683.172105][T16159] RSP: 0018:ffffc9000c7e7940 EFLAGS: 00010246
[  683.178195][T16159] RAX: ffffc9000c7e7900 RBX: 0000000000000013 RCX: 0000000000000000
[  683.186406][T16159] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000c7e79a8
[  683.194463][T16159] RBP: ffffc9000c7e7a28 R08: ffffc9000c7e79a7 R09: 0000000000000000
[  683.202897][T16159] R10: ffffc9000c7e7980 R11: fffff520018fcf35 R12: 0000000000000000
[  683.210986][T16159] R13: 1ffff920018fcf2c R14: 0000000000040cc0 R15: dffffc0000000000
[  683.219024][T16159] FS:  00007f1664fc96c0(0000) GS:ffff88812618e000(0000) knlGS:0000000000000000
[  683.228149][T16159] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  683.235033][T16159] CR2: 0000001b31a1fff8 CR3: 00000000756ae000 CR4: 00000000003526f0
[  683.243150][T16159] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 000000000300002a
[  683.251191][T16159] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  683.259291][T16159] Call Trace:
[  683.262588][T16159]  <TASK>
[  683.265519][T16159]  ? __kasan_slab_free+0x5c/0x80
[  683.270555][T16159]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  683.276913][T16159]  ? policy_nodemask+0x27c/0x720
[  683.281967][T16159]  alloc_pages_mpol+0x232/0x4a0
[  683.286853][T16159]  ___kmalloc_large_node+0x4e/0x100
[  683.292200][T16159]  __kmalloc_large_node_noprof+0x18/0x90
[  683.297879][T16159]  __kmalloc_noprof+0x4bd/0x800
[  683.302949][T16159]  ? raw_ioctl+0x18fb/0x3bc0
[  683.307581][T16159]  raw_ioctl+0x18fb/0x3bc0
[  683.312110][T16159]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  683.317794][T16159]  ? do_vfs_ioctl+0xbe8/0x1430
[  683.322752][T16159]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  683.328398][T16159]  ? __pfx_raw_ioctl+0x10/0x10
[  683.333290][T16159]  ? do_futex+0x395/0x420
[  683.337674][T16159]  ? __se_sys_futex+0x36f/0x400
[  683.341626][    C0] wdm_int_callback: 216 callbacks suppressed
[  683.341650][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.342614][T16159]  ? bpf_lsm_file_ioctl+0x9/0x20
[  683.348515][    C0] wdm_int_callback: 216 callbacks suppressed
[  683.348535][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.348961][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.355221][T16159]  ? __pfx_raw_ioctl+0x10/0x10
[  683.360156][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.361067][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.366324][T16159]  __se_sys_ioctl+0xfc/0x170
[  683.372483][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.373103][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.379357][T16159]  do_syscall_64+0xfa/0xf80
[  683.384037][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.390235][T16159]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.397605][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.401514][T16159]  ? clear_bhb_loop+0x60/0xb0
[  683.407544][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.414245][T16159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.419593][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.424835][T16159] RIP: 0033:0x7f166418f749
[  683.430901][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.431204][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.437749][T16159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.442418][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.442857][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.448681][T16159] RSP: 002b:00007f1664fc9038 EFLAGS: 00000246
[  683.454488][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.461194][T16159]  ORIG_RAX: 0000000000000010
[  683.465722][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.471855][T16159] RAX: ffffffffffffffda RBX: 00007f16643e5fa0 RCX: 00007f166418f749
[  683.478324][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.497967][T16159] RDX: 0000200000000500 RSI: 00000000c0085508 RDI: 0000000000000004
[  683.504549][    C0] cdc_mbim 3-1:1.0: nonzero urb status received: -71
[  683.510831][T16159] RBP: 00007f1664213f91 R08: 0000000000000000 R09: 0000000000000000
[  683.516818][    C0] cdc_mbim 3-1:1.0: wdm_int_callback - 0 bytes
[  683.523000][T16159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  683.549364][T16192] loop6: detected capacity change from 0 to 524287999
[  683.556622][T16159] R13: 00007f16643e6038 R14: 00007f16643e5fa0 R15: 00007f166450fa28
[  683.556660][T16159]  </TASK>
[  683.556681][T16159] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  683.556699][T16159] CPU: 1 UID: 0 PID: 16159 Comm: syz.1.2540 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  683.556725][T16159] Tainted: [L]=SOFTLOCKUP
[  683.556732][T16159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  683.556745][T16159] Call Trace:
[  683.556755][T16159]  <TASK>
[  683.556763][T16159]  dump_stack_lvl+0x99/0x250
[  683.556791][T16159]  ? __asan_memcpy+0x40/0x70
[  683.556815][T16159]  ? __pfx_dump_stack_lvl+0x10/0x10
[  683.556837][T16159]  ? __pfx__printk+0x10/0x10
[  683.556877][T16159]  vpanic+0x237/0x6d0
[  683.556901][T16159]  ? __pfx_vpanic+0x10/0x10
[  683.556922][T16159]  ? is_bpf_text_address+0x292/0x2b0
[  683.556952][T16159]  ? is_bpf_text_address+0x26/0x2b0
[  683.556989][T16159]  panic+0xb9/0xc0
[  683.557012][T16159]  ? __pfx_panic+0x10/0x10
[  683.557051][T16159]  __warn+0x317/0x4b0
[  683.557074][T16159]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  683.557098][T16159]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  683.557118][T16159]  __report_bug+0x288/0x500
[  683.557151][T16159]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  683.557176][T16159]  ? __pfx___report_bug+0x10/0x10
[  683.557209][T16159]  ? is_bpf_text_address+0x292/0x2b0
[  683.557237][T16159]  ? is_bpf_text_address+0x26/0x2b0
[  683.557269][T16159]  ? kernel_text_address+0xa5/0xe0
[  683.557298][T16159]  ? __kernel_text_address+0xd/0x40
[  683.557326][T16159]  ? unwind_get_return_address+0x4d/0x90
[  683.557353][T16159]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  683.557373][T16159]  report_bug+0x16a/0x220
[  683.557403][T16159]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[  683.557422][T16159]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[  683.557442][T16159]  handle_bug+0x98/0x200
[  683.557466][T16159]  exc_invalid_op+0x1a/0x50
[  683.557489][T16159]  asm_exc_invalid_op+0x1a/0x20
[  683.557509][T16159] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[  683.557531][T16159] Code: 74 10 4c 89 e7 89 54 24 0c e8 e4 9b 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ba a5 51 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  683.557550][T16159] RSP: 0018:ffffc9000c7e7940 EFLAGS: 00010246
[  683.557570][T16159] RAX: ffffc9000c7e7900 RBX: 0000000000000013 RCX: 0000000000000000
[  683.557585][T16159] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000c7e79a8
[  683.557599][T16159] RBP: ffffc9000c7e7a28 R08: ffffc9000c7e79a7 R09: 0000000000000000
[  683.557614][T16159] R10: ffffc9000c7e7980 R11: fffff520018fcf35 R12: 0000000000000000
[  683.557636][T16159] R13: 1ffff920018fcf2c R14: 0000000000040cc0 R15: dffffc0000000000
[  683.557668][T16159]  ? __kasan_slab_free+0x5c/0x80
[  683.557704][T16159]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  683.557732][T16159]  ? policy_nodemask+0x27c/0x720
[  683.557755][T16159]  alloc_pages_mpol+0x232/0x4a0
[  683.557781][T16159]  ___kmalloc_large_node+0x4e/0x100
[  683.557812][T16159]  __kmalloc_large_node_noprof+0x18/0x90
[  683.557843][T16159]  __kmalloc_noprof+0x4bd/0x800
[  683.557869][T16159]  ? raw_ioctl+0x18fb/0x3bc0
[  683.557904][T16159]  raw_ioctl+0x18fb/0x3bc0
[  683.557939][T16159]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  683.557964][T16159]  ? do_vfs_ioctl+0xbe8/0x1430
[  683.557990][T16159]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  683.558012][T16159]  ? __pfx_raw_ioctl+0x10/0x10
[  683.558055][T16159]  ? do_futex+0x395/0x420
[  683.558092][T16159]  ? __se_sys_futex+0x36f/0x400
[  683.558125][T16159]  ? bpf_lsm_file_ioctl+0x9/0x20
[  683.558146][T16159]  ? __pfx_raw_ioctl+0x10/0x10
[  683.558175][T16159]  __se_sys_ioctl+0xfc/0x170
[  683.558204][T16159]  do_syscall_64+0xfa/0xf80
[  683.558225][T16159]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.558245][T16159]  ? clear_bhb_loop+0x60/0xb0
[  683.558266][T16159]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.558282][T16159] RIP: 0033:0x7f166418f749
[  683.558299][T16159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.558317][T16159] RSP: 002b:00007f1664fc9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  683.558339][T16159] RAX: ffffffffffffffda RBX: 00007f16643e5fa0 RCX: 00007f166418f749
[  683.558354][T16159] RDX: 0000200000000500 RSI: 00000000c0085508 RDI: 0000000000000004
[  683.558369][T16159] RBP: 00007f1664213f91 R08: 0000000000000000 R09: 0000000000000000
[  683.558383][T16159] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  683.558396][T16159] R13: 00007f16643e6038 R14: 00007f16643e5fa0 R15: 00007f166450fa28
[  683.558427][T16159]  </TASK>
[  683.563875][T16159] Kernel Offset: disabled