last executing test programs:

11m27.564733997s ago: executing program 0 (id=536):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000500), 0xb, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r0, 0xc0984124, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='bfs\x00', 0x4080, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000500), 0xb, 0x0) (async)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r0, 0xc0984124, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) (async)
mount(&(0x7f00000001c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='bfs\x00', 0x4080, 0x0) (async)

11m27.449602206s ago: executing program 0 (id=537):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
socket$inet6(0xa, 0x800, 0xd8f)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r4, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_KEY(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xa4, r5, 0x800, 0x70bd2b, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_IDX={0x5}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "87aa795a3c"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x1c, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "42cec08dd8"}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY_SEQ={0x11, 0xa, "8a92f5e8596b60b9c12689e9e7"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "dd577e7fada2b9dad18cca1b62"}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x18, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}]}, 0xa4}, 0x1, 0x0, 0x0, 0x10}, 0x94)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f00000006c0)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

11m27.305810909s ago: executing program 0 (id=538):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, &(0x7f00000005c0)={0x14, &(0x7f0000000500)={0x20, 0xa, 0x17, {0x17, 0x23, "e508990047bb42b0c3591fb62cd8fa22b8f8c5f276"}}, &(0x7f0000000540)={0x0, 0x3, 0x40, @string={0x40, 0x3, "fdc519fa457e52de57078915a57a208a62b426d3da3f47800dfa6a326db29e9776e56c7afa94e22f80c35f9219dbe29b6b47aecd4c67952201b2eba1a6e9"}}}, &(0x7f0000000840)={0x34, &(0x7f0000000600)={0x20, 0x1f, 0x1b, "fdb80b7a5cfa5d04a5aeb5be8608e982145c45d19c68501da0962e"}, &(0x7f0000000640)={0x0, 0xa, 0x1, 0xff}, &(0x7f0000000680)={0x0, 0x8, 0x1, 0x7}, &(0x7f00000006c0)={0x20, 0x0, 0xb0, {0xae, "37943bf2100ff6b295af49a5123d4f76db96ec2163768e434990bb92768db2a2bc1d66395d67743306472f37fe290d9e63696f76852456f9d17094cbf0888feeb6e9645e02bca0f0ac5a21822b0f74ce41b8c693298473a8d8c4a5ee109a295f309e6f4ec22607f3036e40e022f9791831c100e8fee56c910bef058fa1e1f08178aeb9a7082ff01f0df3aa82accccfcf179cd3334ec1ccd3639dbb06efa00983e5f8e2c3ea43d02cfeba99a7efc9"}}, &(0x7f0000000780)={0x20, 0x1, 0x1, 0xe}, &(0x7f0000000800)={0x20, 0x0, 0x1, 0x4}})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)

11m24.221003578s ago: executing program 0 (id=545):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r2 = socket(0x11, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, 0x0, 0x0)
syz_open_dev$loop(&(0x7f00000000c0), 0x5, 0x180)
r4 = syz_open_dev$loop(&(0x7f0000001040), 0x5, 0x200)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)={0x44, r5, 0x2, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_HE_BSS_COLOR={0x14, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}, @NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x23}]}, @NL80211_ATTR_SMPS_MODE={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40810}, 0xc808)
ioctl$LOOP_SET_BLOCK_SIZE(r4, 0x4c09, 0x2)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r7=>0x0})
bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @dev}, 0x14)
sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x1)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r8=>0x0], &(0x7f0000000340)=[<r9=>0x0], 0x0, 0x0, 0x1, 0x1})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aa8000000060a0b040000000000000000020000007c000480780001800b00010074617267657400006800028050000300cd4b6abe42031763d02899c77f993e1e31a630c947e8fff32abaca98aeff5fe87a9d3ac869f3a860917523679a5eb46131471826390d810593448ba1ecbf4579f9cd6564e64066681fb945bfe585ab6933a6f6514a0eebad4e35370a0001004e464c4f4700000008000240000000000900030000007a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0xd0}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r9, r8], 0x2, 0x0, 0x0, <r11=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f00000006c0)={&(0x7f00000002c0)=[<r12=>0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, r9})
ioctl$DRM_IOCTL_MODE_GETENCODER(r11, 0xc01464a6, &(0x7f0000000540)={r12})
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r13 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r13, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')

11m24.069708629s ago: executing program 0 (id=546):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
r3 = socket(0x2, 0x80805, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000b80)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000080)=[{0x0}], 0x1}}, {{&(0x7f00000002c0)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000400), 0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="14000000000000000000000002000000ff00000000000000100000000000000000000000070000001c000000000000000000000008000000080c0d44ce961fb35028b81c617442f2c4b2ce9cbaed4ccf6539f4b50d4630b76e5e07463c3810043b903c7ef21905a985d2c9ddf9516711cc093d53f9c8a172ea5511e2135251c6d2ee27ba327d55814ddfc3e5a94bed86f6553d22", @ANYRES32, @ANYBLOB="7f000001ac1e000100000000140000000000000000000000020000000300"], 0x90}}], 0x2, 0x20008000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000007fc0)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000100)=0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000040), 0x55af)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r5, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x7a, &(0x7f0000000080), &(0x7f0000000000)=0x8)
socket$packet(0x11, 0x2, 0x300)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
socket(0x10, 0x3, 0x0)
bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000140)=[@mss={0x2, 0x17a0}, @window={0x3, 0xd, 0x7}, @window={0x3, 0xa, 0x5}, @timestamp, @mss={0x2, 0x75}, @mss, @window={0x3, 0x2, 0x7fff}, @sack_perm], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000300), 0x4)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
pselect6(0x40, &(0x7f0000000100)={0x1200000000000, 0x9, 0x68cb, 0x4000000000000, 0x6, 0x8, 0x252b}, 0x0, 0xfffffffffffffffc, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x40000072, 0x0, 0x7ff}]})

11m23.712986511s ago: executing program 0 (id=547):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000002c0)='hybla', 0x5)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r1, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) (fail_nth: 7)

11m23.406662659s ago: executing program 32 (id=547):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000002c0)='hybla', 0x5)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r1, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) (fail_nth: 7)

7m46.41885804s ago: executing program 3 (id=1386):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fchdir(r1)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x9100, &(0x7f0000001dc0)={0xf, 0x70, 0x100000}, 0x20)
r2 = openat(r1, &(0x7f0000000100)='./file1\x00', 0x103340, 0x100)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0xc4)
ioctl$SIOCAX25CTLCON(r3, 0x89e8, &(0x7f0000000000)={@default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x63, 0xffffffffffff0001, 0x3, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast]})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0)
sendmsg$NL80211_CMD_START_SCHED_SCAN(r2, &(0x7f0000000680)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000600)={&(0x7f0000000340)={0x294, r4, 0x8, 0x70bd29, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x200000, 0x3e}}}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@device_b}, @NL80211_ATTR_SCAN_SSIDS={0x84, 0x2d, 0x0, 0x1, [{0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0x9, 0x0, @random="19794b5ed2"}, {0xa, 0x0, @default_ibss_ssid}, {0x8, 0x0, @random="537cc9c2"}, {0x5, 0x0, @random="87"}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ibss_ssid}, {0x1a, 0x0, @random="78a310106483b778745f6f2ddac469d696f3ebacaf76"}]}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x6}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0x2}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x1cc, 0x84, 0x0, 0x1, [{0x4}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @random="5df63bd98341"}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0xc, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x7d}]}]}, {0x20, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x14, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x2}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x3}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x6}]}, {0x4c, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @random="cd4f63702535"}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x9}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @random="ed181f691add"}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x1c, 0x1, @random="9e25415bb56ccb630831fd5b8406aef99d817b0ebb019932"}]}, {0x40, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @random="4dd2d1f8ee9e"}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}]}, {0x2c, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x6, 0x1, @random="1d4a"}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x1b, 0x1, @random="c76aaed2ccd37dd22db779e0f22292f935e40f24957970"}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x4}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0xce}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac=@device_b}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x1c, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x1}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x7}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xf8ac}]}]}, {0x9c, 0x0, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x44, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0xffff}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x7ff}, @NL80211_BAND_LC={0x8, 0x5, 0x1}, @NL80211_BAND_LC={0x8, 0x5, 0x8}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x6}, @NL80211_BAND_5GHZ={0x8, 0x1, 0xc}, @NL80211_BAND_2GHZ={0x8}, @NL80211_BAND_6GHZ={0x8, 0x3, 0xa}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x1c, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5ddd86aa}, @NL80211_BAND_2GHZ={0x8}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}, @NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x4}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa}]}]}, @NL80211_ATTR_SCHED_SCAN_INTERVAL={0x8, 0x77, 0xc4}]}, 0x294}}, 0x20000810)
r5 = socket$igmp(0x2, 0x3, 0x2)
sendmmsg$inet(r5, &(0x7f0000008640)=[{{&(0x7f0000002840)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000003c80)=[@ip_retopts={{0x18, 0x0, 0x7, {[@cipso={0x86, 0x8, 0xffffffffffffffff, [{0x1, 0x2}]}]}}}], 0x18}}], 0x1, 0x4040444)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_NOACK_MAP(r1, &(0x7f00000002c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x60, r4, 0x20, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xffffff01, 0x3f}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xfffa}, @NL80211_ATTR_NOACK_MAP={0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x4}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1ff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xd}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xa}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1}]}, 0x60}, 0x1, 0x0, 0x0, 0x40850}, 0x400d895)

7m46.328669122s ago: executing program 3 (id=1387):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
mkdir(&(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
unlink(&(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x6000)
setresuid(0xee01, r1, r1)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r3)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000640)=ANY=[])
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000001040)={0x14, &(0x7f0000000f00)={0x40, 0x7, 0xef, {0xef, 0x5, "9c6bd808f667193fe5de7492eb3717e2f9616f5cb5cee567995c4e9af568a27c963f99665f1a1d7bfb0113180318637fb72b8be993e2db0409fe3898623cc55dff200b95523efcf8561915662cbd2f3be4e40e8833f7db069040cb8860c95d3195e96b3c53b6e2869a3b8348f46f0d2db305a4e5a627b0191f7c265a280dcc7de5052af73bd2bc3223e280c7e23900e70b6076833e6ab8d6ca37392246b10dc84e50a2544ebe05f4bd09b85428ff3eea841f6058038baf0aff989881d5ba75e2e3e3b36a1c463298c43fcad239f79df316a861a9f223fbbd7e78d448dcb1a272cb798e9e81c74e5f5c60378518"}}, &(0x7f0000001000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40a}}}, &(0x7f0000001280)={0x34, &(0x7f0000001080)={0x0, 0x16, 0x9e, "d7c784889528ccb634cf6bedcb19a661003a41e89ca39431cc238e20950d899cb9073855b81605839742ae07e0af15e5267719fc25f2516fe41f2f536be61aa52e9af6ad62fe303989639a718a5596f314c199bfdb101e4d19747fe4a7a2e42fa57ba66c2a741cc98b27dc803752c4f48a6bc07aade036d0a454fefedc841f54aea72bd5315bede2dd6e89c3bd61b9988b6d3f3a1f211477419b1fe4fe7e"}, &(0x7f0000001140)={0x0, 0xa, 0x1, 0xd}, &(0x7f0000001180)={0x0, 0x8, 0x1, 0x3}, &(0x7f00000011c0)={0xc0, 0xa1, 0x4, 0xad}, &(0x7f0000001200)={0x40, 0xa0, 0x4, 0x2}, &(0x7f0000001240)={0xc0, 0xa2, 0x2f, "c46fb1231a4947a166cdd46112da1c2fc1632bdcec403f335f22e3efc6629fd3f41732f6583701bfe9dc335934d341"}})
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x101, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400007, 0xe, 0x4, 0x2, 0x2de, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0xffffffff, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x3, 0x29a, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0x5, 0x7, 0x5, 0x1, 0x8001, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x5, 0x80, 0x9, 0x9, 0x8001, 0x2, 0x7, 0x4, 0x207, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x3, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0x9, 0x402, 0x800, 0x4, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x7, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x84, 0x4, 0x10, 0xfffffffc, 0x0, 0x7fff, 0x2, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x133, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r4, 0x5501)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000800)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0xa0, 0xa, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x7, 0x1, 0x3, 0x7f, "", {{{0x9, 0x5, 0x1, 0x2, 0x20, 0xd, 0x3, 0x6}}}}}]}}]}}, &(0x7f0000000e40)={0xa, &(0x7f0000000840)={0xa, 0x6, 0x201, 0x7f, 0x8, 0x2, 0x40, 0xd}, 0x13, &(0x7f0000000880)={0x5, 0xf, 0x13, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x12, 0x5, 0x4, 0x6}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x1, 0x0, 0x2}]}, 0xa, [{0xf7, &(0x7f00000008c0)=@string={0xf7, 0x3, "90442eeba6761a794c9f1aa827b0fd7f6d6da7085512f93de6129786b4f90886c1fb7c1d548f5327f85d649d6a71d68392614b9fb234e3320d482f356fe28083fef588c12e44ff03790a3050acf352d657774a40a2d45d610a746973e8cff1dd6db48fb44f6a7424deb549da384d3ffdab567da7e6813e7ab5cd144b550a70d5954f3e3bbb49c29397cba65364d8f228c21b2a028c8c772a00e4d4654c10e5057b7bb7f0bfa309481e461f4a4d40133a53f1b7898f6c4a90c62d1545cb69dbb340b0f4d24a6300d87e01f6dad930fc79274a81d60bd36004819ab06887cdfd40071697c27c2a455c311371cf68ac6b668c83627ff0"}}, {0xcb, &(0x7f00000009c0)=@string={0xcb, 0x3, "f519ce8dfa9f700d994e30aef982fa89ea1f020e7fb13e3bee3960cc519618f5330fceed7f047098ac6ef0839cc83de76add6d6d9eed67e4cc58dffc368e5a1e8ca9e1296fc56dfa9af0f25ac12bf2d6d2fee2c0299323ac18176c5b7151fc10e8f8fe4406d728cb7889bcb5e8beff294558a8fca83c4fe822d2ae9b0bb956589392a14019c093de7fd14d47bd3e8b86892e2ab01eddc46f9b473b6290440a66ec035eaa99df111504d46f6752d2041078abfee066e8d5310a819ba623fe0d8f9bb462178c1f78908d"}}, {0xdb, &(0x7f0000000ac0)=@string={0xdb, 0x3, "5340c8f4210266ec817f483f3847e0bce73a28a510bf89505d43da061e6a4bf11a913a2badbc92132cd3b55674a553314456b3964c04470c6ba2279cf125f7428efc6ef694ca61116147acb83b9660ebcb412475ef0d7ae9003e80bcb3722df5ac4a85fd20280f9f4e1c95630ffab3bb3fd80219b4e1d6f9e5351154dfa73b726e7a75dd71e44d6fa5b10bad4cd5a6d268d328787f58e4b9d75197be8e86d5bef116b910a8fbc47444cfd3ce9cb5f2ced097b0fa51b0836a37cb05776102c30416baf5fe0377c3ac22df7e32053179ca87bbbcf910aa331dd3"}}, {0x4, &(0x7f0000000bc0)=@lang_id={0x4, 0x3, 0x812}}, {0x4, &(0x7f0000000c00)=@lang_id={0x4, 0x3, 0x2401}}, {0x6c, &(0x7f0000000c40)=@string={0x6c, 0x3, "56a6a9cdc95c466e84607aefbed49d65e559eb0fca01b45769d302a2153776f6377347a5a68896678b1dfe91d7fc3cc0ba0489fbda77878e8d8c7e02e84c6b8845669395944cd6eff7873c93c10e8ee4c374fa7ded727863a000d75f3e9afd222cb7083bb6bd70a4413a"}}, {0x4, &(0x7f0000000cc0)=@lang_id={0x4, 0x3, 0x444}}, {0x60, &(0x7f0000000d00)=@string={0x60, 0x3, "dfedc11bfda5eb87a13482158c901476af905db20dcb1d6816b6e5de118e5456e4cfb1a86ac62047637c48b401b9d69080b76493436b6b84be7d3f003c5b4658a05b52f32b86fe0a22f5c68bf88be01dedb3242588fe2800340cf03ec452"}}, {0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x1009}}, {0x48, &(0x7f0000000dc0)=@string={0x48, 0x3, "4f0323e47398901d22a363d628733d31a7bdcf718cc65c6ca159ba9eb93a3e56c9eb649c26fe8d611b3733b5defe87a9bbcfe5125c918bc9868bc62c5d232c0dbcbf3794f5f7"}}]})

7m43.277518475s ago: executing program 3 (id=1412):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0x3)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffe00, 0x800, 0x0, 0x4, 0x10000000}, 0x0, &(0x7f0000000400)={0x1f, 0x0, 0x800000000000, 0x0, 0x1000000000, 0x0, 0xfffffffffffffffe}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7m41.645397893s ago: executing program 3 (id=1419):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x14, 0x20, 0x301, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @generic="f400a489160a11", @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d", @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x114}], 0x1}, 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')
ioctl$SNDCTL_DSP_RESET(r1, 0x5000, 0x0)

7m41.620581595s ago: executing program 3 (id=1420):
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mbind(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4000, &(0x7f00000000c0)=0x9, 0x5, 0x0)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000180)=@ccm_128={{0x303}, "0d5cbb27fc57724f", "df2692d2aa09842b3919f473c17d3c95", "46cef707", "47fb67fabe416b97"}, 0x28)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='maps\x00')
read$FUSE(r0, &(0x7f0000001600)={0x2020}, 0x2020)
setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000140)=[0x1, 0x2], 0x2)

7m41.293824993s ago: executing program 3 (id=1423):
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
read$FUSE(r0, &(0x7f0000000280)={0x2020}, 0x2020)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x400400, &(0x7f0000000280)=ANY=[])
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x14)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, 0x0)

7m40.91603679s ago: executing program 33 (id=1423):
creat(&(0x7f0000000080)='./file0\x00', 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
read$FUSE(r0, &(0x7f0000000280)={0x2020}, 0x2020)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x400400, &(0x7f0000000280)=ANY=[])
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x14)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, 0x0)

6m39.280470001s ago: executing program 2 (id=1708):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="400000000308010100000000000000000000000005000300840000001c00048008000240ffffffff08000840000000e808000a40000000000500030001"], 0x40}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0c00990000000000000000000800a115ffff0000080026008d03000008009f"], 0x40}, 0x1, 0x0, 0x0, 0x20000001}, 0x28040010)
userfaultfd(0x80000)
r4 = socket$inet6(0xa, 0x4, 0x2b)
sendmmsg$inet6(r4, &(0x7f0000002f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4c0c0)
r5 = syz_open_procfs(0x0, &(0x7f0000000480)='net/icmp6\x00')
preadv(r5, &(0x7f0000000300)=[{&(0x7f0000000980)=""/221, 0xdd}, {&(0x7f0000002f40)=""/4096, 0x1000}], 0x2, 0xa3, 0x4)
capset(&(0x7f0000001680)={0x20071026}, &(0x7f0000000180)={0x7, 0x7, 0x7, 0x10001, 0xf})
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000003c0)=0x14)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r7, 0xc01064ab, &(0x7f0000000080)={0x0, 0x0, r8})
r9 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
r10 = signalfd4(r0, &(0x7f0000000200)={[0x4]}, 0x8, 0x80000)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000040)={0xf0f003})
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x1, 0x8, 0x7fffffff, 0x2, 0x80007, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xfffffeff, 0x7, 0x3, 0x0, 0x5, 0x6, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008070, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3c, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0xfffffffd, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x9, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x200005, 0x3, 0x8, 0x1, 0x3, 0x7fffffff, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x3, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000af, 0xfffffffe, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x8000b, 0x1000, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x8000003, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x45, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x9, 0xffff3441, 0xfff]}, 0x45c)
prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000140)='1{EW', 0x4)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x1, 0x0)
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2)
r11 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r11, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, &(0x7f0000002340)="6507060082762422f9a302dd5ddbd0cc97b8afb765d58b4137e8b350a90def79e5ddb933b83b8f8f1a0daad170478560f60eb8dc258ded60aee45b04b15db386", 0x40)
syz_usb_connect(0x5, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201500285d5c2086004040031960154030109021b000100031003090458080119662194090586d7"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})

6m37.883423314s ago: executing program 2 (id=1713):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x9)
sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000005c0)="f2b314c96d500b66f7fd46", 0xb}], 0x1}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x18, 0x29, 0x4, {0x4}}}, @hopopts={{0x158, 0x29, 0x36, {0x5e, 0x27, '\x00', [@generic={0xff, 0x23, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x0, 0xfff, [0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1, 0x1]}}, @generic={0x8, 0xa9, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5"}, @calipso={0x7, 0x18, {0x3, 0x4, 0x3, 0x7, [0x0, 0xffffffffffffff04]}}, @generic={0x1, 0x8, "2bdb86d1ce6a20c2"}]}}}, @rthdrdstopts={{0x18, 0x29, 0x37, {0x73}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x220}}], 0x1, 0x810)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

6m37.676782186s ago: executing program 2 (id=1716):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x42800)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000080)={0x8, 0x8169, 0x6})
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000140)={0x6, 0x1000, 0x800})
close_range(r0, 0xffffffffffffffff, 0x700000000000000)

6m37.495966995s ago: executing program 2 (id=1718):
mkdir(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x14, 0x2e, 0x9, 0x70bd27, 0x0, {0x4, 0x0, 0x41}}, 0x14}, 0x1, 0x0, 0x0, 0x42804}, 0x0)

6m37.287417566s ago: executing program 2 (id=1719):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ec0)=ANY=[@ANYBLOB="14000000000000002900000034000000040000000000000014000000000000002900000034000000fdffff"], 0x108}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000000314010000000120000000000900020073797a30000000000800410072"], 0x38}, 0x1, 0x0, 0x0, 0x808}, 0x4004000)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001740)=[{{&(0x7f0000000580)={0xa, 0x4e23, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000100)=[{0x0}], 0x1}}], 0x1, 0x24088804)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r6, 0x401c5820, &(0x7f0000000080)={0x8})
link(&(0x7f0000000080)='.\x00', &(0x7f00000000c0)='./file0\x00')
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r7 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0), r6)
sendmsg$L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0x24, r8, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@L2TP_ATTR_SEND_SEQ={0x5, 0x13, 0x5}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x788c}]}, 0x24}, 0x1, 0x0, 0x0, 0x40800}, 0x4a5c8dc811086354)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)

6m37.013157591s ago: executing program 2 (id=1720):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x3, 'sit0\x00', {}, 0x8})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0x0, &(0x7f0000000040))
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x8c, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0xffffffffffffff5d, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd7000ffdbdf250200000008000100", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x1000}, 0x4)
write$nci(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="710505"], 0x61)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000180)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000001c0)=<r7=>0x0)
sendmsg$NFC_CMD_ENABLE_SE(r5, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x44, r3, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_SE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000804}, 0x24008010)

6m21.504366111s ago: executing program 34 (id=1720):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x3, 'sit0\x00', {}, 0x8})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
clock_gettime(0x0, &(0x7f0000000040))
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x8c, 0x0)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0xffffffffffffff5d, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd7000ffdbdf250200000008000100", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x1000}, 0x4)
write$nci(r1, &(0x7f0000000040)=ANY=[@ANYBLOB="710505"], 0x61)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000180)=<r6=>0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000001c0)=<r7=>0x0)
sendmsg$NFC_CMD_ENABLE_SE(r5, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x44, r3, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}, @NFC_ATTR_SE_INDEX={0x8}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x1}, @NFC_ATTR_SE_INDEX={0x8, 0x15, 0x2}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000804}, 0x24008010)

6.629109136s ago: executing program 6 (id=3427):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001300)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
r1 = syz_open_dev$audion(&(0x7f0000000040), 0x1ff, 0x0)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000480)={0x84, &(0x7f0000000380)={0x20, 0x15, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$cdc_ncm(0x1, 0xf3, &(0x7f0000000580)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe1, 0x2, 0x1, 0x2, 0x40, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xf03b}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x0, 0x2, 0x52}, {0x6, 0x24, 0x1a, 0x3, 0x20}, [@mbim={0xc, 0x24, 0x1b, 0x7ff, 0x7, 0x6, 0x80, 0x8, 0x5}, @mdlm_detail={0x5d, 0x24, 0x13, 0x4, "08af5a983c202175b8c31e540004057d384b0a219dd1e1798e7027497918a3596078b3bdd38231e903ebf84014e5e487b04ae770e0c964492036a665ae068609274c5f155bd76dd1cb648aba638389b1e314969d5b374aed59"}, @mbim={0xc, 0x24, 0x1b, 0x8, 0x9, 0x7, 0x3, 0x7, 0x75}, @country_functional={0x10, 0x24, 0x7, 0x6, 0xc, [0x7f, 0xcaf, 0x3, 0x5, 0x7]}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x9, 0x4, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0x1, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0xf8, 0x9a, 0xf}}}}}}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x200, 0x6, 0x4, 0x7, 0xef, 0x4}, 0xf, &(0x7f0000000340)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x3, 0x0, 0x5}]}, 0x3, [{0x84, &(0x7f0000000680)=@string={0x84, 0x3, "f1089443403f83b7fcb47f88d025ba9e35e80722f272082be9e46b8fc017c39e07542d3d1168616c1131e56b7b8777b04ea7eeeb5ae2bcb599ab92148a2d22abf9c24c9d69c33d59352b3500a97dd8099f98951e909867d78c29e42eade6e8a25b2e85c02662ed8b7e46828c8197e2c351a0f9cd4d71c9559de61d51462526d9b6b1"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x446}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x2801}}]})
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000840)={0x20, 0x6, 0xca, "005c859ae52275b0bf7063967b6b928f2a7eaab0d546a6836b822ef1a1350d735bf3368e5174411c9ffdaf110c894db3e738a7c830ef653533c833ab21a66c2d486bff43d1fe36f0884da689468e49bccccbb57e8228cbd88134087743561330bfa19ab09b7add51a26e17534cbfd0b907efb449390ef26f2000243885e2531c8191723503ee1da7af7936bcb99e29ca60944fbf7dda3bdb0d900db771d98495795c3bab8bd1829809b094789557c86bbf78a6f7cdc700"/202}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5800000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac008000200f6ff0200050005c05e776189eab556a705251e618294ff0051f60a84c9f4d4938037e786c6c953000000000000000000", 0x58}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg(r4, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000a4e66000005fe060c10880008001e00fff3c00e", 0x24}], 0x1}, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000001c0)={0x20, 0xf, 0x1b, "47ebf8d02321ec19582abd82567e8172e4ed8c021d42d57b363f6b"}, 0x0, 0x0, 0x0, 0x0})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$LOOP_SET_FD(r1, 0x80304d65, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f0000000140)=[{0x7c}, {0x6, 0x0, 0x0, 0x7ffffffb}]})

4.44258089s ago: executing program 4 (id=3435):
syz_usb_connect$cdc_ncm(0x5, 0x72, &(0x7f0000000600)=ANY=[], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
writev(r0, &(0x7f0000000240)=[{&(0x7f0000000280)="20e106bc8cbb5a54b8b7922b25f4c903c5e844553a12486fecae22c0fe0867", 0x1f}, {&(0x7f0000000140)="0633d06c86bf41cbb453c78b37c5a982c1d4ce48b82fa4e1a1e05dce0891a6f01fe98181c38809e0472858924b98367aee4e25e75ee0989c301a842620e1b37a6131c73f84bc1de167a05cac8b520f6f636b903c7eb3411d600b92c4227b444222badd681b5826a5c1ace7929f345f302dce064d0398", 0x76}, {&(0x7f00000001c0)="f38fd22b02c61bfdc2232bd2779f302a15cff14b783db6faa3cbbd202dcad330180662005389e5e307544103eb46bd190c30a26756cde9f709f6ace4ab4bec691919dd5ee91b1787", 0x48}], 0x3)

3.554807605s ago: executing program 6 (id=3439):
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
close_range(r1, r1, 0x0)
socket$rds(0x15, 0x5, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x28}}, 0x1c)
ioctl$VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000000)=0xc)
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000080)={'bond0\x00', &(0x7f0000000300)=@ethtool_rxfh={0x1, 0x0, 0x8000, 0x20007a, 0x0, "060300"}})

3.39050029s ago: executing program 6 (id=3440):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000100)={@void, @void, @eth={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, {0x0, 0x17c1, 0x48, 0x0, @wg=@cookie={0x3, 0x1, "a9415473e29d0f3ab4c20124bb78cef6f8e6089a9bb5f466", "78c79d30367e58a16fc1b1cf8c1609d0483390d2b246486839ac79fac445b4eb"}}}}}}}, 0x6e)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001c40)=ANY=[@ANYBLOB="781100001100010000000000020000001d0000006411e3800800228004002b80080035"], 0x1178}, 0x1, 0x0, 0x0, 0x1}, 0x0)

3.272579218s ago: executing program 6 (id=3442):
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x40, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)={0x104, 0x2c, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0xf3, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac0b}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @loopback}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb64"]}]}, 0x104}], 0x1, 0x0, 0x0, 0x1}, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xf9)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000001c0)=0xd)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000280)=0xb3)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x442, 0x1ff)
close(r1)
ioctl$KVM_CAP_STEAL_TIME(r1, 0x4068aea3, &(0x7f0000000200))
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x5)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYRESOCT, @ANYBLOB="7eab"], 0x10)

2.578029733s ago: executing program 6 (id=3445):
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000380)={{0x84, @rand_addr=0x64010104, 0x4e24, 0x3, 'nq\x00', 0x8, 0x5, 0x55}, {@remote, 0x4e22, 0x0, 0x7, 0x12d5c, 0x12d58}}, 0x44)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0xfc}}, 0x80, 0x0}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[], 0x33fe0}, 0x1, 0x0, 0x0, 0x40002}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="1beb41ea4ea9ca354f167d9eaee7dc35eca218b865688d79fe31cbe00d190c853bfe6a22bd7dec0023aa0e038d07000040e37e00f7dd3afafdbc70e1b5928033df5e82fd76f31e8b29a0f05c2cef56f56cd0330dc984004f220b7dcb23a05d530df65691cf6a3cceb7a97c673856f552ded9530b52fe6d1e662090d2802233ec1adca9eaab9dd6f04b2717ed1552cf46dc28cd3fbf1ec1eaedd80d1da838a00a1e229ce16d2c1a411be06f715e8b6aa7552800d5282e4e0bf3eaf55a", 0xbc}, {&(0x7f0000000b00)}], 0x2, 0x0, 0x0, 0x4004090}, {0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)="d21e61c0af08368aedabcf6e445f1ca30a2f37d1f6d14042afeb21e49b0da7fd9f", 0x21}, {&(0x7f0000000340)="ee040ee213770d0dd6c4942cbd98a406b6b2e80c513958d1a9b51119dfce27772eb4e64dbf0c1a087db879fd5c2fe04445f8af909e", 0x35}, {&(0x7f0000000680)="5f4bc42eaf8588000472e82d758df66415efc5b7761dbd49946de91ca43b7478156b8e84fcc4d6aaaacd8f9652db3afe5290a4308501593b8ef8332f00fdc08f16e8004100db76cee72a54088708bc2c1f700e3fa3bdeafebf4d372e86a2b0c60a9456f4005e2c21848b51f40babb88b6817de908de68732bf655dceedb0", 0x7e}], 0x3, 0x0, 0x0, 0x50}, {0x0, 0x0, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000fc0)}], 0x2, 0x0, 0x0, 0x84090}], 0x3, 0x4004090)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
openat$audio(0xffffffffffffff9c, &(0x7f0000000a80), 0x8a41, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000017c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BSS(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x24, r5, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
socket$pppoe(0x18, 0x1, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

2.570664345s ago: executing program 5 (id=3446):
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)=0x100, 0x4)
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000280)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0xb, r3, 0x0, r2})
getsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000000)={@initdev, @empty, @remote}, &(0x7f0000000200)=0xc)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110a, 0x2})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x42, 0x1000000, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0})

2.535178853s ago: executing program 6 (id=3447):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000001300)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
r1 = syz_open_dev$audion(&(0x7f0000000040), 0x1ff, 0x0)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904b8070259d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000480)={0x84, &(0x7f0000000380)={0x20, 0x15, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$cdc_ncm(0x1, 0xf3, &(0x7f0000000580)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe1, 0x2, 0x1, 0x2, 0x40, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xf03b}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x0, 0x2, 0x52}, {0x6, 0x24, 0x1a, 0x3, 0x20}, [@mbim={0xc, 0x24, 0x1b, 0x7ff, 0x7, 0x6, 0x80, 0x8, 0x5}, @mdlm_detail={0x5d, 0x24, 0x13, 0x4, "08af5a983c202175b8c31e540004057d384b0a219dd1e1798e7027497918a3596078b3bdd38231e903ebf84014e5e487b04ae770e0c964492036a665ae068609274c5f155bd76dd1cb648aba638389b1e314969d5b374aed59"}, @mbim={0xc, 0x24, 0x1b, 0x8, 0x9, 0x7, 0x3, 0x7, 0x75}, @country_functional={0x10, 0x24, 0x7, 0x6, 0xc, [0x7f, 0xcaf, 0x3, 0x5, 0x7]}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x9, 0x4, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x6, 0x1, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0xf8, 0x9a, 0xf}}}}}}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x200, 0x6, 0x4, 0x7, 0xef, 0x4}, 0xf, &(0x7f0000000340)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x3, 0x0, 0x5}]}, 0x3, [{0x84, &(0x7f0000000680)=@string={0x84, 0x3, "f1089443403f83b7fcb47f88d025ba9e35e80722f272082be9e46b8fc017c39e07542d3d1168616c1131e56b7b8777b04ea7eeeb5ae2bcb599ab92148a2d22abf9c24c9d69c33d59352b3500a97dd8099f98951e909867d78c29e42eade6e8a25b2e85c02662ed8b7e46828c8197e2c351a0f9cd4d71c9559de61d51462526d9b6b1"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x446}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x2801}}]})
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000840)={0x20, 0x6, 0xca, "005c859ae52275b0bf7063967b6b928f2a7eaab0d546a6836b822ef1a1350d735bf3368e5174411c9ffdaf110c894db3e738a7c830ef653533c833ab21a66c2d486bff43d1fe36f0884da689468e49bccccbb57e8228cbd88134087743561330bfa19ab09b7add51a26e17534cbfd0b907efb449390ef26f2000243885e2531c8191723503ee1da7af7936bcb99e29ca60944fbf7dda3bdb0d900db771d98495795c3bab8bd1829809b094789557c86bbf78a6f7cdc700"/202}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
close(r3)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)="5800000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac008000200f6ff0200050005c05e776189eab556a705251e618294ff0051f60a84c9f4d4938037e786c6c953000000000000000000", 0x58}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r4 = socket(0x10, 0x80002, 0x0)
sendmsg(r4, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f6105000a4e66000005fe060c10880008001e00fff3c00e", 0x24}], 0x1}, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000001c0)={0x20, 0xf, 0x1b, "47ebf8d02321ec19582abd82567e8172e4ed8c021d42d57b363f6b"}, 0x0, 0x0, 0x0, 0x0})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$LOOP_SET_FD(r1, 0x80304d65, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x2, &(0x7f0000000140)=[{0x7c}, {0x6, 0x0, 0x0, 0x7ffffffb}]})

2.467052705s ago: executing program 5 (id=3448):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018008000100666962001c0002800800024000000003080001400000000808000340000000030900010073797a30000000000900020073797a32"], 0x80}}, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
ioctl$DRM_IOCTL_MODE_CURSOR(0xffffffffffffffff, 0xc01c64a3, &(0x7f0000000040)={0x3, 0x0, 0x10000003, 0x80000001, 0x2, 0x1fd})
setsockopt$inet6_opts(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[], 0xd0060)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x6, 0x4)
sendmsg$inet6(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0xa, 0x4e21, 0xff, @ipv4={'\x00', '\xff\xff', @local}, 0xff}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000002c0)="1f", 0x1}], 0x1}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r3 = socket(0x10, 0x3, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1, {<r4=>0xee01, 0xee00}}, './file0\x00'})
sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0100001900010000000000fbdbdf251d010900500012804c00f8801400330000000000000000000000ffff640101013100fb80b5416b2b80f72979594745504f3a0aa6b036f86ce32d83591c6224e53de96804e6172083eaaa90cf56dd042b72000000c8000580c400ce80c0003e80bc005380b8006180b4009d80ae0063800400a500100090800c00198008001000", @ANYRES32=r3, @ANYBLOB="8139570e95f418b900223c58d2247cad020000001b610db985745afe368a825adfb1282af80c001c00090000000000000008002e00", @ANYRES32=0x0, @ANYBLOB="2800de8008004d00", @ANYRES32=r3, @ANYBLOB="1c00328008000800", @ANYRES32=r4, @ANYBLOB="0400888008002f00640101010400148067bc0ca816bfd690a5b2bc965f642f86fcbaa1ef938c5fa66781695122165b300ce9a004e74d8dd0acd8aea39f0cf5ea1f0400b5800000"], 0x12c}, 0x1, 0x0, 0x0, 0x5}, 0x0)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0)
r6 = add_key$keyring(&(0x7f0000000200), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000100))
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000080)={0x90, 0x0, &(0x7f0000000740)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000580)={@fd={0x66642a85, 0x0, r7}, @fd, @fda={0x66646185, 0xa, 0x1, 0x22}}, &(0x7f00000003c0)={0x0, 0x18, 0x30}}}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000400)={@fda={0x66646185, 0xa, 0x1, 0x18}, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000680)=""/173, 0xad, 0x1, 0x6}}, &(0x7f0000000280)={0x0, 0x20, 0x38}}, 0x400}], 0x0, 0x0, 0x0})
r9 = dup3(r8, r7, 0x0)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r10, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r10, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f00000004c0)={0x4c, 0x0, &(0x7f00000002c0)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r6, &(0x7f0000000240)='asymmetric\x00', &(0x7f00000004c0)=@secondary)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000100)={'fscrypt:', @desc3}, &(0x7f0000000140)={0x0, "ba50eef3b163402df63ae78b24ef303dbffc30a563d37e0819a8597a7c737bb299c0c117d22a2ea7a1202cd7210d9f15bdc33cdd2cd1927bc03a7191fc8f7dbd", 0x2e}, 0x48, r6)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000000)=0x4)

2.126709728s ago: executing program 5 (id=3449):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0)
syz_usb_disconnect(r0)
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc0286405, 0x0) (fail_nth: 2)

1.836471293s ago: executing program 1 (id=3450):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x26c, r1, 0x2, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x68, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_BEARER={0x2c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4fe4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}]}, @TIPC_NLA_SOCK={0x84, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xb}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80000000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xca}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8c6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffeffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffffb}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xc0000000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x16c}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8dd}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x10}]}, @TIPC_NLA_NET={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x10001}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}]}, @TIPC_NLA_SOCK={0x90, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x42797927}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x54}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xcc}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6cf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x101}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xed}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}]}]}, 0x26c}}, 0x4004000)
r2 = accept4(r0, 0x0, &(0x7f0000000380), 0x80800)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f00000003c0), 0x10)
setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f0000000500)={@generic={0x21, "95e728f48f2b999ced4bf9c9874306728f0bf27eedbc81b6e10c451775a26e531a1dc0d44a27670e2dc4db1c2d1e2ae0742beb75b66026fb5e9b5f21e48ee8adcbd9e799b3cab9f6a81b3f0f5dad6fa4659ed17794cd1fb32360efa61a9e5a09b3c534a51871442b9e9a87dea0c6e1f9adde804ed5d184cfeb6c48931cca"}, {&(0x7f0000000400)=""/186, 0xba}, &(0x7f00000004c0), 0x20}, 0xa0)
ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000000840)={{'\x00', 0x1}, {0x3}, 0x0, 0x0, 0x0, &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='./file0\x00', &(0x7f0000000640)="eae538a1e4ee35b1248370f2", 0xc, 0x0, &(0x7f0000000680)={0x2, 0x162, {0x0, 0xc, 0xda, "3f8005b569e48e5b201fecd6e007d51c4a78e8bb91ed8fc344ddc3d91ba54b598de2dce833edc850ecc26b3f99c4649077a270aaf3b47585b502379797479ea94420ee41de4446e93320166315a9cc12245edf2cbf7b9b700125850cb1cced49405461d1010fc7cd8c96062ee4d733d0ad8499d6bc5acc1d26659ff8f425b7de2eb574de4abf9b622b5d5f48b4909153a239b5880ab1e2e722e620c56f15542f98912f7dbdea2bc84045753706db71d52e01db6e2d243198b2cffd8da74cbf8a2fb5e55694675f7ab461b3b2f4407adc48fded50683043745ea7", 0x7b, "273c7840584b440624d1a60a0f5007bcf8ff5dc14bb689e72ffae3ddd9545ce9497cac4763a0f0cd3beb75ad97bd8171f8339ab0d6f9067c222ec6ab54c9090cab3fe29726bcd307b8436b0be4ff82fb9143bccf434e6e094c62edceb19d4e55165933a958bfab1fb8743c9c8d58610d4383778e7e3b4cf95e1869"}, 0x21, "aebe1f7b8b9c8f5303f6df075fca78d00162fa384c764bf3f752ef9e763ff68e5b"}, 0x18f})
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000900), r2)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r2, &(0x7f0000000a80)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000a40)={&(0x7f0000000940)={0xf0, r4, 0x400, 0x70bd28, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xfffffffa}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0xe}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xfffffffa}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x9}}]}, 0xf0}, 0x1, 0x0, 0x0, 0x4}, 0x20040064)
sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000c40)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000c00)={&(0x7f0000000b00)={0xf8, r1, 0x300, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xd3}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x2c6}]}]}, @TIPC_NLA_LINK={0x8c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x37}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1b7b4000}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x8804}, 0x1)
recvmsg$unix(r2, &(0x7f0000000e80)={&(0x7f0000000c80)=@abs, 0x6e, &(0x7f0000000e40)=[{&(0x7f0000000d00)=""/203, 0xcb}, {&(0x7f0000000e00)=""/7, 0x7}], 0x2}, 0x40000100)
r5 = syz_open_dev$mouse(&(0x7f0000000ec0), 0x7, 0x101000)
ioctl$XFS_IOC_PATH_TO_FSHANDLE(r0, 0xc0385868, &(0x7f0000001040)={<r6=>r3, &(0x7f0000000f40)=']]\x00', 0x4000, &(0x7f0000000f80)={@align=0xcbcc, {0x3, 0xba0, 0x2, 0x3cbe787f}}, 0x9, &(0x7f0000000fc0)={@_ha_fsid}, &(0x7f0000001000)=0x8})
linkat(r5, &(0x7f0000000f00)='./file0\x00', r6, &(0x7f0000001080)='./file0\x00', 0x1400)
fcntl$setown(r3, 0x8, 0xffffffffffffffff)
r7 = gettid()
fcntl$setownex(r0, 0xf, &(0x7f00000010c0)={0x1, r7})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001100), 0x48001, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r6, 0xc0189374, &(0x7f0000001140)={{0x1, 0x1, 0x18, <r9=>r8, {0xda7c}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r5, 0xc0189378, &(0x7f0000001180)={{0x1, 0x1, 0x18, <r10=>r9, {<r11=>r0}}, './file0\x00'})
setxattr(&(0x7f00000011c0)='./file0\x00', &(0x7f0000001200)=@known='system.posix_acl_default\x00', &(0x7f0000001240)='%#\x00', 0x3, 0x3)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r6, 0xc0189371, &(0x7f0000001280)={{0x1, 0x1, 0x18, <r12=>r9}, './file0\x00'})
r13 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001300), r11)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000001340)={'wg0\x00', <r14=>0x0})
getsockopt$inet_pktinfo(r10, 0x0, 0x8, &(0x7f0000001380)={<r15=>0x0, @local, @initdev}, &(0x7f00000013c0)=0xc)
getsockopt$PNPIPE_IFINDEX(r9, 0x113, 0x2, &(0x7f0000001400)=<r16=>0x0, &(0x7f0000001440)=0x4)
getsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000001480)={<r17=>0x0, @rand_addr, @broadcast}, &(0x7f00000014c0)=0xc)
getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f0000001500)=<r18=>0x0, &(0x7f0000001540)=0x4)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r12, &(0x7f0000001c40)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001c00)={&(0x7f0000001940)={0x28c, r13, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}]}, @HEADER={0x9c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r18}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}]}]}, 0x28c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000)

1.786046937s ago: executing program 1 (id=3451):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110a, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x42, 0x1000000, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0})

1.68179094s ago: executing program 1 (id=3452):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$802154_dgram(r0, &(0x7f0000000240)={&(0x7f0000000180)={0x24, @none={0x0, 0xffff}}, 0x14, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x40)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
write$cgroup_int(r1, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000004c0)='./file0\x00')
llistxattr(&(0x7f0000000340)='./bus\x00', 0x0, 0x78)
syz_usb_connect(0x3, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x310, 0x35, 0x1c, 0xa8, 0x8, 0x979, 0x280, 0x9547, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x7, 0x80, 0x9, [{{0x9, 0x4, 0x18, 0x9, 0x0, 0x34, 0x17, 0x31, 0x3f}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0})

1.346228162s ago: executing program 4 (id=3453):
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x1, 0x101)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r0, &(0x7f00000012c0)=""/228, 0x93)
ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100)

1.334293676s ago: executing program 4 (id=3454):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_SETRSUBD(r1, 0x6410)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) (async)
getsockopt$inet_buf(r0, 0x0, 0x2a, &(0x7f00000002c0)=""/210, &(0x7f0000000040)=0xd2)
sendto$inet(r0, &(0x7f0000000240)="9a1fbe09d1658438e3b1e817f9e3a8053c7cbb36d99104a263f68e58f5b1bdb5857a39278401dc3e9ca091ba0a4e169afa6fb5af308801a03726c8bb28930bd5bb23760367c59fbde9dea610a320506f9efa41643e", 0xffffffffffffffef, 0x0, 0x0, 0xfffffffffffffed5) (async)
syz_clone3(&(0x7f0000002500)={0x2000100, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0, 0x0, 0xffffffffffffffff], 0x3}, 0x58) (async, rerun: 32)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) (async, rerun: 32)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r2, &(0x7f0000000a40)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}, 0x1c, &(0x7f0000000cc0)=[{&(0x7f0000000100)="02", 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e20, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x5}, 0x1c, &(0x7f0000000740)=[{&(0x7f00000001c0)="81", 0x1}], 0x1}}], 0x2, 0x0) (async)
shutdown(r2, 0x1) (async, rerun: 32)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000000)={0x3, 0x40, 0x7, 0x1, 0xc, 0xf3, 0x3, 0x7, 0x3, 0xea, 0xb, 0x7, 0x3, 0x9}, 0xe) (rerun: 32)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r4 = dup(r3)
shutdown(r4, 0x1) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r5=>0xffffffffffffffff}, 0x2, 0x8}}, 0x20)
lstat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r6=>0x0}) (async)
statx(r4, &(0x7f0000000480)='./file0\x00', 0x800, 0x80a, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, <r7=>0x0}) (async)
stat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x6000)
setresuid(0xee01, r9, r9) (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000680)={{0x1, 0x1, 0x18, r1, {0xee00, <r10=>0xee01}}, './file0\x00'})
getgroups(0x1, &(0x7f00000006c0)=[<r11=>0xee01])
setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f00000014c0)=@nat={'nat\x00', 0x19, 0x8, 0xd98, [0x200000000700, 0x0, 0x0, 0x200000000904, 0x200000000cc0], 0x0, &(0x7f0000000140), &(0x7f0000000700)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x2, [{0x9, 0x40, 0xa00, 'bridge_slave_0\x00', 'ip6_vti0\x00', 'dvmrp0\x00', 'syz_tun\x00', @local, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], @random="7f69c4d99884", [0xff, 0xff, 0x0, 0xff, 0xff, 0xff], 0xde, 0xde, 0x12e, [@rateest={{'rateest\x00', 0x0, 0x48}, {{'bond_slave_0\x00', 'netpci0\x00', 0x1, 0x2, 0x0, 0x7, 0x9d0, 0x8, {0x5}, {0x5}}}}], [], @common=@LED={'LED\x00', 0x28, {{'syz1\x00', 0x1, 0x0, {0x4}}}}}, {0x5, 0x12, 0x883e, '\x00', 'ip6tnl0\x00', 'team0\x00', 'bond_slave_1\x00', @local, [0xff, 0x0, 0x0, 0xff, 0xff], @multicast, [0xff, 0x0, 0xff, 0x0, 0xff, 0x7f], 0x6e, 0x6e, 0xa6, [], [], @arpreply={'arpreply\x00', 0x10, {{@multicast, 0xfffffffffffffffe}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc, 0x2, [{0x5, 0x45, 0x1a, 'ip_vti0\x00', 'netpci0\x00', 'vcan0\x00', 'bridge_slave_0\x00', @empty, [0x0, 0xff, 0xff, 0xff, 0x0, 0xff], @local, [0xff, 0xff, 0xff, 0x0, 0xff], 0x6e, 0xde, 0x156, [], [@arpreply={'arpreply\x00', 0x10, {{@link_local, 0xffffffffffffffff}}}, @arpreply={'arpreply\x00', 0x10, {{@local, 0xfffffffffffffffe}}}], @common=@NFLOG={'NFLOG\x00', 0x50, {{0x4, 0x0, 0x1, 0x0, 0x0, "00ea415c5ffbcb0f927d599679483d5ce1d38ed2560e03d2af3d755a03d90e6c99fb3b425fe4a41f8d7e4c635d9234967c1c80135d2e4d9d9d9debcec12df734"}}}}, {0x9, 0x0, 0xdada, 'pimreg\x00', 'pimreg0\x00', 'vlan0\x00', 'ip6gretap0\x00', @random="b2a332fa1dea", [0xff, 0x0, 0xff, 0xff, 0xff, 0xff], @multicast, [0xff, 0xff, 0xff], 0x196, 0x1fe, 0x236, [@comment={{'comment\x00', 0x0, 0x100}}], [@arpreply={'arpreply\x00', 0x10, {{@remote, 0xfffffffffffffffe}}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x3}}}], @arpreply={'arpreply\x00', 0x10, {{@dev={'\xaa\xaa\xaa\xaa\xaa', 0x38}, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x4, 0xffffffffffffffff, 0x2, [{0x5, 0x2, 0x6002, 'pimreg0\x00', 'team_slave_0\x00', 'team0\x00', 'ipvlan0\x00', @empty, [0xff, 0x0, 0x0, 0xff, 0x0, 0xff], @local, [0x0, 0x0, 0xff, 0xff, 0xff, 0xff], 0xae, 0xae, 0xe6, [@owner={{'owner\x00', 0x0, 0x18}, {{r6, r7, r8, 0xee00, 0x4, 0x4}}}], [], @snat={'snat\x00', 0x10, {{@broadcast, 0xfffffffffffffffd}}}}, {0x11, 0x6, 0xdada, 'team_slave_1\x00', 'bond_slave_0\x00', 'bond0\x00', 'bridge_slave_0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}, [0x0, 0xff, 0xff, 0x0, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8a4ad591d812c130}, [0x0, 0x0, 0xff, 0xff], 0xfe, 0x136, 0x16e, [@owner={{'owner\x00', 0x0, 0x18}, {{0xffffffffffffffff, r9, r10, r11}}}, @ipvs={{'ipvs\x00', 0x0, 0x28}, {{@ipv4=@loopback, [0x0, 0xff, 0xff], 0x4e21, 0x2, 0x2, 0x4e22, 0x2, 0x8}}}], [@snat={'snat\x00', 0x10, {{@local, 0xffffffffffffffff}}}], @arpreply={'arpreply\x00', 0x10, {{@empty, 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x6, 0x0, 0x2, [{0x9, 0x72, 0x890d, 'bridge_slave_0\x00', 'veth1_vlan\x00', 'ip6gre0\x00', 'nr0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}, [0xff, 0x0, 0x0, 0x0, 0xff, 0xff], @random="a183b8429821", [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], 0x2a6, 0x40e, 0x446, [@bpf0={{'bpf\x00', 0x0, 0x210}, {{0x11, [{0x1ff, 0x2, 0x8, 0x40}, {0x7, 0x3, 0x81, 0x7}, {0xa4e0, 0x8, 0x4, 0x10001}, {0x0, 0x6, 0x5, 0x3ea}, {0x6, 0xaf, 0x0, 0x2}, {0x3, 0x14, 0x6, 0x8}, {0x28, 0x2, 0xad, 0x3}, {0x2, 0xd4, 0xeb, 0x6b10}, {0x81, 0xb, 0x6, 0x2}, {0x4c2f, 0xa, 0x0, 0x5}, {0x400, 0xa2, 0xab, 0x4}, {0x5, 0x2, 0x9}, {0x8, 0x5, 0x4, 0xffffff27}, {0x8, 0x93, 0x7, 0x10}, {0xfffc, 0x0, 0x10, 0xffff0000}, {0x9, 0x6, 0x3, 0xc1}, {0x4, 0x0, 0x2, 0x5}, {0x0, 0x9, 0x2, 0x8}, {0x4, 0x3, 0x0, 0x400}, {0x6, 0x1, 0x40, 0x3}, {0x0, 0x3, 0x9, 0xed0}, {0xffff, 0x8, 0xfa}, {0xe, 0x75, 0x4, 0x6429}, {0x3, 0x2, 0x6, 0x6}, {0x9, 0x0, 0x8, 0x1}, {0xfff, 0x1, 0xf, 0x52d60e37}, {0x7, 0x7, 0xff, 0x5}, {0x8001, 0x7, 0xf4, 0x7fffffff}, {0xe56f, 0x5, 0x4, 0x679}, {0x0, 0x68, 0xf9, 0xf}, {0x2, 0xd, 0xff, 0x80}, {0xfffc, 0x21, 0x7f, 0x200}, {0x5, 0x7, 0x8, 0x3ff}, {0x5, 0x0, 0x5, 0x8}, {0x9, 0xc0, 0x3, 0x4}, {0x7ff, 0x8, 0x9, 0xd29b}, {0x4, 0x3, 0x2, 0x5}, {0x2, 0x0, 0x4, 0x9}, {0x2, 0x40, 0xe, 0xffffffff}, {0x4, 0x2, 0x3, 0x7}, {0x7, 0x6, 0x5, 0x2}, {0xc, 0x55, 0x7, 0x9}, {0x3dc3, 0xff, 0x9, 0x3}, {0x200, 0x3, 0x57, 0x66}, {0x0, 0x0, 0xf, 0x2}, {0x7f, 0x3, 0x1, 0x1418}, {0x3, 0x2f, 0xd, 0x2}, {0x4, 0x40, 0x2, 0x800}, {0x3bf, 0x6, 0x5, 0x9}, {0xe, 0xe, 0xff, 0x1}, {0x7, 0x3, 0x1, 0x7}, {0xffff, 0x8, 0x8, 0x5}, {0x7d, 0x81, 0x10, 0x2}, {0x4, 0x15, 0x3, 0xec}, {0x8, 0x8, 0x9, 0xfffffffb}, {0x1, 0xa6, 0xc, 0x4}, {0x1, 0x1, 0x8, 0xfffffffe}, {0x1ff, 0x9, 0xd, 0x1}, {0x784, 0x5, 0x1, 0x3}, {0x8, 0x5, 0x9, 0xffffffc0}, {0x8, 0x8, 0x1, 0x64}, {0xebb2, 0x6, 0xbd, 0x8}, {0x2, 0xf8, 0xba, 0x4}, {0x101, 0x7c, 0x9, 0xff}], {0x2}}}}], [@arpreply={'arpreply\x00', 0x10, {{@broadcast, 0xfffffffffffffffd}}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x28a, 'system_u:object_r:chfn_exec_t:s0\x00'}}}], @snat={'snat\x00', 0x10, {{@multicast, 0xffffffffffffffff}}}}, {0x1e, 0x14, 0xfbfb, 'ip_vti0\x00', 'lo\x00', 'vlan0\x00', 'rose0\x00', @random="de4aa4f19468", [0xff, 0xff, 0xff], @multicast, [0x0, 0xff, 0x0, 0x0, 0xff], 0x6e, 0xa6, 0xde, [], [@arpreply={'arpreply\x00', 0x10, {{@empty, 0xfffffffffffffffc}}}], @snat={'snat\x00', 0x10, {{@local, 0xfffffffffffffffc}}}}]}]}, 0xe10)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x76, @dev={0xfe, 0x80, '\x00', 0x40}, 0xfe68}, {0xa, 0x4e22, 0x1000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40}, r5, 0x4d}}, 0x48)

1.077130208s ago: executing program 4 (id=3455):
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000380)={{0x84, @rand_addr=0x64010104, 0x4e24, 0x3, 'nq\x00', 0x8, 0x5, 0x55}, {@remote, 0x4e22, 0x0, 0x7, 0x12d5c, 0x12d58}}, 0x44)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev={0xfe, 0x80, '\x00', 0xfc}}, 0x80, 0x0}, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NL80211_CMD_VENDOR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000dc0)=ANY=[], 0x33fe0}, 0x1, 0x0, 0x0, 0x40002}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="1beb41ea4ea9ca354f167d9eaee7dc35eca218b865688d79fe31cbe00d190c853bfe6a22bd7dec0023aa0e038d07000040e37e00f7dd3afafdbc70e1b5928033df5e82fd76f31e8b29a0f05c2cef56f56cd0330dc984004f220b7dcb23a05d530df65691cf6a3cceb7a97c673856f552ded9530b52fe6d1e662090d2802233ec1adca9eaab9dd6f04b2717ed1552cf46dc28cd3fbf1ec1eaedd80d1da838a00a1e229ce16d2c1a411be06f715e8b6aa7552800d5282e4e0bf3eaf55a", 0xbc}, {&(0x7f0000000b00)}], 0x2, 0x0, 0x0, 0x4004090}, {0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)="d21e61c0af08368aedabcf6e445f1ca30a2f37d1f6d14042afeb21e49b0da7fd9f", 0x21}, {&(0x7f0000000340)="ee040ee213770d0dd6c4942cbd98a406b6b2e80c513958d1a9b51119dfce27772eb4e64dbf0c1a087db879fd5c2fe04445f8af909e", 0x35}, {&(0x7f0000000680)="5f4bc42eaf8588000472e82d758df66415efc5b7761dbd49946de91ca43b7478156b8e84fcc4d6aaaacd8f9652db3afe5290a4308501593b8ef8332f00fdc08f16e8004100db76cee72a54088708bc2c1f700e3fa3bdeafebf4d372e86a2b0c60a9456f4005e2c21848b51f40babb88b6817de908de68732bf655dceedb0", 0x7e}], 0x3, 0x0, 0x0, 0x50}, {0x0, 0x0, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000fc0)}], 0x2, 0x0, 0x0, 0x84090}], 0x3, 0x4004090)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
openat$audio(0xffffffffffffff9c, &(0x7f0000000a80), 0x8a41, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000017c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_BSS(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x24, r5, 0x1, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

898.423498ms ago: executing program 4 (id=3456):
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)=0x100, 0x4)
r0 = socket$inet(0x2, 0x1, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000280)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0xb, r3, 0x0, r2})
getsockopt$inet_mreqsrc(r0, 0x0, 0x28, &(0x7f0000000000)={@initdev, @empty, @remote}, &(0x7f0000000200)=0xc)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110a, 0x2})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r7 = dup3(r6, r4, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x42, 0x1000000, 0x0})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0})

798.06917ms ago: executing program 4 (id=3457):
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, 0x0, 0x4048060)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1)
syz_usb_connect(0x0, 0x35, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xca, 0x9b, 0xd4, 0x10, 0x1199, 0xb000, 0xa898, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x30, 0x2, 0x0, 0x17, 0xb5, 0x1b}}]}}]}}, 0x0)
syz_emit_vhci(0x0, 0xf8)
socket$inet_udp(0x2, 0x2, 0x0)

453.914311ms ago: executing program 5 (id=3458):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$inet(0x2, 0x5, 0xa15)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20000020)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x51, 0x0, 0x0)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x84302, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080, {0x0, 0xf000}, {'\x00', "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a5f2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fe00"}})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 2)

157.922878ms ago: executing program 1 (id=3459):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, 0x0, 0x0)
setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000a80)=@gcm_128={{0x303}, "9ff3d6661480294c", "5fa3c0bf46782bbee21b09b7446edc75", "5bee93e1", "f11bb8cba3046ce3"}, 0x28)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/4125, 0x101d}], 0x1}, 0x40002022)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)=[{&(0x7f0000000200)="2e0400001c008102e00f80ecdb4cb9f207c804a00d00000088081afb0a0002000a0ada1b40d80800c500c50083b8", 0xfec9}], 0x1, 0x0, 0x0, 0x5865}, 0x0)

82.183485ms ago: executing program 1 (id=3460):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110a, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0})

27.985521ms ago: executing program 5 (id=3461):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000002c0), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, r1, 0xaf755c6ab0f632a5, 0x70bd2c, 0x25dfdbfa, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x20040000)

611.527µs ago: executing program 1 (id=3462):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/169, 0xa9}], 0x1, 0x2, 0x1070, 0x10)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
syz_clone(0x4b001000, 0x0, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 5 (id=3463):
pipe2$watch_queue(&(0x7f0000000340), 0x80)
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r0, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000240)=0x7)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000200)=0x75)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x28200)
ioctl$BLKTRACETEARDOWN(r6, 0x1276, 0x0)
ioctl$BLKTRACESTART(r6, 0x1274, 0x0)
r7 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
r8 = socket(0x22, 0x2, 0x4)
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r8, 0x89f7, &(0x7f0000000300)={'sit0\x00', 0x0})
ioctl$FE_SET_PROPERTY(r7, 0x40106f52, &(0x7f0000000040)={0x3b, &(0x7f00000001c0)=[{0x12, '\x00', @data=0x2, 0x7}]})
r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r5, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000180)={0x30, r9, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7fff}]}, 0x30}}, 0x20000000)

kernel console output (not intermixed with test programs):

as invalid wMaxPacketSize 0
[  802.727567][ T5925] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  802.737866][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  802.750198][ T5925] usb 2-1: Product: syz
[  802.754425][ T5925] usb 2-1: Manufacturer: syz
[  802.760201][ T5925] usb 2-1: SerialNumber: syz
[  802.771285][ T5925] usb 2-1: config 0 descriptor??
[  802.781063][ T5925] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  802.790556][ T5925] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  802.985305][ T5890] usb 6-1: new high-speed USB device number 116 using dummy_hcd
[  803.147708][ T5890] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  803.157702][ T5890] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  803.169015][ T5890] usb 6-1: config 0 descriptor??
[  803.388566][ T5925] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  804.188078][ T5890] usb 6-1: Cannot set autoneg
[  804.193252][ T5890] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61
[  804.224459][ T5925] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  804.233186][ T5925] em28xx 2-1:0.0: board has no eeprom
[  804.295270][ T5925] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  804.303199][ T5925] em28xx 2-1:0.0: dvb set to bulk mode.
[  804.309733][T11370] em28xx 2-1:0.0: Binding DVB extension
[  804.322785][ T5925] usb 2-1: USB disconnect, device number 9
[  804.330230][ T5925] em28xx 2-1:0.0: Disconnecting em28xx
[  804.382300][T11370] em28xx 2-1:0.0: Registering input extension
[  804.388922][ T5925] em28xx 2-1:0.0: Closing input extension
[  804.401935][T14892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  804.412993][T14892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  804.422274][ T5925] em28xx 2-1:0.0: Freeing device
[  804.768509][T14899] FAULT_INJECTION: forcing a failure.
[  804.768509][T14899] name failslab, interval 1, probability 0, space 0, times 0
[  804.781870][T14899] CPU: 1 UID: 0 PID: 14899 Comm: syz.1.3026 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  804.781904][T14899] Tainted: [L]=SOFTLOCKUP
[  804.781913][T14899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  804.781926][T14899] Call Trace:
[  804.781936][T14899]  <TASK>
[  804.781945][T14899]  dump_stack_lvl+0xe8/0x150
[  804.781981][T14899]  should_fail_ex+0x412/0x560
[  804.782034][T14899]  should_failslab+0xa8/0x100
[  804.782067][T14899]  __kmalloc_noprof+0xe8/0x760
[  804.782091][T14899]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  804.782132][T14899]  tomoyo_realpath_from_path+0xe3/0x5d0
[  804.782178][T14899]  ? tomoyo_path_number_perm+0x219/0x630
[  804.782207][T14899]  tomoyo_path_number_perm+0x246/0x630
[  804.782240][T14899]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  804.782272][T14899]  ? __lock_acquire+0x6b5/0x2cf0
[  804.782315][T14899]  ? get_pid_task+0x20/0x1f0
[  804.782370][T14899]  ? __pfx_from_kuid+0x10/0x10
[  804.782402][T14899]  ? down_write_killable+0x180/0x240
[  804.782430][T14899]  ? __pfx_down_write_killable+0x10/0x10
[  804.782456][T14899]  tomoyo_path_chown+0x46/0xc0
[  804.782481][T14899]  security_path_chown+0x139/0x340
[  804.782507][T14899]  chown_common+0x40c/0x6b0
[  804.782545][T14899]  ? __pfx_chown_common+0x10/0x10
[  804.782588][T14899]  ? sb_start_write+0x114/0x1c0
[  804.782615][T14899]  ? mnt_want_write_file+0x164/0x200
[  804.782641][T14899]  ksys_fchown+0xe9/0x160
[  804.782672][T14899]  __x64_sys_fchown+0x7a/0x90
[  804.782699][T14899]  do_syscall_64+0x14d/0xf80
[  804.782729][T14899]  ? trace_irq_disable+0x3b/0x150
[  804.782760][T14899]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  804.782782][T14899]  ? clear_bhb_loop+0x40/0x90
[  804.782814][T14899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  804.782831][T14899] RIP: 0033:0x7f698d79bf79
[  804.782846][T14899] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  804.782860][T14899] RSP: 002b:00007f698e6bf028 EFLAGS: 00000246 ORIG_RAX: 000000000000005d
[  804.782877][T14899] RAX: ffffffffffffffda RBX: 00007f698da15fa0 RCX: 00007f698d79bf79
[  804.782889][T14899] RDX: 0000000000000000 RSI: 000000000000ee01 RDI: 0000000000000004
[  804.782898][T14899] RBP: 00007f698e6bf090 R08: 0000000000000000 R09: 0000000000000000
[  804.782908][T14899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  804.782917][T14899] R13: 00007f698da16038 R14: 00007f698da15fa0 R15: 00007ffdff6bdbd8
[  804.782942][T14899]  </TASK>
[  804.783310][T14899] ERROR: Out of memory at tomoyo_realpath_from_path.
[  806.167895][T11370] usb 6-1: USB disconnect, device number 116
[  807.151793][    C1] sd 0:0:1:0: [sda] tag#1129 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  807.162334][    C1] sd 0:0:1:0: [sda] tag#1129 CDB: Read(6) 08 00 00 00 03 44
[  807.572154][T14932] FAULT_INJECTION: forcing a failure.
[  807.572154][T14932] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  807.596121][T14932] CPU: 0 UID: 0 PID: 14932 Comm: syz.6.3038 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  807.596155][T14932] Tainted: [L]=SOFTLOCKUP
[  807.596164][T14932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  807.596177][T14932] Call Trace:
[  807.596186][T14932]  <TASK>
[  807.596197][T14932]  dump_stack_lvl+0xe8/0x150
[  807.596231][T14932]  should_fail_ex+0x412/0x560
[  807.596268][T14932]  _copy_from_user+0x2d/0xb0
[  807.596294][T14932]  kvm_arch_vcpu_ioctl+0x10e9/0x2c70
[  807.596331][T14932]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  807.596358][T14932]  ? unwind_next_frame+0xa5/0x23c0
[  807.596411][T14932]  ? is_bpf_text_address+0x26/0x2b0
[  807.596439][T14932]  ? is_bpf_text_address+0x292/0x2b0
[  807.596461][T14932]  ? is_bpf_text_address+0x26/0x2b0
[  807.596487][T14932]  ? kernel_text_address+0xa5/0xe0
[  807.596512][T14932]  ? __kernel_text_address+0xd/0x30
[  807.596534][T14932]  ? unwind_get_return_address+0x4d/0x90
[  807.596566][T14932]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  807.596589][T14932]  ? arch_stack_walk+0xfb/0x150
[  807.596634][T14932]  ? stack_trace_save+0xa9/0x100
[  807.596656][T14932]  ? __pfx_stack_trace_save+0x10/0x10
[  807.596676][T14932]  ? kasan_save_free_info+0x46/0x50
[  807.596711][T14932]  ? stack_depot_save_flags+0x33/0x810
[  807.596748][T14932]  ? __lock_acquire+0x6b5/0x2cf0
[  807.596778][T14932]  ? tomoyo_path_number_perm+0x501/0x630
[  807.596806][T14932]  ? security_file_ioctl+0xc3/0x2a0
[  807.596839][T14932]  ? __se_sys_ioctl+0x47/0x170
[  807.596863][T14932]  ? do_syscall_64+0x14d/0xf80
[  807.596894][T14932]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  807.596932][T14932]  ? __mutex_trylock_common+0x158/0x260
[  807.596967][T14932]  ? __pfx___mutex_trylock_common+0x10/0x10
[  807.597003][T14932]  ? rcu_is_watching+0x15/0xb0
[  807.597041][T14932]  ? trace_contention_end+0x3d/0x150
[  807.597076][T14932]  ? __mutex_lock+0x319/0x1300
[  807.597116][T14932]  ? kasan_quarantine_put+0xbb/0x1f0
[  807.597152][T14932]  ? kvm_vcpu_ioctl+0x280/0xfd0
[  807.597179][T14932]  ? __pfx___mutex_lock+0x10/0x10
[  807.597213][T14932]  ? tomoyo_path_number_perm+0x219/0x630
[  807.597245][T14932]  ? do_vfs_ioctl+0x1166/0x1530
[  807.597272][T14932]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  807.597301][T14932]  kvm_vcpu_ioctl+0x7e4/0xfd0
[  807.597330][T14932]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  807.597350][T14932]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  807.597404][T14932]  ? __fget_files+0x2a/0x420
[  807.597437][T14932]  ? __fget_files+0x2a/0x420
[  807.597465][T14932]  ? __fget_files+0x3a0/0x420
[  807.597494][T14932]  ? __fget_files+0x2a/0x420
[  807.597527][T14932]  ? bpf_lsm_file_ioctl+0x9/0x20
[  807.597554][T14932]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  807.597577][T14932]  __se_sys_ioctl+0xfc/0x170
[  807.597602][T14932]  do_syscall_64+0x14d/0xf80
[  807.597633][T14932]  ? trace_irq_disable+0x3b/0x150
[  807.597663][T14932]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  807.597685][T14932]  ? clear_bhb_loop+0x40/0x90
[  807.597713][T14932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  807.597734][T14932] RIP: 0033:0x7f42f939bf79
[  807.597755][T14932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  807.597774][T14932] RSP: 002b:00007f42f75f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  807.597798][T14932] RAX: ffffffffffffffda RBX: 00007f42f9615fa0 RCX: 00007f42f939bf79
[  807.597814][T14932] RDX: 0000200000000000 RSI: 00000000c008ae91 RDI: 0000000000000005
[  807.597829][T14932] RBP: 00007f42f75f6090 R08: 0000000000000000 R09: 0000000000000000
[  807.597843][T14932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  807.597857][T14932] R13: 00007f42f9616038 R14: 00007f42f9615fa0 R15: 00007ffca4cf4708
[  807.597892][T14932]  </TASK>
[  808.335501][T11370] usb 6-1: new high-speed USB device number 117 using dummy_hcd
[  808.505307][T11370] usb 6-1: Using ep0 maxpacket: 32
[  808.563076][T11370] usb 6-1: config 0 has an invalid interface number: 16 but max is 0
[  808.599101][T11370] usb 6-1: config 0 has no interface number 0
[  808.696478][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  808.708208][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  808.767817][T11370] usb 6-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  808.832800][T11370] usb 6-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  808.946302][T11370] usb 6-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[  809.015382][T11370] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  809.023992][T11370] usb 6-1: Product: syz
[  809.036990][T11370] usb 6-1: Manufacturer: syz
[  809.041754][T11370] usb 6-1: SerialNumber: syz
[  809.066640][T11370] usb 6-1: config 0 descriptor??
[  809.130288][T14937] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  809.155447][T14947] binder: 14943:14947 ioctl c0306201 200000000640 returned -22
[  809.186110][T14937] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  809.212951][T11370] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  809.283974][T14955] Bluetooth: MGMT ver 1.23
[  809.311910][T14955] kvm: kvm [14954]: vcpu5, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0x207
[  809.422107][T11370] usb 6-1: USB disconnect, device number 117
[  809.523204][ T5833] udevd[5833]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  809.834580][T14964] binder: 14960:14964 ioctl c0306201 200000000540 returned -14
[  810.461500][T14977] netlink: 'syz.4.3053': attribute type 1 has an invalid length.
[  810.470445][T14977] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  810.493597][T14977] __nla_validate_parse: 57 callbacks suppressed
[  810.493629][T14977] netlink: 216 bytes leftover after parsing attributes in process `syz.4.3053'.
[  810.516518][T14977] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3053'.
[  810.557866][T14977] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3053'.
[  810.632374][T14978] binder: 14976:14978 ioctl 6628 0 returned -22
[  811.071829][T14988] FAULT_INJECTION: forcing a failure.
[  811.071829][T14988] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  811.087954][T14988] CPU: 1 UID: 0 PID: 14988 Comm: syz.4.3056 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  811.087989][T14988] Tainted: [L]=SOFTLOCKUP
[  811.087997][T14988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  811.088011][T14988] Call Trace:
[  811.088020][T14988]  <TASK>
[  811.088029][T14988]  dump_stack_lvl+0xe8/0x150
[  811.088063][T14988]  should_fail_ex+0x412/0x560
[  811.088099][T14988]  _copy_from_iter+0x1d3/0x1670
[  811.088145][T14988]  ? __pfx__copy_from_iter+0x10/0x10
[  811.088175][T14988]  ? sock_alloc_send_pskb+0x896/0x990
[  811.088214][T14988]  ? __pfx__copy_from_iter+0x10/0x10
[  811.088250][T14988]  ? page_copy_sane+0x16a/0x270
[  811.088285][T14988]  copy_page_from_iter+0xdd/0x170
[  811.088323][T14988]  skb_copy_datagram_from_iter+0x306/0x710
[  811.088369][T14988]  tun_get_user+0xc38/0x3dd0
[  811.088418][T14988]  ? __pfx_tun_get_user+0x10/0x10
[  811.088445][T14988]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  811.088476][T14988]  ? lockdep_hardirqs_on+0x7a/0x110
[  811.088507][T14988]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  811.088535][T14988]  ? save_netdev_trace_buffer+0x4e2/0x610
[  811.088569][T14988]  ? ref_tracker_alloc+0x363/0x4d0
[  811.088602][T14988]  ? tun_chr_write_iter+0x60/0x210
[  811.088625][T14988]  ? vfs_write+0x61d/0xb90
[  811.088645][T14988]  ? ksys_write+0x150/0x270
[  811.088662][T14988]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  811.088700][T14988]  ? tun_get+0x1c/0x2f0
[  811.088725][T14988]  ? tun_get+0x1c/0x2f0
[  811.088745][T14988]  ? tun_get+0x1c/0x2f0
[  811.088769][T14988]  tun_chr_write_iter+0x113/0x210
[  811.088792][T14988]  vfs_write+0x61d/0xb90
[  811.088816][T14988]  ? __pfx_vfs_write+0x10/0x10
[  811.088841][T14988]  ? __fget_files+0x2a/0x420
[  811.088872][T14988]  ksys_write+0x150/0x270
[  811.088891][T14988]  ? __pfx_ksys_write+0x10/0x10
[  811.088917][T14988]  do_syscall_64+0x14d/0xf80
[  811.088942][T14988]  ? trace_irq_disable+0x3b/0x150
[  811.088989][T14988]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  811.089007][T14988]  ? clear_bhb_loop+0x40/0x90
[  811.089029][T14988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  811.089047][T14988] RIP: 0033:0x7f918439bf79
[  811.089064][T14988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  811.089080][T14988] RSP: 002b:00007f91851b7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  811.089100][T14988] RAX: ffffffffffffffda RBX: 00007f9184615fa0 RCX: 00007f918439bf79
[  811.089113][T14988] RDX: 00000000000011de RSI: 0000200000000e40 RDI: 0000000000000004
[  811.089125][T14988] RBP: 00007f91851b7090 R08: 0000000000000000 R09: 0000000000000000
[  811.089142][T14988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  811.089152][T14988] R13: 00007f9184616038 R14: 00007f9184615fa0 R15: 00007ffe0629a368
[  811.089179][T14988]  </TASK>
[  812.616102][T15009] netlink: 300 bytes leftover after parsing attributes in process `syz.1.3065'.
[  812.650081][T15009] unsupported nlmsg_type 40
[  812.686003][T15011] kAFS: Can only specify source 'none' with -o dyn
[  812.693516][T15011] 9p: Unknown uid 00000000004294967295
[  812.793832][T15016] binder: 15015:15016 unknown command 0
[  812.799772][T15016] binder: 15015:15016 ioctl c0306201 2000000001c0 returned -22
[  813.231931][T15027] binder: 15021:15027 ioctl c0306201 200000000540 returned -14
[  814.625273][ T5915] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  814.702966][T15052] usb usb7: usbfs: process 15052 (syz.5.3082) did not claim interface 0 before use
[  814.776079][ T5915] usb 2-1: Using ep0 maxpacket: 16
[  814.783488][ T5915] usb 2-1: config 0 has an invalid interface number: 48 but max is 0
[  814.791787][ T5915] usb 2-1: config 0 has no interface number 0
[  814.797946][ T5915] usb 2-1: config 0 interface 48 has no altsetting 0
[  814.807331][ T5915] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  814.816563][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  814.826132][ T5915] usb 2-1: Product: syz
[  814.830329][ T5915] usb 2-1: Manufacturer: syz
[  814.834924][ T5915] usb 2-1: SerialNumber: syz
[  814.842847][ T5915] usb 2-1: config 0 descriptor??
[  814.995543][ T5915] usb 6-1: new high-speed USB device number 118 using dummy_hcd
[  815.053439][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x35
[  815.053480][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d
[  815.068273][  T797] usb 2-1: USB disconnect, device number 10
[  815.157809][ T5915] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  815.166683][ T5915] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[  815.177356][ T5915] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  815.186828][ T5915] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33393, setting to 1024
[  815.200240][ T5915] usb 6-1: New USB device found, idVendor=7d25, idProduct=b415, bcdDevice= 0.40
[  815.211686][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  815.220365][ T5915] usb 6-1: Product: syz
[  815.224557][ T5915] usb 6-1: Manufacturer: syz
[  815.238003][ T5915] cdc_wdm 6-1:1.0: skipping garbage
[  815.243316][ T5915] cdc_wdm 6-1:1.0: skipping garbage
[  815.251064][ T5915] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  815.257162][ T5915] cdc_wdm 6-1:1.0: Unknown control protocol
[  816.647297][T15064] FAULT_INJECTION: forcing a failure.
[  816.647297][T15064] name failslab, interval 1, probability 0, space 0, times 0
[  816.679149][T15064] CPU: 0 UID: 0 PID: 15064 Comm: syz.6.3086 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  816.679185][T15064] Tainted: [L]=SOFTLOCKUP
[  816.679194][T15064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  816.679208][T15064] Call Trace:
[  816.679218][T15064]  <TASK>
[  816.679227][T15064]  dump_stack_lvl+0xe8/0x150
[  816.679266][T15064]  should_fail_ex+0x412/0x560
[  816.679302][T15064]  should_failslab+0xa8/0x100
[  816.679330][T15064]  __kmalloc_noprof+0xe8/0x760
[  816.679353][T15064]  ? trace_kmalloc+0x2a/0x110
[  816.679372][T15064]  ? tomoyo_encode+0x28b/0x550
[  816.679411][T15064]  tomoyo_encode+0x28b/0x550
[  816.679450][T15064]  tomoyo_realpath_from_path+0x58d/0x5d0
[  816.679496][T15064]  ? tomoyo_path_number_perm+0x219/0x630
[  816.679527][T15064]  tomoyo_path_number_perm+0x246/0x630
[  816.679559][T15064]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  816.679592][T15064]  ? __lock_acquire+0x6b5/0x2cf0
[  816.679633][T15064]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  816.679687][T15064]  ? __fget_files+0x2a/0x420
[  816.679720][T15064]  ? __fget_files+0x2a/0x420
[  816.679747][T15064]  ? __fget_files+0x3a0/0x420
[  816.679775][T15064]  ? __fget_files+0x2a/0x420
[  816.679810][T15064]  security_file_ioctl+0xc3/0x2a0
[  816.679839][T15064]  __se_sys_ioctl+0x47/0x170
[  816.679865][T15064]  do_syscall_64+0x14d/0xf80
[  816.679895][T15064]  ? trace_irq_disable+0x3b/0x150
[  816.679925][T15064]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.679950][T15064]  ? clear_bhb_loop+0x40/0x90
[  816.679984][T15064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  816.680007][T15064] RIP: 0033:0x7f42f939bf79
[  816.680028][T15064] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  816.680047][T15064] RSP: 002b:00007f42f75d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  816.680071][T15064] RAX: ffffffffffffffda RBX: 00007f42f9616090 RCX: 00007f42f939bf79
[  816.680088][T15064] RDX: 0000200000000140 RSI: 0000000000005412 RDI: 0000000000000003
[  816.680103][T15064] RBP: 00007f42f75d5090 R08: 0000000000000000 R09: 0000000000000000
[  816.680117][T15064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  816.680130][T15064] R13: 00007f42f9616128 R14: 00007f42f9616090 R15: 00007ffca4cf4708
[  816.680164][T15064]  </TASK>
[  816.680191][T15064] ERROR: Out of memory at tomoyo_realpath_from_path.
[  817.655456][ T5925] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  817.757335][  T797] usb 6-1: USB disconnect, device number 118
[  817.806867][ T5925] usb 2-1: Using ep0 maxpacket: 32
[  817.813758][ T5925] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  817.832505][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.843934][ T5925] usb 2-1: config 0 descriptor??
[  818.076924][ T5925] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  818.108270][ T5925] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  818.131855][ T5925] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  818.161542][ T5925] usb 2-1: media controller created
[  818.475664][ T5925] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  818.682582][ T5925] az6027: usb out operation failed. (-71)
[  818.726919][ T5925] az6027: usb out operation failed. (-71)
[  818.744468][ T5925] stb0899_attach: Driver disabled by Kconfig
[  818.769325][ T5925] az6027: no front-end attached
[  818.769325][ T5925] 
[  818.819008][ T5925] az6027: usb out operation failed. (-71)
[  818.824792][ T5925] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  818.851293][ T5925] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input132
[  818.905834][ T5925] dvb-usb: schedule remote query interval to 400 msecs.
[  818.924477][ T5925] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  818.976809][ T5925] usb 2-1: USB disconnect, device number 11
[  819.052209][ T5925] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  819.120653][T15094] mac80211_hwsim hwsim16 wlan1: entered promiscuous mode
[  819.129553][T15094] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode
[  819.355200][ T5925] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  819.375298][  T797] usb 6-1: new high-speed USB device number 119 using dummy_hcd
[  819.505250][ T5925] usb 2-1: Using ep0 maxpacket: 8
[  819.513183][ T5925] usb 2-1: unable to get BOS descriptor or descriptor too short
[  819.522121][ T5925] usb 2-1: config 4 interface 0 has no altsetting 0
[  819.531948][ T5925] usb 2-1: string descriptor 0 read error: -22
[  819.535595][  T797] usb 6-1: Using ep0 maxpacket: 8
[  819.541318][ T5925] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  819.552722][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  819.563128][  T797] usb 6-1: unable to get BOS descriptor or descriptor too short
[  819.577951][  T797] usb 6-1: config 4 interface 0 has no altsetting 0
[  819.587270][ T5925] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  819.598888][  T797] usb 6-1: string descriptor 0 read error: -22
[  819.612319][  T797] usb 6-1: New USB device found, idVendor=358f, idProduct=0b94, bcdDevice=48.3a
[  819.635400][  T797] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  819.658270][ T5925] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  819.679969][ T5925] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  819.693630][ T5925] usb 2-1: media controller created
[  819.724651][ T5925] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  819.783491][T15091] FAULT_INJECTION: forcing a failure.
[  819.783491][T15091] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  819.811237][T15091] CPU: 0 UID: 0 PID: 15091 Comm: syz.1.3098 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  819.811272][T15091] Tainted: [L]=SOFTLOCKUP
[  819.811281][T15091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  819.811295][T15091] Call Trace:
[  819.811304][T15091]  <TASK>
[  819.811314][T15091]  dump_stack_lvl+0xe8/0x150
[  819.811348][T15091]  should_fail_ex+0x412/0x560
[  819.811384][T15091]  _copy_from_user+0x2d/0xb0
[  819.811409][T15091]  memdup_user+0x5e/0xd0
[  819.811436][T15091]  i2cdev_ioctl_rdwr+0x1c6/0x740
[  819.811471][T15091]  i2cdev_ioctl+0x6a5/0x880
[  819.811495][T15091]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  819.811523][T15091]  ? __fget_files+0x3a0/0x420
[  819.811552][T15091]  ? __fget_files+0x2a/0x420
[  819.811585][T15091]  ? bpf_lsm_file_ioctl+0x9/0x20
[  819.811611][T15091]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  819.811637][T15091]  __se_sys_ioctl+0xfc/0x170
[  819.811664][T15091]  do_syscall_64+0x14d/0xf80
[  819.811694][T15091]  ? trace_irq_disable+0x3b/0x150
[  819.811725][T15091]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  819.811747][T15091]  ? clear_bhb_loop+0x40/0x90
[  819.811775][T15091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  819.811797][T15091] RIP: 0033:0x7f698d79bf79
[  819.811818][T15091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  819.811836][T15091] RSP: 002b:00007f698e6bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  819.811859][T15091] RAX: ffffffffffffffda RBX: 00007f698da15fa0 RCX: 00007f698d79bf79
[  819.811883][T15091] RDX: 0000200000000340 RSI: 0000000000000707 RDI: 0000000000000004
[  819.811898][T15091] RBP: 00007f698e6bf090 R08: 0000000000000000 R09: 0000000000000000
[  819.811912][T15091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  819.811925][T15091] R13: 00007f698da16038 R14: 00007f698da15fa0 R15: 00007ffdff6bdbd8
[  819.811959][T15091]  </TASK>
[  820.041661][  T797] usb 6-1: USB disconnect, device number 119
[  820.777544][ T5925] zl10353_read_register: readreg error (reg=127, ret==0)
[  821.133483][ T5925] usb 2-1: USB disconnect, device number 12
[  821.617668][T15110] binder: 15109:15110 ioctl c0306201 200000000540 returned -14
[  821.662026][T15112] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3107'.
[  821.820310][T15117] netlink: 'syz.1.3109': attribute type 1 has an invalid length.
[  821.830102][ T5831] Bluetooth: hci3: SCO packet for unknown connection handle 0
[  821.935260][ T5925] usb 6-1: new high-speed USB device number 120 using dummy_hcd
[  822.115349][ T5925] usb 6-1: Using ep0 maxpacket: 8
[  822.122136][ T5925] usb 6-1: config 0 has an invalid descriptor of length 101, skipping remainder of the config
[  822.132948][ T5925] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x6C, changing to 0xC
[  822.144638][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 99, changing to 10
[  822.155849][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 24941, setting to 1024
[  822.169555][ T5925] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  822.179950][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.188086][ T5925] usb 6-1: Product: syz
[  822.192322][ T5925] usb 6-1: Manufacturer: syz
[  822.198094][ T5925] usb 6-1: SerialNumber: syz
[  822.205430][ T5925] usb 6-1: config 0 descriptor??
[  822.305221][T11370] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  822.414788][  T797] usb 6-1: USB disconnect, device number 120
[  822.455492][T11370] usb 2-1: Using ep0 maxpacket: 16
[  822.462838][T11370] usb 2-1: config 0 has an invalid interface number: 48 but max is 0
[  822.473028][T11370] usb 2-1: config 0 has no interface number 0
[  822.480813][T11370] usb 2-1: config 0 interface 48 has no altsetting 0
[  822.490178][T11370] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  822.499420][T11370] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.508651][T11370] usb 2-1: Product: syz
[  822.512968][T11370] usb 2-1: Manufacturer: syz
[  822.517762][T11370] usb 2-1: SerialNumber: syz
[  822.524819][T11370] usb 2-1: config 0 descriptor??
[  822.739485][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x35
[  822.739512][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d
[  822.754252][  T797] usb 2-1: USB disconnect, device number 13
[  822.980106][T15124] syzkaller1: entered promiscuous mode
[  822.987914][T15124] syzkaller1: entered allmulticast mode
[  823.259518][T15132] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3114'.
[  823.268740][T15132] nbd: must specify at least one socket
[  824.197943][T15137] binder: BINDER_SET_CONTEXT_MGR already set
[  824.228447][T15137] binder: 15135:15137 ioctl 4018620d 200000004a80 returned -16
[  824.262328][T15143] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3119'.
[  824.496720][ T5925] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  824.667723][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  824.677634][ T5925] usb 2-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  824.695161][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.710915][ T5925] usb 2-1: config 0 descriptor??
[  824.855538][  T980] usb 6-1: new high-speed USB device number 121 using dummy_hcd
[  825.017319][  T980] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  825.026248][  T980] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[  825.037149][  T980] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  825.051247][  T980] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33393, setting to 1024
[  825.073018][  T980] usb 6-1: New USB device found, idVendor=7d25, idProduct=b415, bcdDevice= 0.40
[  825.086373][  T980] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  825.094842][  T980] usb 6-1: Product: syz
[  825.100855][  T980] usb 6-1: Manufacturer: syz
[  825.116494][  T980] cdc_wdm 6-1:1.0: skipping garbage
[  825.121993][  T980] cdc_wdm 6-1:1.0: skipping garbage
[  825.131210][ T5925] greenasia 0003:0E8F:0012.0030: item fetching failed at offset 5/7
[  825.141331][  T980] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  825.149450][ T5925] greenasia 0003:0E8F:0012.0030: parse failed
[  825.155723][  T980] cdc_wdm 6-1:1.0: Unknown control protocol
[  825.163964][ T5925] greenasia 0003:0E8F:0012.0030: probe with driver greenasia failed with error -22
[  825.332190][ T5915] usb 2-1: USB disconnect, device number 14
[  826.071800][T15167] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3126'.
[  826.081051][T15167] nbd: must specify at least one socket
[  827.449618][ T5915] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  827.612402][  T980] usb 6-1: USB disconnect, device number 121
[  827.615399][ T5915] usb 2-1: Using ep0 maxpacket: 32
[  827.626680][ T5915] usb 2-1: config 0 has an invalid interface number: 240 but max is 0
[  827.635037][ T5915] usb 2-1: config 0 has an invalid interface number: 218 but max is 0
[  827.644315][ T5915] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  827.654654][ T5915] usb 2-1: config 0 has no interface number 0
[  827.664834][ T5915] usb 2-1: config 0 has no interface number 1
[  827.671171][ T5915] usb 2-1: config 0 interface 240 altsetting 236 has an invalid descriptor for endpoint zero, skipping
[  827.682606][ T5915] usb 2-1: config 0 interface 240 altsetting 236 has 2 endpoint descriptors, different from the interface descriptor's value: 11
[  827.697769][ T5915] usb 2-1: too many endpoints for config 0 interface 218 altsetting 249: 66, using maximum allowed: 30
[  827.711661][ T5915] usb 2-1: config 0 interface 218 altsetting 249 has an invalid descriptor for endpoint zero, skipping
[  827.723419][ T5915] usb 2-1: config 0 interface 218 altsetting 249 endpoint 0xB has an invalid bInterval 64, changing to 7
[  827.736406][ T5915] usb 2-1: config 0 interface 218 altsetting 249 has an invalid descriptor for endpoint zero, skipping
[  827.750591][ T5915] usb 2-1: config 0 interface 218 altsetting 249 has an endpoint descriptor with address 0x1C, changing to 0xC
[  827.782610][ T5915] usb 2-1: config 0 interface 218 altsetting 249 has a duplicate endpoint with address 0xC, skipping
[  827.793855][ T5915] usb 2-1: config 0 interface 218 altsetting 249 has an invalid descriptor for endpoint zero, skipping
[  827.808089][ T5915] usb 2-1: config 0 interface 218 altsetting 249 has an invalid descriptor for endpoint zero, skipping
[  827.821439][ T5915] usb 2-1: config 0 interface 218 altsetting 249 has 9 endpoint descriptors, different from the interface descriptor's value: 66
[  827.824608][T15185] FAULT_INJECTION: forcing a failure.
[  827.824608][T15185] name failslab, interval 1, probability 0, space 0, times 0
[  827.837498][ T5915] usb 2-1: config 0 interface 240 has no altsetting 0
[  827.852495][T15185] CPU: 1 UID: 0 PID: 15185 Comm: syz.5.3134 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  827.852588][T15185] Tainted: [L]=SOFTLOCKUP
[  827.852609][T15185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  827.852650][T15185] Call Trace:
[  827.852681][T15185]  <TASK>
[  827.852717][T15185]  dump_stack_lvl+0xe8/0x150
[  827.852834][T15185]  should_fail_ex+0x412/0x560
[  827.852921][T15185]  should_failslab+0xa8/0x100
[  827.852988][T15185]  __kmalloc_noprof+0xe8/0x760
[  827.853045][T15185]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  827.853149][T15185]  tomoyo_realpath_from_path+0xe3/0x5d0
[  827.853281][T15185]  ? tomoyo_path_number_perm+0x219/0x630
[  827.853357][T15185]  tomoyo_path_number_perm+0x246/0x630
[  827.853442][T15185]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  827.853526][T15185]  ? __lock_acquire+0x6b5/0x2cf0
[  827.853629][T15185]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  827.853774][T15185]  ? __fget_files+0x2a/0x420
[  827.853857][T15185]  ? __fget_files+0x2a/0x420
[  827.853934][T15185]  ? __fget_files+0x3a0/0x420
[  827.854007][T15185]  ? __fget_files+0x2a/0x420
[  827.854105][T15185]  security_file_ioctl+0xc3/0x2a0
[  827.854201][T15185]  __se_sys_ioctl+0x47/0x170
[  827.854266][T15185]  do_syscall_64+0x14d/0xf80
[  827.854349][T15185]  ? trace_irq_disable+0x3b/0x150
[  827.854437][T15185]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.854487][T15185]  ? clear_bhb_loop+0x40/0x90
[  827.854559][T15185]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.854614][T15185] RIP: 0033:0x7f720219bf79
[  827.854676][T15185] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  827.854720][T15185] RSP: 002b:00007f7203077028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  827.854771][T15185] RAX: ffffffffffffffda RBX: 00007f7202415fa0 RCX: 00007f720219bf79
[  827.854813][T15185] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  827.854854][T15185] RBP: 00007f7203077090 R08: 0000000000000000 R09: 0000000000000000
[  827.854893][T15185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  827.854920][T15185] R13: 00007f7202416038 R14: 00007f7202415fa0 R15: 00007fff3197ebc8
[  827.855006][T15185]  </TASK>
[  827.855029][T15185] ERROR: Out of memory at tomoyo_realpath_from_path.
[  827.860423][ T5915] usb 2-1: config 0 interface 218 has no altsetting 0
[  828.093601][ T5915] usb 2-1: New USB device found, idVendor=19d2, idProduct=3193, bcdDevice=ea.dc
[  828.104224][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  828.144811][ T5915] usb 2-1: config 0 descriptor??
[  828.167413][T15188] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3135'.
[  828.176614][T15188] nbd: must specify at least one socket
[  828.422412][ T5915] usb 2-1: string descriptor 0 read error: -71
[  828.684468][ T5915] usb 2-1: USB disconnect, device number 15
[  829.245354][ T5890] usb 6-1: new high-speed USB device number 122 using dummy_hcd
[  829.271179][T15201] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3139'.
[  829.395363][ T5890] usb 6-1: device descriptor read/64, error -71
[  829.635201][ T5890] usb 6-1: new high-speed USB device number 123 using dummy_hcd
[  829.775195][ T5890] usb 6-1: device descriptor read/64, error -71
[  829.886194][ T5890] usb usb6-port1: attempt power cycle
[  830.228771][ T5890] usb 6-1: new high-speed USB device number 124 using dummy_hcd
[  830.255958][ T5890] usb 6-1: device descriptor read/8, error -71
[  830.362996][T15217] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3144'.
[  830.372262][T15217] nbd: must specify at least one socket
[  830.525847][ T5890] usb 6-1: new high-speed USB device number 125 using dummy_hcd
[  830.578846][ T5890] usb 6-1: device descriptor read/8, error -71
[  830.711352][ T5890] usb usb6-port1: unable to enumerate USB device
[  831.338787][T15224] syzkaller1: entered promiscuous mode
[  831.344292][T15224] syzkaller1: entered allmulticast mode
[  832.385339][ T5889] usb 6-1: new high-speed USB device number 126 using dummy_hcd
[  832.545205][ T5889] usb 6-1: Using ep0 maxpacket: 32
[  832.552106][ T5889] usb 6-1: config 0 has an invalid interface number: 182 but max is 0
[  832.560486][ T5889] usb 6-1: config 0 has no interface number 0
[  832.566714][ T5889] usb 6-1: config 0 interface 182 has no altsetting 0
[  832.570308][ T5890] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  832.579807][ T5889] usb 6-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db
[  832.590200][ T5889] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.598515][ T5889] usb 6-1: Product: syz
[  832.602681][ T5889] usb 6-1: Manufacturer: syz
[  832.607471][ T5889] usb 6-1: SerialNumber: syz
[  832.617395][ T5889] usb 6-1: config 0 descriptor??
[  832.625276][ T5889] hub 6-1:0.182: bad descriptor, ignoring hub
[  832.631396][ T5889] hub 6-1:0.182: probe with driver hub failed with error -5
[  832.725280][ T5890] usb 2-1: Using ep0 maxpacket: 32
[  832.732436][ T5890] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  832.740956][ T5890] usb 2-1: config 0 has no interface number 0
[  832.748197][ T5890] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  832.759439][ T5890] usb 2-1: config 0 interface 85 has no altsetting 0
[  832.768885][ T5890] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  832.778159][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.787379][ T5890] usb 2-1: Product: syz
[  832.791678][ T5890] usb 2-1: Manufacturer: syz
[  832.796435][ T5890] usb 2-1: SerialNumber: syz
[  832.804067][ T5890] usb 2-1: config 0 descriptor??
[  832.837367][ T5889] kaweth 6-1:0.182: Firmware present in device.
[  833.031918][ T5889] kaweth 6-1:0.182: Statistics collection: 0
[  833.038067][ T5889] kaweth 6-1:0.182: Multicast filter limit: 0
[  833.044370][ T5889] kaweth 6-1:0.182: MTU: 0
[  833.049308][ T5889] kaweth 6-1:0.182: Read MAC address 00:00:00:00:00:00
[  833.418548][ T5890] appletouch 2-1:0.85: Geyser mode initialized.
[  833.427976][ T5890] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input133
[  833.622227][ T5890] usb 2-1: USB disconnect, device number 16
[  833.647405][ T5890] appletouch 2-1:0.85: input: appletouch disconnected
[  833.661582][ T5889] kaweth 6-1:0.182: kaweth interface created at eth13
[  833.975580][ T5890] usb 6-1: USB disconnect, device number 126
[  834.385755][T15262] netlink: 52 bytes leftover after parsing attributes in process `syz.6.3154'.
[  834.395175][T15262] nbd: must specify at least one socket
[  835.487574][T15279] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  835.515960][T15279] FAULT_INJECTION: forcing a failure.
[  835.515960][T15279] name failslab, interval 1, probability 0, space 0, times 0
[  835.558318][T15279] CPU: 1 UID: 0 PID: 15279 Comm: syz.1.3159 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  835.558351][T15279] Tainted: [L]=SOFTLOCKUP
[  835.558360][T15279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  835.558374][T15279] Call Trace:
[  835.558382][T15279]  <TASK>
[  835.558393][T15279]  dump_stack_lvl+0xe8/0x150
[  835.558428][T15279]  should_fail_ex+0x412/0x560
[  835.558464][T15279]  should_failslab+0xa8/0x100
[  835.558492][T15279]  __kmalloc_noprof+0xe8/0x760
[  835.558537][T15279]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  835.558577][T15279]  tomoyo_realpath_from_path+0xe3/0x5d0
[  835.558622][T15279]  ? tomoyo_path_number_perm+0x219/0x630
[  835.558651][T15279]  tomoyo_path_number_perm+0x246/0x630
[  835.558683][T15279]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  835.558715][T15279]  ? __lock_acquire+0x6b5/0x2cf0
[  835.558755][T15279]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  835.558809][T15279]  ? __fget_files+0x2a/0x420
[  835.558841][T15279]  ? __fget_files+0x2a/0x420
[  835.558875][T15279]  ? __fget_files+0x3a0/0x420
[  835.558904][T15279]  ? __fget_files+0x2a/0x420
[  835.558938][T15279]  security_file_ioctl+0xc3/0x2a0
[  835.558967][T15279]  __se_sys_ioctl+0x47/0x170
[  835.558994][T15279]  do_syscall_64+0x14d/0xf80
[  835.559023][T15279]  ? trace_irq_disable+0x3b/0x150
[  835.559053][T15279]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  835.559074][T15279]  ? clear_bhb_loop+0x40/0x90
[  835.559099][T15279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  835.559123][T15279] RIP: 0033:0x7f698d79bf79
[  835.559144][T15279] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  835.559163][T15279] RSP: 002b:00007f698e6bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  835.559186][T15279] RAX: ffffffffffffffda RBX: 00007f698da15fa0 RCX: 00007f698d79bf79
[  835.559201][T15279] RDX: 0000000000000000 RSI: 000000000000545c RDI: 0000000000000003
[  835.559214][T15279] RBP: 00007f698e6bf090 R08: 0000000000000000 R09: 0000000000000000
[  835.559228][T15279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  835.559241][T15279] R13: 00007f698da16038 R14: 00007f698da15fa0 R15: 00007ffdff6bdbd8
[  835.559296][T15279]  </TASK>
[  835.559427][T15279] ERROR: Out of memory at tomoyo_realpath_from_path.
[  835.834767][T15287] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  836.185190][T14455] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  836.355234][T14455] usb 2-1: Using ep0 maxpacket: 32
[  836.385824][T14455] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  836.393979][T14455] usb 2-1: config 0 has no interface number 0
[  836.415876][T14455] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  836.445248][T14455] usb 2-1: config 0 interface 85 has no altsetting 0
[  836.467227][T14455] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  836.485346][T14455] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.493430][T14455] usb 2-1: Product: syz
[  836.515212][T14455] usb 2-1: Manufacturer: syz
[  836.519962][T14455] usb 2-1: SerialNumber: syz
[  836.548071][T14455] usb 2-1: config 0 descriptor??
[  836.874955][T15297] binder: 15294:15297 ioctl c0306201 2000000001c0 returned -22
[  837.158260][T14455] appletouch 2-1:0.85: Geyser mode initialized.
[  837.170862][T14455] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input134
[  837.360786][T14455] usb 2-1: USB disconnect, device number 17
[  837.382078][T14455] appletouch 2-1:0.85: input: appletouch disconnected
[  837.427387][ T5925] usb 6-1: new high-speed USB device number 127 using dummy_hcd
[  837.585294][ T5925] usb 6-1: Using ep0 maxpacket: 16
[  837.592322][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  837.603426][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  837.613674][ T5925] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  837.622808][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.633080][ T5925] usb 6-1: config 0 descriptor??
[  838.052818][T15306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  838.070174][T15306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  838.083286][ T5925] hid (null): unknown global tag 0xe
[  838.090300][ T5925] hid (null): unknown global tag 0xe
[  838.099248][ T5925] hid (null): unknown global tag 0xd
[  838.105175][ T5925] hid (null): invalid report_size 18411
[  838.110788][ T5925] hid (null): report_id 2176741362 is invalid
[  838.117332][ T5925] hid (null): unknown global tag 0xc
[  838.123210][ T5925] hid (null): unknown global tag 0xd
[  838.130035][ T5925] hid (null): invalid report_count -1612056275
[  838.136908][ T5925] hid (null): report_id 0 is invalid
[  838.156577][ T5925] hid (null): unknown global tag 0xc
[  838.162003][ T5925] hid (null): unknown global tag 0xe
[  838.185163][ T5925] hid (null): unknown global tag 0xd
[  838.190672][ T5925] hid (null): invalid report_count 37246
[  838.206519][ T5925] hid (null): unknown global tag 0xd
[  838.212071][ T5925] hid (null): unknown global tag 0xd
[  838.217651][ T5925] hid (null): unknown global tag 0xc
[  838.222999][ T5925] hid (null): invalid report_count 691907484
[  838.285008][ T5925] usb 6-1: string descriptor 0 read error: -71
[  838.340325][ T5925] usb 6-1: Max retries (5) exceeded reading string descriptor 200
[  838.348451][ T5925] letsketch 0003:6161:4D15.0031: probe with driver letsketch failed with error -32
[  838.377182][ T5925] usb 6-1: USB disconnect, device number 127
[  838.756498][T11370] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  838.925535][T11370] usb 2-1: Using ep0 maxpacket: 32
[  838.935757][T11370] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  838.944922][T11370] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.953840][T11370] usb 2-1: Product: syz
[  838.958100][T11370] usb 2-1: Manufacturer: syz
[  838.962719][T11370] usb 2-1: SerialNumber: syz
[  838.970941][T11370] usb 2-1: config 0 descriptor??
[  839.084464][T15324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  839.086115][ T5925] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  839.111229][T15324] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  839.267046][ T5925] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  839.277371][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  839.294751][ T5925] usb 6-1: config 0 descriptor??
[  839.304669][ T5925] gspca_main: cpia1-2.14.0 probing 0813:0001
[  839.387596][T11370] airspy 2-1:0.0: Board ID: 00
[  839.392486][T11370] airspy 2-1:0.0: Firmware version: 
[  839.709051][ T5925] gspca_cpia1: usb_control_msg 03, error -32
[  839.715935][ T5925] cpia1 6-1:0.0: unexpected state after lo power cmd: 05
[  839.991528][T15319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  840.000458][T15319] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  840.119158][ T5925] gspca_cpia1: usb_control_msg 02, error -71
[  840.127810][ T5925] gspca_cpia1: usb_control_msg 05, error -71
[  840.134005][ T5925] cpia1 6-1:0.0: unexpected systemstate: 05
[  840.147452][ T5925] usb 6-1: USB disconnect, device number 2
[  840.213174][T15319] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  840.224745][T15319] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  840.447370][T11370] airspy 2-1:0.0: usb_control_msg() failed -71 request 10
[  840.469032][T11370] airspy 2-1:0.0: Registered as swradio24
[  840.479728][T11370] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  840.501114][T11370] usb 2-1: USB disconnect, device number 18
[  840.945300][T11370] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  841.095306][T11370] usb 6-1: Using ep0 maxpacket: 32
[  841.106867][T11370] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  841.116605][T11370] usb 6-1: config 0 has no interface number 0
[  841.124485][T11370] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  841.146227][T11370] usb 6-1: config 0 interface 85 has no altsetting 0
[  841.162543][T11370] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  841.172742][T11370] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  841.196908][T11370] usb 6-1: Product: syz
[  841.202200][T11370] usb 6-1: Manufacturer: syz
[  841.212989][T11370] usb 6-1: SerialNumber: syz
[  841.227390][T11370] usb 6-1: config 0 descriptor??
[  841.735755][ T5925] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  841.853677][T11370] appletouch 6-1:0.85: Geyser mode initialized.
[  841.880049][T11370] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input135
[  841.895393][ T5925] usb 2-1: Using ep0 maxpacket: 16
[  841.917287][ T5925] usb 2-1: config 0 has an invalid interface number: 48 but max is 0
[  841.936081][ T5925] usb 2-1: config 0 has no interface number 0
[  841.951900][ T5925] usb 2-1: config 0 interface 48 has no altsetting 0
[  841.972354][ T5925] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  841.995744][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  842.014035][ T5925] usb 2-1: Product: syz
[  842.023172][ T5925] usb 2-1: Manufacturer: syz
[  842.032388][ T5925] usb 2-1: SerialNumber: syz
[  842.051568][ T5925] usb 2-1: config 0 descriptor??
[  842.086503][ T5890] usb 6-1: USB disconnect, device number 3
[  842.092443][    C0] appletouch 6-1:0.85: atp_complete: usb_submit_urb failed with result -19
[  842.168092][ T5890] appletouch 6-1:0.85: input: appletouch disconnected
[  842.273661][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x35
[  842.273695][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d
[  842.290379][T14455] usb 2-1: USB disconnect, device number 19
[  842.363567][T15355] netlink: 348 bytes leftover after parsing attributes in process `syz.4.3186'.
[  842.428728][T15357] netlink: 'syz.4.3187': attribute type 10 has an invalid length.
[  842.438167][T15357] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3187'.
[  842.454355][T15357] batman_adv: batadv0: Adding interface: virt_wifi0
[  842.461235][T15357] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  842.488331][T15357] batman_adv: batadv0: Interface activated: virt_wifi0
[  842.768952][T15366] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3190'.
[  842.778131][T15366] nbd: must specify at least one socket
[  843.627714][T15368] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3191'.
[  843.978180][T15391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  844.009855][T15391] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  844.115493][ T5925] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  844.137640][ T5890] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  844.265172][ T5925] usb 2-1: Using ep0 maxpacket: 8
[  844.272456][ T5925] usb 2-1: unable to get BOS descriptor or descriptor too short
[  844.281740][ T5925] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  844.295250][ T5890] usb 6-1: Using ep0 maxpacket: 32
[  844.296140][ T5925] usb 2-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=97.72
[  844.307654][ T5890] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  844.309776][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.327394][ T5890] usb 6-1: config 0 has no interface number 0
[  844.327606][ T5925] usb 2-1: Product: syz
[  844.334231][ T5890] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  844.337785][ T5925] usb 2-1: Manufacturer: syz
[  844.350680][ T5890] usb 6-1: config 0 interface 85 has no altsetting 0
[  844.353803][ T5925] usb 2-1: SerialNumber: syz
[  844.366865][ T5890] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  844.377663][ T5890] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.386232][ T5890] usb 6-1: Product: syz
[  844.390668][ T5890] usb 6-1: Manufacturer: syz
[  844.395873][ T5890] usb 6-1: SerialNumber: syz
[  844.404255][ T5890] usb 6-1: config 0 descriptor??
[  845.014002][ T5890] appletouch 6-1:0.85: Geyser mode initialized.
[  845.023234][ T5890] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input136
[  845.220217][ T5890] usb 6-1: USB disconnect, device number 4
[  845.243796][ T5890] appletouch 6-1:0.85: input: appletouch disconnected
[  845.858698][T15401] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3201'.
[  845.868059][T15401] nbd: must specify at least one socket
[  846.862329][ T5925] usb_ehset_test 2-1:8.0: probe with driver usb_ehset_test failed with error -32
[  846.884234][ T5925] usb 2-1: USB disconnect, device number 20
[  847.160163][T15418] binder: 15414:15418 unknown command 0
[  847.166907][T15415] binder: 15414:15415 ioctl c0306201 200000000540 returned -14
[  847.178761][T15418] binder: 15414:15418 ioctl c0306201 200000000640 returned -22
[  847.385205][T11370] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  847.479370][T15427] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3210'.
[  847.489131][T15427] nbd: must specify at least one socket
[  848.192016][T11370] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[  848.289020][T11370] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  848.299728][T11370] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  848.314099][T11370] usb 2-1: config 0 interface 0 has no altsetting 0
[  848.322650][T11370] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[  848.332131][T11370] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  848.356197][T11370] usb 2-1: config 0 descriptor??
[  848.455653][T15433] befs: (nbd6): No write support. Marking filesystem read-only
[  848.599211][T15438] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3215'.
[  848.679896][T15440] netlink: 'syz.5.3216': attribute type 11 has an invalid length.
[  848.839381][T11370] hid-alps 0003:044E:120C.0032: unknown main item tag 0x0
[  848.855173][T11370] hid-alps 0003:044E:120C.0032: unknown main item tag 0x0
[  848.862637][T11370] hid-alps 0003:044E:120C.0032: unknown main item tag 0x0
[  848.874909][T11370] hid-alps 0003:044E:120C.0032: unknown main item tag 0x0
[  848.882158][T11370] hid-alps 0003:044E:120C.0032: unknown main item tag 0x0
[  848.891824][T11370] hid-alps 0003:044E:120C.0032: unknown main item tag 0x0
[  848.900437][T11370] hid-alps 0003:044E:120C.0032: unknown main item tag 0x0
[  848.910696][T11370] hid-alps 0003:044E:120C.0032: unknown main item tag 0x0
[  848.922061][T11370] hid-alps 0003:044E:120C.0032: hidraw0: USB HID v0.04 Device [HID 044e:120c] on usb-dummy_hcd.1-1/input0
[  849.040704][T14455] usb 2-1: USB disconnect, device number 21
[  849.235279][T11370] usb 6-1: new low-speed USB device number 5 using dummy_hcd
[  849.365375][T11370] usb 6-1: device descriptor read/64, error -71
[  849.606291][T11370] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[  849.755681][T11370] usb 6-1: device descriptor read/64, error -71
[  849.794782][T15454] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3220'.
[  849.803993][T15454] nbd: must specify at least one socket
[  850.595240][T11370] usb usb6-port1: attempt power cycle
[  850.796364][T15458] netlink: 'syz.1.3222': attribute type 1 has an invalid length.
[  850.804146][T15458] netlink: 228 bytes leftover after parsing attributes in process `syz.1.3222'.
[  850.945320][T11370] usb 6-1: new low-speed USB device number 7 using dummy_hcd
[  850.966039][T11370] usb 6-1: device descriptor read/8, error -71
[  851.205267][T11370] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[  851.226433][T11370] usb 6-1: device descriptor read/8, error -71
[  851.285219][T14455] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  851.335635][T11370] usb usb6-port1: unable to enumerate USB device
[  851.447985][T14455] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  851.466615][T14455] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  851.476877][T14455] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  851.494066][T14455] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  851.533958][T14455] hub 2-1:4.0: USB hub found
[  851.730154][T14455] hub 2-1:4.0: 2 ports detected
[  851.736938][T14455] usb 2-1: selecting invalid altsetting 1
[  851.742733][T14455] hub 2-1:4.0: Using single TT (err -22)
[  851.765371][T15474] Unknown status report in ack skb
[  851.773485][T15475] Unknown status report in ack skb
[  851.826633][T14455] hub 2-1:4.0: hub_hub_status failed (err = -71)
[  851.845401][T14455] hub 2-1:4.0: config failed, can't get hub status (err -71)
[  851.876777][T14455] usb 2-1: USB disconnect, device number 22
[  852.106971][T15482] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3229'.
[  852.116158][T15482] nbd: must specify at least one socket
[  852.265429][T14455] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  852.435258][T14455] usb 2-1: Using ep0 maxpacket: 8
[  852.503672][T14455] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  852.556402][T14455] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  852.597079][T14455] usb 2-1: Product: syz
[  852.624699][T14455] usb 2-1: Manufacturer: syz
[  852.652430][T14455] usb 2-1: SerialNumber: syz
[  852.733384][T14455] usb 2-1: config 0 descriptor??
[  853.174376][T14455] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  853.275988][T15146] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  853.286421][T15146] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  853.296845][T15146] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  853.306047][T15146] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  853.317351][T15146] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  853.435197][ T5925] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  853.587436][T14455] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  853.610734][ T5925] usb 6-1: Using ep0 maxpacket: 16
[  853.614371][T14455] usb 2-1: USB disconnect, device number 23
[  853.622266][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  853.659687][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  853.670225][ T5925] usb 6-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  853.692197][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.712465][ T5925] usb 6-1: config 0 descriptor??
[  853.738457][   T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  853.766061][T15486] chnl_net:caif_netlink_parms(): no params data found
[  853.859696][   T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  853.938888][T15486] bridge0: port 1(bridge_slave_0) entered blocking state
[  853.947780][T15486] bridge0: port 1(bridge_slave_0) entered disabled state
[  853.956970][T15486] bridge_slave_0: entered allmulticast mode
[  853.967369][T15486] bridge_slave_0: entered promiscuous mode
[  853.999475][   T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.019458][T15486] bridge0: port 2(bridge_slave_1) entered blocking state
[  854.026985][T15486] bridge0: port 2(bridge_slave_1) entered disabled state
[  854.034432][T15486] bridge_slave_1: entered allmulticast mode
[  854.049446][T15486] bridge_slave_1: entered promiscuous mode
[  854.097766][   T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.148458][T15486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  854.163918][ T5925] playstation 0003:054C:05C4.0033: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.5-1/input0
[  854.186808][T15486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  854.270200][T15486] team0: Port device team_slave_0 added
[  854.307880][T15486] team0: Port device team_slave_1 added
[  854.341620][ T5925] playstation 0003:054C:05C4.0033: Invalid byte count transferred, expected 16 got 0
[  854.354230][ T5925] playstation 0003:054C:05C4.0033: Failed to retrieve DualShock4 pairing info: -22
[  854.364140][ T5925] playstation 0003:054C:05C4.0033: Failed to get MAC address from DualShock4
[  854.375237][ T5925] playstation 0003:054C:05C4.0033: Failed to create dualshock4.
[  854.387097][ T5925] playstation 0003:054C:05C4.0033: probe with driver playstation failed with error -22
[  854.399631][T15486] batman_adv: batadv0: Adding interface: batadv_slave_0
[  854.407157][T15486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  854.439074][T15486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  854.479657][T15486] batman_adv: batadv0: Adding interface: batadv_slave_1
[  854.491787][T15486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  854.518516][T15486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  854.588764][T15485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  854.598230][T15485] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  854.611690][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  854.611710][   T30] audit: type=1326 audit(1770741229.308:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15484 comm="syz.5.3231" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f720219bf79 code=0x0
[  854.665342][T15498] binder: BINDER_SET_CONTEXT_MGR already set
[  854.690514][T15498] binder: 15484:15498 ioctl 4018620d 200000000040 returned -16
[  854.789307][T15486] hsr_slave_0: entered promiscuous mode
[  854.798151][T15486] hsr_slave_1: entered promiscuous mode
[  854.805072][T15486] debugfs: 'hsr0' already exists in 'hsr'
[  854.812295][T15486] Cannot create hsr debugfs directory
[  854.818720][   T49] bridge_slave_1: left allmulticast mode
[  854.824600][   T49] bridge_slave_1: left promiscuous mode
[  854.830472][ T5925] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  854.841104][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  854.851962][   T49] bridge_slave_0: left allmulticast mode
[  854.857796][   T49] bridge_slave_0: left promiscuous mode
[  854.864653][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  854.996170][ T5925] usb 2-1: Using ep0 maxpacket: 16
[  855.009270][ T5925] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  855.042121][ T5925] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  855.054173][ T5925] usb 2-1: New USB device found, idVendor=0421, idProduct=0094, bcdDevice=28.8e
[  855.063455][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  855.072723][ T5925] usb 2-1: Product: syz
[  855.081944][ T5925] usb 2-1: Manufacturer: syz
[  855.086805][ T5925] usb 2-1: SerialNumber: syz
[  855.098283][ T5925] usb 2-1: config 0 descriptor??
[  855.103999][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  855.121116][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  855.133705][   T49] bond0 (unregistering): Released all slaves
[  855.268181][T15507] netlink: 408 bytes leftover after parsing attributes in process `syz.6.3235'.
[  855.405431][ T5831] Bluetooth: hci1: command tx timeout
[  855.497293][T15515] binder: 15514:15515 ioctl c0306201 200000000540 returned -22
[  855.505763][T15515] binder: 15514:15515 ioctl c0306201 2000000001c0 returned -22
[  855.562420][T14455] usb 2-1: USB disconnect, device number 24
[  855.786082][   T49] hsr_slave_0: left promiscuous mode
[  855.792551][   T49] hsr_slave_1: left promiscuous mode
[  855.800453][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  855.808682][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  855.820520][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  855.830211][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  855.839612][   T49] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  855.847017][   T49] batman_adv: batadv0: Removing interface: virt_wifi0
[  855.861228][   T49] veth1_macvtap: left promiscuous mode
[  855.870115][   T49] veth0_macvtap: left promiscuous mode
[  855.877387][   T49] veth1_vlan: left promiscuous mode
[  855.882812][   T49] veth0_vlan: left promiscuous mode
[  856.241188][ T5890] usb 6-1: USB disconnect, device number 9
[  856.381258][   T49] team0 (unregistering): Port device team_slave_1 removed
[  856.416903][   T49] team0 (unregistering): Port device team_slave_0 removed
[  856.599906][T15543] input input137: cannot allocate more than FF_MAX_EFFECTS effects
[  856.778216][  T980] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  856.822721][T15545] syzkaller1: entered promiscuous mode
[  856.829274][T15545] syzkaller1: entered allmulticast mode
[  856.954707][  T980] usb 6-1: Using ep0 maxpacket: 32
[  856.967083][  T980] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  856.985331][  T980] usb 6-1: config 0 has no interface number 0
[  857.013982][  T980] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  857.037773][T15553] binder: 15552:15553 ioctl c0306201 200000000540 returned -22
[  857.056552][  T980] usb 6-1: config 0 interface 85 has no altsetting 0
[  857.080724][  T980] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  857.124264][   T49] IPVS: stop unused estimator thread 0...
[  857.132297][  T980] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.143162][  T980] usb 6-1: Product: syz
[  857.158759][  T980] usb 6-1: Manufacturer: syz
[  857.177169][  T980] usb 6-1: SerialNumber: syz
[  857.192394][  T980] usb 6-1: config 0 descriptor??
[  857.258704][ T5831] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  857.485348][ T5831] Bluetooth: hci1: command tx timeout
[  857.532076][T15486] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  857.561812][T15486] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  857.577600][T15486] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  857.604908][T15486] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  857.688568][T15575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3248'.
[  857.817117][  T980] appletouch 6-1:0.85: Geyser mode initialized.
[  857.833518][  T980] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input139
[  857.920004][T15486] 8021q: adding VLAN 0 to HW filter on device bond0
[  857.976480][T15486] 8021q: adding VLAN 0 to HW filter on device team0
[  858.010904][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  858.018240][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  858.030102][  T980] usb 6-1: USB disconnect, device number 10
[  858.066789][  T980] appletouch 6-1:0.85: input: appletouch disconnected
[  858.083265][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  858.090612][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  858.166919][ T5915] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  858.332813][ T5915] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  858.348530][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.366067][ T5915] usb 2-1: Product: syz
[  858.376288][ T5915] usb 2-1: Manufacturer: syz
[  858.386150][ T5915] usb 2-1: SerialNumber: syz
[  858.402582][ T5915] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  858.434031][ T5890] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  858.580112][T15486] 8021q: adding VLAN 0 to HW filter on device batadv0
[  858.732677][T15599] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3251'.
[  858.781730][   T30] audit: type=1400 audit(1770741233.478:26): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A2020202030202020313320202020302020202030202020202030202020202020203020202020202020202020300A65727370616E303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020313520202020302020202030202020202030202020202020203020202020202020202020300A69705F767469303A202020202020203020202020202020302020203534202020353420202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020203020202020302020202030202020202030202020202020203020202020202020202020300A6970365F767469303A202020202020203020202020202020302020202030202020203020202020302020202020302020202020202020202030202020202020202020302020202020202020302020202020202030202020203620202020372020202030202020202030202020202020203620202020202020202020300A2020736974303A2020202020
[  859.099070][T15613] binder: 15609:15613 ioctl c0306201 200000000540 returned -22
[  859.556484][T14455] usb 2-1: USB disconnect, device number 25
[  859.565439][ T5831] Bluetooth: hci1: command tx timeout
[  859.679156][T15486] veth0_vlan: entered promiscuous mode
[  859.698137][T15486] veth1_vlan: entered promiscuous mode
[  859.729546][ T5890] usb 2-1: Service connection timeout for: 256
[  859.739851][ T5890] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  859.776558][T15486] veth0_macvtap: entered promiscuous mode
[  859.790347][ T5890] ath9k_htc: Failed to initialize the device
[  859.805053][T14455] usb 2-1: ath9k_htc: USB layer deinitialized
[  859.814740][T15486] veth1_macvtap: entered promiscuous mode
[  859.845666][ T5915] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  859.917060][T15486] batman_adv: batadv0: Interface activated: batadv_slave_0
[  859.980587][T15486] batman_adv: batadv0: Interface activated: batadv_slave_1
[  860.038500][   T58] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  860.055752][ T5915] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  860.084706][   T58] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  860.093998][ T5915] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  860.110668][ T5915] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  860.122946][ T5915] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  860.148375][T15633] mkiss: ax0: crc mode is auto.
[  860.153447][   T58] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  860.200621][   T58] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  860.386840][ T5915] usb 6-1: usb_control_msg returned -32
[  860.399975][ T5915] usbtmc 6-1:16.0: can't read capabilities
[  860.490549][T15645] FAULT_INJECTION: forcing a failure.
[  860.490549][T15645] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  860.509559][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  860.519680][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  860.534534][T15645] CPU: 1 UID: 0 PID: 15645 Comm: syz.6.3259 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  860.534569][T15645] Tainted: [L]=SOFTLOCKUP
[  860.534577][T15645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  860.534590][T15645] Call Trace:
[  860.534598][T15645]  <TASK>
[  860.534608][T15645]  dump_stack_lvl+0xe8/0x150
[  860.534643][T15645]  should_fail_ex+0x412/0x560
[  860.534680][T15645]  _copy_from_iter+0x1d3/0x1670
[  860.534724][T15645]  ? __pfx__copy_from_iter+0x10/0x10
[  860.534760][T15645]  ? __lock_acquire+0x6b5/0x2cf0
[  860.534806][T15645]  tun_get_user+0x516/0x3dd0
[  860.534855][T15645]  ? __pfx_tun_get_user+0x10/0x10
[  860.534882][T15645]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  860.534912][T15645]  ? lockdep_hardirqs_on+0x7a/0x110
[  860.534942][T15645]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  860.534979][T15645]  ? save_netdev_trace_buffer+0x4e2/0x610
[  860.535013][T15645]  ? ref_tracker_alloc+0x363/0x4d0
[  860.535044][T15645]  ? tun_chr_write_iter+0x60/0x210
[  860.535081][T15645]  ? vfs_write+0x61d/0xb90
[  860.535100][T15645]  ? ksys_write+0x150/0x270
[  860.535120][T15645]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  860.535157][T15645]  ? tun_get+0x1c/0x2f0
[  860.535187][T15645]  ? tun_get+0x1c/0x2f0
[  860.535212][T15645]  ? tun_get+0x1c/0x2f0
[  860.535241][T15645]  tun_chr_write_iter+0x113/0x210
[  860.535270][T15645]  vfs_write+0x61d/0xb90
[  860.535299][T15645]  ? __pfx_vfs_write+0x10/0x10
[  860.535331][T15645]  ? __fget_files+0x2a/0x420
[  860.535370][T15645]  ksys_write+0x150/0x270
[  860.535393][T15645]  ? __pfx_ksys_write+0x10/0x10
[  860.535427][T15645]  do_syscall_64+0x14d/0xf80
[  860.535456][T15645]  ? trace_irq_disable+0x3b/0x150
[  860.535486][T15645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.535508][T15645]  ? clear_bhb_loop+0x40/0x90
[  860.535534][T15645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.535557][T15645] RIP: 0033:0x7f42f939bf79
[  860.535578][T15645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  860.535596][T15645] RSP: 002b:00007f42f75f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  860.535619][T15645] RAX: ffffffffffffffda RBX: 00007f42f9615fa0 RCX: 00007f42f939bf79
[  860.535634][T15645] RDX: 0000000000000036 RSI: 0000200000002040 RDI: 0000000000000004
[  860.535648][T15645] RBP: 00007f42f75f6090 R08: 0000000000000000 R09: 0000000000000000
[  860.535662][T15645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  860.535675][T15645] R13: 00007f42f9616038 R14: 00007f42f9615fa0 R15: 00007ffca4cf4708
[  860.535709][T15645]  </TASK>
[  860.833817][T15646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  860.871230][T15646] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  860.913830][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  860.922221][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  861.197005][T15665] binder: 15664:15665 ioctl c0306201 200000000540 returned -22
[  861.646207][ T5831] Bluetooth: hci1: command tx timeout
[  862.738990][T15696] binder: 15695:15696 ioctl c0306201 200000000540 returned -22
[  862.774661][ T5925] usb 6-1: USB disconnect, device number 11
[  863.005575][ T5915] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  863.165341][ T5915] usb 2-1: Using ep0 maxpacket: 32
[  863.182207][ T5915] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  863.192031][ T5915] usb 2-1: config 0 has no interface number 0
[  863.198611][ T5915] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  863.210398][ T5915] usb 2-1: config 0 interface 85 has no altsetting 0
[  863.225125][ T5915] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  863.234356][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.254632][ T5915] usb 2-1: Product: syz
[  863.269564][ T5915] usb 2-1: Manufacturer: syz
[  863.277333][ T5915] usb 2-1: SerialNumber: syz
[  863.304683][ T5915] usb 2-1: config 0 descriptor??
[  863.998853][ T5915] appletouch 2-1:0.85: Geyser mode initialized.
[  864.039318][ T5915] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.85/input/input140
[  864.295294][T15720] binder: 15719:15720 ioctl c0306201 200000000540 returned -22
[  864.788722][T15728] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3285'.
[  864.828067][T15728] bond0: (slave bond_slave_0): Releasing backup interface
[  865.694879][ T5915] usb 2-1: USB disconnect, device number 26
[  865.732024][ T5915] appletouch 2-1:0.85: input: appletouch disconnected
[  866.761064][T15742] binder: 15741:15742 ioctl c0306201 200000000540 returned -22
[  866.930278][T15749] netlink: 14 bytes leftover after parsing attributes in process `syz.5.3294'.
[  867.145200][ T5890] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  867.305205][ T5890] usb 2-1: Using ep0 maxpacket: 8
[  867.314127][ T5890] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  867.323277][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  867.331367][ T5890] usb 2-1: Product: syz
[  867.335831][ T5890] usb 2-1: Manufacturer: syz
[  867.340456][ T5890] usb 2-1: SerialNumber: syz
[  867.357629][ T5890] usb 2-1: config 0 descriptor??
[  867.485290][ T5915] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  867.646061][ T5890] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  868.446753][ T5915] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  868.455939][ T5915] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[  868.466673][ T5915] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  868.477044][ T5915] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33393, setting to 1024
[  868.489319][ T5890] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  868.507971][ T5915] usb 6-1: New USB device found, idVendor=7d25, idProduct=b415, bcdDevice= 0.40
[  868.517393][ T5915] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  868.525845][ T5915] usb 6-1: Product: syz
[  868.530181][ T5915] usb 6-1: Manufacturer: syz
[  868.556788][ T5890] usb 2-1: USB disconnect, device number 27
[  868.579095][T15764] binder: 15762:15764 ioctl 4018620d 0 returned -22
[  868.591792][ T5915] cdc_wdm 6-1:1.0: skipping garbage
[  868.601531][T15764] binder: 15762:15764 ioctl c0306201 200000000540 returned -22
[  868.607421][ T5915] cdc_wdm 6-1:1.0: skipping garbage
[  868.630221][T15764] binder: 15762:15764 ioctl c0306201 2000000001c0 returned -22
[  868.654436][ T5915] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  868.666536][ T5915] cdc_wdm 6-1:1.0: Unknown control protocol
[  868.799857][ T5925] usb 6-1: USB disconnect, device number 12
[  868.885813][T15772] binder_alloc: 15771: binder_alloc_buf, no vma
[  869.096792][T15779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  869.114837][T15779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  869.376627][ T5915] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  869.555161][ T5915] usb 2-1: Using ep0 maxpacket: 16
[  869.562555][ T5915] usb 2-1: config 0 has an invalid interface number: 48 but max is 0
[  869.570973][ T5915] usb 2-1: config 0 has no interface number 0
[  869.577640][ T5915] usb 2-1: config 0 interface 48 has no altsetting 0
[  869.588658][ T5915] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98
[  869.598303][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.606686][ T5915] usb 2-1: Product: syz
[  869.611657][ T5915] usb 2-1: Manufacturer: syz
[  869.616400][ T5915] usb 2-1: SerialNumber: syz
[  869.623330][ T5915] usb 2-1: config 0 descriptor??
[  869.836253][ T5831] Bluetooth: hci3: Unknown advertising packet type: 0x35
[  869.836291][ T5831] Bluetooth: hci3: Malformed LE Event: 0x0d
[  869.839343][ T5915] usb 2-1: USB disconnect, device number 28
[  870.091806][T15787] binder: 15786:15787 ioctl 4018620d 0 returned -22
[  870.101379][T15787] binder: 15786:15787 ioctl c0306201 200000000540 returned -22
[  870.110152][T15787] binder: 15786:15787 ioctl c0306201 2000000001c0 returned -22
[  870.143657][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  870.150133][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  870.725317][ T5915] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  870.795194][T14455] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  870.885173][ T5915] usb 2-1: Using ep0 maxpacket: 16
[  870.892358][ T5915] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  870.901167][ T5915] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  870.911615][ T5915] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  870.922975][ T5915] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  870.932441][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.941420][ T5915] usb 2-1: Product: syz
[  870.945676][ T5915] usb 2-1: Manufacturer: syz
[  870.950375][ T5915] usb 2-1: SerialNumber: syz
[  870.957400][T14455] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  870.967831][T14455] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[  870.980353][T14455] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  870.993516][T14455] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33393, setting to 1024
[  871.009817][T14455] usb 6-1: New USB device found, idVendor=7d25, idProduct=b415, bcdDevice= 0.40
[  871.019032][T14455] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  871.027272][T14455] usb 6-1: Product: syz
[  871.031488][T14455] usb 6-1: Manufacturer: syz
[  871.044426][T14455] cdc_wdm 6-1:1.0: skipping garbage
[  871.049759][T14455] cdc_wdm 6-1:1.0: skipping garbage
[  871.057499][T14455] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  871.063441][T14455] cdc_wdm 6-1:1.0: Unknown control protocol
[  871.251893][  T980] usb 6-1: USB disconnect, device number 13
[  871.397551][ T5915] usb 2-1: 0:2 : does not exist
[  871.435284][ T5915] usb 2-1: USB disconnect, device number 29
[  871.465666][ T5923] udevd[5923]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  871.857415][T15806] binder: 15805:15806 ioctl 4018620d 0 returned -22
[  871.870098][T15806] binder: 15805:15806 ioctl c0306201 200000000540 returned -22
[  871.878493][T15806] binder: 15805:15806 ioctl c0306201 2000000001c0 returned -22
[  872.425985][ T5818] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  872.468667][T15818] binder: 15817:15818 ioctl c0306201 200000000540 returned -14
[  872.596044][ T5818] usb 2-1: Using ep0 maxpacket: 32
[  872.606471][ T5818] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  872.614852][ T5818] usb 2-1: config 0 has no interface number 0
[  872.621227][ T5818] usb 2-1: config 0 interface 184 has no altsetting 0
[  872.639531][ T5818] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  872.657482][ T5818] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  872.665718][ T5818] usb 2-1: Product: syz
[  872.675122][ T5818] usb 2-1: Manufacturer: syz
[  872.681597][ T5818] usb 2-1: SerialNumber: syz
[  872.698738][ T5818] usb 2-1: config 0 descriptor??
[  872.708088][T15821] netlink: 56 bytes leftover after parsing attributes in process `syz.6.3325'.
[  872.717523][T15821] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3325'.
[  872.730127][T15821] netlink: 31 bytes leftover after parsing attributes in process `syz.6.3325'.
[  872.739551][T15821] netlink: 'syz.6.3325': attribute type 2 has an invalid length.
[  872.748151][T15821] netlink: 31 bytes leftover after parsing attributes in process `syz.6.3325'.
[  872.858679][T15826] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  872.881219][T15826] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  873.243664][T15834] comedi comedi0: s526: I/O port conflict (0x3,64)
[  873.335127][T15814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  873.344330][T15814] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  873.555128][ T5818] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  873.576603][T15814] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3322'.
[  873.605190][ T5818] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  873.854526][ T5818] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  873.865647][ T5818] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  873.881376][ T5818] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  873.892081][ T5818] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  873.902129][ T5818] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  873.919879][ T5818] usb 2-1: USB disconnect, device number 30
[  874.641859][ T5831] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  874.713639][T15869] FAULT_INJECTION: forcing a failure.
[  874.713639][T15869] name failslab, interval 1, probability 0, space 0, times 0
[  874.726734][T15869] CPU: 0 UID: 0 PID: 15869 Comm: syz.5.3344 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  874.726768][T15869] Tainted: [L]=SOFTLOCKUP
[  874.726776][T15869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  874.726790][T15869] Call Trace:
[  874.726799][T15869]  <TASK>
[  874.726809][T15869]  dump_stack_lvl+0xe8/0x150
[  874.726845][T15869]  should_fail_ex+0x412/0x560
[  874.726882][T15869]  should_failslab+0xa8/0x100
[  874.726910][T15869]  __kmalloc_noprof+0xe8/0x760
[  874.726933][T15869]  ? tomoyo_encode+0x28b/0x550
[  874.726972][T15869]  tomoyo_encode+0x28b/0x550
[  874.727012][T15869]  tomoyo_realpath_from_path+0x58d/0x5d0
[  874.727057][T15869]  ? tomoyo_path_number_perm+0x219/0x630
[  874.727089][T15869]  tomoyo_path_number_perm+0x246/0x630
[  874.727135][T15869]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  874.727166][T15869]  ? __lock_acquire+0x6b5/0x2cf0
[  874.727206][T15869]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  874.727260][T15869]  ? __fget_files+0x2a/0x420
[  874.727293][T15869]  ? __fget_files+0x2a/0x420
[  874.727320][T15869]  ? __fget_files+0x3a0/0x420
[  874.727349][T15869]  ? __fget_files+0x2a/0x420
[  874.727383][T15869]  security_file_ioctl+0xc3/0x2a0
[  874.727413][T15869]  __se_sys_ioctl+0x47/0x170
[  874.727439][T15869]  do_syscall_64+0x14d/0xf80
[  874.727470][T15869]  ? trace_irq_disable+0x3b/0x150
[  874.727499][T15869]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.727522][T15869]  ? clear_bhb_loop+0x40/0x90
[  874.727548][T15869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  874.727570][T15869] RIP: 0033:0x7f720219bf79
[  874.727590][T15869] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  874.727609][T15869] RSP: 002b:00007f7203077028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  874.727632][T15869] RAX: ffffffffffffffda RBX: 00007f7202415fa0 RCX: 00007f720219bf79
[  874.727649][T15869] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  874.727663][T15869] RBP: 00007f7203077090 R08: 0000000000000000 R09: 0000000000000000
[  874.727676][T15869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  874.727690][T15869] R13: 00007f7202416038 R14: 00007f7202415fa0 R15: 00007fff3197ebc8
[  874.727725][T15869]  </TASK>
[  874.729589][T15869] ERROR: Out of memory at tomoyo_realpath_from_path.
[  875.080821][T15877] syzkaller1: entered promiscuous mode
[  875.088348][T15877] syzkaller1: entered allmulticast mode
[  875.097661][T15877] netlink: 80 bytes leftover after parsing attributes in process `syz.5.3347'.
[  875.214205][T15882] FAULT_INJECTION: forcing a failure.
[  875.214205][T15882] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  875.227486][T15882] CPU: 0 UID: 0 PID: 15882 Comm: syz.5.3348 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  875.227519][T15882] Tainted: [L]=SOFTLOCKUP
[  875.227527][T15882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  875.227541][T15882] Call Trace:
[  875.227550][T15882]  <TASK>
[  875.227560][T15882]  dump_stack_lvl+0xe8/0x150
[  875.227595][T15882]  should_fail_ex+0x412/0x560
[  875.227631][T15882]  _copy_to_user+0x31/0xb0
[  875.227658][T15882]  simple_read_from_buffer+0xe1/0x170
[  875.227692][T15882]  proc_fail_nth_read+0x1bb/0x230
[  875.227722][T15882]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  875.227752][T15882]  ? rw_verify_area+0x2a6/0x4d0
[  875.227785][T15882]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  875.227813][T15882]  vfs_read+0x20c/0xa70
[  875.227831][T15882]  ? __local_bh_enable_ip+0xd0/0x130
[  875.227858][T15882]  ? fdget_pos+0x246/0x320
[  875.227893][T15882]  ? __pfx___mutex_lock+0x10/0x10
[  875.227927][T15882]  ? __pfx_vfs_read+0x10/0x10
[  875.227949][T15882]  ? __fget_files+0x2a/0x420
[  875.227984][T15882]  ? __fget_files+0x3a0/0x420
[  875.228013][T15882]  ? __fget_files+0x2a/0x420
[  875.228071][T15882]  ksys_read+0x150/0x270
[  875.228095][T15882]  ? __pfx_ksys_read+0x10/0x10
[  875.228126][T15882]  do_syscall_64+0x14d/0xf80
[  875.228155][T15882]  ? trace_irq_disable+0x3b/0x150
[  875.228185][T15882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.228206][T15882]  ? clear_bhb_loop+0x40/0x90
[  875.228233][T15882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  875.228254][T15882] RIP: 0033:0x7f720215c84e
[  875.228274][T15882] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  875.228293][T15882] RSP: 002b:00007f7203076fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  875.228314][T15882] RAX: ffffffffffffffda RBX: 00007f72030776c0 RCX: 00007f720215c84e
[  875.228330][T15882] RDX: 000000000000000f RSI: 00007f72030770a0 RDI: 0000000000000003
[  875.228343][T15882] RBP: 00007f7203077090 R08: 0000000000000000 R09: 0000000000000000
[  875.228357][T15882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  875.228370][T15882] R13: 00007f7202416038 R14: 00007f7202415fa0 R15: 00007fff3197ebc8
[  875.228404][T15882]  </TASK>
[  875.784734][ T5831] Bluetooth: hci1: Received unexpected HCI Event 0x00
[  875.865355][T14455] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  875.911275][T15900] IPVS: Unknown mcast interface: pimreg0
[  875.921523][T15901] IPVS: Unknown mcast interface: pimreg0
[  875.934460][T15901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3356'.
[  876.035247][T14455] usb 6-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  876.046626][T14455] usb 6-1: config 0 interface 0 has no altsetting 0
[  876.063841][T14455] usb 6-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3
[  876.073484][T14455] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.082410][T14455] usb 6-1: Product: syz
[  876.086900][T14455] usb 6-1: Manufacturer: syz
[  876.091528][T14455] usb 6-1: SerialNumber: syz
[  876.107800][T14455] usb 6-1: config 0 descriptor??
[  876.119886][T14455] keyspan 6-1:0.0: Keyspan 2 port adapter converter detected
[  876.128013][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 7
[  876.141627][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 81
[  876.150769][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 1
[  876.158605][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 2
[  876.167479][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 85
[  876.175295][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 5
[  876.184713][T14455] usb 6-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  876.194681][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 83
[  876.202441][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 3
[  876.211001][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 4
[  876.220421][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 86
[  876.233000][T14455] keyspan 6-1:0.0: found no endpoint descriptor for endpoint 6
[  876.245878][T14455] usb 6-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  876.324798][T15889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  876.341212][T15889] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  876.357788][T15889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  876.369774][T15889] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  876.384455][T14455] usb 6-1: USB disconnect, device number 14
[  876.401098][T14455] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  876.426614][T14455] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  876.447227][T14455] keyspan 6-1:0.0: device disconnected
[  876.665346][ T5831] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  876.840993][T15927] FAULT_INJECTION: forcing a failure.
[  876.840993][T15927] name failslab, interval 1, probability 0, space 0, times 0
[  876.857492][T15927] CPU: 1 UID: 0 PID: 15927 Comm: syz.1.3366 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  876.857527][T15927] Tainted: [L]=SOFTLOCKUP
[  876.857536][T15927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  876.857549][T15927] Call Trace:
[  876.857558][T15927]  <TASK>
[  876.857568][T15927]  dump_stack_lvl+0xe8/0x150
[  876.857604][T15927]  should_fail_ex+0x412/0x560
[  876.857641][T15927]  should_failslab+0xa8/0x100
[  876.857669][T15927]  __kmalloc_noprof+0xe8/0x760
[  876.857692][T15927]  ? tomoyo_encode+0x28b/0x550
[  876.857732][T15927]  tomoyo_encode+0x28b/0x550
[  876.857771][T15927]  tomoyo_realpath_from_path+0x58d/0x5d0
[  876.857816][T15927]  ? tomoyo_path_number_perm+0x219/0x630
[  876.857846][T15927]  tomoyo_path_number_perm+0x246/0x630
[  876.857878][T15927]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  876.857909][T15927]  ? __lock_acquire+0x6b5/0x2cf0
[  876.857949][T15927]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  876.858012][T15927]  ? __fget_files+0x2a/0x420
[  876.858046][T15927]  ? __fget_files+0x2a/0x420
[  876.858074][T15927]  ? __fget_files+0x3a0/0x420
[  876.858102][T15927]  ? __fget_files+0x2a/0x420
[  876.858144][T15927]  security_file_ioctl+0xc3/0x2a0
[  876.858174][T15927]  __se_sys_ioctl+0x47/0x170
[  876.858201][T15927]  do_syscall_64+0x14d/0xf80
[  876.858231][T15927]  ? trace_irq_disable+0x3b/0x150
[  876.858261][T15927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.858283][T15927]  ? clear_bhb_loop+0x40/0x90
[  876.858311][T15927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  876.858333][T15927] RIP: 0033:0x7f698d79bf79
[  876.858354][T15927] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  876.858371][T15927] RSP: 002b:00007f698e6bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  876.858395][T15927] RAX: ffffffffffffffda RBX: 00007f698da15fa0 RCX: 00007f698d79bf79
[  876.858411][T15927] RDX: 0000200000000040 RSI: 00000000c008561c RDI: 0000000000000003
[  876.858425][T15927] RBP: 00007f698e6bf090 R08: 0000000000000000 R09: 0000000000000000
[  876.858439][T15927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  876.858457][T15927] R13: 00007f698da16038 R14: 00007f698da15fa0 R15: 00007ffdff6bdbd8
[  876.858491][T15927]  </TASK>
[  876.858579][T15927] ERROR: Out of memory at tomoyo_realpath_from_path.
[  877.556340][T14455] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  877.587639][T15952] FAULT_INJECTION: forcing a failure.
[  877.587639][T15952] name failslab, interval 1, probability 0, space 0, times 0
[  877.617771][T15952] CPU: 0 UID: 0 PID: 15952 Comm: syz.6.3376 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  877.617805][T15952] Tainted: [L]=SOFTLOCKUP
[  877.617813][T15952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  877.617827][T15952] Call Trace:
[  877.617836][T15952]  <TASK>
[  877.617846][T15952]  dump_stack_lvl+0xe8/0x150
[  877.617882][T15952]  should_fail_ex+0x412/0x560
[  877.617918][T15952]  should_failslab+0xa8/0x100
[  877.617946][T15952]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  877.617982][T15952]  ? __alloc_skb+0x186/0x7d0
[  877.618008][T15952]  ? __alloc_skb+0x1d0/0x7d0
[  877.618033][T15952]  ? __local_bh_enable_ip+0xd0/0x130
[  877.618066][T15952]  __alloc_skb+0x1d0/0x7d0
[  877.618099][T15952]  pfkey_sendmsg+0x212/0x1120
[  877.618134][T15952]  ? unwind_next_frame+0xa5/0x23c0
[  877.618169][T15952]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  877.618204][T15952]  ? aa_sk_perm+0x6d5/0x900
[  877.618244][T15952]  ? __pfx_aa_sk_perm+0x10/0x10
[  877.618271][T15952]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  877.618314][T15952]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  877.618338][T15952]  sock_sendmsg_nosec+0x18f/0x1d0
[  877.618364][T15952]  ____sys_sendmsg+0x589/0x8c0
[  877.618404][T15952]  ? __pfx_____sys_sendmsg+0x10/0x10
[  877.618444][T15952]  ? import_iovec+0x73/0xa0
[  877.618471][T15952]  ___sys_sendmsg+0x2a5/0x360
[  877.618507][T15952]  ? __pfx____sys_sendmsg+0x10/0x10
[  877.618581][T15952]  ? __fget_files+0x2a/0x420
[  877.618612][T15952]  ? __fget_files+0x3a0/0x420
[  877.618652][T15952]  __x64_sys_sendmsg+0x1bd/0x2a0
[  877.618685][T15952]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  877.618726][T15952]  ? __pfx_ksys_write+0x10/0x10
[  877.618759][T15952]  do_syscall_64+0x14d/0xf80
[  877.618790][T15952]  ? trace_irq_disable+0x3b/0x150
[  877.618822][T15952]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.618845][T15952]  ? clear_bhb_loop+0x40/0x90
[  877.618872][T15952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.618893][T15952] RIP: 0033:0x7f42f939bf79
[  877.618915][T15952] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  877.618934][T15952] RSP: 002b:00007f42f75d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  877.618959][T15952] RAX: ffffffffffffffda RBX: 00007f42f9616090 RCX: 00007f42f939bf79
[  877.618975][T15952] RDX: 0000000000000000 RSI: 0000200000000680 RDI: 0000000000000005
[  877.618990][T15952] RBP: 00007f42f75d5090 R08: 0000000000000000 R09: 0000000000000000
[  877.619004][T15952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  877.619017][T15952] R13: 00007f42f9616128 R14: 00007f42f9616090 R15: 00007ffca4cf4708
[  877.619052][T15952]  </TASK>
[  877.945295][T14455] usb 6-1: device descriptor read/64, error -71
[  878.038473][T15959] FAULT_INJECTION: forcing a failure.
[  878.038473][T15959] name failslab, interval 1, probability 0, space 0, times 0
[  878.051391][T15959] CPU: 1 UID: 0 PID: 15959 Comm: syz.6.3379 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  878.051424][T15959] Tainted: [L]=SOFTLOCKUP
[  878.051433][T15959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  878.051446][T15959] Call Trace:
[  878.051455][T15959]  <TASK>
[  878.051465][T15959]  dump_stack_lvl+0xe8/0x150
[  878.051502][T15959]  should_fail_ex+0x412/0x560
[  878.051538][T15959]  should_failslab+0xa8/0x100
[  878.051571][T15959]  __kmalloc_noprof+0xe8/0x760
[  878.051589][T15959]  ? tomoyo_encode+0x28b/0x550
[  878.051616][T15959]  tomoyo_encode+0x28b/0x550
[  878.051645][T15959]  tomoyo_realpath_from_path+0x58d/0x5d0
[  878.051677][T15959]  ? tomoyo_path_number_perm+0x219/0x630
[  878.051698][T15959]  tomoyo_path_number_perm+0x246/0x630
[  878.051721][T15959]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  878.051744][T15959]  ? __lock_acquire+0x6b5/0x2cf0
[  878.051772][T15959]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  878.051811][T15959]  ? __fget_files+0x2a/0x420
[  878.051835][T15959]  ? __fget_files+0x2a/0x420
[  878.051855][T15959]  ? __fget_files+0x3a0/0x420
[  878.051876][T15959]  ? __fget_files+0x2a/0x420
[  878.051900][T15959]  security_file_ioctl+0xc3/0x2a0
[  878.051921][T15959]  __se_sys_ioctl+0x47/0x170
[  878.051940][T15959]  do_syscall_64+0x14d/0xf80
[  878.051962][T15959]  ? trace_irq_disable+0x3b/0x150
[  878.051985][T15959]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.052001][T15959]  ? clear_bhb_loop+0x40/0x90
[  878.052020][T15959]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  878.052036][T15959] RIP: 0033:0x7f42f939bf79
[  878.052051][T15959] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  878.052065][T15959] RSP: 002b:00007f42f75f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  878.052082][T15959] RAX: ffffffffffffffda RBX: 00007f42f9615fa0 RCX: 00007f42f939bf79
[  878.052094][T15959] RDX: 0000200000000040 RSI: 000000008020640d RDI: 0000000000000003
[  878.052104][T15959] RBP: 00007f42f75f6090 R08: 0000000000000000 R09: 0000000000000000
[  878.052114][T15959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  878.052124][T15959] R13: 00007f42f9616038 R14: 00007f42f9615fa0 R15: 00007ffca4cf4708
[  878.052148][T15959]  </TASK>
[  878.052196][T15959] ERROR: Out of memory at tomoyo_realpath_from_path.
[  878.195357][T14455] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  878.455224][T14455] usb 6-1: device descriptor read/64, error -71
[  878.530415][T15970] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3383'.
[  878.544475][T15970] netlink: 220 bytes leftover after parsing attributes in process `syz.6.3383'.
[  878.583209][T14455] usb usb6-port1: attempt power cycle
[  878.872231][T15983] sctp: [Deprecated]: syz.6.3388 (pid 15983) Use of struct sctp_assoc_value in delayed_ack socket option.
[  878.872231][T15983] Use struct sctp_sack_info instead
[  878.906428][T15986] netlink: 17780 bytes leftover after parsing attributes in process `syz.4.3389'.
[  878.955899][T14455] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  878.987202][T14455] usb 6-1: device descriptor read/8, error -71
[  879.191865][T15997] FAULT_INJECTION: forcing a failure.
[  879.191865][T15997] name failslab, interval 1, probability 0, space 0, times 0
[  879.204955][T15997] CPU: 1 UID: 0 PID: 15997 Comm: syz.4.3394 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  879.204981][T15997] Tainted: [L]=SOFTLOCKUP
[  879.204987][T15997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  879.204997][T15997] Call Trace:
[  879.205004][T15997]  <TASK>
[  879.205010][T15997]  dump_stack_lvl+0xe8/0x150
[  879.205037][T15997]  should_fail_ex+0x412/0x560
[  879.205091][T15997]  should_failslab+0xa8/0x100
[  879.205119][T15997]  __kmalloc_noprof+0xe8/0x760
[  879.205143][T15997]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  879.205182][T15997]  tomoyo_realpath_from_path+0xe3/0x5d0
[  879.205226][T15997]  ? tomoyo_path_number_perm+0x219/0x630
[  879.205255][T15997]  tomoyo_path_number_perm+0x246/0x630
[  879.205287][T15997]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  879.205319][T15997]  ? __lock_acquire+0x6b5/0x2cf0
[  879.205358][T15997]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  879.205428][T15997]  ? __fget_files+0x2a/0x420
[  879.205461][T15997]  ? __fget_files+0x2a/0x420
[  879.205490][T15997]  ? __fget_files+0x3a0/0x420
[  879.205518][T15997]  ? __fget_files+0x2a/0x420
[  879.205553][T15997]  security_file_ioctl+0xc3/0x2a0
[  879.205582][T15997]  __se_sys_ioctl+0x47/0x170
[  879.205609][T15997]  do_syscall_64+0x14d/0xf80
[  879.205639][T15997]  ? trace_irq_disable+0x3b/0x150
[  879.205675][T15997]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  879.205696][T15997]  ? clear_bhb_loop+0x40/0x90
[  879.205724][T15997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  879.205746][T15997] RIP: 0033:0x7f555259bf79
[  879.205767][T15997] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  879.205786][T15997] RSP: 002b:00007f5553541028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  879.205810][T15997] RAX: ffffffffffffffda RBX: 00007f5552815fa0 RCX: 00007f555259bf79
[  879.205826][T15997] RDX: 0000200000000580 RSI: 00000000c03864bc RDI: 0000000000000003
[  879.205841][T15997] RBP: 00007f5553541090 R08: 0000000000000000 R09: 0000000000000000
[  879.205856][T15997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  879.205869][T15997] R13: 00007f5552816038 R14: 00007f5552815fa0 R15: 00007ffe82497b78
[  879.205904][T15997]  </TASK>
[  879.425424][ T5915] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  879.433169][T14455] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  879.454854][T15997] ERROR: Out of memory at tomoyo_realpath_from_path.
[  879.465715][T14455] usb 6-1: device descriptor read/8, error -71
[  879.576900][T14455] usb usb6-port1: unable to enumerate USB device
[  879.595541][ T5915] usb 2-1: Using ep0 maxpacket: 8
[  879.606079][ T5915] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  879.615909][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  879.624221][ T5915] usb 2-1: Product: syz
[  879.628732][ T5915] usb 2-1: Manufacturer: syz
[  879.633380][ T5915] usb 2-1: SerialNumber: syz
[  879.641895][ T5915] usb 2-1: config 0 descriptor??
[  879.855903][ T5915] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  879.934771][T16008] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3399'.
[  879.951368][T16008] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3399'.
[  880.259515][ T5915] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  880.280651][ T5915] usb 2-1: USB disconnect, device number 31
[  880.605203][T11370] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  880.757387][T11370] usb 6-1: config 9 has an invalid interface number: 158 but max is 1
[  880.766048][T11370] usb 6-1: config 9 has an invalid descriptor of length 36, skipping remainder of the config
[  880.778942][T11370] usb 6-1: config 9 has 1 interface, different from the descriptor's value: 2
[  880.787950][T11370] usb 6-1: config 9 has no interface number 0
[  880.794082][T11370] usb 6-1: config 9 interface 158 has no altsetting 0
[  880.802732][T11370] usb 6-1: New USB device found, idVendor=0bb4, idProduct=0a0b, bcdDevice=3e.fe
[  880.811880][T11370] usb 6-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  880.819986][T11370] usb 6-1: Manufacturer: syz
[  880.824618][T11370] usb 6-1: SerialNumber: syz
[  880.920175][T16022] binder: 16021:16022 ioctl c0306201 200000000540 returned -22
[  880.928927][T16022] binder: 16021:16022 ioctl c0306201 2000000001c0 returned -22
[  881.000797][T16024] netlink: 176 bytes leftover after parsing attributes in process `syz.4.3405'.
[  881.017060][T16024] netlink: 116 bytes leftover after parsing attributes in process `syz.4.3405'.
[  881.052570][T11370] usb 6-1: USB disconnect, device number 19
[  881.258366][T16031] netlink: 'syz.1.3408': attribute type 10 has an invalid length.
[  881.267234][T16031] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3408'.
[  881.279389][T16031] batman_adv: batadv0: Interface activated: virt_wifi0
[  881.607140][T16041] binder: 16040:16041 ioctl c0306201 200000000540 returned -22
[  881.616243][T16041] binder: 16040:16041 ioctl c0306201 2000000001c0 returned -22
[  881.815692][T14455] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  881.976662][T14455] usb 2-1: Using ep0 maxpacket: 16
[  881.984088][T14455] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  882.001091][T14455] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  882.025731][T14455] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  882.034973][T14455] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  882.065734][T16052] binder: 16051:16052 ioctl c0306201 200000000540 returned -14
[  882.086530][T16052] binder: 16051:16052 ioctl c0306201 2000000001c0 returned -22
[  882.096707][T14455] usb 2-1: config 0 descriptor??
[  882.231356][T16059] openvswitch: netlink: EtherType 50a is less than min 600
[  882.272076][T16061] binder: 16060:16061 ioctl c0306201 200000000540 returned -22
[  882.280752][T16061] binder: 16060:16061 ioctl c0306201 2000000001c0 returned -22
[  882.346873][T16063] FAULT_INJECTION: forcing a failure.
[  882.346873][T16063] name failslab, interval 1, probability 0, space 0, times 0
[  882.360668][T16063] CPU: 1 UID: 0 PID: 16063 Comm: syz.6.3423 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  882.360701][T16063] Tainted: [L]=SOFTLOCKUP
[  882.360710][T16063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  882.360724][T16063] Call Trace:
[  882.360733][T16063]  <TASK>
[  882.360742][T16063]  dump_stack_lvl+0xe8/0x150
[  882.360778][T16063]  should_fail_ex+0x412/0x560
[  882.360814][T16063]  should_failslab+0xa8/0x100
[  882.360842][T16063]  __kmalloc_noprof+0xe8/0x760
[  882.360865][T16063]  ? tomoyo_encode+0x28b/0x550
[  882.360904][T16063]  tomoyo_encode+0x28b/0x550
[  882.360943][T16063]  tomoyo_realpath_from_path+0x58d/0x5d0
[  882.360988][T16063]  ? tomoyo_path_number_perm+0x219/0x630
[  882.361017][T16063]  tomoyo_path_number_perm+0x246/0x630
[  882.361049][T16063]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  882.361082][T16063]  ? __lock_acquire+0x6b5/0x2cf0
[  882.361122][T16063]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  882.361177][T16063]  ? __fget_files+0x2a/0x420
[  882.361209][T16063]  ? __fget_files+0x2a/0x420
[  882.361237][T16063]  ? __fget_files+0x3a0/0x420
[  882.361265][T16063]  ? __fget_files+0x2a/0x420
[  882.361299][T16063]  security_file_ioctl+0xc3/0x2a0
[  882.361329][T16063]  __se_sys_ioctl+0x47/0x170
[  882.361355][T16063]  do_syscall_64+0x14d/0xf80
[  882.361385][T16063]  ? trace_irq_disable+0x3b/0x150
[  882.361422][T16063]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  882.361444][T16063]  ? clear_bhb_loop+0x40/0x90
[  882.361472][T16063]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  882.361493][T16063] RIP: 0033:0x7f42f939bf79
[  882.361514][T16063] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  882.361533][T16063] RSP: 002b:00007f42f75f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  882.361556][T16063] RAX: ffffffffffffffda RBX: 00007f42f9615fa0 RCX: 00007f42f939bf79
[  882.361573][T16063] RDX: 00002000000000c0 RSI: 00000000c028aa03 RDI: 0000000000000004
[  882.361587][T16063] RBP: 00007f42f75f6090 R08: 0000000000000000 R09: 0000000000000000
[  882.361601][T16063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  882.361614][T16063] R13: 00007f42f9616038 R14: 00007f42f9615fa0 R15: 00007ffca4cf4708
[  882.361649][T16063]  </TASK>
[  882.361672][T16063] ERROR: Out of memory at tomoyo_realpath_from_path.
[  882.392419][T16065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  882.608314][T16065] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  882.623332][T16065] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3412'.
[  882.850415][T11370] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  883.005776][T11370] usb 6-1: Using ep0 maxpacket: 32
[  883.012748][T11370] usb 6-1: config 0 has an invalid interface number: 89 but max is 0
[  883.020992][T11370] usb 6-1: config 0 has no interface number 0
[  883.029260][T11370] usb 6-1: config 0 interface 89 has no altsetting 0
[  883.038479][T11370] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  883.047692][T11370] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.055859][T11370] usb 6-1: Product: syz
[  883.060053][T11370] usb 6-1: Manufacturer: syz
[  883.064711][T11370] usb 6-1: SerialNumber: syz
[  883.072472][T11370] usb 6-1: config 0 descriptor??
[  883.083127][T11370] em28xx 6-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  883.092979][T11370] em28xx 6-1:0.89: Video interface 89 found: bulk
[  883.345974][T11370] em28xx 6-1:0.89: unknown em28xx chip ID (0)
[  883.409505][T11370] em28xx 6-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  883.418003][T11370] em28xx 6-1:0.89: board has no eeprom
[  883.475154][T11370] em28xx 6-1:0.89: Identified as Terratec Grabby (card=67)
[  883.482501][T11370] em28xx 6-1:0.89: analog set to bulk mode.
[  883.488636][ T5925] em28xx 6-1:0.89: Registering V4L2 extension
[  883.506610][T11370] usb 6-1: USB disconnect, device number 20
[  883.514053][T11370] em28xx 6-1:0.89: Disconnecting em28xx
[  883.552113][ T5925] em28xx 6-1:0.89: Config register raw data: 0xffffffed
[  883.560445][ T5925] em28xx 6-1:0.89: AC97 chip type couldn't be determined
[  883.567949][ T5925] em28xx 6-1:0.89: No AC97 audio processor
[  883.578471][ T5925] usb 6-1: Decoder not found
[  883.583124][ T5925] em28xx 6-1:0.89: failed to create media graph
[  883.590281][ T5925] em28xx 6-1:0.89: V4L2 device video103 deregistered
[  883.600675][ T5925] em28xx 6-1:0.89: Registering snapshot button...
[  883.610658][ T5925] input: em28xx snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.89/input/input141
[  883.628266][ T5925] em28xx 6-1:0.89: Remote control support is not available for this card.
[  883.640214][T11370] em28xx 6-1:0.89: Closing input extension
[  883.651676][T11370] em28xx 6-1:0.89: Deregistering snapshot button
[  883.670617][T11370] em28xx 6-1:0.89: Freeing device
[  883.854790][T16078] binder: 16077:16078 ioctl c0306201 200000000540 returned -14
[  883.862956][T16078] binder: 16077:16078 ioctl c0306201 2000000001c0 returned -22
[  884.057435][T16083] binder: 16082:16083 ioctl c0389423 200000000240 returned -22
[  884.165264][T14455] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  884.315161][T14455] usb 6-1: Using ep0 maxpacket: 16
[  884.322472][T14455] usb 6-1: config 0 has an invalid interface number: 41 but max is 0
[  884.330805][T14455] usb 6-1: config 0 has no interface number 0
[  884.337392][T14455] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  884.347498][T14455] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  884.359332][T14455] usb 6-1: config 0 interface 41 has no altsetting 0
[  884.368947][T14455] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  884.378249][T14455] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  884.387218][T14455] usb 6-1: Product: syz
[  884.391457][T14455] usb 6-1: Manufacturer: syz
[  884.396175][T14455] usb 6-1: SerialNumber: syz
[  884.403347][T14455] usb 6-1: config 0 descriptor??
[  884.409341][T16081] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  884.416884][T16081] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  884.566714][ T5915] usb 2-1: USB disconnect, device number 32
[  884.626064][T16081] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  884.633385][T16081] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  884.800149][T16090] binder: 16089:16090 ioctl c0306201 200000000540 returned -22
[  884.811831][T16090] binder: 16089:16090 ioctl c0306201 2000000001c0 returned -22
[  884.843852][T14455] sr9700 6-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address
[  884.871399][T14455] usb 6-1: USB disconnect, device number 21
[  885.146301][T11370] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  885.305408][T11370] usb 2-1: Using ep0 maxpacket: 16
[  885.316016][T11370] usb 2-1: config 0 has no interfaces?
[  885.323682][T11370] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  885.332902][T11370] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  885.341077][T11370] usb 2-1: Product: syz
[  885.345320][T11370] usb 2-1: Manufacturer: syz
[  885.349972][T11370] usb 2-1: SerialNumber: syz
[  885.359075][T11370] r8152-cfgselector 2-1: Unknown version 0x0000
[  885.365531][T11370] r8152-cfgselector 2-1: config 0 descriptor??
[  885.495044][T16102] binder: 16101:16102 ioctl c0306201 200000000540 returned -14
[  885.505646][T16102] binder: 16101:16102 ioctl c0306201 2000000001c0 returned -22
[  885.600733][T16092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  885.613131][T16092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  885.664732][ T5915] r8152-cfgselector 2-1: USB disconnect, device number 33
[  885.825203][ T5925] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  885.975248][ T5925] usb 6-1: Using ep0 maxpacket: 16
[  885.998834][ T5925] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  886.013643][ T5925] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  886.024599][ T5925] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  886.037903][ T5925] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  886.047320][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  886.055774][ T5925] usb 6-1: SerialNumber: syz
[  886.064223][T16105] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  886.072418][T16105] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  886.155361][T16110] netlink: 4432 bytes leftover after parsing attributes in process `syz.6.3440'.
[  886.246105][T16112] binder: 16111:16112 ioctl c0306201 200000000540 returned -22
[  886.254352][T16112] binder: 16111:16112 ioctl c0306201 2000000001c0 returned -22
[  886.303745][ T5925] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  886.332747][ T5925] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12
[  886.361760][ T5925] usb 6-1: USB disconnect, device number 22
[  886.411418][ T5831] Bluetooth: hci4: unexpected event 0x01 length: 13 > 1
[  886.585192][ T5915] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  886.766488][ T5915] usb 2-1: Using ep0 maxpacket: 8
[  886.779483][ T5915] usb 2-1: config 0 has an invalid descriptor of length 230, skipping remainder of the config
[  886.797059][ T5915] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  886.812934][ T5915] usb 2-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  886.823453][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  886.834338][ T5915] usb 2-1: Product: syz
[  886.838866][ T5915] usb 2-1: Manufacturer: syz
[  886.843739][ T5915] usb 2-1: SerialNumber: syz
[  886.854470][ T5915] usb 2-1: config 0 descriptor??
[  887.029463][T16123] binder: 16122:16123 ioctl c0306201 200000000540 returned -14
[  887.037509][T16123] binder: 16122:16123 ioctl c0306201 2000000001c0 returned -22
[  887.181379][ T5915] usb 2-1: USB disconnect, device number 34
[  887.625210][T11370] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  887.773639][T16135] binder: 16134:16135 ioctl c0306201 200000000540 returned -22
[  887.783167][T11370] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  887.792632][T11370] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  887.792916][T16135] binder: 16134:16135 ioctl c0306201 2000000001c0 returned -22
[  887.807945][T11370] usb 6-1: Product: syz
[  887.812743][T11370] usb 6-1: Manufacturer: syz
[  887.822938][T11370] usb 6-1: SerialNumber: syz
[  887.830616][T11370] usb 6-1: config 0 descriptor??
[  888.044707][ T5889] usb 6-1: USB disconnect, device number 23
[  888.135217][T11370] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  888.259946][T16131] FAULT_INJECTION: forcing a failure.
[  888.259946][T16131] name failslab, interval 1, probability 0, space 0, times 0
[  888.273004][T16131] CPU: 1 UID: 0 PID: 16131 Comm: syz.5.3449 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  888.273038][T16131] Tainted: [L]=SOFTLOCKUP
[  888.273047][T16131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  888.273059][T16131] Call Trace:
[  888.273068][T16131]  <TASK>
[  888.273077][T16131]  dump_stack_lvl+0xe8/0x150
[  888.273113][T16131]  should_fail_ex+0x412/0x560
[  888.273149][T16131]  should_failslab+0xa8/0x100
[  888.273178][T16131]  __kmalloc_noprof+0xe8/0x760
[  888.273201][T16131]  ? tomoyo_encode+0x28b/0x550
[  888.273239][T16131]  tomoyo_encode+0x28b/0x550
[  888.273278][T16131]  tomoyo_realpath_from_path+0x58d/0x5d0
[  888.273322][T16131]  ? tomoyo_path_number_perm+0x219/0x630
[  888.273352][T16131]  tomoyo_path_number_perm+0x246/0x630
[  888.273384][T16131]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  888.273416][T16131]  ? __lock_acquire+0x6b5/0x2cf0
[  888.273455][T16131]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  888.273506][T16131]  ? __fget_files+0x2a/0x420
[  888.273537][T16131]  ? __fget_files+0x2a/0x420
[  888.273564][T16131]  ? __fget_files+0x3a0/0x420
[  888.273592][T16131]  ? __fget_files+0x2a/0x420
[  888.273623][T16131]  security_file_ioctl+0xc3/0x2a0
[  888.273654][T16131]  __se_sys_ioctl+0x47/0x170
[  888.273680][T16131]  do_syscall_64+0x14d/0xf80
[  888.273718][T16131]  ? trace_irq_disable+0x3b/0x150
[  888.273748][T16131]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.273770][T16131]  ? clear_bhb_loop+0x40/0x90
[  888.273798][T16131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.273820][T16131] RIP: 0033:0x7f720219bf79
[  888.273841][T16131] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  888.273860][T16131] RSP: 002b:00007f7203077028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  888.273883][T16131] RAX: ffffffffffffffda RBX: 00007f7202415fa0 RCX: 00007f720219bf79
[  888.273900][T16131] RDX: 0000000000000000 RSI: 00000000c0286405 RDI: 0000000000000004
[  888.273913][T16131] RBP: 00007f7203077090 R08: 0000000000000000 R09: 0000000000000000
[  888.273927][T16131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  888.273940][T16131] R13: 00007f7202416038 R14: 00007f7202415fa0 R15: 00007fff3197ebc8
[  888.273973][T16131]  </TASK>
[  888.273995][T16131] ERROR: Out of memory at tomoyo_realpath_from_path.
[  888.525208][T11370] usb 2-1: Using ep0 maxpacket: 8
[  888.532296][T11370] usb 2-1: unable to get BOS descriptor or descriptor too short
[  888.541941][T11370] usb 2-1: config 5 has an invalid interface number: 24 but max is 0
[  888.550413][T11370] usb 2-1: config 5 has no interface number 0
[  888.558180][T11370] usb 2-1: config 5 interface 24 has no altsetting 0
[  888.569904][T11370] usb 2-1: New USB device found, idVendor=0979, idProduct=0280, bcdDevice=95.47
[  888.579355][T11370] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  888.587846][T11370] usb 2-1: Product: syz
[  888.592176][T11370] usb 2-1: Manufacturer: syz
[  888.597257][T11370] usb 2-1: SerialNumber: syz
[  888.700184][T16149] binder: 16148:16149 ioctl c0306201 200000000540 returned -14
[  888.709440][T16149] binder: 16148:16149 ioctl c0306201 2000000001c0 returned -22
[  888.823352][T11370] gspca_main: jeilinj-2.14.0 probing 0979:0280
[  888.833462][T11370] usb 2-1: USB disconnect, device number 35
[  889.103252][T16157] FAULT_INJECTION: forcing a failure.
[  889.103252][T16157] name failslab, interval 1, probability 0, space 0, times 0
[  889.116272][T16157] CPU: 1 UID: 0 PID: 16157 Comm: syz.5.3458 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  889.116306][T16157] Tainted: [L]=SOFTLOCKUP
[  889.116315][T16157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  889.116329][T16157] Call Trace:
[  889.116338][T16157]  <TASK>
[  889.116347][T16157]  dump_stack_lvl+0xe8/0x150
[  889.116384][T16157]  should_fail_ex+0x412/0x560
[  889.116420][T16157]  should_failslab+0xa8/0x100
[  889.116448][T16157]  __kmalloc_noprof+0xe8/0x760
[  889.116471][T16157]  ? tomoyo_encode+0x28b/0x550
[  889.116511][T16157]  tomoyo_encode+0x28b/0x550
[  889.116550][T16157]  tomoyo_realpath_from_path+0x58d/0x5d0
[  889.116594][T16157]  ? tomoyo_path_number_perm+0x219/0x630
[  889.116638][T16157]  tomoyo_path_number_perm+0x246/0x630
[  889.116662][T16157]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  889.116685][T16157]  ? __lock_acquire+0x6b5/0x2cf0
[  889.116713][T16157]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  889.116753][T16157]  ? __fget_files+0x2a/0x420
[  889.116777][T16157]  ? __fget_files+0x2a/0x420
[  889.116797][T16157]  ? __fget_files+0x3a0/0x420
[  889.116818][T16157]  ? __fget_files+0x2a/0x420
[  889.116842][T16157]  security_file_ioctl+0xc3/0x2a0
[  889.116866][T16157]  __se_sys_ioctl+0x47/0x170
[  889.116885][T16157]  do_syscall_64+0x14d/0xf80
[  889.116907][T16157]  ? trace_irq_disable+0x3b/0x150
[  889.116929][T16157]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.116945][T16157]  ? clear_bhb_loop+0x40/0x90
[  889.116965][T16157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.116980][T16157] RIP: 0033:0x7f720219bf79
[  889.116996][T16157] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  889.117009][T16157] RSP: 002b:00007f7203077028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  889.117026][T16157] RAX: ffffffffffffffda RBX: 00007f7202415fa0 RCX: 00007f720219bf79
[  889.117038][T16157] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  889.117048][T16157] RBP: 00007f7203077090 R08: 0000000000000000 R09: 0000000000000000
[  889.117057][T16157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  889.117067][T16157] R13: 00007f7202416038 R14: 00007f7202415fa0 R15: 00007fff3197ebc8
[  889.117091][T16157]  </TASK>
[  889.117531][T16157] ERROR: Out of memory at tomoyo_realpath_from_path.
[  889.421525][T16161] netlink: 6 bytes leftover after parsing attributes in process `syz.1.3459'.
[  889.491624][T16164] binder: 16162:16164 ioctl c0306201 0 returned -14
[  889.501831][T16164] binder: 16162:16164 ioctl c0306201 2000000001c0 returned -22
[  889.568976][T16167] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  889.605268][T16167] sp0: Synchronizing with TNC
[  889.612094][    C0] 
[  889.614462][    C0] ================================
[  889.619591][    C0] WARNING: inconsistent lock state
[  889.624742][    C0] syzkaller #0 Tainted: G             L     
[  889.630745][    C0] --------------------------------
[  889.635878][    C0] inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage.
[  889.642748][    C0] syz.5.3463/16167 [HC1[1]:SC0[0]:HE0:SE1] takes:
[  889.649201][    C0] ffff888031fe1868 (&dev->spinlock){?...}-{3:3}, at: das16m1_interrupt+0x5e/0x180
[  889.658584][    C0] {HARDIRQ-ON-W} state was registered at:
[  889.664336][    C0]   lock_acquire+0xf0/0x2e0
[  889.668893][    C0]   _raw_spin_lock_bh+0x36/0x50
[  889.673795][    C0]   waveform_ao_cancel+0x8d/0x120
[  889.678926][    C0]   comedi_close+0x27e/0x5e0
[  889.683582][    C0]   __fput+0x44f/0xa70
[  889.687682][    C0]   task_work_run+0x1d9/0x270
[  889.692748][    C0]   exit_to_user_mode_loop+0xed/0x480
[  889.698143][    C0]   do_syscall_64+0x32d/0xf80
[  889.703114][    C0]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.709117][    C0] irq event stamp: 2944
[  889.713276][    C0] hardirqs last  enabled at (2943): [<ffffffff8bb7df2e>] irqentry_exit+0x59e/0x620
[  889.722598][    C0] hardirqs last disabled at (2944): [<ffffffff8bb79763>] common_interrupt+0x13/0xe0
[  889.731990][    C0] softirqs last  enabled at (2912): [<ffffffff897e5136>] __alloc_skb+0x186/0x7d0
[  889.741122][    C0] softirqs last disabled at (2910): [<ffffffff897e5136>] __alloc_skb+0x186/0x7d0
[  889.750254][    C0] 
[  889.750254][    C0] other info that might help us debug this:
[  889.758325][    C0]  Possible unsafe locking scenario:
[  889.758325][    C0] 
[  889.765876][    C0]        CPU0
[  889.769170][    C0]        ----
[  889.772461][    C0]   lock(&dev->spinlock);
[  889.776808][    C0]   <Interrupt>
[  889.780277][    C0]     lock(&dev->spinlock);
[  889.784813][    C0] 
[  889.784813][    C0]  *** DEADLOCK ***
[  889.784813][    C0] 
[  889.793054][    C0] 2 locks held by syz.5.3463/16167:
[  889.798267][    C0]  #0: ffff88807a95a1c0 (&tty->legacy_mutex){+.+.}-{4:4}, at: tty_set_ldisc+0x52/0x560
[  889.807964][    C0]  #1: ffff88807a95a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x6c/0xc0
[  889.817395][    C0] 
[  889.817395][    C0] stack backtrace:
[  889.823301][    C0] CPU: 0 UID: 0 PID: 16167 Comm: syz.5.3463 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  889.823325][    C0] Tainted: [L]=SOFTLOCKUP
[  889.823331][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  889.823343][    C0] Call Trace:
[  889.823350][    C0]  <IRQ>
[  889.823357][    C0]  dump_stack_lvl+0xe8/0x150
[  889.823383][    C0]  print_usage_bug+0x28b/0x2e0
[  889.823409][    C0]  mark_lock_irq+0x410/0x420
[  889.823435][    C0]  mark_lock+0x115/0x190
[  889.823457][    C0]  __lock_acquire+0x661/0x2cf0
[  889.823487][    C0]  lock_acquire+0xf0/0x2e0
[  889.823507][    C0]  ? das16m1_interrupt+0x5e/0x180
[  889.823531][    C0]  ? ktime_get+0x45/0x200
[  889.823546][    C0]  ? seqcount_lockdep_reader_access+0xd4/0x100
[  889.823569][    C0]  _raw_spin_lock+0x2e/0x40
[  889.823590][    C0]  ? das16m1_interrupt+0x5e/0x180
[  889.823612][    C0]  das16m1_interrupt+0x5e/0x180
[  889.823634][    C0]  ? __pfx_das16m1_interrupt+0x10/0x10
[  889.823657][    C0]  __handle_irq_event_percpu+0x227/0x9e0
[  889.823679][    C0]  handle_irq_event+0x8b/0x1e0
[  889.823695][    C0]  ? handle_edge_irq+0x229/0xa10
[  889.823721][    C0]  handle_edge_irq+0x23b/0xa10
[  889.823749][    C0]  __common_interrupt+0x141/0x1f0
[  889.823770][    C0]  common_interrupt+0xb6/0xe0
[  889.823789][    C0]  </IRQ>
[  889.823795][    C0]  <TASK>
[  889.823802][    C0]  asm_common_interrupt+0x26/0x40
[  889.823821][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80
[  889.823846][    C0] Code: f7 e8 ed 11 e8 f5 f7 c3 00 02 00 00 74 05 e8 40 60 13 f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> 64 d8 d9 f5 65 8b 05 bd 2f 86 07 85 c0 74 18 5b 41 5e c3 cc cc
[  889.823861][    C0] RSP: 0018:ffffc9000533fca8 EFLAGS: 00000206
[  889.823877][    C0] RAX: 0000000000000006 RBX: 0000000000000282 RCX: 0000000000000001
[  889.823888][    C0] RDX: 0000000000000006 RSI: ffffffff8e0094b3 RDI: 0000000000000001
[  889.823899][    C0] RBP: 0000000000000001 R08: ffffffff903352b7 R09: 1ffffffff2066a56
[  889.823911][    C0] R10: dffffc0000000000 R11: fffffbfff2066a57 R12: dffffc0000000000
[  889.823925][    C0] R13: dffffc0000000000 R14: ffffffff9a8192e0 R15: ffffffff8f2260e0
[  889.823945][    C0]  uart_write+0x3de/0xa10
[  889.823974][    C0]  sixpack_open+0x677/0x930
[  889.824002][    C0]  ? __pfx_sixpack_open+0x10/0x10
[  889.824030][    C0]  tty_ldisc_open+0xa1/0x100
[  889.824056][    C0]  tty_set_ldisc+0x373/0x560
[  889.824082][    C0]  tty_ioctl+0xc37/0xde0
[  889.824098][    C0]  ? __pfx_tty_ioctl+0x10/0x10
[  889.824113][    C0]  __se_sys_ioctl+0xfc/0x170
[  889.824132][    C0]  do_syscall_64+0x14d/0xf80
[  889.824156][    C0]  ? trace_irq_disable+0x3b/0x150
[  889.824180][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.824197][    C0]  ? clear_bhb_loop+0x40/0x90
[  889.824216][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  889.824232][    C0] RIP: 0033:0x7f720219bf79
[  889.824249][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  889.824264][    C0] RSP: 002b:00007f7203077028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  889.824280][    C0] RAX: ffffffffffffffda RBX: 00007f7202415fa0 RCX: 00007f720219bf79
[  889.824294][    C0] RDX: 0000200000000240 RSI: 0000000000005423 RDI: 0000000000000002
[  889.824305][    C0] RBP: 00007f72022327e0 R08: 0000000000000000 R09: 0000000000000000
[  889.824316][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  889.824327][    C0] R13: 00007f7202416038 R14: 00007f7202415fa0 R15: 00007fff3197ebc8
[  889.824345][    C0]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  889.824443][    C0] comedi comedi3: fifo overflow
[  890.904674][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.001746][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.113438][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.171183][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.292026][   T13] bridge_slave_1: left allmulticast mode
[  891.298029][   T13] bridge_slave_1: left promiscuous mode
[  891.303770][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  891.313053][   T13] bridge_slave_0: left allmulticast mode
[  891.320464][   T13] bridge_slave_0: left promiscuous mode
[  891.326522][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  891.448276][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  891.458772][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  891.468648][   T13] bond0 (unregistering): Released all slaves
[  891.682121][   T13] hsr_slave_0: left promiscuous mode
[  891.688196][   T13] hsr_slave_1: left promiscuous mode
[  891.694089][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  891.703138][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  891.711571][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  891.721211][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  891.737558][   T13] veth1_macvtap: left promiscuous mode
[  891.743087][   T13] veth0_macvtap: left promiscuous mode
[  891.748832][   T13] veth1_vlan: left promiscuous mode
[  891.754118][   T13] veth0_vlan: left promiscuous mode
[  891.893557][   T13] team0 (unregistering): Port device team_slave_1 removed
[  891.909407][   T13] team0 (unregistering): Port device team_slave_0 removed
[  892.234623][   T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  892.279420][   T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  892.324668][   T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  892.394013][   T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  892.497876][   T13] bridge_slave_1: left allmulticast mode
[  892.503578][   T13] bridge_slave_1: left promiscuous mode
[  892.511435][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  892.522977][   T13] bridge_slave_0: left allmulticast mode
[  892.529505][   T13] bridge_slave_0: left promiscuous mode
[  892.536841][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  892.629508][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  892.639393][   T13] bond0 (unregistering): Released all slaves
[  892.947535][   T13] hsr_slave_0: left promiscuous mode
[  892.953432][   T13] hsr_slave_1: left promiscuous mode
[  892.961246][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  892.974644][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  892.983058][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  892.990844][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  893.002043][   T13] veth1_macvtap: left promiscuous mode
[  893.008120][   T13] veth0_macvtap: left promiscuous mode
[  893.013810][   T13] veth1_vlan: left promiscuous mode
[  893.019422][   T13] veth0_vlan: left promiscuous mode
[  893.142260][   T13] team0 (unregistering): Port device team_slave_1 removed
[  893.160226][   T13] team0 (unregistering): Port device team_slave_0 removed
[  893.470771][   T13] IPVS: stop unused estimator thread 0...