last executing test programs:

13m49.862762522s ago: executing program 1 (id=634):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r0, &(0x7f0000000500)=ANY=[@ANYBLOB], 0x8)

13m49.679021059s ago: executing program 1 (id=636):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x840)

13m49.50423453s ago: executing program 1 (id=638):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg$inet(r0, &(0x7f0000007100)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000100)="fc0403b7dabe343c8e7c6dc48ad4afa0bb691363c12ef3ad4d79e7665d38bf0e1fa2655b5ac03cd1737d4ef712bcb6a55f242d269855afc658665cb94a37bdd35119676d26d6475b9e2ecab517df2e0b1d83b3e4a550b529004788dd1822659a52c71d9df8e88e7fa4ce20e98d20ec2bbba326d8163c5480b2b4a98b4e658fb5f9", 0x81}, {&(0x7f00000001c0)="f096c2f1e8607ebb599c27ee455bc0391050aa6689ab99853dc39072ed3f010da5b86cb4244639f1633edb12570a4b814a186925cb82ca22df8ba2158f8d15bf06a6636e2a0398ec877aaef668d67bd413b5bc21d9bad878c8e4d5ba75e401a300cc0a88675330cbfc65784c5e1703edfa4af15fe1c39a7110f05614e039b31d26e98e192bb32b4b4a1747caf5c75fce6a442bdbadde20475c0d8f4fd6ff16f2d83e47d201257b2b1e0361d3763aa73d6a88cb6eea0241342bd2", 0xba}, {&(0x7f0000000280)="fa68117778b59f9d40f41f6d097ff3cfe559c704722f306d7467d616c4", 0x1d}, {&(0x7f00000002c0)="f99cc6344a617d0212008e0f1c2c5994914291c769399b7a55f45c99daf78176765dfcfb6602b6fa0c3ec6b6141589aa0952d61221c912bd8003df0f55e77e2d18741b1ebd4fa4db99e8e8bba706225644851ce876b637c4dbb87015bf8282d8f5a0dd5fc99cb02c43fc17a974b1c2c3620bfb07297e7683b5e52ec65611aad081e017e7100f5ba8fc937f7079de8ace46a16f65fc2acc2dd0c6bddeae3cc8725cc59c35d57e6848c335b3aa38422c53c3d98bcc4928545adfa3", 0xba}, {&(0x7f0000000380)="91c40597846f8a982b7d0b97e93d00955b41f610ee37c27853ca6fd990f9f2574ad41d6a0977e2d954410e8ab7e08274e20a344d1af0b498350587c90c51c63b8a7bf7d39c338538afbeadda39f1abc5640c30ce5c5ef428f8aff6ea795ec7cf2a4bfcfaed9d51043aac19c94c0719508057a5a49df552aa2d5a1c56c588fe73e866a2117779ad5a7d684187361abf3e600402e0fd196cd3e74fec6377000b214159e973e27d0577f55b06e5c4469001ea3d26ffcdb719b4494e65d6cf4b7c382aaab3441dfc92ca1b66d702703ecbed44570691baf167927799074182d04201ebcbcacf534728d1b14f1367c22afbb9c094d2bddd0fb49efa4aeb13e6143f4c4ed2b96883df3230b85358f3cc2abaf255f99a816c972546ba0438e40fb121d64fd026f8b3ee03cd01ba1ea0a58c5e6ba4a8eb205804c1d4383504a9fbc7d1d889c343e76a41da42b260b8b21557680e06804257a10678b1135d9dcd2195fe3b153a0c47c1349d3cfafad47216976229a2a086a43757251d7225af5afd78d927ae9d510eb5146e074aca9b117533927d67b84bfbd87bebdc8aeadca85e4cdf10041bfd9fa73264cd51ea62ecf2871c387bd6eb2c04a9e73e1270b0fa425e21888361b483fcc91e1c6a445aa49c866092c2d4b3051a301e5cdcd8e7dbe27f93b26c72707aacd8", 0x1e6}, {&(0x7f00000018c0)="9cde8b1142ff10cad4", 0x9}], 0x6}}], 0x1, 0x4888a)

13m49.27580656s ago: executing program 1 (id=640):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x24008084, &(0x7f00000001c0)={0xa, 0x2, 0xdfff, @loopback, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
shutdown(r0, 0x1)

13m48.998790734s ago: executing program 1 (id=642):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @remote, 0x40, 0x0, 0x0, 0xfffffffe}})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x24004000)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, 0x0)

13m48.833670657s ago: executing program 1 (id=643):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, 0x0, 0x0)

13m37.0116014s ago: executing program 32 (id=591):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000001200))
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d})
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000300)={0x10000000})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000600))

13m34.083069261s ago: executing program 33 (id=632):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB], 0x128}, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)
close(r1)

13m33.947601411s ago: executing program 34 (id=641):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)

13m33.556656217s ago: executing program 35 (id=643):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, 0x0, 0x0)

5m16.985055778s ago: executing program 7 (id=3122):
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0xfffffff7)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000010c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}})
socket$inet_tcp(0x2, 0x1, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}}, 0x14)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
read$FUSE(r0, &(0x7f0000004280)={0x2020}, 0x2020)

5m16.418270229s ago: executing program 7 (id=3124):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
r1 = getpgid(0x0)
rt_sigtimedwait(&(0x7f0000000000)={[0x8000000000000000]}, 0x0, &(0x7f0000000040), 0x8)
r2 = syz_pidfd_open(r1, 0x0)
pidfd_send_signal(r2, 0x21, 0x0, 0x4)

5m16.162980888s ago: executing program 7 (id=3126):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000240), 0x2, 0x9}}, 0x20)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000280)={0x16, 0x98, 0xfa00, {&(0x7f0000000000), 0x0, r2, 0x10, 0x1, @in={0x2, 0x4e20, @private=0xa010100}}}, 0xa0)

5m15.975909337s ago: executing program 7 (id=3128):
r0 = syz_open_dev$vim2m(&(0x7f0000000340), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x12, 0x0, 0x0, "18e889d15b38429faa8ff62438eaed752e68f3a6d09382b392b049e33958b16c", 0x47504a4d})
mkdirat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1c0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}}, './file0/file0\x00'})
r4 = getgid()
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
socket$inet(0x2, 0x4000000000000001, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESOCT, @ANYRES16=r5, @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f0000008200)={0x2020, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_INIT(r7, &(0x7f0000000100)={0x50, 0x0, r8, {0x7, 0x2b, 0x0, 0x100, 0x0, 0x4, 0x7, 0x80000a15, 0x0, 0x0, 0x4, 0x6}}, 0x50)
write$FUSE_ENTRY(r1, &(0x7f0000000480)={0x90, 0x0, r8, {0x0, 0x1, 0x2, 0x8000, 0x9, 0x7, {0x6, 0x89, 0x7, 0x82e9, 0xfffffffffffffffd, 0x66, 0x1, 0x7f, 0x9, 0x0, 0x1, r2, r4, 0x8, 0x446f}}}, 0x90)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4f)
mount$bind(&(0x7f0000000240)='./file0/../file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x111091, 0x0)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
r9 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r9, 0x4020565b, &(0x7f0000000100)={0x6, 0x6})
pivot_root(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00')
r10 = socket(0xa, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000040)={0x802, 0xfffffffe, 0x3, 0x1}, 0x10)
r11 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r11, &(0x7f0000000780)=[{&(0x7f0000000440)="4d2e2e5c8bdc018d531b71", 0xb}], 0x1)
sendmsg$nl_generic(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000005200010003000000000000000a0000000c00", @ANYRES32=r10], 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0xc0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r6, 0x54a2)
r12 = getegid()
setresgid(r3, r4, r12)

5m15.551852914s ago: executing program 7 (id=3130):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000400)="d8000000180081054e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a8001600200003401c000200035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000500)="4274aa", 0x3}, {&(0x7f0000000600)="1a13a7837ea8ca56a91f616de628b8b1b210", 0x12}], 0x2}, 0x41)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x1, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000b40)={'syz0\x00', {0x7, 0x8001, 0xb, 0x3}, 0x3a, [0x8, 0x40, 0xf, 0x101, 0x5, 0x457, 0xc951, 0x9, 0x7, 0x5, 0x2, 0xf, 0xd8b681d, 0x7, 0x8001, 0x401, 0xc9c3, 0x400, 0x431a5f4b, 0x8001, 0x1000, 0x1, 0xf, 0xb1, 0xe0c8, 0x10000709, 0x10001, 0x2, 0x9, 0x4, 0x2, 0x1000, 0x80000001, 0x55, 0x9, 0x7, 0x5, 0x1, 0x6, 0xffff, 0x7fff, 0xa8b, 0x257, 0x6, 0x1, 0x6, 0x1, 0x4, 0x5, 0x1, 0x80, 0x3, 0x9, 0xff, 0x25, 0x2, 0x80000000, 0x8, 0x7, 0xff, 0x8, 0x9, 0x7, 0x51c8], [0x7, 0x6, 0x7ff, 0x2, 0x1, 0xb4, 0x4, 0x7, 0x3, 0x8, 0x4, 0x1, 0x8, 0xffff, 0x9, 0xfffffbb7, 0x5, 0x4, 0x9, 0xfffff27b, 0x7fff, 0x79, 0x6, 0x8, 0xf, 0x100, 0x4, 0x10, 0xfffffffd, 0xf9, 0xfb, 0x60000000, 0xfffffff6, 0x35e, 0x3, 0x10000, 0x9d2, 0x1, 0x7f, 0xa, 0xa7, 0xad1, 0x9, 0x4, 0x4, 0x5, 0x5, 0xfffffff8, 0x1, 0x9a31, 0x2, 0x4, 0x8, 0x0, 0x8, 0x8, 0x5ba, 0x7, 0x2, 0x5, 0x800, 0x1, 0xffff, 0x8], [0xcde, 0x75, 0x1, 0x7, 0x0, 0x2, 0x30, 0x2, 0x5, 0x200, 0xa9b, 0x40, 0x3, 0xc, 0x3, 0xce, 0x1, 0x4, 0x9, 0x7, 0x2, 0x0, 0x1, 0x2, 0xff, 0x8, 0x8, 0x6, 0xffff, 0x40, 0x9a05, 0x9, 0xd38, 0x8, 0x4040, 0x400, 0xe, 0x2600000, 0x0, 0x3, 0x80000001, 0x7fff, 0x1, 0x8b8b, 0x6, 0x200, 0x1, 0x40, 0x2, 0x1, 0x6, 0xe8d6, 0xe, 0x80, 0x0, 0x80, 0x800, 0x9, 0x3ff, 0x6, 0x0, 0x7fffffff, 0xfffffffe, 0x9], [0x6, 0x8, 0x9, 0x4, 0x1, 0x0, 0x4, 0x2, 0x5, 0x6, 0x2, 0x8, 0xffffff7f, 0xfffffffc, 0x6, 0x1, 0x6, 0xfff, 0x2, 0x58c, 0x7, 0x7, 0x400, 0x10001, 0x2, 0x5, 0x1, 0xb, 0x4, 0x5, 0x7, 0x8001, 0x1, 0x401, 0x2, 0x1, 0x2, 0x5, 0x2, 0x829, 0x7, 0x7, 0x61, 0x1, 0x3, 0x2, 0x5, 0x6, 0x5, 0x5, 0xff, 0xfffff36d, 0x9, 0x1ff, 0x0, 0x56, 0xe9, 0x5852, 0x8001, 0x1, 0x5, 0x1, 0x8000, 0x3ff]}, 0x45c)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x0, "f4ffffff"}, 0x20000000, 0x1, {0x0}})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x5, 0x12)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x40)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f00000007c0)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18", 0xf72}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

5m14.521981619s ago: executing program 7 (id=3134):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 1)

5m14.018501582s ago: executing program 36 (id=3134):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000100)={0x2, 0x40000105, 0x0, 0x0})
ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 1)

2m51.217181406s ago: executing program 8 (id=3631):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7040010000000f00000005002e000000000008", @ANYRES32=r2], 0x2c}}, 0x18)

2m51.001024569s ago: executing program 8 (id=3633):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$SG_GET_TIMEOUT(r0, 0x2202, 0x0) (async)
r1 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) (async)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x1fe, 0x1, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r3 = fsmount(r1, 0x0, 0x0)
fchdir(r3) (async)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)

2m50.555486792s ago: executing program 8 (id=3639):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x7fffffff, 0x40380)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000b40), r1)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000000)={0x34, r2, 0x209, 0xe0bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x8140}, 0x10)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000180)={0x0, 0x9})

2m50.236648461s ago: executing program 8 (id=3641):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7040010000000f00000005002e0000000000080003", @ANYRES32=r2], 0x2c}}, 0x18)

2m50.001181634s ago: executing program 8 (id=3643):
r0 = syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$uac3(r0, 0x0, 0x0)

2m49.320001415s ago: executing program 8 (id=3648):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, 0x0, 0xc01, 0x34)
write$binfmt_aout(r1, 0x0, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, &(0x7f0000000180)={0x0, 0x101, 0x3})
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
process_mrelease(r3, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f00000006c0), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r4, &(0x7f0000000040)={[{0x2b, 'cpu'}]}, 0x5)
setsockopt(r0, 0x0, 0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x48, 0x2, 0x6, 0x5, 0xa, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000006c0), 0x1a0001)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000300)={{0x0, 0x2, 0x3}})
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000340)={0x750, 0x0, 0x0, 'queue0\x00', 0x5})
ioctl$EVIOCGKEY(r3, 0x80404518, &(0x7f00000000c0)=""/6)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r6, 0x54a0)

2m34.094162493s ago: executing program 37 (id=3648):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat(0xffffffffffffff9c, 0x0, 0xc01, 0x34)
write$binfmt_aout(r1, 0x0, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, &(0x7f0000000180)={0x0, 0x101, 0x3})
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
process_mrelease(r3, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f00000006c0), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
write$cgroup_subtree(r4, &(0x7f0000000040)={[{0x2b, 'cpu'}]}, 0x5)
setsockopt(r0, 0x0, 0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)={0x48, 0x2, 0x6, 0x5, 0xa, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x48}}, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000006c0), 0x1a0001)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000300)={{0x0, 0x2, 0x3}})
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000340)={0x750, 0x0, 0x0, 'queue0\x00', 0x5})
ioctl$EVIOCGKEY(r3, 0x80404518, &(0x7f00000000c0)=""/6)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r7, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r6, 0x54a0)

2m28.661929639s ago: executing program 4 (id=3747):
r0 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r0, &(0x7f00000020c0)={&(0x7f0000000640)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10, 0x0, 0x0, &(0x7f0000001e40)=[@mask_cswp={0x58, 0x118, 0x9, {{0x7f, 0x3}, 0x0, 0x0, 0x7, 0x4, 0xffffffff, 0x3, 0xc, 0x7}}], 0x58, 0x20008011}, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
add_key(&(0x7f00000000c0)='rxrpc\x00', 0x0, &(0x7f0000000140)="0000000000000040ff6943b8004104bfeacd00"/32, 0x20, 0xfffffffffffffffb)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$UI_SET_PHYS(r2, 0x4008556c, &(0x7f0000000000)='syz0\x00')
syz_open_dev$vim2m(&(0x7f0000000040), 0x4, 0x2)
setuid(0xee00)
r3 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r3, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000018c0)={0xe0, 0x11, 0x509, 0x0, 0x0, "", [@nested={0xc9, 0x9c, 0x0, 0x1, [@nested={0x18, 0x61, 0x0, 0x1, [@typed={0x14, 0xd7, 0x0, 0x0, @ipv6=@private0}]}, @typed={0x8, 0xe9, 0x0, 0x0, @uid}, @typed={0x8, 0xb7, 0x0, 0x0, @ipv4=@local}, @generic="46e16f7519cabb74e75f5284a7644ee2669cf260d7ee8a72b1d2136dd2cf8f62ab5e0a5db5c620d94653ffcf494387a7cace4f6db5809d7bfd444c39f08538cf4ab4867900a34e58819453bee4b96fc4da12184791474d35fe57ec181883bcd4803ca788a4adfedaaf47763633fea932df1a5ecc8e402f4288d8b2085e457fcdfcac92fab90e27f24d8a1494fb4e35fe93ff248cd58762e1ca3a5ba1c5"]}, @typed={0x4, 0x12c}]}, 0xe0}], 0x1}, 0x0)
write$tun(r2, &(0x7f00000003c0)={@void, @void, @mpls={[], @ipv6=@tipc_packet={0x3, 0x6, 'Z\vB', 0x44, 0x6, 0x0, @empty, @mcast1, {[@srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x50, 0x273, [@mcast1]}], @payload_mcast={{{{{{0x2c, 0x0, 0x1, 0x0, 0x0, 0xb, 0x0, 0x2, 0x5, 0x0, 0x57082eceb02ffff2, 0x4, 0x1, 0x1, 0x8, 0x4, 0xa, 0x4e22, 0x4e24}, 0x0, 0x2}, 0x1, 0x4}, 0x1}}}}}}}, 0x6c)

2m28.343969887s ago: executing program 4 (id=3749):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x5, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c35130000", 0x0, 0x0, 0x30520cf7f25f0c64, 0x0, 0x0})

2m28.26202537s ago: executing program 4 (id=3750):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x84009422, &(0x7f0000000040)={0x0, 0x0, {}, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000440), 0x220cc2, 0x0)
cachestat(r2, &(0x7f0000000480)={0xa, 0x8}, &(0x7f00000004c0), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000500), &(0x7f0000000540)=@md5={0x1, "a776a79fe07d62ff15a27968dc4f8f9e"}, 0x11, 0x0)
close_range(r1, r1, 0x2)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000580), 0x701000, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020, 0x0, <r4=>0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000002600)={0x50, 0x0, r4, {0x7, 0x2d, 0x2, 0x18100, 0x100, 0x9, 0xfffffffa, 0xa, 0x0, 0x0, 0x80, 0x53}}, 0x50)
connect$pppl2tp(r3, &(0x7f0000002680)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x1, 0x2, 0x1, 0x0, {0xa, 0x4e20, 0x8, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x3}}}, 0x3a)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000026c0)={0x0, 0x3})
mmap$usbfs(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000008, 0x10, r3, 0x7ff)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r3, &(0x7f00000027c0)={&(0x7f0000002700)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000002780)={&(0x7f0000002740)={0x24, 0x1407, 0x20, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20048004}, 0x20004805)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002840), r3)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002880)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r3, &(0x7f0000002940)={&(0x7f0000002800)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000002900)={&(0x7f00000028c0)={0x3c, r6, 0x300, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_KEY_CIPHER={0x8}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4840}, 0x4000001)
write$cgroup_freezer_state(r3, &(0x7f0000002980)='FREEZING\x00', 0x9)
tkill(r5, 0x2b)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002a00), r3)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000002ac0)={'syztnl0\x00', &(0x7f0000002a40)={'syztnl2\x00', <r9=>0x0, 0x2f, 0x0, 0xf4, 0x8, 0x20, @rand_addr=' \x01\x00', @private2, 0x0, 0x10, 0xffffffff, 0x3}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000002b80)={'syztnl0\x00', &(0x7f0000002b00)={'sit0\x00', <r10=>0x0, 0x40, 0x7800, 0x5, 0xffffffff, {{0xd, 0x4, 0x3, 0x39, 0x34, 0x67, 0x0, 0x10, 0x29, 0x0, @loopback, @multicast1, {[@lsrr={0x83, 0xf, 0xc8, [@broadcast, @private=0xa010102, @private=0xa010102]}, @timestamp={0x44, 0x10, 0x64, 0x0, 0xa, [0x401, 0x4, 0x4]}]}}}}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000002bc0)={'pimreg1\x00', <r11=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000002c00)={'team0\x00', <r12=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000002cc0)={'ip6_vti0\x00', &(0x7f0000002c40)={'syztnl0\x00', <r13=>0x0, 0x4, 0x80, 0x9, 0x9, 0x25, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x40, 0x8000, 0x7, 0x2}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000002d00)={'vxcan1\x00', <r14=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000002d40)={'batadv0\x00', <r15=>0x0})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000002e40)={'erspan0\x00', &(0x7f0000002d80)={'tunl0\x00', <r16=>0x0, 0x40, 0x80, 0x7c, 0x200, {{0x21, 0x4, 0x2, 0x5, 0x84, 0x64, 0x0, 0x70, 0x0, 0x0, @private=0xa010101, @rand_addr=0x1, {[@cipso={0x86, 0x14, 0x3, [{0x0, 0xe, "928522754da35dcb2f06276a"}]}, @noop, @cipso={0x86, 0x18, 0x3, [{0x7, 0x12, "89e663a1a20ad43e1a88c0656f784fbe"}]}, @cipso={0x86, 0x39, 0x0, [{0x7, 0x2}, {0x2, 0x8, "44ad90852f3b"}, {0x0, 0x11, "71394a2baeae825a45f8f52dd756da"}, {0x2, 0x6, "fc5661bd"}, {0x6, 0xa, "3d32469f122a8a38"}, {0x5, 0x8, "f1c0a625cf96"}]}, @timestamp={0x44, 0x8, 0xb0, 0x0, 0x4, [0x6]}, @noop]}}}}})
getsockname$packet(r3, &(0x7f0000002e80)={0x11, 0x0, <r17=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000002ec0)=0x14)
sendmsg$ETHTOOL_MSG_EEE_GET(r3, &(0x7f0000003180)={&(0x7f00000029c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000003140)={&(0x7f0000002f00)={0x210, r8, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}]}, @HEADER={0x8c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r17}]}, @HEADER={0x4}]}, 0x210}, 0x1, 0x0, 0x0, 0x40011}, 0x4804)

2m28.120015545s ago: executing program 4 (id=3751):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_NG_MODULUS={0x8, 0x2, 0x1, 0x0, 0xffffff3e}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0)

2m27.737932634s ago: executing program 5 (id=3753):
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r1], 0x3c}, 0x1, 0x0, 0x0, 0x8800}, 0x10)

2m27.713376596s ago: executing program 4 (id=3754):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='mpol=interleave:2-2:2/'])
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect(r0, &(0x7f0000000500)=@in={0x2, 0x1, @private=0xa010102}, 0x80)
open$dir(&(0x7f0000000740)='./file0\x00', 0xc0000, 0xa2)
r1 = socket(0x0, 0x6, 0x3)
syz_usb_connect$uac3(0x0, 0x8b, &(0x7f0000000100)=ANY=[@ANYBLOB="120150020000004082057d0040000102030109027900030154100c080b020101003005090400000030000a2401ff0a00000000000904010000010230000904010101010230000b240201810102029dcaa30905010900000709070a2525000500000107000904020000010230000904020101010230000905820900041907030a25251000000002000087a70b11de1525adb95669cc4caa5809adad68e57c7bca2f0400000000000000f04870b533fe61504744f92dbb51138998049c263e5a31d3965b9162e24d910ca98d7a6b309cb9caa42db70dc899ebfdbf7ad91af45e72269e9f2f3e2e4453b751bc93c3df7da8a65561b1c6c8ef545761df621bee62bea0e322a60000"], &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0})
getsockopt$XDP_MMAP_OFFSETS(r1, 0x11b, 0x1, &(0x7f0000000040), &(0x7f00000000c0)=0x80)
syz_usb_connect(0x0, 0x48, &(0x7f0000000a40)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0990102030109023600010000000009047500038cbb2a0009050a00100001000009058803"], 0x0)

2m27.413430824s ago: executing program 5 (id=3755):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='msdos\x00', 0x200000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x8101, 0x0)
ioctl$sock_bt_bnep_BNEPCONNADD(r3, 0x400442c8, &(0x7f0000000440)=ANY=[@ANYRESOCT=r2, @ANYBLOB="01000000008056e5fc7917ffd3b352232e87302618c7f6a12bb5c2d7a3bb01f9290cb2f9c4fa80ffe0f6435fb1fafb77c344e66f6ad10e5bc16d68ce573375f82a2e527195debfa6522e76230fd6a20e4f4ba0c3e22ee460836bc43f426694460e6fc7275cba4ec1f6fc35f104ebedbec62f0b2c466492c12a591601d3e8d4cc96169227716a09d7f0b5234e274f5e5453357350e5abb2e8a24441e966fa679e60e6b26ea933403a93f7ee53078746d5b74170bb5e67a9419183408cdb817c0f3df8a5aea18f0b7e9e89ecf41b5bd81df2d53f2f175c5327091cc14600e4e576497a98996a128473db135829824b0e27eef2856669881155a3aa66eb9deafc45"])
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r2, &(0x7f0000000200)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x4e24, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xfffffff7}}}, 0x38)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r4, 0x0)
r5 = accept4$x25(r4, 0x0, &(0x7f00000000c0), 0x800)
ioctl$SIOCX25SDTEFACILITIES(r5, 0x89eb, &(0x7f0000000100)={0x8, 0x7, 0x3f, 0x85, 0xc, 0xff, 0x18, "e758cae9ffed00010000b24000", "39e80000000000000000e30300"})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000000)={0x18, r1, 0x100000001, 0xe7a2})

2m26.360022487s ago: executing program 5 (id=3756):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="1b1b", @ANYRES32=r0])
ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, &(0x7f0000000000)=0x81)
r3 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040), 0x10)
listen(r3, 0x0)
r4 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
write$binfmt_elf64(r4, 0x0, 0x254fe)
r5 = syz_usb_connect(0x0, 0x17d, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000fa5c531046084010c9d00102030109026b0101000000000904620202436f1f0009050802100000fa00cd08dfa9a5fd67f84bd21113acd7fc0e3b35824deb14c9ec5d483d62169d56171de8bc4bc98d302e503f95cf970fcea2490ec47e33f438ea21d7203978d5e2904b6966f7096cf08bba8ddb7691bcbc9ce2c5760af21822ed33fc12b88222be6b3b70d8595ba08893f644fa53c1c55ad648952a80f17ece8bff775682c9a5167111725b5484fd0ab5d334dcfbe28eb0e02bd0fa90c776e4997388fc9442fd3e8657ac92601fd61a184cf49d513b7bf7cdcebe6423101690e5269a5b2be351ef182d84744d9664f21b1c4bd8c72c0905820240"], 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000200)={0x14, &(0x7f00000000c0)={0x40, 0x8, 0xd7, {0xd7, 0x11, "8f053149335115326a32b0e31a3d3f58049c9b6176f40abe9fc3ec1dfc93cee23ab691f63decb92640cfd791ab07ba7af78e2c4329260f728637dfe0603398b8b0cd67323ff01b997a4f481cc01d9dba510f1b8fd644dc691bb5c99771e04b591f489b21d05ab88b8fbed0558cab536be6edc02ad189f674a75ce459425ced182408391df5d624d1a890f1d2d32a8f3799af4b7c05149e92e550a93e57516bf6babc9259871373f23b6fd6937a92fd1415f823a375e35a0f094278f487466e0467bf3c9cc9ecf114d50fbb4afee62a60ef719bff89"}}, &(0x7f00000001c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000600)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="002f4400000093c05fb9dc61bf97f0f59f35027b6e9f52b3bd7268454f71442a0e2d01ea750946c1b35a05008cf47618525e389311e3720a28dfd4b8a436a3ef1e257b31304f72db9f1f"], &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000340)={0x20, 0x80, 0x1c, {0x3, 0x4a9, 0x5a, 0x6, 0x9, 0x82, 0x2800, 0x5, 0x562, 0x80, 0x6, 0x6}}, &(0x7f0000000380)={0x20, 0x85, 0x4, 0x5}, &(0x7f00000003c0)={0x20, 0x83, 0x2}, &(0x7f0000000400)={0x20, 0x87, 0x2, 0xfff9}, &(0x7f0000000540)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$cdc_ecm(r5, 0x0, 0x0)

2m26.136362449s ago: executing program 4 (id=3757):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x406, r0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f00000022c0)={0x4002})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000002280)={0x20000008})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f00000002c0)={0xa0000013}) (fail_nth: 1)

2m23.575550026s ago: executing program 5 (id=3759):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000040), 0xfffffffffffffffb, 0x0)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240), 0x80880, 0x0)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000700)={0x9, @pix={0x202, 0x8000, 0x3234564e, 0x9, 0x6000000, 0x1, 0x0, 0xfeedcb00, 0x3, 0x3, 0x2, 0x2}})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
pipe2(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x84080)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0x1, 0x51, 0x0, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000200)={0xf0f024})
ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f0000000540)={0x2, @vbi={0xffffffff, 0x7, 0x100, 0x494e4f4b, [0x0, 0x4], [0x3, 0x5], 0x1}})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_int(r7, 0x29, 0x4c, &(0x7f0000000000)=0x3, 0x4)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fdd000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, 0x0}], 0x1, 0x74, 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000440)={0x2020}, 0x2020)
ioctl$KVM_SET_NESTED_STATE(r5, 0x4080aebf, &(0x7f0000005700)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x0, {0x2}}})

2m22.359236844s ago: executing program 5 (id=3763):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0x20000, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'das16m1\x00', [0x2, 0x2, 0x7fffffff, 0x1, 0x2f, 0x7ff, 0xf1, 0x2, 0x80ffa, 0xd, 0x400001, 0x8500, 0x1006, 0x1000004, 0xf, 0xc, 0xffffffa8, 0x7ffffffd, 0x1ff, 0x9ea, 0xe, 0x40000, 0x8, 0x4, 0x1, 0xf, 0x5, 0x8, 0x0, 0x3, 0x7ffd]}) (fail_nth: 1)

2m21.818622523s ago: executing program 5 (id=3764):
r0 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = epoll_create1(0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x6}}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xa0}, 0x1, 0x0, 0x0, 0xd696e83fcf4684a}, 0x4000)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x2000001c})
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000004200)={0x2020, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
capget(&(0x7f0000000080)={0x20080522, r6}, &(0x7f00000000c0)={0x1, 0xd4c, 0x4, 0x80000, 0x20b8, 0x100})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})

2m11.068382696s ago: executing program 38 (id=3757):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = epoll_create1(0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = fcntl$dupfd(r1, 0x406, r0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f00000022c0)={0x4002})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000002280)={0x20000008})
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r2, &(0x7f00000002c0)={0xa0000013}) (fail_nth: 1)

2m6.428215926s ago: executing program 39 (id=3764):
r0 = epoll_create1(0x80000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = epoll_create1(0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}}, @NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x14, 0x16, 0xa, 0x3, 0x0, 0x0, {0x1, 0x0, 0x6}}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x5}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0xa0}, 0x1, 0x0, 0x0, 0xd696e83fcf4684a}, 0x4000)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x2000001c})
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r5, &(0x7f0000004200)={0x2020, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
capget(&(0x7f0000000080)={0x20080522, r6}, &(0x7f00000000c0)={0x1, 0xd4c, 0x4, 0x80000, 0x20b8, 0x100})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})

1m55.58778647s ago: executing program 9 (id=3834):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYNAME(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0xe, 0x6, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0xc090)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x1, 0x4, 0x201, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x1b02}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20004004}, 0x4000)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
shutdown(r1, 0x1)
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x44, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
preadv2(r8, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x1b)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)={0x4c, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_FRAME={0x2e, 0x33, @action={{{}, {0x7ffc}, @device_b, @device_a, @initial, {0x0, 0x2}}, @channel_switch={0x0, 0x4, {{0x25, 0x3, {0x0, 0x1}}, @val={0x3e, 0x1}, @val={0x76, 0x6, {0x9d, 0xf7, 0x22, 0xf92}}}}}}]}, 0x4c}}, 0x200048c0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$TIOCMBIS(r9, 0x5416, &(0x7f00000001c0)=0x3)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r11=>0x0})
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcb, 0x0, &(0x7f00000002c0))
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)

1m53.945140415s ago: executing program 9 (id=3835):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) (fail_nth: 1)

1m52.517421157s ago: executing program 9 (id=3839):
r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000000c0)={'syz', 0x3}, &(0x7f0000000900)="9498c952f63e4d99b82528549bc9f2f94ffa96a51e39cb8423a4e324bcaa97ddba1d9314f5b66483bdb57ca9e2116f79b6de067f3a0ea8cd217e2319f23c5725a916ff1d44cc438be99586810bc16d988df349b0f09315d6ba7bab6b930dc46113db28a0fd039b54e50a907b6a6e9bbb3b6d4b01a1eb683d942a7b6277b664d7d03d6e14389025515007e1f2e235dd52c28432e8fd7a7396e05f363a20dff8d39bbcc0265afe8bf156057b6a99ff8dff265224a5663ce3ea13d878762064d3adda1bc98f923b68e131c20c9d22c3f791898c47fa35765d830edcafbc5ce230c2011128c2469b5729b216861a82d6908d0c9cccc7722e7b9c24169a9352231c8def61a6a985f6b9588352aa6d26958c1a2b5da6ba8b7ee91594e9e7dcf4bd9266ce459a4629467fe8583de51156b88544", 0x130, 0xfffffffffffffffb)
r2 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000000840)="3e12d23d", 0x4, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha256\x00'}})

1m52.22393944s ago: executing program 9 (id=3840):
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000440), 0x103501, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000480)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x1, r1, 0x0, 0x2, 0xc})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r4 = add_key$user(&(0x7f0000000040), &(0x7f0000002340)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r5 = userfaultfd(0x801)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d1)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='nr_inodes=1'])
chdir(&(0x7f0000000300)='./file0\x00')
r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', &(0x7f0000000140)={0x4f4c82, 0x5c, 0x8}, 0x18)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r7, 0x4b67, &(0x7f00000000c0)={0x0, 0x0})
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x400})
ioctl$UFFDIO_CONTINUE(r5, 0xc028aa05, &(0x7f0000000140)={{&(0x7f0000032000/0x4000)=nil, 0x4000}, 0x1000000})
r8 = socket$phonet(0x23, 0x2, 0x1)
getpeername(r8, 0x0, &(0x7f0000000380))
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, 0x0, 0x20)
sendto$inet6(r3, &(0x7f0000000100)="e27fe684a972044eca82f9a22d458cca8a2b4f129a7c79455ca019df48e681584f7ebd834875e52e68fb84caa9992adbd220af171231ecc88a77dbe79ffec68e346fb087edb05a76fbad103a3783dd4200c91fc59b9687acacc97b4842a5aca98a8a26aaf034fd4662b89fba5c150e54a9f30f852543c6aa98b873d85d1632f1aba93219e13ab8cb147b", 0x8a, 0x4000085, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
mkdirat(r6, &(0x7f0000000400)='./file0\x00', 0xa)
r11 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r11)
ptrace$pokeuser(0x6, r11, 0x358, 0x2)
r12 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000380), 0x740443, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r12, 0xc0189378, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r6, {<r13=>r10}}, './file0\x00'})
prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0xffffffffffffffff)
sendmsg$unix(r9, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRESHEX=r2, @ANYRES32=r13, @ANYRESOCT=r10, @ANYRES16=0x0, @ANYRESDEC=r4, @ANYBLOB="23ef3515027281073d235a4f0cb5bed5a5e5b9d275b8a10eb1e588bf6e4d4cf9a059c12b37eb35dbd66a20d27894233b77f759dd8dcfb606cdfe3f7962e4dea26ef394a52ad879eac386741aef7bf0ae16640d560e4ee971d17fd04c259cdb45a9e3f237a33bac18add424521d5126333f629da10cb1363049dbcac5ff1a2163d5852991f92423ad6cd26d1e1a05d761b74da88ec6401598bfe527564f782ffa8743868424150f34d8a424e088f8e9445d8662c6494fb69c6dc5bcecf83106b38eefb9362906bc9aadd777f6dac79822eadc994dec13e7728cae270602acfd070e", @ANYBLOB="55059888dd7bd78c9d92f991d802a10c41b3b0128289dac0ed8fecf32bb67448ea8b74a46d17c80bf4db79b6ba81066706ae1bb4211e5d121a203161c615b293fbdcc9ae0681c6b4d6f49acc6f86e14beb490713abb9c8c5901ad541c063fc90a4ce708fe2a4566c0c39c31bc0d3c5f0b4723ef07d9a291f21d2e3ae9b77ae917a3a42663d6f49f988379ffc9b7b0aeaa443edce8ee8ed0acee471be81eba277315bb22409177fe975f356a9d86e484099ea9667ad39c55238faf88ac81060429cce39afefd397b60d5a07", @ANYRES16=r6, @ANYRESDEC=r1, @ANYRES32], 0x18, 0x4008800}, 0x40800)
recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/61, 0x3d}, 0xfffffffe}], 0x1, 0x2002, 0x0)

1m51.785215419s ago: executing program 9 (id=3841):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
ioctl$SG_GET_COMMAND_Q(r2, 0x2270, &(0x7f0000000100))
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x14, &(0x7f0000000080)={&(0x7f00000000c0)={0x14, 0x17, 0x301, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1m46.868049828s ago: executing program 9 (id=3846):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fddbdf251200000008000300", @ANYRES32=r1], 0x34}, 0x1, 0x0, 0x0, 0x4080}, 0x20048054)

1m46.147564782s ago: executing program 40 (id=3846):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000fddbdf251200000008000300", @ANYRES32=r1], 0x34}, 0x1, 0x0, 0x0, 0x4080}, 0x20048054)

7.786555376s ago: executing program 6 (id=4098):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="5b5e26bd7000ffdbdf2501000000050004000100000008000600ac"], 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)

7.402796949s ago: executing program 6 (id=4103):
r0 = syz_usb_connect$hid(0x5, 0xfffffffffffffcd1, &(0x7f0000000000)=ANY=[@ANYBLOB="120110030000004066050430400001020301090500000101f760b10904000d210301020009217fff790122b10f0905810340000309f9"], &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x4b})
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x1}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r1, 0x2, &(0x7f00000000c0)={0x3}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x2, 0x2}, 0x18, 0x0)
landlock_restrict_self(r3, 0x6)
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
write$vga_arbiter(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7472796c6f636b7a696f2b6d656d003a7d2e961b7f6757c14ac2e731d49d6a7beb4c11cc18972a75b83f41391f2e1fc7457d80"], 0xf)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(r4, 0x0, r4)
fremovexattr(r4, &(0x7f0000000180)=@known='system.sockprotoname\x00')
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$inet_sctp(0x2, 0x0, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000100)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000140)=0x14)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000080)={0x0, 0xfffffffb, 0x300}, 0xc)
syz_usb_control_io(r0, &(0x7f0000001200)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="00597d0000000204"], 0x0, 0x0, 0x0, 0x0}, 0x0)

7.019392591s ago: executing program 2 (id=4106):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_clone(0x23940200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f00000000c0)=ANY=[@ANYRES64=r1, @ANYBLOB="db3a6e8e8cb5b5823794cdbc8cd79f8827a3467ceb77db17d25cb39f52f6718184fb8837513bd6d8c129b58a692232f29ca61c6631391984351d73e5a861e18916b55e5dfb1f951f2d372846565c1665eb6039dc4837d00799ea588faefdada46b285e67e07c410685d789d31df09ff86adeb900cdebd19fa8bee4ed87dbdc5f10d2daf40e11afe92436f245fcb0bf60356b4a7bab2c7a45198873769c2efca0e7977ad5ff2651efc89a5aa33baea5db03d44acd8f93bc68b43181bfda7b0d27f9b103439c02d9d91a1f6423121b13e2"])
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

4.727700583s ago: executing program 0 (id=4115):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe)
ioctl$TCSETSW2(r0, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x1, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})

4.653348278s ago: executing program 0 (id=4116):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$tun(r1, &(0x7f0000000880)={@void, @void, @mpls={[], @ipv6=@tipc_packet={0x3, 0x6, 'Z\vB', 0xc8, 0x6, 0x0, @loopback, @mcast1, {[@routing={0x0, 0x0, 0x2, 0x2}, @dstopts={0x33, 0x0, '\x00', [@ra={0x5, 0x2, 0x8}]}, @srh={0x2, 0x2, 0x4, 0x1, 0x0, 0x50, 0x273, [@mcast1]}], @name_distributor={{0x98, 0x0, 0x0, 0x0, 0x1, 0xa, 0xb, 0x2, 0x2, 0x0, 0x0, 0xf000, 0x8, 0x3, 0x4e21, 0x4e23, 0x4, 0x4, 0x0, 0x0, 0x1}, [{0x1, 0xffffffff, 0x9, 0x2, 0x80000000, 0x5, 0x0, 0x82}, {0x80, 0x70b8, 0x68f3, 0x1, 0x200, 0x7, 0x1, 0x8000000}, {0x6, 0x6, 0x8, 0x0, 0x8, 0x9, 0x6, 0x1}, {0x9, 0x5034, 0x7, 0x800, 0x8, 0x9, 0x4, 0xc0}]}}}}}, 0xf0)

4.573165205s ago: executing program 0 (id=4117):
openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000020c0), 0x2000413, &(0x7f0000000340)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xe00}}]}})

4.511921549s ago: executing program 0 (id=4118):
ioctl$sock_ipv6_tunnel_SIOCADDPRL(0xffffffffffffffff, 0x89f5, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000280)={@remote}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_GET_CPUID2(r2, 0xc008ae91, 0x0)

4.241571202s ago: executing program 0 (id=4119):
syz_usb_connect(0x5, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000092ecc620ac0500773aeb010203010902240001000020000904c40102fffd018009050202100202000009058202"], 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, 0x0)
ioctl$IOMMU_IOAS_COPY$syz(r0, 0x3b83, &(0x7f00000001c0)={0x28, 0x10000, 0x0, 0x0, 0x364d8c, 0x400, 0x2, 0x29a9a})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x101042)
writev(r2, &(0x7f0000000a80)=[{&(0x7f0000000940)="e8860182184f856e51c31216a892adcdc9a29e66c6fa973bc18cbc9aa21b5d3a3ebbe195fcdb3395cff1360715c3303f7b312b8544b341f06d5df4585cd0a38a45ae3cba1a5d4e7acf6b985e697b674d966e81ff05964cdf1a2b7296d3822915c24ca2b3e2df2f99095c06724fa95e45cc282cb3d2da10c9a308dfa883bffadb928ea816efc2b20fc45e63bcaee24ff9110ec3cc1f0643554d4f9e0737c4f937b2e6e20a558b97396efa0c554d86cfa2b4c15ae9695043b1633da3c74a77bac0909021ebe45731f8ae97362ca23e5cc5a24d71a56c204fff474ee51f4ad7d094295926e8f3", 0xe5}], 0x1)
pipe2(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
sendfile(r4, r1, 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_score_adj\x00')
writev(r5, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}], 0x1)
r6 = socket(0xa, 0x3, 0x3a)
ioctl$KVM_CAP_HYPERV_SEND_IPI(r2, 0x4068aea3, &(0x7f0000000300))
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @local, 0xc}, {0xa, 0x4e24, 0x0, @empty}, 0x1}, 0x5c)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f0000000140)=0x7ff, 0x4)
newfstatat(0xffffffff0000005d, 0x0, 0x0, 0x1000)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000000)={{0xa, 0x4e24, 0x100, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}, {0xa, 0x4e21, 0x7, @loopback, 0xd473}, 0x0, {[0x4, 0x7, 0x3, 0x8001, 0xe10, 0xe, 0x3]}}, 0x5c)
accept4$unix(r3, &(0x7f0000000240), &(0x7f00000002c0)=0x6e, 0x40800)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=<r7=>0x0)
capset(&(0x7f0000000080)={0x20080522, r7}, &(0x7f0000000100)={0x4, 0xfffffffa, 0x0, 0x4, 0xee, 0x8})

4.055859946s ago: executing program 6 (id=4121):
syz_usb_connect(0x0, 0x43, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000043a5aa40801b96e3b1a7000000010902120001000000000904"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080)=0x2800000, 0x4)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000000206efffffffffffffff0000070000000c000780080012400000ffff0500010006000000050005000200000005000400000000000900020073797a310000000011000300686173683a6970"], 0x58}, 0x1, 0x0, 0x0, 0x810}, 0x20004000)

3.651237842s ago: executing program 3 (id=4122):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r2=>0x0})
connect$can_bcm(r1, &(0x7f00000000c0)={0x1d, r2}, 0x10)
sendmsg$can_bcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1, 0x1, 0x3, {}, {0x0, 0x2710}, {0x3, 0x1, 0x1, 0x1}, 0x1, @can={{0x4, 0x0, 0x0, 0x1}, 0x7, 0x2, 0x0, 0x0, "d467aef0f23fe738"}}, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x4000000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x1, &(0x7f0000000200)=[{0x3b92, 0x3c, 0x0, 0x9}]})
sendmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="02"], 0x48}}, 0x40884)
ioctl$EVIOCGBITSND(r0, 0x40044591, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00')
mount$9p_fd(0x0, &(0x7f0000000340)='.\x00', &(0x7f0000000040), 0x800000, &(0x7f0000000180)=ANY=[@ANYBLOB="7472616e7377288919c30bb5075564703cc33d6c6625c0a14cd30c79136a2b66642c7266646e6f3d", @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00'])
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$GIO_UNIMAP(0xffffffffffffffff, 0x4b66, &(0x7f0000000000)={0x0, 0x0})

3.368089394s ago: executing program 2 (id=4123):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0x1, 0x0, 0x1, 0x1})

3.137335467s ago: executing program 2 (id=4124):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0x1, 0x1, 0x107fff, 0x10, 0x4, 0x9, 0x80000001, 0xffb, 0x9, 0xb6b, 0x800c5, 0x4, 0x1, 0x1, 0x7, 0xff, 0x1000, 0xc, 0xf, 0x3, 0x80000001, 0xfffffffa, 0x0, 0x1, 0x9, 0x2, 0x7, 0x8, 0x100000, 0x762, 0x3, 0x63c, 0xe, 0x6, 0x100, 0x6, 0x1bfe, 0x7, 0x7, 0x40, 0x1000, 0x8000100, 0x3, 0x0, 0x11000, 0x4, 0x5, 0x79b, 0x5, 0x1, 0x7f, 0x4, 0x9, 0x7, 0xf, 0x101, 0xa, 0x8a7a, 0x81, 0xa9, 0x81, 0x2, 0x180000, 0x4003, 0x28b, 0x5, 0x2af, 0x3, 0x85, 0x2, 0x1, 0xb, 0x4, 0x7, 0x4009, 0x0, 0x9, 0x100002, 0x8, 0x0, 0x0, 0x3, 0x0, 0x10000, 0x3f6, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0xfffffffe, 0x84, 0x100, 0x0, 0x5, 0x3, 0xb, 0x2, 0x20006, 0xc50, 0x2, 0xe, 0x30000002, 0xd9a, 0xc8, 0x2a2, 0xffffdffd, 0x3, 0x2, 0x1, 0x8, 0x0, 0x4, 0x200, 0x200, 0x0, 0x1, 0x4, 0x401, 0x66cd, 0xc, 0x8, 0x4, 0x1f8, 0x1ff, 0xffffffff]}})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
r0 = socket$key(0xf, 0x3, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="020000000100000000000000040001000000000008000300", @ANYRES32=r1, @ANYBLOB="100007000001000020"], 0x2c, 0x1)
setreuid(0xffffffffffffffff, 0xee01)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x1, 0x0, 0x2, 0xa, 0x0, 0x2, 0x0, [@sadb_address={0x3, 0x6, 0x33, 0x20, 0x0, @in={0x2, 0x4e20, @empty}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}}]}, 0x50}, 0x1, 0x7}, 0x0)

2.943264742s ago: executing program 3 (id=4125):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000540), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_DEBUGREGS(r2, 0x4080aea2, 0x0) (fail_nth: 1)

2.352012379s ago: executing program 2 (id=4126):
r0 = syz_create_resource$binfmt(0x0)
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000020c0), 0x2000413, &(0x7f0000000340)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xe00}}]}})

2.350684957s ago: executing program 0 (id=4127):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x8000200000000000, 0x0, 0x85c, 0x5})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r7=>r5, {0x2}}, './file0\x00'})
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r7, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000140)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @pic={0x3, 0x7, 0xe1, 0x81, 0x9, 0xf9, 0x40, 0x42, 0xfb, 0x0, 0xc, 0x0, 0xfb, 0x4, 0xfc, 0x38}})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x100000000005, 0x20, 0x3, 0x2, 0x80000000106c, 0x100, 0x8000000000000, 0x80000004000080, 0x1c00000, 0x8, 0x0, 0x4, 0x0, 0x8000], 0x1, 0x3c4210})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a64000000060a0b0400000000000000000200000038000480340001800b0001007461726765740000240002800c0001004e465155455545000a00030002b51112d439000008000240000000030900010073797a30000000000900020073797a32"], 0x8c}}, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, &(0x7f0000000600)={0xc9, 0x0, 0xc})
write$binfmt_misc(r2, &(0x7f0000000000), 0x6)
getsockopt(r1, 0x200000000114, 0x8, 0x0, &(0x7f0000000180)=0x17)
sendmsg$NFNL_MSG_CTHELPER_DEL(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYRESDEC=0x0], 0x20}, 0x1, 0x0, 0x0, 0x480c1}, 0x0)
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r11 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_int(r11, 0x0, 0x5, &(0x7f0000001e80)=0xffffffff, 0x3)
setsockopt$inet_int(r11, 0x0, 0xd, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)

2.155589372s ago: executing program 6 (id=4128):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x0, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x80000000, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8003, 0x1ff, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x4, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0x7, 0x5], [0x1, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x6, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x8, 0x800, 0x7, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0xa, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0xc01, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x4, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x400, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x11, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x86, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0xe, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x200136, 0x7fffffff]}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1)

2.058113486s ago: executing program 2 (id=4129):
r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x6, 0x1a1003)
ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0585604, &(0x7f00000000c0)={0x0, 0x2000000, {0xfffff001, 0x1, 0x2019, 0x5, 0x6, 0x4, 0x2, 0x3}})
creat(&(0x7f0000000900)='./file0\x00', 0x21) (async)
r1 = creat(&(0x7f0000000900)='./file0\x00', 0x21)
readahead(r1, 0x8, 0x0)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x64, 0x140f, 0x400, 0x70bd28, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xb, 0x45, 'uverbs\x00'}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xd, 0x45, 'opa_vnic\x00'}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0x8, 0x45, 'srp\x00'}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xb, 0x45, 'smc_ib\x00'}, @RDMA_NLDEV_ATTR_CHARDEV_TYPE={0xc, 0x45, 'rdma_cm\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0xc8}, 0x10)
syz_usb_connect$midi(0x5, 0x3e, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x499, 0x1035, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2c, 0x1, 0x1, 0x81, 0x0, 0xbe, "", {{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1, 0x3, 0x20, 0x4, [], [{{0x9, 0x5, 0x8d, 0x3, 0x220, 0x7f, 0xfe, 0xf8, {0x4}}}, {{0x9, 0x5, 0x87, 0x2, 0x400, 0x9, 0x0, 0xe, {0x4}}}]}}}}}]}}, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) (async)
r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r2, 0xc01064c7, &(0x7f0000000040)={0x2, 0x0, &(0x7f0000000000)=[0x0, 0x0]})

2.007958603s ago: executing program 3 (id=4130):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {0x2, 0x0, 0x500}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x20000884) (fail_nth: 1)

1.679772635s ago: executing program 3 (id=4131):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, 0x15e)
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f00000006c0)='.\x00', 0x40001a2)
r2 = fanotify_init(0xf00, 0x0)
fanotify_mark(r2, 0x105, 0x5000003a, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (fail_nth: 1)

1.06228935s ago: executing program 3 (id=4132):
r0 = syz_open_dev$dri(0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f00000000c0)={0x1, 0x0, 0x1, 0x1})

903.885166ms ago: executing program 3 (id=4133):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd000905820200"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="1b1b", @ANYRES32=r0])

573.508512ms ago: executing program 6 (id=4134):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
migrate_pages(0x0, 0xfffffffffffffffc, 0x0, &(0x7f0000000240)=0x9688)
write$uinput_user_dev(r0, &(0x7f0000000980)={'syz0\x00', {}, 0x22, [0x0, 0x0, 0xfffffffd, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffff9, 0x400000, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff35, 0x0, 0x100, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x547e2ab0], [0x0, 0x0, 0x8000, 0xffffffff, 0x0, 0x1, 0x0, 0x0, 0x0, 0xf, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0xffffffff, 0x0, 0x3fffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffc, 0x800, 0x0, 0x19c, 0x8, 0x200, 0x0, 0x0, 0x5, 0x9, 0xffffffff, 0x9, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x2, 0xde, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xfffffffe], [0x0, 0x0, 0x0, 0x0, 0x7ff, 0x40000, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80007, 0x400008, 0x0, 0x0, 0x10000000, 0x0, 0x800, 0x0, 0xfffffffd, 0x20, 0x4, 0x0, 0x200000, 0x0, 0x10, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x2, 0xfffffffd, 0x0, 0x0, 0x1]}, 0x45c)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000006480))

119.578265ms ago: executing program 6 (id=4135):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000540)={0x0, 0x4, 0x8, 0x1, 0x6, 0x9}, 0x14)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x10000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

0s ago: executing program 2 (id=4136):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
fcntl$setlease(r0, 0x400, 0x2)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f0000004400)=0x5, 0x4)
r2 = syz_open_dev$vbi(&(0x7f0000000100), 0x1, 0x2)
ioctl$VIDIOC_G_OUTPUT(r2, 0x8004562e, &(0x7f0000000240))
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000084000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000838001180090001006c61737400000000280002800c00024000000000000000090800014000000ba308000140000010000800014000003f5e980000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000006c0003806800008008000340000000025c0002800c00028008000340000000024c000280080003400000000408000180fffffffd0800f1d7fffffffd0800034000000003090002"], 0x164}, 0x1, 0x0, 0x0, 0x400480d}, 0x0)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40200, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
r9 = ioctl$KVM_GET_STATS_FD_cpu(r8, 0xaece)
read$eventfd(r9, &(0x7f0000000040), 0x8)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r5, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r3}, 'mnt/encrypted_dir\x00'})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007d00)=[{&(0x7f0000000340)={0x1c, 0x6a, 0x15, 0x8000000, 0xffffffff, "", [@nested={0xc, 0x4e, 0x0, 0x1, [@nested={0x4, 0x94}, @nested={0x4, 0x146}]}]}, 0x1c}], 0x1}, 0x8000)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x37, 0x2d]}}}}]})
quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000800, 0x0, &(0x7f0000000380)={0xd3c6, 0x2, 0x6, 0x6, 0x5, 0x6, 0xffffffffffffffff, 0x5, 0x8})
openat$cgroup_procs(r10, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='mnt/encrypted_dir\x00', 0x200)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000280)={[0x0, 0x40, 0xce88, 0xfffffffffffffffb, 0x8, 0x7, 0x3e9, 0x1, 0x5, 0xf086, 0x4, 0x8a, 0x4, 0x1000, 0x4, 0xc], 0x80a0000, 0x20000})

kernel console output (not intermixed with test programs):

VLAN 0 to HW filter on device eth3
[  960.321006][T17955] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input30
[  960.426150][T17956] FAULT_INJECTION: forcing a failure.
[  960.426150][T17956] name failslab, interval 1, probability 0, space 0, times 0
[  960.426192][T17956] CPU: 1 UID: 0 PID: 17956 Comm: syz.6.3883 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  960.426225][T17956] Tainted: [L]=SOFTLOCKUP
[  960.426234][T17956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  960.426249][T17956] Call Trace:
[  960.426258][T17956]  <TASK>
[  960.426269][T17956]  dump_stack_lvl+0xe8/0x150
[  960.426304][T17956]  should_fail_ex+0x46b/0x600
[  960.426345][T17956]  should_failslab+0xa8/0x100
[  960.426376][T17956]  __kmalloc_noprof+0xdf/0x7b0
[  960.426409][T17956]  ? kfree+0x4d/0x6c0
[  960.426433][T17956]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  960.426469][T17956]  tomoyo_realpath_from_path+0xe3/0x5d0
[  960.426499][T17956]  ? tomoyo_domain+0xd7/0x130
[  960.426543][T17956]  ? tomoyo_path_number_perm+0x219/0x630
[  960.426581][T17956]  tomoyo_path_number_perm+0x246/0x630
[  960.426621][T17956]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  960.426656][T17956]  ? __lock_acquire+0x6b5/0x2d10
[  960.426687][T17956]  ? do_raw_spin_lock+0x12b/0x2f0
[  960.426745][T17956]  ? __fget_files+0x2a/0x420
[  960.426777][T17956]  ? __fget_files+0x2a/0x420
[  960.426803][T17956]  ? __fget_files+0x3a6/0x420
[  960.426829][T17956]  ? __fget_files+0x2a/0x420
[  960.426861][T17956]  security_file_ioctl+0xc3/0x2a0
[  960.426898][T17956]  __se_sys_ioctl+0x47/0x170
[  960.426932][T17956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.426958][T17956]  do_syscall_64+0x174/0x580
[  960.426993][T17956]  ? trace_irq_disable+0x3b/0x140
[  960.427020][T17956]  ? clear_bhb_loop+0x40/0x90
[  960.427062][T17956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  960.427086][T17956] RIP: 0033:0x7f6f988ace59
[  960.427107][T17956] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  960.427128][T17956] RSP: 002b:00007f6f96add028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  960.427154][T17956] RAX: ffffffffffffffda RBX: 00007f6f98b26090 RCX: 00007f6f988ace59
[  960.427171][T17956] RDX: 0000200000000000 RSI: 00000000400448c9 RDI: 0000000000000005
[  960.427187][T17956] RBP: 00007f6f96add090 R08: 0000000000000000 R09: 0000000000000000
[  960.427203][T17956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  960.427217][T17956] R13: 00007f6f98b26128 R14: 00007f6f98b26090 R15: 00007ffe9635aaa8
[  960.427253][T17956]  </TASK>
[  960.427263][T17956] ERROR: Out of memory at tomoyo_realpath_from_path.
[  960.468905][T13909] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  960.838447][T13909] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  960.838509][T13909] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  960.838536][T13909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  961.016061][T13909] usb 4-1: config 0 descriptor??
[  961.042423][T13909] pwc: Askey VC010 type 2 USB webcam detected.
[  961.491415][T13909] pwc: recv_control_msg error -32 req 02 val 2b00
[  961.513245][T17516] veth0_vlan: entered promiscuous mode
[  961.613694][T13909] pwc: recv_control_msg error -32 req 02 val 2700
[  961.615084][T13909] pwc: recv_control_msg error -32 req 02 val 2c00
[  961.633040][T13909] pwc: recv_control_msg error -32 req 04 val 1000
[  961.635372][T13909] pwc: recv_control_msg error -32 req 04 val 1300
[  961.652504][T13909] pwc: recv_control_msg error -32 req 04 val 1400
[  961.654848][T13909] pwc: recv_control_msg error -32 req 02 val 2000
[  961.657238][T13909] pwc: recv_control_msg error -32 req 02 val 2100
[  961.681353][T13909] pwc: recv_control_msg error -32 req 04 val 1500
[  961.687269][T13909] pwc: recv_control_msg error -32 req 02 val 2500
[  961.687985][T13909] pwc: recv_control_msg error -32 req 02 val 2400
[  961.780784][T17516] veth1_vlan: entered promiscuous mode
[  961.781217][T13909] pwc: recv_control_msg error -71 req 02 val 2600
[  961.785611][T13909] pwc: recv_control_msg error -71 req 02 val 2900
[  961.819048][T13909] pwc: recv_control_msg error -71 req 02 val 2800
[  961.835403][T13909] pwc: recv_control_msg error -71 req 04 val 1100
[  961.842333][T13909] pwc: recv_control_msg error -71 req 04 val 1200
[  962.005611][T13909] pwc: Registered as video103.
[  962.044285][T13909] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input31
[  962.198640][T17516] veth0_macvtap: entered promiscuous mode
[  962.241017][T17516] veth1_macvtap: entered promiscuous mode
[  962.447778][T17516] batman_adv: batadv0: Interface activated: batadv_slave_0
[  962.705993][T17516] batman_adv: batadv0: Interface activated: batadv_slave_1
[  962.871237][T13909] usb 4-1: USB disconnect, device number 19
[  962.905921][T17201] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  962.905984][T17201] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  962.906027][T17201] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  962.906067][T17201] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  965.306144][ T5273] 8021q: adding VLAN 0 to HW filter on device eth4
[  965.755565][T13909] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  965.927429][T13909] usb 4-1: unable to get BOS descriptor or descriptor too short
[  965.937287][T13909] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  965.937319][T13909] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  965.958222][T13909] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  965.958329][T13909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  965.958402][T13909] usb 4-1: Product: syz
[  965.958450][T13909] usb 4-1: Manufacturer: syz
[  965.958538][T13909] usb 4-1: SerialNumber: syz
[  966.300517][T13909] usb 4-1: can't set config #1, error -71
[  966.422872][T13909] usb 4-1: USB disconnect, device number 20
[  966.505474][   T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  966.505498][   T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  967.356869][ T3341] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  967.356893][ T3341] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  967.548261][T17712] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  967.626656][T17712] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  967.659196][T17712] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  967.789021][T18009] FAULT_INJECTION: forcing a failure.
[  967.789021][T18009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  967.789062][T18009] CPU: 1 UID: 0 PID: 18009 Comm: syz.3.3891 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  967.789094][T18009] Tainted: [L]=SOFTLOCKUP
[  967.789103][T18009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  967.789118][T18009] Call Trace:
[  967.789128][T18009]  <TASK>
[  967.789139][T18009]  dump_stack_lvl+0xe8/0x150
[  967.789173][T18009]  should_fail_ex+0x46b/0x600
[  967.789214][T18009]  _copy_from_user+0x2d/0xb0
[  967.789242][T18009]  ___sys_sendmsg+0x1c6/0x360
[  967.789278][T18009]  ? __lock_acquire+0x6b5/0x2d10
[  967.789311][T18009]  ? __pfx____sys_sendmsg+0x10/0x10
[  967.789382][T18009]  ? __fget_files+0x2a/0x420
[  967.789410][T18009]  ? __fget_files+0x3a6/0x420
[  967.789449][T18009]  __x64_sys_sendmsg+0x1c3/0x2a0
[  967.789487][T18009]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  967.789532][T18009]  ? __pfx_ksys_write+0x10/0x10
[  967.789573][T18009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.789599][T18009]  do_syscall_64+0x174/0x580
[  967.789633][T18009]  ? trace_irq_disable+0x3b/0x140
[  967.789660][T18009]  ? clear_bhb_loop+0x40/0x90
[  967.789688][T18009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.789713][T18009] RIP: 0033:0x7efc8bb3ce59
[  967.789736][T18009] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  967.789757][T18009] RSP: 002b:00007efc89d8e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  967.789791][T18009] RAX: ffffffffffffffda RBX: 00007efc8bdb5fa0 RCX: 00007efc8bb3ce59
[  967.789809][T18009] RDX: 0000000020000020 RSI: 0000200000000140 RDI: 0000000000000005
[  967.789826][T18009] RBP: 00007efc89d8e090 R08: 0000000000000000 R09: 0000000000000000
[  967.789841][T18009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  967.789856][T18009] R13: 00007efc8bdb6038 R14: 00007efc8bdb5fa0 R15: 00007ffdad4355a8
[  967.789893][T18009]  </TASK>
[  967.791963][T17712] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  967.921729][T17712] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  968.311317][T17712] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  968.329526][T17712] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  968.387370][T17712] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  969.420857][T17712] 8021q: adding VLAN 0 to HW filter on device bond0
[  969.462616][T18049] FAULT_INJECTION: forcing a failure.
[  969.462616][T18049] name failslab, interval 1, probability 0, space 0, times 0
[  969.462657][T18049] CPU: 0 UID: 0 PID: 18049 Comm: syz.0.3901 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  969.462689][T18049] Tainted: [L]=SOFTLOCKUP
[  969.462699][T18049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  969.462715][T18049] Call Trace:
[  969.462725][T18049]  <TASK>
[  969.462735][T18049]  dump_stack_lvl+0xe8/0x150
[  969.462766][T18049]  should_fail_ex+0x46b/0x600
[  969.462808][T18049]  should_failslab+0xa8/0x100
[  969.462841][T18049]  __kmalloc_noprof+0xdf/0x7b0
[  969.462868][T18049]  ? kfree+0x4d/0x6c0
[  969.462892][T18049]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  969.462927][T18049]  tomoyo_realpath_from_path+0xe3/0x5d0
[  969.462958][T18049]  ? tomoyo_domain+0xd7/0x130
[  969.462992][T18049]  ? tomoyo_path_number_perm+0x219/0x630
[  969.463030][T18049]  tomoyo_path_number_perm+0x246/0x630
[  969.463070][T18049]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  969.463106][T18049]  ? __lock_acquire+0x6b5/0x2d10
[  969.463137][T18049]  ? do_raw_spin_lock+0x12b/0x2f0
[  969.463201][T18049]  ? __fget_files+0x2a/0x420
[  969.463233][T18049]  ? __fget_files+0x2a/0x420
[  969.463260][T18049]  ? __fget_files+0x3a6/0x420
[  969.463285][T18049]  ? __fget_files+0x2a/0x420
[  969.463315][T18049]  security_file_ioctl+0xc3/0x2a0
[  969.463346][T18049]  __se_sys_ioctl+0x47/0x170
[  969.463375][T18049]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  969.463397][T18049]  do_syscall_64+0x174/0x580
[  969.463429][T18049]  ? trace_irq_disable+0x3b/0x140
[  969.463455][T18049]  ? clear_bhb_loop+0x40/0x90
[  969.463483][T18049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  969.463504][T18049] RIP: 0033:0x7f4878d4ce59
[  969.463525][T18049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  969.463545][T18049] RSP: 002b:00007f4876fa6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  969.463570][T18049] RAX: ffffffffffffffda RBX: 00007f4878fc5fa0 RCX: 00007f4878d4ce59
[  969.463588][T18049] RDX: 0000200000000240 RSI: 0000000000003ba0 RDI: 0000000000000003
[  969.463604][T18049] RBP: 00007f4876fa6090 R08: 0000000000000000 R09: 0000000000000000
[  969.463619][T18049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  969.463633][T18049] R13: 00007f4878fc6038 R14: 00007f4878fc5fa0 R15: 00007fffdd030808
[  969.463668][T18049]  </TASK>
[  969.463678][T18049] ERROR: Out of memory at tomoyo_realpath_from_path.
[  970.020272][T17712] 8021q: adding VLAN 0 to HW filter on device team0
[  970.138169][ T6894] bridge0: port 1(bridge_slave_0) entered blocking state
[  970.139898][ T6894] bridge0: port 1(bridge_slave_0) entered forwarding state
[  970.291712][T17201] bridge0: port 2(bridge_slave_1) entered blocking state
[  970.297228][T17201] bridge0: port 2(bridge_slave_1) entered forwarding state
[  970.563293][T18065] FAULT_INJECTION: forcing a failure.
[  970.563293][T18065] name failslab, interval 1, probability 0, space 0, times 0
[  970.563335][T18065] CPU: 1 UID: 0 PID: 18065 Comm: syz.3.3905 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  970.563367][T18065] Tainted: [L]=SOFTLOCKUP
[  970.563376][T18065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  970.563392][T18065] Call Trace:
[  970.563401][T18065]  <TASK>
[  970.563412][T18065]  dump_stack_lvl+0xe8/0x150
[  970.563447][T18065]  should_fail_ex+0x46b/0x600
[  970.563488][T18065]  should_failslab+0xa8/0x100
[  970.563523][T18065]  __kmalloc_noprof+0xdf/0x7b0
[  970.563549][T18065]  ? kfree+0x4d/0x6c0
[  970.563572][T18065]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  970.563607][T18065]  tomoyo_realpath_from_path+0xe3/0x5d0
[  970.563637][T18065]  ? tomoyo_domain+0xd7/0x130
[  970.563682][T18065]  ? tomoyo_path_number_perm+0x219/0x630
[  970.563721][T18065]  tomoyo_path_number_perm+0x246/0x630
[  970.563761][T18065]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  970.563796][T18065]  ? __lock_acquire+0x6b5/0x2d10
[  970.563826][T18065]  ? do_raw_spin_lock+0x12b/0x2f0
[  970.563881][T18065]  ? __fget_files+0x2a/0x420
[  970.563913][T18065]  ? __fget_files+0x2a/0x420
[  970.563940][T18065]  ? __fget_files+0x3a6/0x420
[  970.563966][T18065]  ? __fget_files+0x2a/0x420
[  970.563997][T18065]  security_file_ioctl+0xc3/0x2a0
[  970.564037][T18065]  __se_sys_ioctl+0x47/0x170
[  970.564071][T18065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  970.564098][T18065]  do_syscall_64+0x174/0x580
[  970.564133][T18065]  ? trace_irq_disable+0x3b/0x140
[  970.564160][T18065]  ? clear_bhb_loop+0x40/0x90
[  970.564189][T18065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  970.564212][T18065] RIP: 0033:0x7efc8bb3ce59
[  970.564232][T18065] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  970.564252][T18065] RSP: 002b:00007efc89d8e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  970.564275][T18065] RAX: ffffffffffffffda RBX: 00007efc8bdb5fa0 RCX: 00007efc8bb3ce59
[  970.564293][T18065] RDX: 0000200000000280 RSI: 00000000c0189378 RDI: 0000000000000005
[  970.564309][T18065] RBP: 00007efc89d8e090 R08: 0000000000000000 R09: 0000000000000000
[  970.564324][T18065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  970.564338][T18065] R13: 00007efc8bdb6038 R14: 00007efc8bdb5fa0 R15: 00007ffdad4355a8
[  970.564375][T18065]  </TASK>
[  970.564566][T18065] ERROR: Out of memory at tomoyo_realpath_from_path.
[  971.607928][T18082] sg_write: data in/out 443356/194 bytes for SCSI command 0x0-- guessing data in;
[  971.607928][T18082]    program syz.0.3909 not setting count and/or reply_len properly
[  971.852017][T18087] FAULT_INJECTION: forcing a failure.
[  971.852017][T18087] name failslab, interval 1, probability 0, space 0, times 0
[  971.852059][T18087] CPU: 0 UID: 0 PID: 18087 Comm: syz.0.3910 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  971.852091][T18087] Tainted: [L]=SOFTLOCKUP
[  971.852100][T18087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  971.852115][T18087] Call Trace:
[  971.852124][T18087]  <TASK>
[  971.852134][T18087]  dump_stack_lvl+0xe8/0x150
[  971.852168][T18087]  should_fail_ex+0x46b/0x600
[  971.852208][T18087]  should_failslab+0xa8/0x100
[  971.852241][T18087]  __kmalloc_noprof+0xdf/0x7b0
[  971.852268][T18087]  ? kfree+0x4d/0x6c0
[  971.852291][T18087]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  971.852326][T18087]  tomoyo_realpath_from_path+0xe3/0x5d0
[  971.852355][T18087]  ? tomoyo_domain+0xd7/0x130
[  971.852390][T18087]  ? tomoyo_path_number_perm+0x219/0x630
[  971.852427][T18087]  tomoyo_path_number_perm+0x246/0x630
[  971.852466][T18087]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  971.852501][T18087]  ? __lock_acquire+0x6b5/0x2d10
[  971.852531][T18087]  ? do_raw_spin_lock+0x12b/0x2f0
[  971.852590][T18087]  ? __fget_files+0x2a/0x420
[  971.852621][T18087]  ? __fget_files+0x2a/0x420
[  971.852646][T18087]  ? __fget_files+0x3a6/0x420
[  971.852673][T18087]  ? __fget_files+0x2a/0x420
[  971.852705][T18087]  security_file_ioctl+0xc3/0x2a0
[  971.852741][T18087]  __se_sys_ioctl+0x47/0x170
[  971.852774][T18087]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.852800][T18087]  do_syscall_64+0x174/0x580
[  971.852838][T18087]  ? trace_irq_disable+0x3b/0x140
[  971.852864][T18087]  ? clear_bhb_loop+0x40/0x90
[  971.852900][T18087]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  971.852924][T18087] RIP: 0033:0x7f4878d4ce59
[  971.852946][T18087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  971.852965][T18087] RSP: 002b:00007f4876fa6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  971.852989][T18087] RAX: ffffffffffffffda RBX: 00007f4878fc5fa0 RCX: 00007f4878d4ce59
[  971.853007][T18087] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000e
[  971.853022][T18087] RBP: 00007f4876fa6090 R08: 0000000000000000 R09: 0000000000000000
[  971.853037][T18087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  971.853051][T18087] R13: 00007f4878fc6038 R14: 00007f4878fc5fa0 R15: 00007fffdd030808
[  971.853087][T18087]  </TASK>
[  971.855957][T18087] ERROR: Out of memory at tomoyo_realpath_from_path.
[  972.855093][T18110] sg_write: data in/out 457692/250 bytes for SCSI command 0x0-- guessing data in;
[  972.855093][T18110]    program syz.6.3915 not setting count and/or reply_len properly
[  973.504941][T15396] usb 7-1: new low-speed USB device number 92 using dummy_hcd
[  973.670385][T15396] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  973.670419][T15396] usb 7-1: config 179 has an invalid descriptor of length 255, skipping remainder of the config
[  973.670442][T15396] usb 7-1: config 179 has no interface number 0
[  973.670492][T15396] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  973.670523][T15396] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8
[  973.670555][T15396] usb 7-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  973.670602][T15396] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  973.670646][T15396] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  973.797291][T18115] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  973.950250][T17712] 8021q: adding VLAN 0 to HW filter on device batadv0
[  974.112260][T15396] usb 7-1: USB disconnect, device number 92
[  974.583318][T17712] veth0_vlan: entered promiscuous mode
[  974.669496][T18147] sg_write: data in/out 457692/250 bytes for SCSI command 0x0-- guessing data in;
[  974.669496][T18147]    program syz.0.3924 not setting count and/or reply_len properly
[  974.793632][T17712] veth1_vlan: entered promiscuous mode
[  974.897147][T18151] sg_write: data in/out 449500/218 bytes for SCSI command 0x0-- guessing data in;
[  974.897147][T18151]    program syz.6.3925 not setting count and/or reply_len properly
[  975.300485][T17712] veth0_macvtap: entered promiscuous mode
[  975.413110][T17712] veth1_macvtap: entered promiscuous mode
[  975.444694][T15396] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  975.650002][T15396] usb 1-1: Using ep0 maxpacket: 16
[  975.661902][T15396] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  975.662007][T15396] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  975.662080][T15396] usb 1-1: config 0 interface 0 has no altsetting 0
[  975.662183][T15396] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  975.662294][T15396] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  975.736010][T15396] usb 1-1: config 0 descriptor??
[  975.942704][T18173] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3930'.
[  976.254743][T15396] nzxt-smart2 0003:1E71:2009.000F: reserved main item tag 0xe
[  976.254793][T15396] nzxt-smart2 0003:1E71:2009.000F: item fetching failed at offset 4/5
[  976.255644][T15396] nzxt-smart2 0003:1E71:2009.000F: probe with driver nzxt-smart2 failed with error -22
[  976.511440][T17712] batman_adv: batadv0: Interface activated: batadv_slave_0
[  976.649689][T17712] batman_adv: batadv0: Interface activated: batadv_slave_1
[  976.713071][T17355] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  976.714771][T17355] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  976.727306][T17355] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  976.752799][T17355] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  978.163456][T18197] sg_write: data in/out 449500/218 bytes for SCSI command 0x0-- guessing data in;
[  978.163456][T18197]    program syz.3.3935 not setting count and/or reply_len properly
[  978.658241][T15396] usb 1-1: USB disconnect, device number 12
[  978.867381][T17200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  978.867406][T17200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  979.798538][ T7402] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  979.798561][ T7402] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  979.913599][T15396] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  979.972165][T18217] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  980.065004][T18221] FAULT_INJECTION: forcing a failure.
[  980.065004][T18221] name failslab, interval 1, probability 0, space 0, times 0
[  980.065708][T18221] CPU: 0 UID: 0 PID: 18221 Comm: syz.3.3942 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  980.065744][T18221] Tainted: [L]=SOFTLOCKUP
[  980.065753][T18221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  980.065768][T18221] Call Trace:
[  980.065779][T18221]  <TASK>
[  980.065790][T18221]  dump_stack_lvl+0xe8/0x150
[  980.065824][T18221]  should_fail_ex+0x46b/0x600
[  980.065867][T18221]  should_failslab+0xa8/0x100
[  980.065903][T18221]  __kmalloc_noprof+0xdf/0x7b0
[  980.065929][T18221]  ? kfree+0x4d/0x6c0
[  980.065953][T18221]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  980.065988][T18221]  tomoyo_realpath_from_path+0xe3/0x5d0
[  980.066018][T18221]  ? tomoyo_domain+0xd7/0x130
[  980.066053][T18221]  ? tomoyo_path_number_perm+0x219/0x630
[  980.066092][T18221]  tomoyo_path_number_perm+0x246/0x630
[  980.066137][T18221]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  980.066173][T18221]  ? __lock_acquire+0x6b5/0x2d10
[  980.066204][T18221]  ? do_raw_spin_lock+0x12b/0x2f0
[  980.066261][T18221]  ? __fget_files+0x2a/0x420
[  980.066294][T18221]  ? __fget_files+0x2a/0x420
[  980.066322][T18221]  ? __fget_files+0x3a6/0x420
[  980.066345][T18221]  ? __fget_files+0x2a/0x420
[  980.066372][T18221]  security_file_ioctl+0xc3/0x2a0
[  980.066405][T18221]  __se_sys_ioctl+0x47/0x170
[  980.066434][T18221]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.066458][T18221]  do_syscall_64+0x174/0x580
[  980.066491][T18221]  ? trace_irq_disable+0x3b/0x140
[  980.066518][T18221]  ? clear_bhb_loop+0x40/0x90
[  980.066547][T18221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  980.066570][T18221] RIP: 0033:0x7efc8bb3ce59
[  980.066590][T18221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  980.066609][T18221] RSP: 002b:00007efc89d6d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  980.066642][T18221] RAX: ffffffffffffffda RBX: 00007efc8bdb6090 RCX: 00007efc8bb3ce59
[  980.066657][T18221] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  980.066671][T18221] RBP: 00007efc89d6d090 R08: 0000000000000000 R09: 0000000000000000
[  980.066684][T18221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  980.066699][T18221] R13: 00007efc8bdb6128 R14: 00007efc8bdb6090 R15: 00007ffdad4355a8
[  980.066736][T18221]  </TASK>
[  980.114370][T18221] ERROR: Out of memory at tomoyo_realpath_from_path.
[  980.296231][T15396] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x4F, changing to 0xF
[  980.296636][T15396] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  980.464841][T15396] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  980.464936][T15396] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  980.464962][T15396] usb 1-1: Product: syz
[  980.464988][T15396] usb 1-1: Manufacturer: syz
[  980.465006][T15396] usb 1-1: SerialNumber: syz
[  980.580152][T18221] kvm: pic: non byte read
[  980.603362][T15396] usb 1-1: config 0 descriptor??
[  980.663096][T18221] kvm: pic: level sensitive irq not supported
[  980.663330][T18221] kvm: pic: non byte read
[  980.663617][T18221] kvm: pic: level sensitive irq not supported
[  980.688075][T18221] kvm: pic: non byte read
[  980.688421][T18221] kvm: pic: level sensitive irq not supported
[  980.688488][T18221] kvm: pic: non byte read
[  980.688733][T18221] kvm: pic: level sensitive irq not supported
[  980.688864][T18221] kvm: pic: non byte read
[  980.689103][T18221] kvm: pic: level sensitive irq not supported
[  980.689164][T18221] kvm: pic: non byte read
[  980.689400][T18221] kvm: pic: level sensitive irq not supported
[  980.739448][T18221] kvm: pic: non byte read
[  980.739779][T18221] kvm: pic: level sensitive irq not supported
[  980.739840][T18221] kvm: pic: non byte read
[  982.457243][T13649] usb 7-1: new high-speed USB device number 93 using dummy_hcd
[  982.654598][T13649] usb 7-1: unable to get BOS descriptor or descriptor too short
[  982.656855][T13649] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  982.656881][T13649] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  982.685451][T13649] usb 7-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  982.685546][T13649] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  982.685610][T13649] usb 7-1: Product: syz
[  982.685654][T13649] usb 7-1: Manufacturer: syz
[  982.685712][T13649] usb 7-1: SerialNumber: syz
[  983.196194][T18241] smbdirect: ib_dev[syz1]: added: RNIC max_fast_reg_page_list_len=256 device_cap_flags=0x200000 kernel_cap_flags=0x10 page_size_cap=0x1000
[  983.196238][T18241] smbdirect: ib_dev[syz1]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=1 max_cqe=3276800 max_qp_wr=32768 max_send_sge=6 max_recv_sge=6
[  983.196286][T18241] smbdirect: ib_dev[syz1]PORT[1]: iwarp=1 ib=0 roce=0 v1=0 v2=0 core_cap_flags=0x400008
[  983.275393][T18241] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  983.332162][T18241] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  983.613404][T13649] usb 7-1: interface 1 not found
[  983.876166][T13649] usb 7-1: USB disconnect, device number 93
[  984.122831][T15396] usb 1-1: USB disconnect, device number 13
[  984.168591][ T8109] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  984.371897][ T8109] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  984.371937][ T8109] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  984.607107][T13855] udevd[13855]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  984.771959][ T8109] usb 3-1: config 0 descriptor??
[  984.842136][ T5791] usb 7-1: new high-speed USB device number 94 using dummy_hcd
[  985.086953][ T8109] gspca_main: cpia1-2.14.0 probing 0813:0001
[  985.111657][ T5791] usb 7-1: Using ep0 maxpacket: 16
[  985.161228][ T5791] usb 7-1: New USB device found, idVendor=1235, idProduct=8214, bcdDevice= 0.40
[  985.161264][ T5791] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.161289][ T5791] usb 7-1: Product: syz
[  985.161307][ T5791] usb 7-1: Manufacturer: syz
[  985.161324][ T5791] usb 7-1: SerialNumber: syz
[  985.310087][ T8109] cpia1 3-1:0.0: unexpected state after lo power cmd: 00
[  986.449737][T18294] FAULT_INJECTION: forcing a failure.
[  986.449737][T18294] name failslab, interval 1, probability 0, space 0, times 0
[  986.449780][T18294] CPU: 0 UID: 0 PID: 18294 Comm: syz.3.3954 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  986.449814][T18294] Tainted: [L]=SOFTLOCKUP
[  986.449823][T18294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  986.449839][T18294] Call Trace:
[  986.449848][T18294]  <TASK>
[  986.449859][T18294]  dump_stack_lvl+0xe8/0x150
[  986.449894][T18294]  should_fail_ex+0x46b/0x600
[  986.449935][T18294]  should_failslab+0xa8/0x100
[  986.449969][T18294]  __kmalloc_noprof+0xdf/0x7b0
[  986.450007][T18294]  ? kfree+0x4d/0x6c0
[  986.450032][T18294]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  986.450066][T18294]  tomoyo_realpath_from_path+0xe3/0x5d0
[  986.450095][T18294]  ? tomoyo_domain+0xd7/0x130
[  986.450128][T18294]  ? tomoyo_path_number_perm+0x219/0x630
[  986.450166][T18294]  tomoyo_path_number_perm+0x246/0x630
[  986.450207][T18294]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  986.450242][T18294]  ? __lock_acquire+0x6b5/0x2d10
[  986.450273][T18294]  ? do_raw_spin_lock+0x12b/0x2f0
[  986.450330][T18294]  ? __fget_files+0x2a/0x420
[  986.450363][T18294]  ? __fget_files+0x2a/0x420
[  986.450390][T18294]  ? __fget_files+0x3a6/0x420
[  986.450415][T18294]  ? __fget_files+0x2a/0x420
[  986.450441][T18294]  security_file_ioctl+0xc3/0x2a0
[  986.450476][T18294]  __se_sys_ioctl+0x47/0x170
[  986.450508][T18294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  986.450533][T18294]  do_syscall_64+0x174/0x580
[  986.450566][T18294]  ? trace_irq_disable+0x3b/0x140
[  986.450592][T18294]  ? clear_bhb_loop+0x40/0x90
[  986.450621][T18294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  986.450643][T18294] RIP: 0033:0x7efc8bb3ce59
[  986.450660][T18294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  986.450677][T18294] RSP: 002b:00007efc89d8e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  986.450697][T18294] RAX: ffffffffffffffda RBX: 00007efc8bdb5fa0 RCX: 00007efc8bb3ce59
[  986.450710][T18294] RDX: 0000200000000000 RSI: 000000000000541c RDI: 000000000000000d
[  986.450721][T18294] RBP: 00007efc89d8e090 R08: 0000000000000000 R09: 0000000000000000
[  986.450732][T18294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  986.450743][T18294] R13: 00007efc8bdb6038 R14: 00007efc8bdb5fa0 R15: 00007ffdad4355a8
[  986.450770][T18294]  </TASK>
[  986.452697][T18294] ERROR: Out of memory at tomoyo_realpath_from_path.
[  986.609742][ T8109] gspca_cpia1: usb_control_msg 02, error -71
[  986.627436][ T8109] gspca_cpia1: usb_control_msg 05, error -71
[  986.627564][ T8109] cpia1 3-1:0.0: unexpected systemstate: 00
[  986.978534][ T8109] usb 3-1: USB disconnect, device number 13
[  987.213990][    T9] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[  987.406824][    T9] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  987.406886][    T9] usb 4-1: config 179 has no interface number 0
[  987.406945][    T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  987.406974][    T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8
[  987.407014][    T9] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 65535, setting to 8
[  987.407045][    T9] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  987.407094][    T9] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  987.407121][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.108483][T18298] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  988.108748][T18298] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  988.247266][T13909] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  988.442640][ T5791] usb 7-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  988.506454][T13909] usb 3-1: unable to get BOS descriptor or descriptor too short
[  988.525959][T13909] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  988.526223][T13909] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  988.590379][ T5791] usb 7-1: Focusrite Scarlett Gen 3 Mixer Driver enabled (pid=0x8214); report any issues to https://github.com/geoffreybennett/scarlett-gen2/issues
[  988.703877][T13909] usb 3-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  988.704076][T13909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.704099][T13909] usb 3-1: Product: syz
[  988.704253][T13909] usb 3-1: Manufacturer: syz
[  988.704269][T13909] usb 3-1: SerialNumber: syz
[  988.790310][ T5791] usb 7-1: Error initialising Scarlett Gen 3 Mixer Driver: -22
[  988.853241][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  988.853311][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  988.990309][ T8109] usb 4-1: USB disconnect, device number 21
[  989.368372][T13909] usb 3-1: interface 1 not found
[  989.401884][T13909] usb 3-1: USB disconnect, device number 14
[  989.467837][ T5791] snd-usb-audio 7-1:1.0: probe with driver snd-usb-audio failed with error -22
[  989.491940][ T5791] usb 7-1: USB disconnect, device number 94
[  989.581515][ T7997] udevd[7997]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  989.848335][ T5791] usb 7-1: new high-speed USB device number 95 using dummy_hcd
[  989.890974][T15396] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  990.070567][T15396] usb 1-1: Using ep0 maxpacket: 8
[  990.125199][T15396] usb 1-1: unable to get BOS descriptor or descriptor too short
[  990.132880][ T5791] usb 7-1: Using ep0 maxpacket: 32
[  990.136729][T15396] usb 1-1: New USB device found, idVendor=0763, idProduct=1033, bcdDevice= 0.40
[  990.136762][T15396] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  990.136785][T15396] usb 1-1: Product: syz
[  990.136802][T15396] usb 1-1: Manufacturer: syz
[  990.136819][T15396] usb 1-1: SerialNumber: syz
[  990.213325][ T5791] usb 7-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  990.213362][ T5791] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  990.213383][ T5791] usb 7-1: Product: syz
[  990.213401][ T5791] usb 7-1: Manufacturer: syz
[  990.213418][ T5791] usb 7-1: SerialNumber: syz
[  990.282699][ T5791] usb 7-1: config 0 descriptor??
[  990.301744][ T5791] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  990.301804][ T5791] dvb-usb: bulk message failed: -22 (2/0)
[  990.387556][T15396] usb 1-1: BAAD HEADPHONE p_chmask mismatch
[  990.390159][ T5791] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  990.390890][ T5791] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  990.390945][ T5791] usb 7-1: media controller created
[  990.498080][ T5791] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  990.548273][T18320] dvb-usb: bulk message failed: -22 (3/0)
[  990.829751][ T5791] usb 7-1: selecting invalid altsetting 7
[  990.829776][ T5791] cxusb: set interface failed
[  990.829792][ T5791] dvb-usb: bulk message failed: -22 (1/0)
[  990.963806][ T8109] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  991.005940][T15396] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  991.108517][ T5791] DVB: Unable to find symbol lgdt330x_attach()
[  991.108538][ T5791] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  991.126352][ T8109] usb 3-1: Using ep0 maxpacket: 8
[  991.144288][ T8109] usb 3-1: unable to get BOS descriptor or descriptor too short
[  991.145582][ T8109] usb 3-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 218, changing to 11
[  991.145622][ T8109] usb 3-1: config 1 interface 0 has no altsetting 0
[  991.200743][ T8109] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= 0.40
[  991.200778][ T8109] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  991.200802][ T8109] usb 3-1: Product: syz
[  991.200818][ T8109] usb 3-1: Manufacturer: syz
[  991.200835][ T8109] usb 3-1: SerialNumber: syz
[  991.416700][T15396] usb 1-1: USB disconnect, device number 14
[  991.454513][ T7997] udevd[7997]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  991.518187][ T5791] rc_core: IR keymap rc-dvico-portable not found
[  991.518211][ T5791] Registered IR keymap rc-empty
[  991.567622][ T5791] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0
[  991.606765][ T5791] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.6/usb7/7-1/rc/rc0/input32
[  991.630056][ T5791] dvb-usb: schedule remote query interval to 100 msecs.
[  991.630084][ T5791] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  991.655597][ T5791] usb 7-1: USB disconnect, device number 95
[  991.694431][T18340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  991.713305][T18340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  991.760928][T13909] dvb-usb: bulk message failed: -22 (1/0)
[  992.460190][T15396] usb 1-1: new low-speed USB device number 15 using dummy_hcd
[  992.664363][T15396] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  992.664396][T15396] usb 1-1: config 179 has no interface number 0
[  992.664535][T15396] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  992.664577][T15396] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8
[  992.664670][T15396] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 65535, setting to 8
[  992.664702][T15396] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  992.664750][T15396] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  992.664838][T15396] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  992.792550][ T5791] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  992.845959][T18361] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  992.846264][T18361] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  993.413128][ T5791] usb 7-1: new high-speed USB device number 96 using dummy_hcd
[  993.748233][ T5791] usb 7-1: unable to get BOS descriptor or descriptor too short
[  993.760007][ T5791] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  993.760038][ T5791] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  993.881907][ T5791] usb 7-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  993.881938][ T5791] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  993.881957][ T5791] usb 7-1: Product: syz
[  993.881970][ T5791] usb 7-1: Manufacturer: syz
[  993.881984][ T5791] usb 7-1: SerialNumber: syz
[  994.301963][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  994.302021][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  994.302105][T15396] usb 1-1: USB disconnect, device number 15
[  994.578337][ T8109] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input33
[  994.624197][ T5791] usb 7-1: interface 1 not found
[  994.770234][ T4963] bcm5974 3-1:1.0: could not read from device
[  994.839496][ T5791] usb 7-1: USB disconnect, device number 96
[  994.869875][ T4963] bcm5974 3-1:1.0: could not read from device
[  994.984203][ T8109] usb 3-1: USB disconnect, device number 15
[  995.299069][T15396] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  995.462716][T15396] usb 4-1: Using ep0 maxpacket: 8
[  995.465214][T15396] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  995.465278][T15396] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  995.465306][T15396] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  995.465335][T15396] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  995.465364][T15396] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  995.465413][T15396] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  995.465440][T15396] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.799247][T15396] usb 4-1: GET_CAPABILITIES returned 0
[  995.799300][T15396] usbtmc 4-1:16.0: can't read capabilities
[  996.036321][T13909] usb 4-1: USB disconnect, device number 22
[  996.957505][T15396] usb 3-1: new low-speed USB device number 16 using dummy_hcd
[  997.146348][T15396] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  997.146381][T15396] usb 3-1: config 179 has no interface number 0
[  997.146442][T15396] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  997.146474][T15396] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8
[  997.146506][T15396] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 65535, setting to 8
[  997.146537][T15396] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  997.146588][T15396] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  997.146615][T15396] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  997.252501][T18419] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  997.252719][T18419] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  997.409019][T13909] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  997.544530][   T10] usb 3-1: USB disconnect, device number 16
[  997.544530][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  997.544676][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  997.595899][T13909] usb 4-1: unable to get BOS descriptor or descriptor too short
[  997.604906][T13909] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  997.604999][T13909] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  997.668180][T13909] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  997.668217][T13909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  997.668241][T13909] usb 4-1: Product: syz
[  997.668258][T13909] usb 4-1: Manufacturer: syz
[  997.668275][T13909] usb 4-1: SerialNumber: syz
[  997.909098][T18438] FAULT_INJECTION: forcing a failure.
[  997.909098][T18438] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  997.909148][T18438] CPU: 1 UID: 0 PID: 18438 Comm: syz.6.3988 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  997.909181][T18438] Tainted: [L]=SOFTLOCKUP
[  997.909191][T18438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  997.909206][T18438] Call Trace:
[  997.909215][T18438]  <TASK>
[  997.909225][T18438]  dump_stack_lvl+0xe8/0x150
[  997.909265][T18438]  should_fail_ex+0x46b/0x600
[  997.909295][T18438]  _copy_from_user+0x2d/0xb0
[  997.909343][T18438]  ___sys_sendmsg+0x1c6/0x360
[  997.909382][T18438]  ? __lock_acquire+0x6b5/0x2d10
[  997.909412][T18438]  ? __pfx____sys_sendmsg+0x10/0x10
[  997.909477][T18438]  ? __fget_files+0x2a/0x420
[  997.909517][T18438]  ? __fget_files+0x3a6/0x420
[  997.909556][T18438]  __x64_sys_sendmsg+0x1c3/0x2a0
[  997.909594][T18438]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  997.909640][T18438]  ? __pfx_ksys_write+0x10/0x10
[  997.909686][T18438]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  997.909714][T18438]  do_syscall_64+0x174/0x580
[  997.909751][T18438]  ? trace_irq_disable+0x3b/0x140
[  997.909777][T18438]  ? clear_bhb_loop+0x40/0x90
[  997.909808][T18438]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  997.909828][T18438] RIP: 0033:0x7f6f988ace59
[  997.909862][T18438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  997.909883][T18438] RSP: 002b:00007f6f96afe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  997.909910][T18438] RAX: ffffffffffffffda RBX: 00007f6f98b25fa0 RCX: 00007f6f988ace59
[  997.909928][T18438] RDX: 0000000000000004 RSI: 0000200000000300 RDI: 0000000000000003
[  997.909943][T18438] RBP: 00007f6f96afe090 R08: 0000000000000000 R09: 0000000000000000
[  997.909958][T18438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  997.909977][T18438] R13: 00007f6f98b26038 R14: 00007f6f98b25fa0 R15: 00007ffe9635aaa8
[  997.910002][T18438]  </TASK>
[  998.212602][T13909] usb 4-1: USB disconnect, device number 23
[  998.770197][T18450] FAULT_INJECTION: forcing a failure.
[  998.770197][T18450] name failslab, interval 1, probability 0, space 0, times 0
[  998.770239][T18450] CPU: 1 UID: 0 PID: 18450 Comm: syz.2.3990 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  998.770272][T18450] Tainted: [L]=SOFTLOCKUP
[  998.770281][T18450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  998.770295][T18450] Call Trace:
[  998.770305][T18450]  <TASK>
[  998.770315][T18450]  dump_stack_lvl+0xe8/0x150
[  998.770350][T18450]  should_fail_ex+0x46b/0x600
[  998.770401][T18450]  should_failslab+0xa8/0x100
[  998.770434][T18450]  kmem_cache_alloc_lru_noprof+0x8b/0x680
[  998.770464][T18450]  ? alloc_inode+0xb8/0x1b0
[  998.770494][T18450]  alloc_inode+0xb8/0x1b0
[  998.770521][T18450]  path_from_stashed+0x200/0x5c0
[  998.770561][T18450]  pidfs_alloc_file+0x102/0x290
[  998.770591][T18450]  ? __pfx_pidfs_alloc_file+0x10/0x10
[  998.770630][T18450]  pidfd_prepare+0x124/0x1b0
[  998.770668][T18450]  __se_sys_pidfd_open+0xd5/0x260
[  998.770696][T18450]  ? __pfx___se_sys_pidfd_open+0x10/0x10
[  998.770732][T18450]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  998.770758][T18450]  do_syscall_64+0x174/0x580
[  998.770794][T18450]  ? trace_irq_disable+0x3b/0x140
[  998.770823][T18450]  ? clear_bhb_loop+0x40/0x90
[  998.770851][T18450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  998.770875][T18450] RIP: 0033:0x7f1fe174ce59
[  998.770896][T18450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  998.770916][T18450] RSP: 002b:00007f1fdf97d018 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2
[  998.770940][T18450] RAX: ffffffffffffffda RBX: 00007f1fe19c6090 RCX: 00007f1fe174ce59
[  998.770957][T18450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000027
[  998.770972][T18450] RBP: 00007f1fdf97d090 R08: 0000000000000000 R09: 0000000000000000
[  998.770987][T18450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  998.771002][T18450] R13: 00007f1fe19c6128 R14: 00007f1fe19c6090 R15: 00007ffd26c0d348
[  998.771036][T18450]  </TASK>
[  999.130208][ T1341] ieee802154 phy1 wpan1: encryption failed: -22
[  999.466972][T18462] FAULT_INJECTION: forcing a failure.
[  999.466972][T18462] name failslab, interval 1, probability 0, space 0, times 0
[  999.467015][T18462] CPU: 1 UID: 0 PID: 18462 Comm: syz.0.3992 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  999.467049][T18462] Tainted: [L]=SOFTLOCKUP
[  999.467058][T18462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  999.467073][T18462] Call Trace:
[  999.467083][T18462]  <TASK>
[  999.467093][T18462]  dump_stack_lvl+0xe8/0x150
[  999.467127][T18462]  should_fail_ex+0x46b/0x600
[  999.467174][T18462]  should_failslab+0xa8/0x100
[  999.467207][T18462]  __kmalloc_noprof+0xdf/0x7b0
[  999.467234][T18462]  ? kfree+0x4d/0x6c0
[  999.467257][T18462]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  999.467293][T18462]  tomoyo_realpath_from_path+0xe3/0x5d0
[  999.467332][T18462]  ? tomoyo_domain+0xd7/0x130
[  999.467366][T18462]  ? tomoyo_path_number_perm+0x219/0x630
[  999.467403][T18462]  tomoyo_path_number_perm+0x246/0x630
[  999.467442][T18462]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  999.467478][T18462]  ? __lock_acquire+0x6b5/0x2d10
[  999.467508][T18462]  ? do_raw_spin_lock+0x12b/0x2f0
[  999.467564][T18462]  ? __fget_files+0x2a/0x420
[  999.467595][T18462]  ? __fget_files+0x2a/0x420
[  999.467623][T18462]  ? __fget_files+0x3a6/0x420
[  999.467649][T18462]  ? __fget_files+0x2a/0x420
[  999.467681][T18462]  security_file_ioctl+0xc3/0x2a0
[  999.467715][T18462]  __se_sys_ioctl+0x47/0x170
[  999.467750][T18462]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  999.467775][T18462]  do_syscall_64+0x174/0x580
[  999.467810][T18462]  ? trace_irq_disable+0x3b/0x140
[  999.467838][T18462]  ? clear_bhb_loop+0x40/0x90
[  999.467867][T18462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  999.467892][T18462] RIP: 0033:0x7f4878d4ce59
[  999.467914][T18462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  999.467935][T18462] RSP: 002b:00007f4876fa6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  999.467961][T18462] RAX: ffffffffffffffda RBX: 00007f4878fc5fa0 RCX: 00007f4878d4ce59
[  999.467978][T18462] RDX: 0000200000000080 RSI: 00000000c0285628 RDI: 0000000000000003
[  999.467995][T18462] RBP: 00007f4876fa6090 R08: 0000000000000000 R09: 0000000000000000
[  999.468010][T18462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  999.468025][T18462] R13: 00007f4878fc6038 R14: 00007f4878fc5fa0 R15: 00007fffdd030808
[  999.468061][T18462]  </TASK>
[  999.569164][T18462] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1000.296203][   T10] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[ 1000.361533][T18474] FAULT_INJECTION: forcing a failure.
[ 1000.361533][T18474] name failslab, interval 1, probability 0, space 0, times 0
[ 1000.361577][T18474] CPU: 1 UID: 0 PID: 18474 Comm: syz.0.3994 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1000.361609][T18474] Tainted: [L]=SOFTLOCKUP
[ 1000.361618][T18474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1000.361632][T18474] Call Trace:
[ 1000.361642][T18474]  <TASK>
[ 1000.361653][T18474]  dump_stack_lvl+0xe8/0x150
[ 1000.361688][T18474]  should_fail_ex+0x46b/0x600
[ 1000.361729][T18474]  should_failslab+0xa8/0x100
[ 1000.361763][T18474]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[ 1000.361792][T18474]  ? __alloc_skb+0x1d0/0x7d0
[ 1000.361822][T18474]  ? __pfx_tcp_current_mss+0x10/0x10
[ 1000.361855][T18474]  __alloc_skb+0x1d0/0x7d0
[ 1000.361893][T18474]  tcp_stream_alloc_skb+0x3f/0x5c0
[ 1000.361931][T18474]  tcp_sendmsg_locked+0x134b/0x5370
[ 1000.361971][T18474]  ? rt_spin_lock+0x1e0/0x400
[ 1000.362048][T18474]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 1000.362112][T18474]  ? __local_bh_enable_ip+0x1ae/0x2b0
[ 1000.362146][T18474]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1000.362186][T18474]  tcp_sendmsg+0x2f/0x50
[ 1000.362219][T18474]  ? __pfx_inet6_sendmsg+0x10/0x10
[ 1000.362245][T18474]  sock_sendmsg_nosec+0x90/0x180
[ 1000.362275][T18474]  sock_write_iter+0x308/0x410
[ 1000.362305][T18474]  ? __pfx_sock_write_iter+0x10/0x10
[ 1000.362351][T18474]  vfs_write+0x629/0xba0
[ 1000.362392][T18474]  ? __pfx_vfs_write+0x10/0x10
[ 1000.362436][T18474]  ? __fget_files+0x2a/0x420
[ 1000.362474][T18474]  ksys_write+0x156/0x270
[ 1000.362509][T18474]  ? __pfx_ksys_write+0x10/0x10
[ 1000.362551][T18474]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1000.362578][T18474]  do_syscall_64+0x174/0x580
[ 1000.362617][T18474]  ? clear_bhb_loop+0x40/0x90
[ 1000.362646][T18474]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1000.362670][T18474] RIP: 0033:0x7f4878d4ce59
[ 1000.362692][T18474] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1000.362712][T18474] RSP: 002b:00007f4876f64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1000.362737][T18474] RAX: ffffffffffffffda RBX: 00007f4878fc6180 RCX: 00007f4878d4ce59
[ 1000.362754][T18474] RDX: 00000000fffffd9d RSI: 0000200000000200 RDI: 0000000000000003
[ 1000.362770][T18474] RBP: 00007f4876f64090 R08: 0000000000000000 R09: 0000000000000000
[ 1000.362785][T18474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1000.362799][T18474] R13: 00007f4878fc6218 R14: 00007f4878fc6180 R15: 00007fffdd030808
[ 1000.362836][T18474]  </TASK>
[ 1000.858624][   T10] usb 3-1: Using ep0 maxpacket: 8
[ 1001.004489][   T10] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[ 1001.004555][   T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1001.004581][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1001.004609][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1001.004637][   T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1001.004683][   T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1001.004710][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1001.015737][T18470] syz.0.3994 (18470) used greatest stack depth: 18592 bytes left
[ 1001.330190][   T10] usb 3-1: GET_CAPABILITIES returned 0
[ 1001.330242][   T10] usbtmc 3-1:16.0: can't read capabilities
[ 1001.437043][ T5791] usb 7-1: new full-speed USB device number 97 using dummy_hcd
[ 1001.602057][   T10] usb 3-1: USB disconnect, device number 17
[ 1001.667919][ T5791] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[ 1001.667970][ T5791] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1001.667993][ T5791] usb 7-1: config 0 has no interface number 0
[ 1001.668040][ T5791] usb 7-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1001.670211][ T5791] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1001.670242][ T5791] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1001.670266][ T5791] usb 7-1: Product: syz
[ 1001.670283][ T5791] usb 7-1: SerialNumber: syz
[ 1001.865098][ T5791] usb 7-1: config 0 descriptor??
[ 1001.945602][ T5791] usbhid 7-1:0.8: couldn't find an input interrupt endpoint
[ 1003.799533][T18489] FAULT_INJECTION: forcing a failure.
[ 1003.799533][T18489] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1003.799581][T18489] CPU: 1 UID: 0 PID: 18489 Comm: syz.3.3998 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1003.799614][T18489] Tainted: [L]=SOFTLOCKUP
[ 1003.799623][T18489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1003.799638][T18489] Call Trace:
[ 1003.799648][T18489]  <TASK>
[ 1003.799659][T18489]  dump_stack_lvl+0xe8/0x150
[ 1003.799695][T18489]  should_fail_ex+0x46b/0x600
[ 1003.799736][T18489]  copy_fpstate_to_sigframe+0xaab/0xd60
[ 1003.799776][T18489]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[ 1003.799809][T18489]  ? rt_spin_lock+0x1e0/0x400
[ 1003.799839][T18489]  ? rt_spin_lock+0x1e0/0x400
[ 1003.799879][T18489]  ? fpu__alloc_mathframe+0xac/0x130
[ 1003.799907][T18489]  get_sigframe+0x5f7/0x820
[ 1003.799989][T18489]  ? __pfx_get_sigframe+0x10/0x10
[ 1003.800015][T18489]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[ 1003.800044][T18489]  ? reacquire_held_locks+0x104/0x190
[ 1003.800085][T18489]  x64_setup_rt_frame+0x160/0xcb0
[ 1003.800110][T18489]  ? rt_spin_unlock+0x14f/0x200
[ 1003.800143][T18489]  ? rt_spin_unlock+0x160/0x200
[ 1003.800175][T18489]  ? get_signal+0x114f/0x1330
[ 1003.800217][T18489]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 1003.800253][T18489]  arch_do_signal_or_restart+0x442/0x840
[ 1003.800282][T18489]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1003.800313][T18489]  ? ksys_write+0x248/0x270
[ 1003.800357][T18489]  exit_to_user_mode_loop+0xa9/0x680
[ 1003.800385][T18489]  ? rcu_is_watching+0x15/0xb0
[ 1003.800418][T18489]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1003.800446][T18489]  do_syscall_64+0x353/0x580
[ 1003.800484][T18489]  ? clear_bhb_loop+0x40/0x90
[ 1003.800514][T18489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1003.800538][T18489] RIP: 0033:0x7efc8bafd68e
[ 1003.800562][T18489] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1003.800582][T18489] RSP: 002b:00007efc89d6cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1003.800606][T18489] RAX: 0000000000000001 RBX: 00007efc89d6d6c0 RCX: 00007efc8bafd68e
[ 1003.800622][T18489] RDX: 0000000000000001 RSI: 00007efc89d6d090 RDI: 0000000000000004
[ 1003.800633][T18489] RBP: 00007efc89d6d090 R08: 0000000000000000 R09: 0000000000000000
[ 1003.800644][T18489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1003.800655][T18489] R13: 00007efc8bdb6128 R14: 00007efc8bdb6090 R15: 00007ffdad4355a8
[ 1003.800681][T18489]  </TASK>
[ 1004.554218][T18494] FAULT_INJECTION: forcing a failure.
[ 1004.554218][T18494] name failslab, interval 1, probability 0, space 0, times 0
[ 1004.554253][T18494] CPU: 0 UID: 0 PID: 18494 Comm: syz.2.4001 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1004.554279][T18494] Tainted: [L]=SOFTLOCKUP
[ 1004.554286][T18494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1004.554307][T18494] Call Trace:
[ 1004.554314][T18494]  <TASK>
[ 1004.554323][T18494]  dump_stack_lvl+0xe8/0x150
[ 1004.554352][T18494]  should_fail_ex+0x46b/0x600
[ 1004.554384][T18494]  should_failslab+0xa8/0x100
[ 1004.554410][T18494]  __kvmalloc_node_noprof+0x170/0x8e0
[ 1004.554436][T18494]  ? file_tty_write+0x2ec/0xa10
[ 1004.554456][T18494]  ? _mutex_trylock_nest_lock+0x128/0x180
[ 1004.554484][T18494]  file_tty_write+0x2ec/0xa10
[ 1004.554511][T18494]  do_iter_readv_writev+0x62b/0x8d0
[ 1004.554541][T18494]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1004.554575][T18494]  ? rw_verify_area+0x25b/0x4e0
[ 1004.554602][T18494]  vfs_writev+0x345/0x9a0
[ 1004.554629][T18494]  ? __pfx_vfs_writev+0x10/0x10
[ 1004.554660][T18494]  ? __fget_files+0x2a/0x420
[ 1004.554685][T18494]  ? __fget_files+0x3a6/0x420
[ 1004.554705][T18494]  ? __fget_files+0x2a/0x420
[ 1004.554733][T18494]  do_writev+0x15a/0x2e0
[ 1004.554754][T18494]  ? __pfx_do_writev+0x10/0x10
[ 1004.554779][T18494]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1004.554877][T18494]  do_syscall_64+0x174/0x580
[ 1004.554924][T18494]  ? clear_bhb_loop+0x40/0x90
[ 1004.554951][T18494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1004.554972][T18494] RIP: 0033:0x7f1fe174ce59
[ 1004.554991][T18494] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1004.555008][T18494] RSP: 002b:00007f1fdf99e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[ 1004.555028][T18494] RAX: ffffffffffffffda RBX: 00007f1fe19c5fa0 RCX: 00007f1fe174ce59
[ 1004.555042][T18494] RDX: 0000000000000001 RSI: 0000200000001900 RDI: 0000000000000003
[ 1004.555054][T18494] RBP: 00007f1fdf99e090 R08: 0000000000000000 R09: 0000000000000000
[ 1004.555070][T18494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1004.555081][T18494] R13: 00007f1fe19c6038 R14: 00007f1fe19c5fa0 R15: 00007ffd26c0d348
[ 1004.555109][T18494]  </TASK>
[ 1005.228190][T15396] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[ 1005.298490][T18498] FAULT_INJECTION: forcing a failure.
[ 1005.298490][T18498] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1005.298532][T18498] CPU: 0 UID: 0 PID: 18498 Comm: syz.2.4002 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1005.298564][T18498] Tainted: [L]=SOFTLOCKUP
[ 1005.298573][T18498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1005.298588][T18498] Call Trace:
[ 1005.298597][T18498]  <TASK>
[ 1005.298607][T18498]  dump_stack_lvl+0xe8/0x150
[ 1005.298642][T18498]  should_fail_ex+0x46b/0x600
[ 1005.298683][T18498]  _copy_from_user+0x2d/0xb0
[ 1005.298712][T18498]  ___sys_sendmsg+0x1c6/0x360
[ 1005.298748][T18498]  ? __lock_acquire+0x6b5/0x2d10
[ 1005.298781][T18498]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1005.298852][T18498]  ? __fget_files+0x2a/0x420
[ 1005.298880][T18498]  ? __fget_files+0x3a6/0x420
[ 1005.298918][T18498]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1005.298958][T18498]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1005.299004][T18498]  ? __pfx_ksys_write+0x10/0x10
[ 1005.299046][T18498]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1005.299071][T18498]  do_syscall_64+0x174/0x580
[ 1005.299107][T18498]  ? trace_irq_disable+0x3b/0x140
[ 1005.299133][T18498]  ? clear_bhb_loop+0x40/0x90
[ 1005.299162][T18498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1005.299186][T18498] RIP: 0033:0x7f1fe174ce59
[ 1005.299207][T18498] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1005.299227][T18498] RSP: 002b:00007f1fdf99e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1005.299256][T18498] RAX: ffffffffffffffda RBX: 00007f1fe19c5fa0 RCX: 00007f1fe174ce59
[ 1005.299273][T18498] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1005.299289][T18498] RBP: 00007f1fdf99e090 R08: 0000000000000000 R09: 0000000000000000
[ 1005.299305][T18498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1005.299320][T18498] R13: 00007f1fe19c6038 R14: 00007f1fe19c5fa0 R15: 00007ffd26c0d348
[ 1005.299369][T18498]  </TASK>
[ 1005.462813][T15396] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1005.462854][T15396] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1005.462899][T15396] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[ 1005.462931][T15396] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[ 1005.720027][T15396] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1005.720061][T15396] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1005.720083][T15396] usb 4-1: Product: syz
[ 1005.720098][T15396] usb 4-1: Manufacturer: syz
[ 1005.720113][T15396] usb 4-1: SerialNumber: syz
[ 1005.964368][T18493] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1006.201275][T18493] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1006.201413][T18493] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1006.524419][T18473] syz.6.3995 (18473): drop_caches: 2
[ 1006.633979][    T9] usb 7-1: USB disconnect, device number 97
[ 1007.080196][T18506] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4000'.
[ 1007.080224][T18506] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4000'.
[ 1007.080245][T18506] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4000'.
[ 1007.389890][T18493] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1007.390035][T18493] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1007.639794][T18493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1007.640484][T18493] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1007.653271][T15396] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[ 1007.653313][T15396] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[ 1007.653337][T15396] cdc_ncm 4-1:1.0: setting rx_max = 2048
[ 1007.747702][T18511] sg_write: data in/out 452572/230 bytes for SCSI command 0x0-- guessing data in;
[ 1007.747702][T18511]    program syz.2.4006 not setting count and/or reply_len properly
[ 1007.901662][T18513] FAULT_INJECTION: forcing a failure.
[ 1007.901662][T18513] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1007.902192][T18513] CPU: 1 UID: 0 PID: 18513 Comm: syz.2.4008 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1007.902224][T18513] Tainted: [L]=SOFTLOCKUP
[ 1007.902232][T18513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1007.902244][T18513] Call Trace:
[ 1007.902252][T18513]  <TASK>
[ 1007.902264][T18513]  dump_stack_lvl+0xe8/0x150
[ 1007.902299][T18513]  should_fail_ex+0x46b/0x600
[ 1007.902333][T18513]  _copy_from_iter+0x1d3/0x1670
[ 1007.902356][T18513]  ? __lock_acquire+0x6b5/0x2d10
[ 1007.902391][T18513]  ? __pfx__copy_from_iter+0x10/0x10
[ 1007.902422][T18513]  tun_get_user+0x267/0x4450
[ 1007.902461][T18513]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[ 1007.902483][T18513]  ? reacquire_held_locks+0x80/0x190
[ 1007.902508][T18513]  ? rt_spin_lock+0x1e0/0x400
[ 1007.902532][T18513]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1007.902555][T18513]  ? __pfx_tun_get_user+0x10/0x10
[ 1007.902582][T18513]  ? rt_spin_unlock+0x14f/0x200
[ 1007.902619][T18513]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1007.902647][T18513]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1007.902675][T18513]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1007.902716][T18513]  ? tun_get+0x1c/0x2f0
[ 1007.902747][T18513]  tun_chr_write_iter+0x119/0x210
[ 1007.902778][T18513]  vfs_write+0x629/0xba0
[ 1007.902810][T18513]  ? __pfx_vfs_write+0x10/0x10
[ 1007.902844][T18513]  ? __fget_files+0x2a/0x420
[ 1007.902875][T18513]  ksys_write+0x156/0x270
[ 1007.902903][T18513]  ? __pfx_ksys_write+0x10/0x10
[ 1007.902936][T18513]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.902956][T18513]  do_syscall_64+0x174/0x580
[ 1007.902989][T18513]  ? clear_bhb_loop+0x40/0x90
[ 1007.903012][T18513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1007.903034][T18513] RIP: 0033:0x7f1fe174ce59
[ 1007.903057][T18513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1007.903074][T18513] RSP: 002b:00007f1fdf99e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1007.903094][T18513] RAX: ffffffffffffffda RBX: 00007f1fe19c5fa0 RCX: 00007f1fe174ce59
[ 1007.903108][T18513] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000003
[ 1007.903121][T18513] RBP: 00007f1fdf99e090 R08: 0000000000000000 R09: 0000000000000000
[ 1007.903133][T18513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1007.903144][T18513] R13: 00007f1fe19c6038 R14: 00007f1fe19c5fa0 R15: 00007ffd26c0d348
[ 1007.903173][T18513]  </TASK>
[ 1008.651456][ T8109] usb 7-1: new high-speed USB device number 98 using dummy_hcd
[ 1008.849555][ T8109] usb 7-1: Using ep0 maxpacket: 8
[ 1008.995432][ T8109] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1008.995643][ T8109] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1008.995670][ T8109] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1008.995755][ T8109] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1008.995782][ T8109] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1008.995827][ T8109] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1008.995920][ T8109] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1009.423846][ T8109] usb 7-1: GET_CAPABILITIES returned 0
[ 1009.423962][ T8109] usbtmc 7-1:16.0: can't read capabilities
[ 1009.855095][ T8109] usb 7-1: USB disconnect, device number 98
[ 1011.126838][T18528] sg_write: data in/out 419804/102 bytes for SCSI command 0x0-- guessing data in;
[ 1011.126838][T18528]    program syz.6.4011 not setting count and/or reply_len properly
[ 1011.250694][T18530] FAULT_INJECTION: forcing a failure.
[ 1011.250694][T18530] name failslab, interval 1, probability 0, space 0, times 0
[ 1011.250736][T18530] CPU: 0 UID: 0 PID: 18530 Comm: syz.2.4012 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1011.250769][T18530] Tainted: [L]=SOFTLOCKUP
[ 1011.250778][T18530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1011.250794][T18530] Call Trace:
[ 1011.250803][T18530]  <TASK>
[ 1011.250814][T18530]  dump_stack_lvl+0xe8/0x150
[ 1011.250849][T18530]  should_fail_ex+0x46b/0x600
[ 1011.250892][T18530]  should_failslab+0xa8/0x100
[ 1011.250925][T18530]  __kmalloc_noprof+0xdf/0x7b0
[ 1011.250953][T18530]  ? kfree+0x4d/0x6c0
[ 1011.250976][T18530]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1011.251013][T18530]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1011.251044][T18530]  ? tomoyo_domain+0xd7/0x130
[ 1011.251079][T18530]  ? tomoyo_path_number_perm+0x219/0x630
[ 1011.251118][T18530]  tomoyo_path_number_perm+0x246/0x630
[ 1011.251157][T18530]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1011.251195][T18530]  ? __lock_acquire+0x6b5/0x2d10
[ 1011.251227][T18530]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1011.251293][T18530]  ? __fget_files+0x2a/0x420
[ 1011.251324][T18530]  ? __fget_files+0x2a/0x420
[ 1011.251351][T18530]  ? __fget_files+0x3a6/0x420
[ 1011.251383][T18530]  ? __fget_files+0x2a/0x420
[ 1011.251416][T18530]  security_file_ioctl+0xc3/0x2a0
[ 1011.251452][T18530]  __se_sys_ioctl+0x47/0x170
[ 1011.251486][T18530]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.251513][T18530]  do_syscall_64+0x174/0x580
[ 1011.251548][T18530]  ? trace_irq_disable+0x3b/0x140
[ 1011.251577][T18530]  ? clear_bhb_loop+0x40/0x90
[ 1011.251607][T18530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.251638][T18530] RIP: 0033:0x7f1fe174ce59
[ 1011.251661][T18530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1011.251683][T18530] RSP: 002b:00007f1fdf99e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1011.251710][T18530] RAX: ffffffffffffffda RBX: 00007f1fe19c5fa0 RCX: 00007f1fe174ce59
[ 1011.251729][T18530] RDX: 00002000000000c0 RSI: 00000000c0303e03 RDI: 0000000000000007
[ 1011.251745][T18530] RBP: 00007f1fdf99e090 R08: 0000000000000000 R09: 0000000000000000
[ 1011.251761][T18530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1011.251775][T18530] R13: 00007f1fe19c6038 R14: 00007f1fe19c5fa0 R15: 00007ffd26c0d348
[ 1011.251812][T18530]  </TASK>
[ 1011.317712][T18530] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1011.639647][ T5791] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[ 1013.093621][T15396] cdc_ncm 4-1:1.0: setting tx_max = 16384
[ 1013.199060][ T5791] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1013.816239][T15396] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[ 1013.819127][ T5791] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[ 1014.025625][T15396] usb 4-1: USB disconnect, device number 24
[ 1014.080332][T15396] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[ 1014.092388][ T5791] usb 3-1: Using ep0 maxpacket: 32
[ 1014.094955][ T5791] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[ 1014.094992][ T5791] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024
[ 1014.097992][ T5791] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1014.098024][ T5791] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 1014.098048][ T5791] usb 3-1: Product: syz
[ 1014.098065][ T5791] usb 3-1: Manufacturer: syz
[ 1014.188016][ T5791] hub 3-1:4.0: USB hub found
[ 1014.622684][ T5623] usb 7-1: new high-speed USB device number 99 using dummy_hcd
[ 1014.789016][ T5623] usb 7-1: Using ep0 maxpacket: 8
[ 1014.794353][ T5623] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1014.794415][ T5623] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1014.794443][ T5623] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1014.794472][ T5623] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1014.794500][ T5623] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1014.794545][ T5623] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1014.794591][ T5623] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1014.896718][T18562] sg_write: data in/out 419804/102 bytes for SCSI command 0x0-- guessing data in;
[ 1014.896718][T18562]    program syz.3.4021 not setting count and/or reply_len properly
[ 1014.953356][ T5791] hub 3-1:4.0: config failed, can't read hub descriptor (err -22)
[ 1015.135287][ T5791] usb 3-1: USB disconnect, device number 18
[ 1015.277073][ T5623] usb 7-1: GET_CAPABILITIES returned 0
[ 1015.277118][ T5623] usbtmc 7-1:16.0: can't read capabilities
[ 1015.495697][ T5791] usb 7-1: USB disconnect, device number 99
[ 1016.342243][T18578] fuse: blksize only supported for fuseblk
[ 1016.344157][T18578] sg_write: data in/out 327645/881 bytes for SCSI command 0x0-- guessing data in;
[ 1016.344157][T18578]    program syz.2.4027 not setting count and/or reply_len properly
[ 1016.964251][T18601] FAULT_INJECTION: forcing a failure.
[ 1016.964251][T18601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1016.964292][T18601] CPU: 0 UID: 0 PID: 18601 Comm: syz.0.4034 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1016.964324][T18601] Tainted: [L]=SOFTLOCKUP
[ 1016.964334][T18601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1016.964350][T18601] Call Trace:
[ 1016.964359][T18601]  <TASK>
[ 1016.964370][T18601]  dump_stack_lvl+0xe8/0x150
[ 1016.964406][T18601]  should_fail_ex+0x46b/0x600
[ 1016.964449][T18601]  _copy_from_user+0x2d/0xb0
[ 1016.964478][T18601]  ___sys_sendmsg+0x1c6/0x360
[ 1016.964515][T18601]  ? __lock_acquire+0x6b5/0x2d10
[ 1016.964549][T18601]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1016.964623][T18601]  ? __fget_files+0x2a/0x420
[ 1016.964651][T18601]  ? __fget_files+0x3a6/0x420
[ 1016.964691][T18601]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1016.964735][T18601]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1016.964783][T18601]  ? __pfx_ksys_write+0x10/0x10
[ 1016.964825][T18601]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.964851][T18601]  do_syscall_64+0x174/0x580
[ 1016.964887][T18601]  ? trace_irq_disable+0x3b/0x140
[ 1016.964915][T18601]  ? clear_bhb_loop+0x40/0x90
[ 1016.964943][T18601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1016.964968][T18601] RIP: 0033:0x7f4878d4ce59
[ 1016.964989][T18601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1016.965010][T18601] RSP: 002b:00007f4876fa6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1016.965036][T18601] RAX: ffffffffffffffda RBX: 00007f4878fc5fa0 RCX: 00007f4878d4ce59
[ 1016.965054][T18601] RDX: 0000000000000010 RSI: 00002000000007c0 RDI: 0000000000000004
[ 1016.965070][T18601] RBP: 00007f4876fa6090 R08: 0000000000000000 R09: 0000000000000000
[ 1016.965086][T18601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1016.965100][T18601] R13: 00007f4878fc6038 R14: 00007f4878fc5fa0 R15: 00007fffdd030808
[ 1016.965136][T18601]  </TASK>
[ 1017.007083][T15396] usb 7-1: new high-speed USB device number 100 using dummy_hcd
[ 1017.228869][T15396] usb 7-1: Using ep0 maxpacket: 8
[ 1017.251859][T15396] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1017.251904][T15396] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1017.251924][T15396] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[ 1017.251941][T15396] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[ 1017.251959][T15396] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1017.251990][T15396] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1017.252008][T15396] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1017.354078][ T5791] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[ 1017.473491][T18607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1017.474402][T18607] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1017.504769][T15396] usbtmc 7-1:16.0: probe with driver usbtmc failed with error -22
[ 1017.538646][ T5791] usb 3-1: Using ep0 maxpacket: 16
[ 1017.541893][ T5791] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1017.541924][ T5791] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1017.545922][ T5791] usb 3-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice= 0.40
[ 1017.545957][ T5791] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1017.545982][ T5791] usb 3-1: Product: syz
[ 1017.545999][ T5791] usb 3-1: Manufacturer: syz
[ 1017.546017][ T5791] usb 3-1: SerialNumber: syz
[ 1017.679063][T13909] usb 1-1: new low-speed USB device number 16 using dummy_hcd
[ 1017.722313][T15396] usb 7-1: USB disconnect, device number 100
[ 1017.890454][T13909] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1017.890522][T13909] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1017.890576][T13909] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6
[ 1017.890606][T13909] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 26984, setting to 8
[ 1017.890654][T13909] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1017.890679][T13909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1018.004724][T18605] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1018.018585][T13909] hub 1-1:1.0: bad descriptor, ignoring hub
[ 1018.018622][T13909] hub 1-1:1.0: probe with driver hub failed with error -5
[ 1018.021331][T13909] cdc_wdm 1-1:1.0: skipping garbage
[ 1018.021350][T13909] cdc_wdm 1-1:1.0: skipping garbage
[ 1018.021434][T13909] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[ 1018.025659][ T5791] usb 3-1: 2:0: failed to get current value for ch 0 (-71)
[ 1018.058311][ T5791] usb 3-1: unit 0 not found!
[ 1018.154555][ T5791] usb 3-1: USB disconnect, device number 19
[ 1018.300494][T18613] FAULT_INJECTION: forcing a failure.
[ 1018.300494][T18613] name failslab, interval 1, probability 0, space 0, times 0
[ 1018.300537][T18613] CPU: 0 UID: 0 PID: 18613 Comm: syz.3.4037 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1018.300569][T18613] Tainted: [L]=SOFTLOCKUP
[ 1018.300578][T18613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1018.300592][T18613] Call Trace:
[ 1018.300602][T18613]  <TASK>
[ 1018.300612][T18613]  dump_stack_lvl+0xe8/0x150
[ 1018.300647][T18613]  should_fail_ex+0x46b/0x600
[ 1018.300688][T18613]  should_failslab+0xa8/0x100
[ 1018.300720][T18613]  __kmalloc_noprof+0xdf/0x7b0
[ 1018.300747][T18613]  ? kfree+0x4d/0x6c0
[ 1018.300771][T18613]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1018.300807][T18613]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1018.300837][T18613]  ? tomoyo_domain+0xd7/0x130
[ 1018.300876][T18613]  ? tomoyo_path_number_perm+0x219/0x630
[ 1018.300915][T18613]  tomoyo_path_number_perm+0x246/0x630
[ 1018.300954][T18613]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1018.300994][T18613]  ? __lock_acquire+0x6b5/0x2d10
[ 1018.301025][T18613]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1018.301084][T18613]  ? __fget_files+0x2a/0x420
[ 1018.301115][T18613]  ? __fget_files+0x2a/0x420
[ 1018.301141][T18613]  ? __fget_files+0x3a6/0x420
[ 1018.301167][T18613]  ? __fget_files+0x2a/0x420
[ 1018.301200][T18613]  security_file_ioctl+0xc3/0x2a0
[ 1018.301235][T18613]  __se_sys_ioctl+0x47/0x170
[ 1018.301269][T18613]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1018.301295][T18613]  do_syscall_64+0x174/0x580
[ 1018.301329][T18613]  ? trace_irq_disable+0x3b/0x140
[ 1018.301362][T18613]  ? clear_bhb_loop+0x40/0x90
[ 1018.301391][T18613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1018.301422][T18613] RIP: 0033:0x7efc8bb3ce59
[ 1018.301444][T18613] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1018.301465][T18613] RSP: 002b:00007efc89d8e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1018.301489][T18613] RAX: ffffffffffffffda RBX: 00007efc8bdb5fa0 RCX: 00007efc8bb3ce59
[ 1018.301507][T18613] RDX: 0000200000000040 RSI: 00000000c008561c RDI: 0000000000000003
[ 1018.301523][T18613] RBP: 00007efc89d8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1018.301538][T18613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1018.301552][T18613] R13: 00007efc8bdb6038 R14: 00007efc8bdb5fa0 R15: 00007ffdad4355a8
[ 1018.301594][T18613]  </TASK>
[ 1018.304851][T18613] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1018.440540][T13909] usb 1-1: USB disconnect, device number 16
[ 1018.879509][T14025] udevd[14025]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1018.936120][T18618] fuse: blksize only supported for fuseblk
[ 1019.297240][T18628] FAULT_INJECTION: forcing a failure.
[ 1019.297240][T18628] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1019.297287][T18628] CPU: 0 UID: 0 PID: 18628 Comm: syz.2.4044 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1019.297323][T18628] Tainted: [L]=SOFTLOCKUP
[ 1019.297333][T18628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1019.297351][T18628] Call Trace:
[ 1019.297361][T18628]  <TASK>
[ 1019.297372][T18628]  dump_stack_lvl+0xe8/0x150
[ 1019.297410][T18628]  should_fail_ex+0x46b/0x600
[ 1019.297457][T18628]  _copy_from_user+0x2d/0xb0
[ 1019.297489][T18628]  ___sys_recvmsg+0x175/0x590
[ 1019.297514][T18628]  ? get_pid_task+0x20/0x1f0
[ 1019.297541][T18628]  ? get_pid_task+0x20/0x1f0
[ 1019.297574][T18628]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1019.297606][T18628]  ? __fget_files+0x2a/0x420
[ 1019.297658][T18628]  ? __fget_files+0x3a6/0x420
[ 1019.297700][T18628]  __x64_sys_recvmsg+0x1c0/0x2a0
[ 1019.297730][T18628]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1019.297768][T18628]  ? __pfx_ksys_write+0x10/0x10
[ 1019.297826][T18628]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1019.297856][T18628]  do_syscall_64+0x174/0x580
[ 1019.297895][T18628]  ? trace_irq_disable+0x3b/0x140
[ 1019.297926][T18628]  ? clear_bhb_loop+0x40/0x90
[ 1019.297959][T18628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1019.297986][T18628] RIP: 0033:0x7f1fe174ce59
[ 1019.298010][T18628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1019.298034][T18628] RSP: 002b:00007f1fdf99e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1019.298063][T18628] RAX: ffffffffffffffda RBX: 00007f1fe19c5fa0 RCX: 00007f1fe174ce59
[ 1019.298083][T18628] RDX: 0000000040002182 RSI: 0000200000000540 RDI: 0000000000000003
[ 1019.298101][T18628] RBP: 00007f1fdf99e090 R08: 0000000000000000 R09: 0000000000000000
[ 1019.298119][T18628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1019.298135][T18628] R13: 00007f1fe19c6038 R14: 00007f1fe19c5fa0 R15: 00007ffd26c0d348
[ 1019.298173][T18628]  </TASK>
[ 1019.481568][ T5791] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[ 1019.612739][T18633] veth0_vlan: entered allmulticast mode
[ 1019.662522][ T5791] usb 1-1: Using ep0 maxpacket: 8
[ 1019.665043][ T5791] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 1019.665105][ T5791] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1019.665131][ T5791] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1019.665158][ T5791] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1019.665186][ T5791] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1019.665234][ T5791] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1019.665261][ T5791] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1020.054704][ T5791] usb 1-1: GET_CAPABILITIES returned 0
[ 1020.054755][ T5791] usbtmc 1-1:16.0: can't read capabilities
[ 1020.131245][T18641] FAULT_INJECTION: forcing a failure.
[ 1020.131245][T18641] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1020.131301][T18641] CPU: 1 UID: 0 PID: 18641 Comm: syz.3.4045 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1020.131338][T18641] Tainted: [L]=SOFTLOCKUP
[ 1020.131347][T18641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1020.131361][T18641] Call Trace:
[ 1020.131371][T18641]  <TASK>
[ 1020.131382][T18641]  dump_stack_lvl+0xe8/0x150
[ 1020.131418][T18641]  should_fail_ex+0x46b/0x600
[ 1020.131458][T18641]  _copy_from_user+0x2d/0xb0
[ 1020.131486][T18641]  ___sys_recvmsg+0x175/0x590
[ 1020.131516][T18641]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1020.131545][T18641]  ? __fget_files+0x2a/0x420
[ 1020.131590][T18641]  ? __fget_files+0x3a6/0x420
[ 1020.131627][T18641]  do_recvmmsg+0x33a/0x800
[ 1020.131659][T18641]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1020.131694][T18641]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1020.131759][T18641]  __x64_sys_recvmmsg+0x198/0x250
[ 1020.131786][T18641]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1020.131820][T18641]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1020.131846][T18641]  do_syscall_64+0x174/0x580
[ 1020.131879][T18641]  ? trace_irq_disable+0x3b/0x140
[ 1020.131906][T18641]  ? clear_bhb_loop+0x40/0x90
[ 1020.131935][T18641]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1020.131958][T18641] RIP: 0033:0x7efc8bb3ce59
[ 1020.131980][T18641] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1020.132002][T18641] RSP: 002b:00007efc89d6d028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1020.132028][T18641] RAX: ffffffffffffffda RBX: 00007efc8bdb6090 RCX: 00007efc8bb3ce59
[ 1020.132045][T18641] RDX: 0000000000000007 RSI: 0000200000001b40 RDI: 0000000000000003
[ 1020.132061][T18641] RBP: 00007efc89d6d090 R08: 0000000000000000 R09: 0000000000000000
[ 1020.132076][T18641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1020.132090][T18641] R13: 00007efc8bdb6128 R14: 00007efc8bdb6090 R15: 00007ffdad4355a8
[ 1020.132126][T18641]  </TASK>
[ 1020.374729][ T5791] usb 1-1: USB disconnect, device number 17
[ 1020.636489][T18648] FAULT_INJECTION: forcing a failure.
[ 1020.636489][T18648] name failslab, interval 1, probability 0, space 0, times 0
[ 1020.636530][T18648] CPU: 1 UID: 0 PID: 18648 Comm: syz.6.4047 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1020.636568][T18648] Tainted: [L]=SOFTLOCKUP
[ 1020.636578][T18648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1020.636593][T18648] Call Trace:
[ 1020.636603][T18648]  <TASK>
[ 1020.636613][T18648]  dump_stack_lvl+0xe8/0x150
[ 1020.636654][T18648]  should_fail_ex+0x46b/0x600
[ 1020.636701][T18648]  should_failslab+0xa8/0x100
[ 1020.636733][T18648]  __kmalloc_noprof+0xdf/0x7b0
[ 1020.636761][T18648]  ? kfree+0x4d/0x6c0
[ 1020.636784][T18648]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1020.636819][T18648]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1020.636848][T18648]  ? tomoyo_domain+0xd7/0x130
[ 1020.636891][T18648]  ? tomoyo_path_number_perm+0x219/0x630
[ 1020.636929][T18648]  tomoyo_path_number_perm+0x246/0x630
[ 1020.636969][T18648]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1020.637005][T18648]  ? __lock_acquire+0x6b5/0x2d10
[ 1020.637036][T18648]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1020.637094][T18648]  ? __fget_files+0x2a/0x420
[ 1020.637124][T18648]  ? __fget_files+0x2a/0x420
[ 1020.637157][T18648]  ? __fget_files+0x3a6/0x420
[ 1020.637184][T18648]  ? __fget_files+0x2a/0x420
[ 1020.637215][T18648]  security_file_ioctl+0xc3/0x2a0
[ 1020.637251][T18648]  __se_sys_ioctl+0x47/0x170
[ 1020.637284][T18648]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1020.637309][T18648]  do_syscall_64+0x174/0x580
[ 1020.637344][T18648]  ? trace_irq_disable+0x3b/0x140
[ 1020.637369][T18648]  ? clear_bhb_loop+0x40/0x90
[ 1020.637399][T18648]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1020.637422][T18648] RIP: 0033:0x7f6f988ace59
[ 1020.637445][T18648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1020.637464][T18648] RSP: 002b:00007f6f96afe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1020.637489][T18648] RAX: ffffffffffffffda RBX: 00007f6f98b25fa0 RCX: 00007f6f988ace59
[ 1020.637506][T18648] RDX: 0000200000000040 RSI: 00000000000089b0 RDI: 0000000000000003
[ 1020.637521][T18648] RBP: 00007f6f96afe090 R08: 0000000000000000 R09: 0000000000000000
[ 1020.637536][T18648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1020.637551][T18648] R13: 00007f6f98b26038 R14: 00007f6f98b25fa0 R15: 00007ffe9635aaa8
[ 1020.637587][T18648]  </TASK>
[ 1020.648486][T18648] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1021.350276][T18661] fuse: blksize only supported for fuseblk
[ 1022.238207][T18673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4053'.
[ 1022.295938][ T5791] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[ 1022.579974][ T5791] usb 1-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[ 1022.580008][ T5791] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 253
[ 1022.608047][ T5791] usb 1-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[ 1022.608082][ T5791] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1022.608137][ T5791] usb 1-1: Product: syz
[ 1022.608184][ T5791] usb 1-1: Manufacturer: syz
[ 1022.608250][ T5791] usb 1-1: SerialNumber: syz
[ 1022.684493][ T5791] usb 1-1: config 0 descriptor??
[ 1022.747362][   T38] audit: type=1326 audit(1780413048.431:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18678 comm="syz.3.4055" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efc8bb3ce59 code=0x0
[ 1022.810827][ T5791] gspca_main: sunplus-2.14.0 probing 055f:c630
[ 1022.992220][T18666] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1023.019065][T18666] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1023.152753][ T5623] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[ 1023.534924][ T5623] usb 4-1: device descriptor read/64, error -71
[ 1023.791521][ T5623] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[ 1023.953476][ T5791] gspca_sunplus: reg_r err -71
[ 1023.953665][ T5791] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[ 1023.961036][ T5623] usb 4-1: device descriptor read/64, error -71
[ 1024.041414][ T5791] usb 1-1: USB disconnect, device number 18
[ 1024.073727][ T5623] usb usb4-port1: attempt power cycle
[ 1024.390415][   T32] usb 7-1: new high-speed USB device number 101 using dummy_hcd
[ 1024.441722][ T5623] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[ 1024.464900][ T5623] usb 4-1: device descriptor read/8, error -71
[ 1024.549975][   T32] usb 7-1: Using ep0 maxpacket: 8
[ 1024.566219][   T32] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1024.566286][   T32] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1024.566314][   T32] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1024.566342][   T32] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1024.566370][   T32] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1024.566415][   T32] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1024.566442][   T32] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1024.814099][ T5623] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[ 1024.832724][ T5623] usb 4-1: device descriptor read/8, error -71
[ 1024.907127][   T32] usb 7-1: GET_CAPABILITIES returned 0
[ 1024.907180][   T32] usbtmc 7-1:16.0: can't read capabilities
[ 1024.952046][ T5623] usb usb4-port1: unable to enumerate USB device
[ 1025.138117][   T32] usb 7-1: USB disconnect, device number 101
[ 1025.375273][T18718] FAULT_INJECTION: forcing a failure.
[ 1025.375273][T18718] name failslab, interval 1, probability 0, space 0, times 0
[ 1025.375315][T18718] CPU: 0 UID: 0 PID: 18718 Comm: syz.0.4063 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1025.375347][T18718] Tainted: [L]=SOFTLOCKUP
[ 1025.375357][T18718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1025.375372][T18718] Call Trace:
[ 1025.375381][T18718]  <TASK>
[ 1025.375391][T18718]  dump_stack_lvl+0xe8/0x150
[ 1025.375426][T18718]  should_fail_ex+0x46b/0x600
[ 1025.375468][T18718]  should_failslab+0xa8/0x100
[ 1025.375501][T18718]  __kmalloc_noprof+0xdf/0x7b0
[ 1025.375528][T18718]  ? kfree+0x4d/0x6c0
[ 1025.375552][T18718]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1025.375586][T18718]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1025.375616][T18718]  ? tomoyo_domain+0xd7/0x130
[ 1025.375651][T18718]  ? tomoyo_path_number_perm+0x219/0x630
[ 1025.375687][T18718]  tomoyo_path_number_perm+0x246/0x630
[ 1025.375726][T18718]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1025.375762][T18718]  ? __lock_acquire+0x6b5/0x2d10
[ 1025.375793][T18718]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1025.375851][T18718]  ? __fget_files+0x2a/0x420
[ 1025.375883][T18718]  ? __fget_files+0x2a/0x420
[ 1025.375909][T18718]  ? __fget_files+0x3a6/0x420
[ 1025.375935][T18718]  ? __fget_files+0x2a/0x420
[ 1025.375972][T18718]  security_file_ioctl+0xc3/0x2a0
[ 1025.376009][T18718]  __se_sys_ioctl+0x47/0x170
[ 1025.376043][T18718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1025.376069][T18718]  do_syscall_64+0x174/0x580
[ 1025.376104][T18718]  ? trace_irq_disable+0x3b/0x140
[ 1025.376130][T18718]  ? clear_bhb_loop+0x40/0x90
[ 1025.376159][T18718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1025.376183][T18718] RIP: 0033:0x7f4878d4ce59
[ 1025.376204][T18718] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1025.376232][T18718] RSP: 002b:00007f4876fa6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1025.376258][T18718] RAX: ffffffffffffffda RBX: 00007f4878fc5fa0 RCX: 00007f4878d4ce59
[ 1025.376275][T18718] RDX: 0000200000000080 RSI: 00000000c008561c RDI: 0000000000000003
[ 1025.376291][T18718] RBP: 00007f4876fa6090 R08: 0000000000000000 R09: 0000000000000000
[ 1025.376306][T18718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1025.376321][T18718] R13: 00007f4878fc6038 R14: 00007f4878fc5fa0 R15: 00007fffdd030808
[ 1025.376357][T18718]  </TASK>
[ 1025.394884][T18718] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1026.440641][T18737] FAULT_INJECTION: forcing a failure.
[ 1026.440641][T18737] name failslab, interval 1, probability 0, space 0, times 0
[ 1026.440688][T18737] CPU: 0 UID: 0 PID: 18737 Comm: syz.6.4068 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1026.440725][T18737] Tainted: [L]=SOFTLOCKUP
[ 1026.440735][T18737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1026.440751][T18737] Call Trace:
[ 1026.440762][T18737]  <TASK>
[ 1026.440774][T18737]  dump_stack_lvl+0xe8/0x150
[ 1026.440822][T18737]  should_fail_ex+0x46b/0x600
[ 1026.440871][T18737]  should_failslab+0xa8/0x100
[ 1026.440908][T18737]  __kmalloc_noprof+0xdf/0x7b0
[ 1026.440940][T18737]  ? kfree+0x4d/0x6c0
[ 1026.440967][T18737]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1026.441005][T18737]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1026.441038][T18737]  ? tomoyo_domain+0xd7/0x130
[ 1026.441076][T18737]  ? tomoyo_path_number_perm+0x219/0x630
[ 1026.441117][T18737]  tomoyo_path_number_perm+0x246/0x630
[ 1026.441163][T18737]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1026.441203][T18737]  ? __lock_acquire+0x6b5/0x2d10
[ 1026.441250][T18737]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1026.441318][T18737]  ? __fget_files+0x2a/0x420
[ 1026.441355][T18737]  ? __fget_files+0x2a/0x420
[ 1026.441385][T18737]  ? __fget_files+0x3a6/0x420
[ 1026.441415][T18737]  ? __fget_files+0x2a/0x420
[ 1026.441452][T18737]  security_file_ioctl+0xc3/0x2a0
[ 1026.441493][T18737]  __se_sys_ioctl+0x47/0x170
[ 1026.441532][T18737]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1026.441562][T18737]  do_syscall_64+0x174/0x580
[ 1026.441601][T18737]  ? trace_irq_disable+0x3b/0x140
[ 1026.441631][T18737]  ? clear_bhb_loop+0x40/0x90
[ 1026.441665][T18737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1026.441693][T18737] RIP: 0033:0x7f6f988ace59
[ 1026.441719][T18737] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1026.441742][T18737] RSP: 002b:00007f6f96add028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1026.441771][T18737] RAX: ffffffffffffffda RBX: 00007f6f98b26090 RCX: 00007f6f988ace59
[ 1026.441791][T18737] RDX: 0000200000000080 RSI: 0000000000004c02 RDI: 0000000000000003
[ 1026.441809][T18737] RBP: 00007f6f96add090 R08: 0000000000000000 R09: 0000000000000000
[ 1026.441876][T18737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1026.441892][T18737] R13: 00007f6f98b26128 R14: 00007f6f98b26090 R15: 00007ffe9635aaa8
[ 1026.441934][T18737]  </TASK>
[ 1026.446618][T18737] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1026.738335][T18733] loop6: detected capacity change from 0 to 8
[ 1027.135180][T18737] loop6: detected capacity change from 8 to 7
[ 1027.214909][T18745] FAULT_INJECTION: forcing a failure.
[ 1027.214909][T18745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1027.214944][T18745] CPU: 0 UID: 0 PID: 18745 Comm: syz.0.4072 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1027.214970][T18745] Tainted: [L]=SOFTLOCKUP
[ 1027.214977][T18745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1027.214989][T18745] Call Trace:
[ 1027.214997][T18745]  <TASK>
[ 1027.215005][T18745]  dump_stack_lvl+0xe8/0x150
[ 1027.215033][T18745]  should_fail_ex+0x46b/0x600
[ 1027.215079][T18745]  _copy_from_user+0x2d/0xb0
[ 1027.215102][T18745]  ___sys_sendmsg+0x1c6/0x360
[ 1027.215132][T18745]  ? __lock_acquire+0x6b5/0x2d10
[ 1027.215160][T18745]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1027.215215][T18745]  ? __fget_files+0x2a/0x420
[ 1027.215235][T18745]  ? __fget_files+0x3a6/0x420
[ 1027.215266][T18745]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1027.215296][T18745]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1027.215332][T18745]  ? __pfx_ksys_write+0x10/0x10
[ 1027.215364][T18745]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1027.215384][T18745]  do_syscall_64+0x174/0x580
[ 1027.215412][T18745]  ? trace_irq_disable+0x3b/0x140
[ 1027.215433][T18745]  ? clear_bhb_loop+0x40/0x90
[ 1027.215456][T18745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1027.215473][T18745] RIP: 0033:0x7f4878d4ce59
[ 1027.215491][T18745] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1027.215507][T18745] RSP: 002b:00007f4876fa6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1027.215527][T18745] RAX: ffffffffffffffda RBX: 00007f4878fc5fa0 RCX: 00007f4878d4ce59
[ 1027.215541][T18745] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[ 1027.215553][T18745] RBP: 00007f4876fa6090 R08: 0000000000000000 R09: 0000000000000000
[ 1027.215565][T18745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1027.215576][T18745] R13: 00007f4878fc6038 R14: 00007f4878fc5fa0 R15: 00007fffdd030808
[ 1027.215602][T18745]  </TASK>
[ 1027.542463][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1027.548164][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1027.548212][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1027.586011][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1027.586122][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1027.973750][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1027.973791][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1027.976251][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1027.976292][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1028.023407][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1028.023454][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1028.050707][T13521] usb 7-1: new high-speed USB device number 102 using dummy_hcd
[ 1028.215268][T13521] usb 7-1: Using ep0 maxpacket: 8
[ 1028.237674][T13521] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[ 1028.237741][T13521] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1028.237769][T13521] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1028.237803][T13521] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1028.237831][T13521] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1028.237879][T13521] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1028.237905][T13521] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1028.377565][T18761] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4074'.
[ 1028.967314][   T38] audit: type=1400 audit(1780413053.488:10): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=18741 comm="syz.3.4071"
[ 1029.010676][T13521] usb 7-1: GET_CAPABILITIES returned 0
[ 1029.010737][T13521] usbtmc 7-1:16.0: can't read capabilities
[ 1029.297641][T15397] usb 7-1: USB disconnect, device number 102
[ 1030.033902][T13521] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[ 1030.209961][T13521] usb 3-1: Using ep0 maxpacket: 16
[ 1030.215483][T13521] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[ 1030.215518][T13521] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1030.215542][T13521] usb 3-1: Product: syz
[ 1030.215560][T13521] usb 3-1: Manufacturer: syz
[ 1030.215577][T13521] usb 3-1: SerialNumber: syz
[ 1030.277922][T13521] usb 3-1: config 0 descriptor??
[ 1030.298502][T13521] visor 3-1:0.0: Sony Clie 3.5 converter detected
[ 1031.161803][T13521] usb 3-1: Sony Clie 3.5 converter now attached to ttyUSB0
[ 1031.273063][T13521] usb 3-1: USB disconnect, device number 20
[ 1031.410347][ T5623] usb 7-1: new high-speed USB device number 103 using dummy_hcd
[ 1031.430143][T13521] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0
[ 1031.433747][T13521] visor 3-1:0.0: device disconnected
[ 1031.551270][ T5623] usb 7-1: device descriptor read/64, error -71
[ 1031.811518][ T5623] usb 7-1: new high-speed USB device number 104 using dummy_hcd
[ 1031.995577][ T5623] usb 7-1: device descriptor read/64, error -71
[ 1032.116262][ T5623] usb usb7-port1: attempt power cycle
[ 1032.808657][ T5623] usb 7-1: new high-speed USB device number 105 using dummy_hcd
[ 1032.830987][ T5623] usb 7-1: device descriptor read/8, error -71
[ 1032.984818][T13521] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[ 1033.155284][ T5623] usb 7-1: new high-speed USB device number 106 using dummy_hcd
[ 1033.166187][T13521] usb 1-1: Using ep0 maxpacket: 8
[ 1033.168888][T13521] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[ 1033.169063][T13521] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1033.169091][T13521] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1033.169125][T13521] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1033.169152][T13521] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1033.169200][T13521] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1033.169227][T13521] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1033.223695][ T5623] usb 7-1: device descriptor read/8, error -71
[ 1033.341321][ T5623] usb usb7-port1: unable to enumerate USB device
[ 1033.425797][T18831] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4093'.
[ 1033.523747][T13521] usb 1-1: GET_CAPABILITIES returned 0
[ 1033.523798][T13521] usbtmc 1-1:16.0: can't read capabilities
[ 1033.748361][    T9] usb 1-1: USB disconnect, device number 19
[ 1033.996597][T18833] block nbd0: server does not support multiple connections per device.
[ 1033.999158][T18833] block nbd0: shutting down sockets
[ 1034.508659][T18843] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4100'.
[ 1034.508775][T18843] openvswitch: netlink: Missing key (keys=40, expected=200000)
[ 1034.614399][T18846] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4098'.
[ 1034.674582][T18849] sg_write: data in/out 135131/48 bytes for SCSI command 0x0-- guessing data in;
[ 1034.674582][T18849]    program syz.0.4101 not setting count and/or reply_len properly
[ 1035.057957][ T5791] usb 7-1: new high-speed USB device number 107 using dummy_hcd
[ 1035.250086][ T5791] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1035.263229][ T5791] usb 7-1: config index 0 descriptor too short (expected 9, got 0)
[ 1035.263273][ T5791] usb 7-1: can't read configurations, error -22
[ 1035.420858][ T5791] usb 7-1: new high-speed USB device number 108 using dummy_hcd
[ 1035.518470][   T32] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[ 1035.721422][ T5791] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1035.740169][ T5791] usb 7-1: config index 0 descriptor too short (expected 9, got 0)
[ 1035.740210][ T5791] usb 7-1: can't read configurations, error -22
[ 1035.740680][ T5791] usb usb7-port1: attempt power cycle
[ 1035.782169][   T32] usb 3-1: device descriptor read/64, error -71
[ 1036.051144][   T32] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[ 1036.135843][ T5791] usb 7-1: new high-speed USB device number 109 using dummy_hcd
[ 1036.180073][ T5791] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1036.184402][ T5791] usb 7-1: config index 0 descriptor too short (expected 9, got 0)
[ 1036.184444][ T5791] usb 7-1: can't read configurations, error -22
[ 1036.189899][   T32] usb 3-1: device descriptor read/64, error -71
[ 1036.309335][   T32] usb usb3-port1: attempt power cycle
[ 1036.363248][ T5791] usb 7-1: new high-speed USB device number 110 using dummy_hcd
[ 1036.388750][ T5791] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1036.391105][ T5791] usb 7-1: config index 0 descriptor too short (expected 9, got 0)
[ 1036.391151][ T5791] usb 7-1: can't read configurations, error -22
[ 1036.426338][ T5791] usb usb7-port1: unable to enumerate USB device
[ 1036.613211][T15395] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1036.678182][   T32] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[ 1036.708497][   T32] usb 3-1: device descriptor read/8, error -71
[ 1036.775002][T15395] usb 4-1: Using ep0 maxpacket: 8
[ 1036.778380][T15395] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1036.778459][T15395] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1036.778487][T15395] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1036.778515][T15395] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1036.778542][T15395] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1036.778588][T15395] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1036.778615][T15395] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.892829][T18879] FAULT_INJECTION: forcing a failure.
[ 1036.892829][T18879] name failslab, interval 1, probability 0, space 0, times 0
[ 1036.892872][T18879] CPU: 0 UID: 0 PID: 18879 Comm: syz.0.4114 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1036.892902][T18879] Tainted: [L]=SOFTLOCKUP
[ 1036.892911][T18879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1036.892925][T18879] Call Trace:
[ 1036.892934][T18879]  <TASK>
[ 1036.892943][T18879]  dump_stack_lvl+0xe8/0x150
[ 1036.892975][T18879]  should_fail_ex+0x46b/0x600
[ 1036.893013][T18879]  should_failslab+0xa8/0x100
[ 1036.893044][T18879]  __kmalloc_noprof+0xdf/0x7b0
[ 1036.893068][T18879]  ? kfree+0x4d/0x6c0
[ 1036.893089][T18879]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1036.893121][T18879]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1036.893148][T18879]  ? tomoyo_domain+0xd7/0x130
[ 1036.893178][T18879]  ? tomoyo_path_number_perm+0x219/0x630
[ 1036.893212][T18879]  tomoyo_path_number_perm+0x246/0x630
[ 1036.893249][T18879]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1036.893296][T18879]  ? __lock_acquire+0x6b5/0x2d10
[ 1036.893329][T18879]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1036.893390][T18879]  ? __fget_files+0x2a/0x420
[ 1036.893422][T18879]  ? __fget_files+0x2a/0x420
[ 1036.893450][T18879]  ? __fget_files+0x3a6/0x420
[ 1036.893478][T18879]  ? __fget_files+0x2a/0x420
[ 1036.893515][T18879]  security_file_ioctl+0xc3/0x2a0
[ 1036.893557][T18879]  __se_sys_ioctl+0x47/0x170
[ 1036.893596][T18879]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.893626][T18879]  do_syscall_64+0x174/0x580
[ 1036.893663][T18879]  ? trace_irq_disable+0x3b/0x140
[ 1036.893693][T18879]  ? clear_bhb_loop+0x40/0x90
[ 1036.893727][T18879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.893755][T18879] RIP: 0033:0x7f4878d4ce59
[ 1036.893779][T18879] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1036.893803][T18879] RSP: 002b:00007f4876fa6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1036.893831][T18879] RAX: ffffffffffffffda RBX: 00007f4878fc5fa0 RCX: 00007f4878d4ce59
[ 1036.893851][T18879] RDX: 00002000000000c0 RSI: 00000000400454d4 RDI: 0000000000000003
[ 1036.893870][T18879] RBP: 00007f4876fa6090 R08: 0000000000000000 R09: 0000000000000000
[ 1036.893888][T18879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1036.893905][T18879] R13: 00007f4878fc6038 R14: 00007f4878fc5fa0 R15: 00007fffdd030808
[ 1036.893946][T18879]  </TASK>
[ 1036.946444][T18879] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1037.002666][   T32] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1037.028390][   T32] usb 3-1: device descriptor read/8, error -71
[ 1037.104135][T15395] usb 4-1: GET_CAPABILITIES returned 0
[ 1037.104271][T15395] usbtmc 4-1:16.0: can't read capabilities
[ 1037.158374][   T32] usb usb3-port1: unable to enumerate USB device
[ 1037.322755][   T32] usb 4-1: USB disconnect, device number 29
[ 1037.549190][T18884] sg_write: data in/out 444380/198 bytes for SCSI command 0x0-- guessing data in;
[ 1037.549190][T18884]    program syz.0.4116 not setting count and/or reply_len properly
[ 1038.110661][T18892] FAULT_INJECTION: forcing a failure.
[ 1038.110661][T18892] name failslab, interval 1, probability 0, space 0, times 0
[ 1038.110703][T18892] CPU: 0 UID: 0 PID: 18892 Comm: syz.3.4120 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1038.110737][T18892] Tainted: [L]=SOFTLOCKUP
[ 1038.110746][T18892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1038.110761][T18892] Call Trace:
[ 1038.110771][T18892]  <TASK>
[ 1038.110781][T18892]  dump_stack_lvl+0xe8/0x150
[ 1038.110814][T18892]  should_fail_ex+0x46b/0x600
[ 1038.110853][T18892]  should_failslab+0xa8/0x100
[ 1038.110885][T18892]  __kmalloc_noprof+0xdf/0x7b0
[ 1038.110915][T18892]  ? kfree+0x4d/0x6c0
[ 1038.110939][T18892]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1038.110974][T18892]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1038.111005][T18892]  ? tomoyo_domain+0xd7/0x130
[ 1038.111039][T18892]  ? tomoyo_path_number_perm+0x219/0x630
[ 1038.111076][T18892]  tomoyo_path_number_perm+0x246/0x630
[ 1038.111117][T18892]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1038.111153][T18892]  ? __lock_acquire+0x6b5/0x2d10
[ 1038.111185][T18892]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1038.111274][T18892]  ? __fget_files+0x2a/0x420
[ 1038.111306][T18892]  ? __fget_files+0x2a/0x420
[ 1038.111332][T18892]  ? __fget_files+0x3a6/0x420
[ 1038.111358][T18892]  ? __fget_files+0x2a/0x420
[ 1038.111391][T18892]  security_file_ioctl+0xc3/0x2a0
[ 1038.111429][T18892]  __se_sys_ioctl+0x47/0x170
[ 1038.111464][T18892]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1038.111491][T18892]  do_syscall_64+0x174/0x580
[ 1038.111527][T18892]  ? trace_irq_disable+0x3b/0x140
[ 1038.111553][T18892]  ? clear_bhb_loop+0x40/0x90
[ 1038.111581][T18892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1038.111604][T18892] RIP: 0033:0x7efc8bb3ce59
[ 1038.111625][T18892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1038.111652][T18892] RSP: 002b:00007efc89d8e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1038.111678][T18892] RAX: ffffffffffffffda RBX: 00007efc8bdb5fa0 RCX: 00007efc8bb3ce59
[ 1038.111695][T18892] RDX: 0000200000001780 RSI: 00000000c00c6211 RDI: 0000000000000003
[ 1038.111709][T18892] RBP: 00007efc89d8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1038.111728][T18892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1038.111741][T18892] R13: 00007efc8bdb6038 R14: 00007efc8bdb5fa0 R15: 00007ffdad4355a8
[ 1038.111778][T18892]  </TASK>
[ 1038.114975][T18892] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1038.241335][T15395] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[ 1038.422352][T15395] usb 1-1: Using ep0 maxpacket: 32
[ 1038.425433][T15395] usb 1-1: config 0 has an invalid interface number: 196 but max is 0
[ 1038.425510][T15395] usb 1-1: config 0 has no interface number 0
[ 1038.425642][T15395] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[ 1038.425712][T15395] usb 1-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1038.425767][T15395] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 1038.425835][T15395] usb 1-1: config 0 interface 196 has no altsetting 0
[ 1038.512172][T15395] usb 1-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[ 1038.512212][T15395] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1038.512236][T15395] usb 1-1: Product: syz
[ 1038.512252][T15395] usb 1-1: Manufacturer: syz
[ 1038.512270][T15395] usb 1-1: SerialNumber: syz
[ 1038.588427][T15395] usb 1-1: config 0 descriptor??
[ 1038.589972][T18890] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1038.854287][   T32] usb 7-1: new high-speed USB device number 111 using dummy_hcd
[ 1039.048399][   T32] usb 7-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[ 1039.048436][   T32] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1039.102147][   T32] usb 7-1: config 0 descriptor??
[ 1039.216114][T15395] ipheth 1-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[ 1039.216502][T15395] ipheth 1-1:0.196: probe with driver ipheth failed with error -71
[ 1039.220967][   T32] usb 7-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 1039.305581][T15395] usb 1-1: USB disconnect, device number 20
[ 1039.457020][T18903] FAULT_INJECTION: forcing a failure.
[ 1039.457020][T18903] name failslab, interval 1, probability 0, space 0, times 0
[ 1039.457066][T18903] CPU: 0 UID: 0 PID: 18903 Comm: syz.3.4125 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1039.457092][T18903] Tainted: [L]=SOFTLOCKUP
[ 1039.457099][T18903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1039.457111][T18903] Call Trace:
[ 1039.457119][T18903]  <TASK>
[ 1039.457127][T18903]  dump_stack_lvl+0xe8/0x150
[ 1039.457157][T18903]  should_fail_ex+0x46b/0x600
[ 1039.457190][T18903]  should_failslab+0xa8/0x100
[ 1039.457216][T18903]  __kmalloc_noprof+0xdf/0x7b0
[ 1039.457272][T18903]  ? kfree+0x4d/0x6c0
[ 1039.457292][T18903]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1039.457321][T18903]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1039.457344][T18903]  ? tomoyo_domain+0xd7/0x130
[ 1039.457371][T18903]  ? tomoyo_path_number_perm+0x219/0x630
[ 1039.457401][T18903]  tomoyo_path_number_perm+0x246/0x630
[ 1039.457433][T18903]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1039.457461][T18903]  ? __lock_acquire+0x6b5/0x2d10
[ 1039.457488][T18903]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1039.457533][T18903]  ? __fget_files+0x2a/0x420
[ 1039.457560][T18903]  ? __fget_files+0x2a/0x420
[ 1039.457581][T18903]  ? __fget_files+0x3a6/0x420
[ 1039.457602][T18903]  ? __fget_files+0x2a/0x420
[ 1039.457627][T18903]  security_file_ioctl+0xc3/0x2a0
[ 1039.457658][T18903]  __se_sys_ioctl+0x47/0x170
[ 1039.457694][T18903]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1039.457717][T18903]  do_syscall_64+0x174/0x580
[ 1039.457748][T18903]  ? trace_irq_disable+0x3b/0x140
[ 1039.457770][T18903]  ? clear_bhb_loop+0x40/0x90
[ 1039.457795][T18903]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1039.457815][T18903] RIP: 0033:0x7efc8bb3ce59
[ 1039.457834][T18903] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1039.457851][T18903] RSP: 002b:00007efc89d8e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1039.457871][T18903] RAX: ffffffffffffffda RBX: 00007efc8bdb5fa0 RCX: 00007efc8bb3ce59
[ 1039.457886][T18903] RDX: 0000000000000000 RSI: 000000004080aea2 RDI: 0000000000000005
[ 1039.457898][T18903] RBP: 00007efc89d8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1039.457910][T18903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1039.457922][T18903] R13: 00007efc8bdb6038 R14: 00007efc8bdb5fa0 R15: 00007ffdad4355a8
[ 1039.457950][T18903]  </TASK>
[ 1039.457973][T18903] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1039.900687][   T32] dvb_usb_af9015 7-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[ 1039.939397][   T32] usb 7-1: USB disconnect, device number 111
[ 1040.216057][T18912] FAULT_INJECTION: forcing a failure.
[ 1040.216057][T18912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1040.216111][T18912] CPU: 0 UID: 0 PID: 18912 Comm: syz.3.4130 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1040.216144][T18912] Tainted: [L]=SOFTLOCKUP
[ 1040.216153][T18912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1040.216168][T18912] Call Trace:
[ 1040.216178][T18912]  <TASK>
[ 1040.216197][T18912]  dump_stack_lvl+0xe8/0x150
[ 1040.216233][T18912]  should_fail_ex+0x46b/0x600
[ 1040.216293][T18912]  _copy_from_user+0x2d/0xb0
[ 1040.216323][T18912]  ___sys_sendmsg+0x1c6/0x360
[ 1040.216359][T18912]  ? __lock_acquire+0x6b5/0x2d10
[ 1040.216393][T18912]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1040.216472][T18912]  ? __fget_files+0x2a/0x420
[ 1040.216499][T18912]  ? __fget_files+0x3a6/0x420
[ 1040.216531][T18912]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1040.216571][T18912]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1040.216617][T18912]  ? __pfx_ksys_write+0x10/0x10
[ 1040.216665][T18912]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.216691][T18912]  do_syscall_64+0x174/0x580
[ 1040.216727][T18912]  ? trace_irq_disable+0x3b/0x140
[ 1040.216754][T18912]  ? clear_bhb_loop+0x40/0x90
[ 1040.216783][T18912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.216806][T18912] RIP: 0033:0x7efc8bb3ce59
[ 1040.216827][T18912] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1040.216847][T18912] RSP: 002b:00007efc89d8e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1040.216871][T18912] RAX: ffffffffffffffda RBX: 00007efc8bdb5fa0 RCX: 00007efc8bb3ce59
[ 1040.216889][T18912] RDX: 0000000020000884 RSI: 0000200000003140 RDI: 0000000000000005
[ 1040.216908][T18912] RBP: 00007efc89d8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1040.216922][T18912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1040.216937][T18912] R13: 00007efc8bdb6038 R14: 00007efc8bdb5fa0 R15: 00007ffdad4355a8
[ 1040.216973][T18912]  </TASK>
[ 1040.682452][T18918] FAULT_INJECTION: forcing a failure.
[ 1040.682452][T18918] name failslab, interval 1, probability 0, space 0, times 0
[ 1040.682490][T18918] CPU: 1 UID: 0 PID: 18918 Comm: syz.3.4131 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1040.682513][T18918] Tainted: [L]=SOFTLOCKUP
[ 1040.682520][T18918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1040.682532][T18918] Call Trace:
[ 1040.682538][T18918]  <TASK>
[ 1040.682546][T18918]  dump_stack_lvl+0xe8/0x150
[ 1040.682572][T18918]  should_fail_ex+0x46b/0x600
[ 1040.682601][T18918]  should_failslab+0xa8/0x100
[ 1040.682624][T18918]  kmem_cache_alloc_noprof+0x87/0x680
[ 1040.682644][T18918]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1040.682669][T18918]  ? do_getname+0x2e/0x250
[ 1040.682689][T18918]  do_getname+0x2e/0x250
[ 1040.682705][T18918]  ? getname_flags+0x11/0x20
[ 1040.682723][T18918]  do_sys_openat2+0xcc/0x200
[ 1040.682745][T18918]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1040.682764][T18918]  ? ksys_write+0x248/0x270
[ 1040.682789][T18918]  ? __pfx_ksys_write+0x10/0x10
[ 1040.682815][T18918]  __x64_sys_openat+0x138/0x170
[ 1040.682836][T18918]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.682853][T18918]  do_syscall_64+0x174/0x580
[ 1040.682959][T18918]  ? trace_irq_disable+0x3b/0x140
[ 1040.682985][T18918]  ? clear_bhb_loop+0x40/0x90
[ 1040.683010][T18918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.683028][T18918] RIP: 0033:0x7efc8bb3ce59
[ 1040.683046][T18918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1040.683062][T18918] RSP: 002b:00007efc89d8e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1040.683080][T18918] RAX: ffffffffffffffda RBX: 00007efc8bdb5fa0 RCX: 00007efc8bb3ce59
[ 1040.683092][T18918] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1040.683104][T18918] RBP: 00007efc89d8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1040.683115][T18918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1040.683125][T18918] R13: 00007efc8bdb6038 R14: 00007efc8bdb5fa0 R15: 00007ffdad4355a8
[ 1040.683150][T18918]  </TASK>
[ 1040.700013][   T32] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1041.023374][   T32] usb 3-1: Using ep0 maxpacket: 32
[ 1041.031098][   T32] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 127, changing to 10
[ 1041.031142][   T32] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[ 1041.042718][   T32] usb 3-1: New USB device found, idVendor=0499, idProduct=1035, bcdDevice= 0.40
[ 1041.042822][   T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1041.042950][   T32] usb 3-1: Product: syz
[ 1041.042995][   T32] usb 3-1: Manufacturer: syz
[ 1041.043046][   T32] usb 3-1: SerialNumber: syz
[ 1041.157754][T18910] input: syz1 as /devices/virtual/input/input34
[ 1041.174456][T18914] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1041.434174][   T32] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[ 1041.609711][ T5791] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1041.716436][T18924] input: syz0 as /devices/virtual/input/input35
[ 1041.795517][ T5791] usb 4-1: Using ep0 maxpacket: 32
[ 1041.803848][ T5791] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[ 1041.803880][ T5791] usb 4-1: config 0 has no interface number 0
[ 1041.803929][ T5791] usb 4-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1041.803955][ T5791] usb 4-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1041.863713][ T5791] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1041.863749][ T5791] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1041.863772][ T5791] usb 4-1: Product: syz
[ 1041.863789][ T5791] usb 4-1: Manufacturer: syz
[ 1041.863805][ T5791] usb 4-1: SerialNumber: syz
[ 1041.940898][ T5791] usb 4-1: config 0 descriptor??
[ 1041.970013][ T5791] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1042.154757][   T39] INFO: task syz.8.3648:17016 blocked for more than 143 seconds.
[ 1042.154853][   T39]       Tainted: G             L      syzkaller #0
[ 1042.154867][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1042.154880][   T39] task:syz.8.3648      state:D stack:27608 pid:17016 tgid:17011 ppid:15363  task_flags:0x400040 flags:0x00080002
[ 1042.155012][   T39] Call Trace:
[ 1042.155022][   T39]  <TASK>
[ 1042.155037][   T39]  __schedule+0x16f9/0x5500
[ 1042.155104][   T39]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1042.155204][   T39]  ? __pfx___schedule+0x10/0x10
[ 1042.155250][   T39]  ? schedule+0x90/0x360
[ 1042.155287][   T39]  schedule+0x164/0x360
[ 1042.155379][   T39]  cgroup_lock_and_drain_offline+0x516/0x650
[ 1042.155433][   T39]  ? __pfx_cgroup_lock_and_drain_offline+0x10/0x10
[ 1042.155461][   T39]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1042.155582][   T39]  cgroup_kn_lock_live+0x120/0x230
[ 1042.155610][   T39]  cgroup_subtree_control_write+0x4b3/0x10a0
[ 1042.155652][   T39]  ? __pfx_cgroup_subtree_control_write+0x10/0x10
[ 1042.155735][   T39]  ? kernfs_root+0x1c/0x230
[ 1042.155764][   T39]  ? kernfs_root+0x1c/0x230
[ 1042.155793][   T39]  ? kernfs_root+0x1ea/0x230
[ 1042.155831][   T39]  ? __pfx_cgroup_subtree_control_write+0x10/0x10
[ 1042.155910][   T39]  cgroup_file_write+0x331/0x8f0
[ 1042.155955][   T39]  ? __pfx_cgroup_file_write+0x10/0x10
[ 1042.155999][   T39]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1042.156091][   T39]  ? lockdep_hardirqs_on+0x7a/0x110
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1042.156138][   T39]  ? __pfx_cgroup_file_write+0x10/0x10
[ 1042.156173][   T39]  kernfs_fop_write_iter+0x3b0/0x540
[ 1042.156269][   T39]  vfs_write+0x629/0xba0
[ 1042.156313][   T39]  ? __pfx_vfs_write+0x10/0x10
[ 1042.156357][   T39]  ? mutex_lock_nested+0x168/0x1d0
[ 1042.156433][   T39]  ? __fget_files+0x2a/0x420
[ 1042.156474][   T39]  ksys_write+0x156/0x270
[ 1042.167201][   T39]  ? __pfx_ksys_write+0x10/0x10
[ 1042.167321][   T39]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1042.167352][   T39]  do_syscall_64+0x174/0x580
[ 1042.167389][   T39]  ? trace_irq_disable+0x3b/0x140
[ 1042.168681][   T39]  ? clear_bhb_loop+0x40/0x90
[ 1042.168719][   T39]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1042.168742][   T39] RIP: 0033:0x7f73c3e2ce59
[ 1042.168763][   T39] RSP: 002b:00007f73c205d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1042.168864][   T39] RAX: ffffffffffffffda RBX: 00007f73c40a6090 RCX: 00007f73c3e2ce59
[ 1042.168882][   T39] RDX: 0000000000000005 RSI: 0000200000000040 RDI: 0000000000000006
[ 1042.168896][   T39] RBP: 00007f73c3ec2d6f R08: 0000000000000000 R09: 0000000000000000
[ 1042.168912][   T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1042.168927][   T39] R13: 00007f73c40a6128 R14: 00007f73c40a6090 R15: 00007ffdff2a0978
[ 1042.169024][   T39]  </TASK>
[ 1042.169092][   T39] 
[ 1042.169092][   T39] Showing all locks held in the system:
[ 1042.169104][   T39] 3 locks held by kworker/0:1/10:
[ 1042.169239][   T39]  #0: ffff88803cd41138 ((wq_completion)wg-kex-wg1#14){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.169499][   T39]  #1: ffffc900000f7c40 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))))((unsigned long)((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))) + (((__per_cpu_offset[(cpu)]))))); })->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.169639][   T39]  #2: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550
[ 1042.169770][   T39] 7 locks held by kworker/1:0/32:
[ 1042.169784][   T39]  #0: ffff888022af3938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.169859][   T39]  #1: ffffc90000a6fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.169996][   T39]  #2: ffff88802aab0210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60
[ 1042.170108][   T39]  #3: ffff888036b4e210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450
[ 1042.170172][   T39]  #4: ffff8880387b61d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450
[ 1042.194499][   T32] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -2
[ 1042.272006][   T39]  #5: ffffffff99cc15f0 (&obj_hash[i].lock){-...}-{2:2}, at: debug_object_activate+0xa8/0x3a0
[ 1042.272148][   T39]  #6: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[ 1042.272234][   T39] 1 lock held by khungtaskd/39:
[ 1042.272276][   T39]  #0: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1042.272522][   T39] 6 locks held by kworker/u8:16/3341:
[ 1042.272536][   T39]  #0: ffff88813fe54138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.272679][   T39]  #1: ffffc9000fc17c40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.272869][   T39]  #2: ffff88805f9a0310 (&devlink->lock_key#17){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0
[ 1042.273089][   T39]  #3: ffff88803c493920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0
[ 1042.273303][   T39]  #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[ 1042.273463][   T39]  #5: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550
[ 1042.294410][   T39] 1 lock held by klogd/4967:
[ 1042.294473][   T39]  #0: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550
[ 1042.294688][   T39] 2 locks held by getty/5370:
[ 1042.294729][   T39]  #0: ffff8880362540a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1042.294889][   T39]  #1: ffffc90003cbe2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0
[ 1042.295073][   T39] 2 locks held by sshd-session/5598:
[ 1042.295106][   T39]  #0: ffff88802708d218 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x21/0x50
[ 1042.295314][   T39]  #1: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: __ip_queue_xmit+0x5c/0x1bb0
[ 1042.295481][   T39] 2 locks held by syz-executor/5599:
[ 1042.295521][   T39]  #0: ffff888040248430 (&mm->mmap_lock){++++}-{4:4}, at: exit_mmap+0x194/0x9e0
[ 1042.295702][   T39]  #1: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550
[ 1042.321989][   T39] 5 locks held by kworker/0:6/5791:
[ 1042.322050][   T39]  #0: ffff888022af3938 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.322262][   T39]  #1: ffffc90005da7c40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.322447][   T39]  #2: ffff88802aacc210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60
[ 1042.322630][   T39]  #3: ffff88805fc06210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450
[ 1042.322771][   T39]  #4: ffff88802a37a1d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450
[ 1042.322888][   T39] 8 locks held by kworker/u8:20/7298:
[ 1042.322901][   T39]  #0: ffff88803550b138 ((wq_completion)krds_cp_wq#3/0){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.322963][   T39]  #1: ffffc90003d77c40 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.323114][   T39]  #2: ffff88802c85dd70 (&tc->t_conn_path_lock){+.+.}-{4:4}, at: rds_tcp_conn_path_connect+0x1cc/0x930
[ 1042.323316][   T39]  #3: ffffffff8e0613c0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1042.323520][   T39]  #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}
[ 1042.356837][   T32] usb 3-1: USB disconnect, device number 25
[ 1042.373160][   T39] , at: __local_bh_disable_ip+0x3c/0x420
[ 1042.373332][   T39]  #5: ffff888035d28590 (k-clock-AF_INET){++..}-{3:3}, at: rds_tcp_set_callbacks+0x8b/0x480
[ 1042.373554][   T39]  #6: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_write_lock+0x86/0x220
[ 1042.373727][   T39]  #7: ffffffff8f7fd158 (rds_tcp_tc_list_lock){+...}-{3:3}, at: rds_tcp_set_callbacks+0x97/0x480
[ 1042.373891][   T39] 9 locks held by kworker/u8:21/7402:
[ 1042.373934][   T39]  #0: ffff8880536d4938 ((wq_completion)krds_cp_wq#4/0){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.374125][   T39]  #1: ffffc90003ad7c40 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.374291][   T39]  #2: ffff88802c85c3b0 (&tc->t_conn_path_lock){+.+.}-{4:4}, at: rds_tcp_conn_path_connect+0x1cc/0x930
[ 1042.374380][   T39]  #3: ffffffff8e0613c0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1042.374619][   T39]  #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1042.382557][ T5791] usb 4-1: qt2_setup_urbs - submit read urb failed -90
[ 1042.382883][ T5791] quatech2 4-1:0.51: probe with driver quatech2 failed with error -90
[ 1042.443095][   T39]  #5: ffff888080d3b4d0 (k-clock-AF_INET){++..}-{3:3}, at: rds_tcp_restore_callbacks+0x6a/0x2c0
[ 1042.443300][   T39]  #6: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_write_lock+0x86/0x220
[ 1042.443459][   T39]  #7: ffffffff8f7fd158 (rds_tcp_tc_list_lock){+...}-{3:3}, at: rds_tcp_restore_callbacks+0x76/0x2c0
[ 1042.443613][   T39]  #8: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[ 1042.443741][   T39] 3 locks held by syz.3.591/7566:
[ 1042.443787][   T39]  #0: ffffffff8e3589b8 (epnested_mutex){+.+.}-{4:4}, at: do_epoll_ctl_file+0x9d1/0xed0
[ 1042.443974][   T39]  #1: ffff88805fdf7858 (&ep->mtx){+.+.}-{4:4}, at: do_epoll_ctl_file+0xc69/0xed0
[ 1042.444167][   T39]  #2: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: ep_insert+0xbbb/0x1820
[ 1042.444366][   T39] 4 locks held by udevd/14025:
[ 1042.444401][   T39]  #0: ffff88801d6bc480 (sb_writers){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[ 1042.444575][   T39]  #1: ffff888035c35d28 (&sb->s_type->i_mutex_key#5){+.+.}-{4:4}, at: chown_common+0x35e/0x6c0
[ 1042.465550][   T39]  #2: ffffffff8e900c38 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_number_perm+0x219/0x630
[ 1042.465789][   T39]  #3: ffff88813feaad58 (&n->list_lock){+.+.}-{3:3}, at: get_from_partial_node+0x54/0x480
[ 1042.466017][   T39] 4 locks held by udevd/16795:
[ 1042.466058][   T39]  #0: ffff8880359bb950 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb8/0xe20
[ 1042.466238][   T39]  #1: ffff888069cb7878 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[ 1042.466441][   T39]  #2: ffff88805a87e968 (kn->active#28){.+.+}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[ 1042.466659][   T39]  #3: ffff88805fc06210 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[ 1042.466803][   T39] 3 locks held by syz.8.3648/17016:
[ 1042.466836][   T39]  #0: ffff88803c50bd28 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x252/0x320
[ 1042.466995][   T39]  #1: ffff888037066480 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0
[ 1042.485773][   T39]  #2: ffff888031f44478 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540
[ 1042.485982][   T39] 6 locks held by kworker/u8:1/17201:
[ 1042.486018][   T39]  #0: ffff88813fe54138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.486209][   T39]  #1: ffffc90006e3fc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.486606][   T39]  #2: ffff88805f9a0310 (&devlink->lock_key#17){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0
[ 1042.486806][   T39]  #3: ffff88803c493920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0
[ 1042.486980][   T39]  #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[ 1042.487150][   T39]  #5: ffff88813feaad58 (&n->list_lock){+.+.}-{3:3}, at: get_from_partial_node+0x54/0x480
[ 1042.499471][   T39] 1 lock held by syz.4.3757/17314:
[ 1042.499531][   T39]  #0: ffffffff8e3589b8 (epnested_mutex){+.+.}-{4:4}, at: do_epoll_ctl_file+0x9d1/0xed0
[ 1042.499754][   T39] 1 lock held by syz.4.3757/17315:
[ 1042.499788][   T39]  #0: ffffffff8e3589b8 (epnested_mutex){+.+.}-{4:4}, at: do_epoll_ctl_file+0x9d1/0xed0
[ 1042.499969][   T39] 1 lock held by syz.5.3764/17357:
[ 1042.500004][   T39]  #0: ffffffff8e3589b8 (epnested_mutex){+.+.}-{4:4}, at: do_epoll_ctl_file+0x9d1/0xed0
[ 1042.500094][   T39] 4 locks held by kworker/u8:3/17355:
[ 1042.500136][   T39]  #0: ffff8880330f3138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.500323][   T39]  #1: ffffc90007c9fc40 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.500491][   T39]  #2: ffff88805eaea1b8 (&hard_iface->bat_iv.ogm_buff_mutex){+.+.}-{4:4}, at: batadv_iv_ogm_schedule+0xe8/0x1020
[ 1042.500743][   T39]  #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: batadv_iv_ogm_schedule+0x42f/0x1020
[ 1042.500984][   T39] 5 locks held by syz-executor/17712:
[ 1042.501018][   T39]  #0: ffffffff8e29d2b0 (dup_mmap_sem){.+.+}-{0:0}, at: copy_mm+0x10f/0x480
[ 1042.519405][   T39]  #1: ffff888060d03a30 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x184/0x1d70
[ 1042.519578][   T39]  #2: ffff888037797030 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x272/0x1d70
[ 1042.519852][   T39]  #3: ffffffff8e311470 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60
[ 1042.519999][   T39]  #4: ffff88813feaad58 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0xf1/0x2a0
[ 1042.520198][   T39] 6 locks held by kworker/u8:26/18695:
[ 1042.520233][   T39]  #0: ffff88813fe54138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.520463][   T39]  #1: ffffc900043c7c40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.520618][   T39]  #2: ffff8880265a2310 (&devlink->lock_key#10){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0
[ 1042.520687][   T39]  #3: ffff88805e8eb120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0
[ 1042.534932][   T39]  #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[ 1042.535074][   T39]  #5: ffff88813feaad58 (&n->list_lock){+.+.}-{3:3}, at: get_from_partial_node+0x54/0x480
[ 1042.535225][   T39] 6 locks held by kworker/u8:27/18696:
[ 1042.536252][   T39]  #0: ffff88813fe54138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1042.536521][   T39]  #1: ffffc900046efc40 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1042.536654][   T39]  #2: ffff888034336310 (&devlink->lock_key#14){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbd0
[ 1042.536827][   T39]  #3: ffff888056e18d20 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbd0
[ 1042.571579][   T39]  #4: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[ 1042.571640][   T39]  #5: ffff88813feaad58 (&n->list_lock){+.+.}-{3:3}, at: __refill_objects_node+0x89/0x620
[ 1042.571701][   T39] 3 locks held by syz.0.4127/18904:
[ 1042.571715][   T39]  #0: ffff88805e50e138 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250
[ 1042.571780][   T39]  #1: ffff88806098a358 (sk_lock-AF_BLUETOOTH-BTPROTO_HCI){+.+.}-{0:0}, at: hci_sock_release+0x57/0x590
[ 1042.571902][   T39]  #2: ffffffff8f73fdb8 (sock_cookie_ida.xa_lock){+.+.}-{3:3}, at: ida_free+0xfa/0x310
[ 1042.571948][   T39] 2 locks held by syz.3.4133/18921:
[ 1042.571960][   T39]  #0: ffff88801c6ab348 (&root->kernfs_supers_rwsem){++++}-{4:4}, at: kernfs_remove_by_name_ns+0x3f/0x140
[ 1042.572033][   T39]  #1: ffff88801c6ab238 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove_by_name_ns+0x4e/0x140
[ 1042.572087][   T39] 2 locks held by syz.6.4135/18926:
[ 1042.572098][   T39]  #0: ffff888037790430 (&mm->mmap_lock){++++}-{4:4}, at: mmap_read_lock_killable+0x1d/0x70
[ 1042.572146][   T39]  #1: ffff888020aa6358 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_fault+0x3da/0x1310
[ 1042.572204][   T39] 
[ 1042.572220][   T39] =============================================
[ 1042.572220][   T39] 
[ 1042.572269][   T39] NMI backtrace for cpu 1
[ 1042.572286][   T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1042.572310][   T39] Tainted: [L]=SOFTLOCKUP
[ 1042.572317][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1042.572328][   T39] Call Trace:
[ 1042.572339][   T39]  <TASK>
[ 1042.572347][   T39]  dump_stack_lvl+0xe8/0x150
[ 1042.572372][   T39]  nmi_cpu_backtrace+0x274/0x2d0
[ 1042.572425][   T39]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1042.572456][   T39]  nmi_trigger_cpumask_backtrace+0x17a/0x380
[ 1042.572482][   T39]  sys_info+0x135/0x170
[ 1042.572502][   T39]  watchdog+0xfd3/0x1030
[ 1042.572528][   T39]  ? watchdog+0x1c9/0x1030
[ 1042.572551][   T39]  kthread+0x388/0x470
[ 1042.572572][   T39]  ? __pfx_watchdog+0x10/0x10
[ 1042.572589][   T39]  ? __pfx_kthread+0x10/0x10
[ 1042.572609][   T39]  ret_from_fork+0x514/0xb70
[ 1042.572634][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[ 1042.572656][   T39]  ? __switch_to+0xc79/0x1410
[ 1042.572676][   T39]  ? __pfx_kthread+0x10/0x10
[ 1042.572696][   T39]  ret_from_fork_asm+0x1a/0x30
[ 1042.572732][   T39]  </TASK>
[ 1042.572740][   T39] Sending NMI from CPU 1 to CPUs 0:
[ 1042.572775][    C0] NMI backtrace for cpu 0
[ 1042.572795][    C0] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1042.572821][    C0] Tainted: [L]=SOFTLOCKUP
[ 1042.572829][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1042.572844][    C0] Workqueue: wg-kex-wg1 wg_packet_handshake_receive_worker
[ 1042.572870][    C0] RIP: 0010:__lock_acquire+0x17c0/0x2d10
[ 1042.572897][    C0] Code: 05 15 4c 01 14 31 ff 45 31 e4 4d 85 e4 4c 8b 6c 24 10 74 30 49 8b 44 24 30 48 85 c0 74 26 48 8b 40 10 48 83 c0 30 49 8b 0c 24 <48> 89 8c 24 d8 00 00 00 48 39 c1 74 0d 4c 8b a4 24 d8 00 00 00 4d
[ 1042.572915][    C0] RSP: 0018:ffffc900000f6c80 EFLAGS: 00000082
[ 1042.572931][    C0] RAX: ffffffff93433258 RBX: 00000000000003cd RCX: ffffffff96415c28
[ 1042.572946][    C0] RDX: ffffffff9641b878 RSI: ffff88801da9caa0 RDI: 00000000000003cd
[ 1042.572960][    C0] RBP: 601f59d81dd0f848 R08: ffffc900000f6c48 R09: 0000000000000020
[ 1042.572974][    C0] R10: ffffc900000f6e98 R11: ffffffff81a17080 R12: ffffffff964159f8
[ 1042.572989][    C0] R13: ffff88801da9caa0 R14: ffff88801da9be00 R15: 00000000000002da
[ 1042.573005][    C0] FS:  0000000000000000(0000) GS:ffff888125c7e000(0000) knlGS:0000000000000000
[ 1042.573022][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1042.573035][    C0] CR2: 000000110c3b7d9d CR3: 0000000040c7c000 CR4: 00000000003526f0
[ 1042.573054][    C0] Call Trace:
[ 1042.573062][    C0]  <TASK>
[ 1042.573074][    C0]  ? __pfx_usage_match+0x10/0x10
[ 1042.573109][    C0]  ? debug_object_assert_init+0xa1/0x300
[ 1042.573128][    C0]  lock_acquire+0x106/0x350
[ 1042.573150][    C0]  ? debug_object_assert_init+0xa1/0x300
[ 1042.573176][    C0]  _raw_spin_lock_irqsave+0x40/0x60
[ 1042.573207][    C0]  ? debug_object_assert_init+0xa1/0x300
[ 1042.573226][    C0]  debug_object_assert_init+0xa1/0x300
[ 1042.573249][    C0]  hrtimer_start_range_ns+0x3d/0x3f0
[ 1042.573287][    C0]  finish_task_switch+0x3cd/0xbe0
[ 1042.573315][    C0]  __schedule+0x1701/0x5500
[ 1042.573340][    C0]  ? ktime_get+0x45/0x220
[ 1042.573368][    C0]  ? seqcount_lockdep_reader_access+0xd4/0x100
[ 1042.573392][    C0]  ? lapic_next_event+0x11/0x20
[ 1042.573415][    C0]  ? clockevents_program_event+0x4bb/0x630
[ 1042.573442][    C0]  ? __pfx___schedule+0x10/0x10
[ 1042.573474][    C0]  preempt_schedule_irq+0x4d/0xa0
[ 1042.573501][    C0]  irqentry_exit+0x14f/0x8b0
[ 1042.573528][    C0]  ? trace_irq_disable+0x3b/0x140
[ 1042.573551][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1042.573572][    C0] RIP: 0010:deref_stack_reg+0xb9/0x230
[ 1042.573599][    C0] Code: ed 03 0f b6 44 35 00 84 c0 0f 85 3c 01 00 00 41 83 3f 00 0f 95 c0 4c 39 c3 0f 96 c1 20 c1 4d 39 c6 0f 97 c0 20 c8 3c 01 75 18 <49> 8d 40 08 48 39 d8 0f 97 c1 4c 39 f0 0f 96 c0 84 c1 0f 85 c3 00
[ 1042.573615][    C0] RSP: 0018:ffffc900000f7300 EFLAGS: 00000246
[ 1042.573631][    C0] RAX: 0000000000000001 RBX: ffffc900000f0000 RCX: 0000000000000001
[ 1042.573644][    C0] RDX: ffffc900000f7468 RSI: dffffc0000000000 RDI: ffffc900000f7428
[ 1042.573658][    C0] RBP: 1ffff9200001ee85 R08: ffffc900000f7e18 R09: 0000000000000000
[ 1042.573671][    C0] R10: ffffc900000f7478 R11: fffff5200001ee91 R12: 1ffff9200001ee86
[ 1042.573685][    C0] R13: 1ffff9200001ee87 R14: ffffc900000f8000 R15: ffffc900000f7428
[ 1042.573711][    C0]  unwind_next_frame+0x19d5/0x2550
[ 1042.573739][    C0]  ? unwind_next_frame+0xa6/0x2550
[ 1042.573764][    C0]  ? worker_thread+0xb49/0x1140
[ 1042.573795][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1042.573815][    C0]  arch_stack_walk+0x11b/0x150
[ 1042.573843][    C0]  ? kthread+0x388/0x470
[ 1042.573864][    C0]  stack_trace_save+0xa9/0x100
[ 1042.573883][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[ 1042.573903][    C0]  ? __lock_acquire+0x6b5/0x2d10
[ 1042.573927][    C0]  kasan_save_track+0x3e/0x80
[ 1042.573948][    C0]  ? kasan_save_track+0x3e/0x80
[ 1042.573968][    C0]  ? kasan_save_free_info+0x46/0x50
[ 1042.573995][    C0]  ? __kasan_slab_free+0x5c/0x80
[ 1042.574015][    C0]  ? kfree+0x1c5/0x6c0
[ 1042.574034][    C0]  ? skb_release_data+0x828/0xa60
[ 1042.574061][    C0]  ? __kfree_skb+0x5d/0x210
[ 1042.574086][    C0]  ? wg_packet_handshake_receive_worker+0x199/0x10a0
[ 1042.574107][    C0]  ? process_one_work+0x98b/0x1630
[ 1042.574132][    C0]  ? worker_thread+0xb49/0x1140
[ 1042.574179][    C0]  kasan_save_free_info+0x46/0x50
[ 1042.574206][    C0]  __kasan_slab_free+0x5c/0x80
[ 1042.574228][    C0]  kfree+0x1c5/0x6c0
[ 1042.574247][    C0]  ? skb_release_data+0x828/0xa60
[ 1042.574283][    C0]  skb_release_data+0x828/0xa60
[ 1042.574317][    C0]  __kfree_skb+0x5d/0x210
[ 1042.574343][    C0]  wg_packet_handshake_receive_worker+0x199/0x10a0
[ 1042.574365][    C0]  ? look_up_lock_class+0x57/0x110
[ 1042.574394][    C0]  ? wg_packet_handshake_receive_worker+0x16e/0x10a0
[ 1042.574419][    C0]  ? __pfx_wg_packet_handshake_receive_worker+0x10/0x10
[ 1042.574445][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1042.574464][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1042.574483][    C0]  ? process_one_work+0x8be/0x1630
[ 1042.574508][    C0]  ? process_one_work+0x8be/0x1630
[ 1042.574539][    C0]  ? process_one_work+0x8be/0x1630
[ 1042.574564][    C0]  process_one_work+0x98b/0x1630
[ 1042.574599][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1042.574624][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1042.574649][    C0]  worker_thread+0xb49/0x1140
[ 1042.574680][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1042.574713][    C0]  kthread+0x388/0x470
[ 1042.574732][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1042.574758][    C0]  ? __pfx_kthread+0x10/0x10
[ 1042.574780][    C0]  ret_from_fork+0x514/0xb70
[ 1042.574802][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1042.574823][    C0]  ? __switch_to+0xc79/0x1410
[ 1042.574842][    C0]  ? __pfx_kthread+0x10/0x10
[ 1042.574862][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1042.574893][    C0]  </TASK>
[ 1042.583816][   T39] Kernel panic - not syncing: hung_task: blocked tasks
[ 1042.583856][   T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1042.583939][   T39] Tainted: [L]=SOFTLOCKUP
[ 1042.583963][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1042.584005][   T39] Call Trace:
[ 1042.584050][   T39]  <TASK>
[ 1042.584083][   T39]  vpanic+0x56c/0xa60
[ 1042.584197][   T39]  ? __pfx___schedule+0x10/0x10
[ 1042.584296][   T39]  ? __pfx_vpanic+0x10/0x10
[ 1042.584416][   T39]  panic+0xc5/0xd0
[ 1042.584466][   T39]  ? __pfx_panic+0x10/0x10
[ 1042.584499][   T39]  ? preempt_schedule_thunk+0x16/0x40
[ 1042.584538][   T39]  ? nmi_trigger_cpumask_backtrace+0x319/0x380
[ 1042.584572][   T39]  watchdog+0x102c/0x1030
[ 1042.584606][   T39]  ? watchdog+0x1c9/0x1030
[ 1042.584644][   T39]  kthread+0x388/0x470
[ 1042.584671][   T39]  ? __pfx_watchdog+0x10/0x10
[ 1042.584693][   T39]  ? __pfx_kthread+0x10/0x10
[ 1042.584719][   T39]  ret_from_fork+0x514/0xb70
[ 1042.584749][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[ 1042.584774][   T39]  ? __switch_to+0xc79/0x1410
[ 1042.584796][   T39]  ? __pfx_kthread+0x10/0x10
[ 1042.584821][   T39]  ret_from_fork_asm+0x1a/0x30
[ 1042.584861][   T39]  </TASK>
[ 1042.585471][   T39] Kernel Offset: disabled