last executing test programs:

8.92092094s ago: executing program 0 (id=2241):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x4cb80, 0x0)
socket(0x40000000015, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x9, 0x404000)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000008dc0)={0xf500000000000000, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf031c1896ac0826786ffcfb99e55c1272594d5be5c7f1de9562bbff01", 0x1f}], 0x1}, 0x40)
close_range(r2, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000300)={r6, 0x8000000, 0x0, 0x4, 0x0, [], [], [0x3], [0x0, 0x10000]})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000400)={r6, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x0, 0x400000], [0x1000], [0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffeff]})
socket$isdn(0x22, 0x2, 0x26)

7.297213467s ago: executing program 2 (id=2247):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000015c0), 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="6000000010", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c0002801400050000000000000000000000000000000001"], 0x60}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)

7.086441731s ago: executing program 2 (id=2249):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = memfd_secret(0x0)
setsockopt$sock_int(r0, 0x1, 0xe, &(0x7f0000000000)=0x7, 0x4)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x800000, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
openat$vimc2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000140)={0x2, 0x0, 0x0, {0x132e712c, 0x2fd, 0x3ff, 0x3d45}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
syz_usb_connect(0x0, 0x3b, &(0x7f0000002080)=ANY=[@ANYBLOB="1201100141a73810490d0070676c010203010902290001080210020904c6090091b09bf60a2401530006020102052404053c092406020601090005"], 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0x2}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x3, 0x6}}]}}]}, 0x48}}, 0x44080)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r8, {0xf, 0xa}, {0xffe0, 0xa}, {0xfff3, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r9 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x1ff, 0x40102)
ioctl$VIDIOC_TRY_EXT_CTRLS(r9, 0xc0205647, &(0x7f0000000040)={0xf010000, 0x0, 0x7f, 0xffffffffffffffff, 0x0, 0x0})
openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x84002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYBLOB="bd1b5c7809"], 0x3c}}, 0x0)
connect$pppl2tp(r1, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private}}}}, 0x32)

5.523155709s ago: executing program 3 (id=2251):
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x0, 0x1a}, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29")

5.284380926s ago: executing program 0 (id=2252):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r0, 0x0)
r1 = syz_open_dev$media(&(0x7f0000000400), 0x2, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0xc0487c04, &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000003080)=[{}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000002c0)="39000000130003474cbb65e1c3e4ffff06000d0006000000070015b2f9bdcd00ff0a0000000000000000001f000006060400180000008cdb252a216ebdcf1cc1de135a403013eae7705916eb", 0x88}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r2, &(0x7f00000093c0)={0x2020, 0x0, <r3=>0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
r6 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readv(r6, &(0x7f0000000340)=[{&(0x7f0000000140)=""/144, 0x8c}], 0x1000000000000360)
ioctl$IMADDTIMER(r6, 0x80044940, &(0x7f0000000000))
syz_fuse_handle_req(r2, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x0, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)
getdents64(r7, 0x0, 0x0)
syz_fuse_handle_req(r2, &(0x7f0000006380)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c916aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55d9cef1dc4056f3d5d1157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={0x150, 0x0, 0x0, [{{0x3, 0x2, 0x37a, 0x6, 0x9b, 0xc4b0, {0x0, 0x3, 0x1, 0x2000000ec3, 0x7, 0x8, 0x7f, 0xfffff5e3, 0x1, 0xa000, 0x5, r4, r5, 0xfffff057, 0xa}}, {0x4, 0x0, 0x8, 0x800, 'rootmode'}}, {{0x3, 0x2, 0x900000000000000, 0x1ff, 0x2, 0x4, {0x4, 0x87, 0x0, 0xffffffffffffffff, 0x2, 0xffffffffffffff81, 0x80, 0x5, 0x402, 0xa000, 0xff, r4, 0x0, 0x4, 0x4a}}, {0x6, 0x10000, 0x8, 0x2, 'rootmode'}}]}, 0x0, 0x0, 0x0})
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020500030c00000000000000000000000300060033000e0002000000e0000009000000000000000002000100000000000000000200000000030005000000000002004e23e00000010000000000000000020013"], 0x60}}, 0x0)

5.283555978s ago: executing program 3 (id=2253):
r0 = socket$inet(0x2, 0x3, 0x33)
getsockopt$inet_mreqsrc(r0, 0x0, 0x53, 0x0, &(0x7f0000000040))
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
close_range(r1, 0xffffffffffffffff, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000001c0)={0x2, @broadcast, 0x4e22, 0x4, 'none\x00', 0x8, 0x6, 0x70}, 0x2c)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@setlink={0x50, 0x13, 0x1, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2006, 0x300}, [@IFLA_IFNAME={0x14, 0x3, 'batadv0\x00'}, @IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}]}]}]}, 0x50}}, 0x0)
getsockopt$inet_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000cc0)=""/4096, &(0x7f0000000200)=0x1000)
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x4001, 0x3, 0x210, 0x0, 0x720d, 0x148, 0xd0, 0x148, 0x178, 0x240, 0x240, 0x178, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x0, 0x0, 0x0, 0x7], 0x2}, {0xffffffffffffffff, [0x5, 0xb2cc575b459b5b35, 0x4, 0x2, 0x0, 0x6]}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x1, 0x3, 0x7}, {0x1, 0x0, 0x2}, {0x1, 0xff, 0x3}, 0x2, 0x8}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x270)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000100)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x80000006}]}, 0x10)
syz_emit_ethernet(0x42, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@arp={0x8906, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0xa, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @private0, @random, @private2}}}}, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
fcntl$notify(r2, 0x402, 0x8000000b)
r8 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xf2, 0x30, 0x39, 0x20, 0x2c42, 0x1202, 0x8540, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xc, 0x2, 0x2, 0xc1, 0x7f, 0xc, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r8, 0x0, 0x0)
syz_usb_control_io$printer(r8, 0x0, &(0x7f0000000c80)={0x34, &(0x7f0000000480)={0x40, 0xb, 0x1, "e4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r8, 0x0, 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r8, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000180)={0x40, 0x12, 0x1, "b4"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="2400000018000900000000000000000002000000ff0000010000000008000500ac1414ff"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)
syz_usb_control_io$uac1(r8, 0x0, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x6)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4138ae84, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(0xffffffffffffffff, 0x8008551c, &(0x7f0000000000)={0xc59f, 0x5, [{0x2}, {0x3, 0x1}, {0xb}, {0x3, 0x1}, {0x7}]})
socket$inet_sctp(0x2, 0x5, 0x84)

5.125097461s ago: executing program 1 (id=2254):
landlock_create_ruleset(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000013bc0)=[{{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000700)="61120d30412baa425595ecdb2fab1551094e0a612820aef5c2058110671fdc6a330c21518fd5e1b5a12dfecc1020f000b038a6c60eccaaa7acb39ddc6022f30c9ce52415488705d117672b428a93b97288be4fcb5fa6859017669b9e8ee11564a9d8e3cf400c514c9ddc3d872d8e6fe96b1fb78ec44631c2fda7dd4e7aff7af4c1752518881b5a18d54187b1f2c4e46fb035febd3676990d0cc3a62d6098d65648bcb46ad1ff936868852e42b8dbe4c342088c327a2288b12325734293c609ef19c0a383f0dd3cc3add60d53c9b1678cad19fcf49420acdcd5f326bf89822b7b43b70d77e752c35af1949d489decd48aa9a37e895237a7bf897939dd0ae885cab13fc9dc3b42a6cb3bf44c980664325e937f49900442d5df7f131829542e7def95cd5c678155a3f8097419575f6742e783a8e9ce3172180f7205ff8808cfcb08b481929438510a7fed929a04e449b59920b508c491ba4271ddb35c2054df39c0734e96f2f38d41a0bdae815e0c2b1412cf2bd89be68640f7c7e8e89e5b4ee19b11581cf802475775b82714676eeefa98a2a480e953d4f639e417a06123c5764d5c68475fb03eae63360b7da8f6d64c4021e5d4cf52472d822f083aa9be4741e48cd4ee55ef91923544c6ae032143302589c28f4fedb7f95decbe7acb6a4092fd6963b27660955cba6d470ea64f2993b4ada9e956cf3d7d56bf271e68a876ce0f28071393d1b08d9b97f5de6ea8bf5867e2b147700b5647dd5a6ba345cd5fcaf256e045d1c23a297203b9f984178a08892cd6d69c6d2675ba54a0ddfd7c0c09825e2c65ac634accefba756afe8711c0de7b25ecbc54b3301e3376e4d6e44ced17ac2de64aef3cfc9806c98e8bcb6a31430e7eb0bf12a18303a63fbee97de895471ef17d6870c83ce125c5b5f9be4c4f92d3b71e2bc5adee04295603748a62fb967dc6bac87059a60da0105a2af4dd38fe0bac34a60535cec6c9d2aa0b890c3af61905b515dba493cb5e6d8f67372d31ad034362b29c21548fdc221528029b38f19baeda176a47cfcf9f74706d904eaf42336821e8ecf9a3687e14756e3e257fdb706214bb5662a5e6dbee69d7438d391117b53a8db65961b1c00b377235b2af71278635374d481af4b367bf6cf734eb770b53d4daf26e17fe662a78830743064b41394ebeee3080674ef1e97ae95097b226ddb5b8e40b095668f45375e70ddc721d450127fefb7e6b12800eeb3a16aa8196f6bdea8cc51b7cac1ff3e2ba4859c6106be53215b69a8c78bf961e50bfd019ef08c0aedb88d7aee7244dbdc889540313664b567cd02ddc97c35ae8bd3ffb1b4c868a4b82b3ca83c1fc30ae0a2e9dac4da29e273347d68c744b30b7369e1f0a22f2a09c9c1c9c5ab3470beab618c94205203c65faf4960db6f08a8417fc34da961b972eec6080b4e73fd69333069c0cab7ac7d1279a5cd974fbbd6c448b66a1c04432660283e4d5ee1598271f8571c6e5060b291f488ea6786f0e59b566d73833b7d522ee47a607b32e3329ad893255dbbec9346f4f29854674d0c7ac9af7b3f52a901efb6c86408e6d5992f1b860bfba3971866872a6a14c4762fb353f74be2364b60d7e46d9d9d7b6c5db4a04090062dcc88025b6371f35a6a30a6dc2d2859de70752588a71ee2d55bd122b59422f4555b424f9a87791235223d5cf8967d029ff22a009acee61527b993f34ab56a84932d079887f4bd14d5088fc183b72ac2bfd62b0c9b64a7ccc3234ad9fcce53dfca05a1164d8fec1206940c93605aa9cf9244b0213e9f8bf63b96514e61292b1a050e40887936e21c5416aca706b05a8b8e021cc07f56026ab1f0746797f817fa6765a0e0b964e43437e7dcf555032750a48b8a74a74d76bc88d9710f4ed5773e60ece4069be16457b239bc4785dcc66bdfca7b52e12b7a899bce20eed2c7568150ae5e680a152622ff7459d1f2bca7875f5c727e0ca2367ad84b997ade4b09c45599c0356983b8d419623bc10367c145436b6baee3cb59d49ad2aaa4e730e13bfeba6f682d8f1c0df16d0a763c20c680cfa0d992f02fee08577c70ae2abfb85162b26219c881801e16067d456de2ced9e071d5d3fa4fbf8f04032434572028317102f77676343c23c6251846d70e5d545bc4e359a3b86e6e66e2609538b09be02457bc8d240c58f83bda22254e22edf382a9c66bb52162f1ef6f075f90e18534a56085413dd82d572dcd63ee59889a4724712f62aa7f0028a4e6833e81e92389547aeb39be1818e5c5312af0c28c7ee8f7e3dbba0ea72fe8551b7ceca146978e184cece508bec2ca35628279a53ce36ac4770e76a65764078c71e642390f1af7e801ee7706f709bd6bbdd6efd851de4531a7b8a4bfca0eebb75bfd046438b57d21d6b260917c1fc121975d6454526033d500aa16209197f2d39a8c15fc482c7a27d81760bd6a44b28e772fc49576a1fe9cc39a5677562efb7a73cb1d85fdf8ec96687431477c3309e944ba00617f89f6b1f638802d8517017fa757cdeaf9f2a2bfae147dd12ccaa380a43f592ba5b32bd25e58574c0a1170b1cfcd6cdab8a781109a424e60724647fa7f209b06bbb4350ac07d10b5e5a4e07a689760acad58644cc5876ce2968116bcb189f3993bb8c5de149c19c94a0e448c268f8c29fda683f7386c44e0f0c373fef1c283ad0bc21580251d5c3b1b1984bab9da1a71bd274ac07557c7eb9a8b9bef59773b45606fbf83727695c48db39296eccd15c55f903f3225ae44861421c125639372d12a9495479d39939c1c05bb8f5286203baad3c0d23368a43b56c487772d7c8ec293cf7bc6aa561402f3d51cfe27f20e1faf3af7885d08f3ea202a386da634ce8557334c58021757fc9140cdec83f9913142ab78b1116e661f3983187e8a1d93eeb18ac253993104adcf35221001426a18e3f725ee446810d8dc2837872f052b5fa98287f2f66e4c8e2ff14a5b2eb377bb3efd35480246e354e2097b1592bf7e6efa01a439202f2b2550f4f7f92d56b2b4252bdd1d8a91c01612323a2eae4bcdaf07e1392dbda4217653f2b2e3064163752230778605765b24686237421e9823931c044bcbffd80236fbb330827298092478f9b42a6eac34addd6388c3b1dd8fa2344888230ddfbcfbb60c76eca25044c968a8bcd2247232425ed64b1e11cc2b5d2f15a847e0ba1efb9f5e40f96d7fa59ded9ba77da5115d1b0ca140dac507da6fede47caf3101b8cde91bd1846aaa98f74ac465130a62b8d41c52726549f84df3a17680895b379f07a73c66a30a9019dc0b2bb29a6af9fe7ef271b3994fd5e7e0bad293e9789adf7707d7a2ab424c9b19589628f06727a5b8c129ea9f053f14e74525af3b708264787bf389127d50aa6851acb1524dadf057f004859c3876726877510e2b65d1edda3792f409fc0b2686468901c3700c0493bc9bfd320391582f29574b37f3262c30c948ecafe97f34d0fb704111536cca98c8027ff21c762144dd3ec7d8c678657ebc21efaf433e078d58c83fb08f52b0bdcf39fb78bf25fd408b8e38d1ff70bd4d6be390f4e82c4de88469e61dafa895a9873b4daa7098b505fd9d2f19f44ad5dace9f482d97dadd29f02d16925d8597dcffaa314527dd8bc39bd01c024cae0ec4d9c7e1c4fb6a33e8d76248c3e20f62e5cc2eb3941f8962bdab86f25cf08f0ce2541f6fdb9b5df5872bb25ae0e26c850fa1303548e010c1e25c94fe2b07cf2447098f166e88a6605792cdd6b099e691ae0b84620330014f5bf314005a93525bcf8d122496eea28f566f9d4f429386bac9f27f1a231f175ad008de8c0821bc8a249506f72be57b5c871c5eaf4d7ee67b1e4a346e7f5f57ee3ed2afa971307e822b9dbffb9d48df2a5660ba4c526a868e77b0f6508deb10ed0f7e81f5ed54b0c914a0721d01ba129b1f70f3044e484a9525bfa325bf9d0bcf59ecd035d5f5b1df816cb7bdb03279cd2dffa1c78db638e8b34e4762fa0b278d1162784014621a814dd96686e3956ca6e47c48b230848ef06dab24e5f39126c7530e7fba397e010b02440d281103b517405942f4a77e5d9a199394ea24e365bdd36b98519bf29b3a6e1b72c49ff389081cb6c1b7f89db0a340997bf45056c6aa11ce234731f838ee38ea72376ca349ed5a87b5be7b4491c15e3130bb647cc6834a38f376b7ed730db291951a6c6faa30a36621cef32fd7754b5e8f960c5afa6291acbb9a2fdfe36ef701d356dbd009c04feb93f1f71f30c67220235c2413cb3791b76ee5b2345850c60aa4f04c8911973398805565e9695485b09da420931231c476cc3b0764748b6e6eac531f2ed1dccada2de18942c05a9783dca9da2653be9a5cb77a8e062ba7a4e52de6a63802a4e5d9a238df7722c84077c4df360992ad2272a52aa1b131dc6c413c19de2fdf0f4bcce49d59d213aa823d81a7a8b9c8cb04dd786cf8e2542868b8dbb2720fb08fae00822abf218a682a185cc7fc7d8f4ca3ecc2c404a69c858d188b30efca8abf718416f739316b1eba679e0656e6060788d17a12befa5174156da11c46c2624daefc93e469246272aef2d6ee0a7d318c9d48544cd6c2541e7eda74ee1ea2bb42056f837c240661816a7b73d686dd1f55c363ebee85497af0539444ba3ad6a311a72ef6b17948ef12433524c80f53e3e1900224887722739df98ca7b9999bff995e231609b9edef82c592cd1bb2671d00bf6a73af2207c4ebe8578f79f2a950ba2f54a919e5048493689b35abd1c715122377cf8f9d80303778b294d69958a", 0xd3b}], 0x1, 0x0, 0x0, 0x40000}}], 0x1, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0xfffffffc, 0xb, 0x0, 0xfffffffc, 0x7f, "db8f2d2b3b7596160c6981acf8805944823a7f"})
write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"})
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
read$FUSE(r2, &(0x7f0000003f80)={0x2020}, 0x2020)
read$usbmon(r2, &(0x7f0000000340)=""/126, 0x7e)
socket$tipc(0x1e, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000e0c076ff000000000000000002000000000000020000000008000400fbffffff08000600ffffff7f"], 0x2c}}, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = socket$igmp6(0xa, 0x3, 0x2)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e23, 0x56aa, @dev={0xfe, 0x80, '\x00', 0x26}, 0x800}, 0x1c)
sendmsg$key(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="02070c070200"], 0x10}}, 0x4400c030)
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = open(&(0x7f0000000040)='./file0\x00', 0x200000, 0x8)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r7)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020601080000000014"], 0x24}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
r10 = dup(r9)
ioctl$PTP_EXTTS_REQUEST2(r10, 0xc0603d06, &(0x7f0000000040))
sendmsg$NL80211_CMD_GET_WIPHY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="59bb22bd7000000020001100000008002b01"], 0x28}}, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f00000005c0)={0x0, 0x0, @pic={0xf, 0x9, 0x0, 0x7, 0x5, 0x5, 0x2, 0x81, 0x5, 0x1, 0x1, 0x6, 0xf0, 0x8, 0xed, 0x40}})

4.949942643s ago: executing program 0 (id=2255):
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
pread64(r0, &(0x7f0000000000)=""/30, 0x2a, 0x5)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
syz_usb_connect(0x3, 0x36, 0x0, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
close_range(r1, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r4)
execveat(0xffffffffffffffff, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x400)
link(&(0x7f0000000440)='./file1\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000580)='overlay\x00', 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r6, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x50, 0xff, 0x0, 0xffeffffd}, {0x6, 0x60, 0x0, 0x8}]})
write$ppp(r6, &(0x7f0000000300)="5af9", 0x2)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)

4.639992117s ago: executing program 4 (id=2256):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a05000000000000000000020000000900020073797a310008000008000440000000000900010073797a3000000000080003"], 0x64}, 0x1, 0x0, 0x0, 0x20048801}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x100, &(0x7f0000000400)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x4}}, {@max_read={'max_read', 0x3d, 0x1}}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, 'pim6reg\x00'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@subj_type={'subj_type', 0x3d, 'wg1\x00'}}, {@uid_eq}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@appraise}]}}, 0x1, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x100000, @empty, 0x9}, 0x1c)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bc00d08e36655c00"})
r3 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0xc1105511, &(0x7f0000000040))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x30, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x94}, 0x1, 0x0, 0x0, 0x850}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
set_robust_list(&(0x7f0000000180), 0x18)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

4.193559776s ago: executing program 4 (id=2257):
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000000040)=0x8001)
r5 = getpgid(0x0)
fcntl$setownex(r4, 0xf, &(0x7f0000000140)={0x2, r5})
fcntl$setsig(r4, 0xa, 0x1c)
sendmmsg$unix(r3, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x40015)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, 0x0, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r6 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r6)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94)
r7 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32=r7], 0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000001540)={'ip6tnl0\x00', &(0x7f00000014c0)={'ip6_vti0\x00', <r8=>0x0, 0x4, 0xbf, 0x5, 0x7fff, 0xec, @loopback, @mcast1, 0x7800, 0x10, 0x3, 0x7}})
sendmmsg$inet6(r6, &(0x7f0000002b00)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x8, @mcast2, 0x1}, 0x1c, &(0x7f0000000c80)=[{&(0x7f00000001c0)="45881de2e9caf48049d19e4a7b00f6e8d000fbc4284e8e032e3ff4b9fae2d42e1ddd1930b0dbd5eaec56a44f8ae507b2de132c116887a91d68b2c9d156734e3667787b145759b1bbcc0288a758c971bf52a51e3e38a70fa466b8e9799ef3cbd00534cf680950688dd249fd05a55b52bfeddc8a60f4b02241331a29720be2f1e785f0560714ce3d8e4827944ffc6c92cd911b1711149c5d14e1d811c3d92f880be2456e08621afeb05598423bc2d2377d74d5f0fe", 0xb4}, {&(0x7f0000000280)="88a48b01498d5ee1d0533f64e14d147436130f094aa1f2b24491fe31a424cfdc98cd2c23b66b24072c343fdab0e5ec1ec4b98af427e1a6647e32ea655f919d64b95a016ef1af032ab7fda6ed61a67c10473e3f5d2ce7fc81eeef9edcc424f571f3b1480e47f20b3bd06d8943fdc8c555d2e6959f613b1ddb7b438c1c79c340a94be929663194441accd484c7df59d22b19ecc3a6eca4af02ef4a85f0", 0x9c}, {&(0x7f0000000340)="c9342d1d47082384d21cc3da4221c21499cb9aff7504719532dec43f8b8a84d2e8d0047f5cd83617cc6f05a97de17af09048ec10ab852cd5f9", 0x39}, {&(0x7f00000003c0)="48f04544a9ef3f888441f89a07f9c71720db4e91739b000e6ff3f4a0eab33988a8043e21841140c983f578dc1e118ce44ffc02da651a646148b35cd4c76e6eda0a10efd8c727bc4d1cf236b89c4e38b3e12c2d8a8abce222413866f9e3735da47d08d6400d66f2892b4d1f2a0cfd1dfbd7bbbf439427848b716a890a2a0592a3b931fdfdf3614d8a4256f37775e30b71cfda0af9ff982a062d96048c8438ddfdd00eb65876779d5782", 0xa9}, {&(0x7f0000000480)}, {&(0x7f0000000500)="85c7efc81cfe3579630caec22ed9b8ec57fe2e228e335454462c696f02187faeae988e79405b602fe1d02b4aa8eaab", 0x2f}, {&(0x7f0000000a80)="4af71c22bb6b7b683325255a22de452a6fb517d0f3154578ebd9820a371ef2c8ea8b01ecd628d57c26a4b152b19281c6ccc57fb55abeac3ceae1cec44005ac624156f4506bfba05f8fee4a31700ecfcf4ddec8763eb6", 0x56}, {&(0x7f0000000b00)="618051fe2a21aacc71926f8b325226c8f890939494ee277ad16bacc8eef2e4ca7a618a69b7c76826a082", 0x2a}, {&(0x7f0000000b40)="40b74ec1069cf843761604de2efc53e5542d8dcf4cb47e5c13135ace45e9da2c61bc6730c423fe5cabeff48dc2c107ddd857337c0fa5a7fe8cdb632bd70b9e304a1113b8943cfabba0a186b1fa6a56e6349cb76be4d65ca30ff8eba1d1523d3d4fd08442728486577333942365321986b8f4f4d5004fb22ef466af5828d0358a4d0cc4987bf3d64804cf23f21b867d522ff4169912e64565eda479d1e15ba5c96e1d82cbfb7d639cb72914852dcec2dc75eebcd12e0023f561cdd3eea94e5f96f0236a77", 0xc4}, {&(0x7f0000000c40)="317381207846e3d8bf701cd39a2e72e835e9b140112a9a8ac3f6aaa934", 0x1d}], 0xa}}, {{0x0, 0x0, &(0x7f0000000f80)}}, {{&(0x7f0000001000)={0xa, 0x4e24, 0x4, @private2, 0x6b83}, 0x1c, &(0x7f00000010c0)=[{&(0x7f0000001040)="a147efe8a0d0b944eb03f958963b040471dd9bef93c74f297069f33ad403376107fbf9c1049e7959eb0a24a02f8e2db0b7c3085462ffa6f4b9f38e253bbd2d19ab74018983b72510df68bf3eaaefc55369c29bf3fab420414d078b330b8d181efa51045315", 0x65}], 0x1, &(0x7f0000001100)=[@flowinfo={{0x14, 0x29, 0xb, 0x3}}, @rthdr_2292={{0x98, 0x29, 0x39, {0x5e, 0x10, 0x3, 0x0, 0x0, [@ipv4={'\x00', '\xff\xff', @local}, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x32}, @empty, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, @loopback]}}}, @hopopts_2292={{0x18, 0x29, 0x36, {0x3c}}}], 0xc8}}, {{&(0x7f0000001240)={0xa, 0x4e24, 0xed6, @mcast2}, 0x1c, &(0x7f0000001380)=[{&(0x7f0000001280)}], 0x1}}, {{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000001400)="80ee76db3229670cbadf82b0479a23090f77ec04af88a2a6459635227bfcb85cf5805929ec89ad5abcf0aeb7dee6f81e67b1aaf662048091c8c77f467ee572fad6352f23fd8debe398aa3e5889ab30760ea288423fa45e68df91398b57bf45bcc8400c513a1a19e4831ab005", 0x6c}], 0x1, &(0x7f0000001580)=ANY=[@ANYBLOB="24000000000000002900000032000000fe8000000000000000000000000000aa", @ANYRES32=r8, @ANYBLOB="0000000068000000000000002900000037000000000900000000000005020008034496f4273bd8186195c889dc2d4a18a09eecf30dc1d5f637f6adc8297423cd7ca647615b0e5b02434fda43ff0a2b232d53eafeeb2868906a1871bae5b16148165b4b3657d5000100000000a80000000000000029000000370000003311000000000000041a391c306e1b4341b9afcbf176d44ea962aef7f65fdb387f271f55010100c000c910fe8000000000000000000000000000bb075800000002149baa5609000000000000000104000000000000a7f4ffffffffffff010000000000000005000000000000000100008000000000030000000000000001f0ffffffffffff7f000000000000000000400000000000000029000000360000002c04000000000000071800000003043b06000600000000000000040000000000000000010001"], 0x178}}, {{&(0x7f0000001700)={0xa, 0x4e20, 0x3241726e, @mcast2, 0xa7}, 0x1c, &(0x7f0000002740)=[{&(0x7f0000001740)="2bccce3426f1abe9a692c7d010644d7c4a160b6c55ec2ee184649b5d6a001143c554bf60dc3e93cd41c6f4fb5fdbca5b2401f46f62ffcdced46e3ebb60a72644d17c95fbbe2e11f9cb6483ab8043d46cd3c11f444695ba0ba7494e6da9c669aa73271be9cc6bbe6ee2648ac121cd64ec701964c354aedc5abadaa83f7b380406c22d51e12c4f181ad455f60aa5483eb039727a1b0c663e9c0201e6dd24134b202b05f54e08c54f9b86c76c3280139dc9cff5e528e3a9082fe245cc720e80b77cd8590e658ba13c7b823f22dfaa1b1117769af2c178fcb478cc824dba5744234f8e37ee329127f71a9d14a1e12e3c3b2b05dba7f4ba0cb94848637c91af4d436304405dfeeea035561f98dab1a4c6473d8e27f1a456171c7b0db0c3f50821c92a860789dbc01b5b672795246051bd376364ac693f5050bdee573c8622218743e9260a8d4db5f5074b8017265daee4b20e896870bd379647728e94ee5fd9cb5b750bbfb52c061b8bf201551177e1cc94e651bb8877f7286d02bebca789cb4df1923f5a184febbd3f46732b958df1dd811a610e63a9b6dec40455f948b75cf5afec6d018094552897adb846439f8df005c1f57aae57fdffbbae77bf479351d64e93b19592380fbd0ab9eb9813aaba24952deed38c3f16f5cb9b0f8863d95593d53d13ab335f2adfcf93601cbb7d6cce31cfbc310f3d738a247d472b364c9e65d1a6b96e7a9334a9e2aedaa05819c6117597ab015bc6348cf97e434bb7df1044105a402b061f65f94573b7828305d73953b9f998589bbf338cc1c132c56d81411448fe45c8188ef331d549446a8915cc98d11cfb77fb91da44212c60f2a18baa48deda589d96aee280ed045564fec42647a68b162c0a1834fd0f569cb27c78f20f593a101b65b68bf6afc8b3b8076596a8159333c97a4fb98b13b4b1e7f53517225397f70921d7c8d78f68d8a5c9fb316183ae8c45c7290f333ff607b3ed66f79a78e811637ac3bb6e9e1201806961b6c2bead1559e6e6eb17c49494d88fe3bf2a585a40b4b98e2f0fa0f00593082294430eaf8ec63fc5697cd29547fae091b8ee5dd4b2801702c226aa45b35db7603c2ea19c9f975d3d3dd8c5f3a61267997d8d4ef0b967e76871087bbd662b61fb215b86f433ed7e1b197111f5043ddb49fa89e2f0e8cbe9c2b64d29d66314f3a9bd6d1924a5398225483c7939c6d619d759309d1179f9659cc73063b906119668d3e7d605cbfdf3aeca5e8d9dc84b6c1f8e51cead14f2ec26739b24a57afd033aaf567406a3506cb674794deb4ed5d98fa880ce2020817f6f56040c2adb0f96dae826abbb07b441b81e3a652356387e9556a66d4263b84be3b5013594087f94bafaddec3471885ba330bd2d5bba8b4cb652480118c56444a426318bf02a22c96c65d98c66bde96b975333659939bdf0fdd280b10f30221b685d163519d8e787d09679e4d7830a7d17be709d6a8d47af8daecfdf372ed7a61a47f7c45d0651cd8c2fab7b217df87edc340c1703214081f5d05f6f312792175eebacd22eb081a9a97bca4614ff263e74e73494550cb0b3587b6326889e396e2c08f6161a92df9c2b4cf0db9e6c3f2ef1954574af71e622da792d28020beb62ecf33e151021cd22a572484a6706b0b120b2355d566ae87e454ef854b9cebcdf60e749c39256d8eba628799cc9971c125ab377306c1d7d9a4022c60004599e6223380c3fbb8855fda5ddfd32836e6dd180e0c558d24684f886ca5418fc50d63ee699e085e013c2f1e25f68dc35e23fb4fe2f3ae63dd72057e18eb8708370dfc0336ee39b3e3e03b8215f552e3e54f74c2a9b9d0c3dccc64d7e6b0e62f53afecd38865d839feaf6a8664f6d7cf59015be92320b8b583596348cb78705bbd63687adebd4fc1d9729621538de0ffdf7675880dbbe41192890126198d89ff8941729009a927a48b2c310ef871c00c51ffb76ac05cdeabd2dfa791ab89ae1950653a7a0f91002dbdad3e14435ff225bef8a077c5e05341a4dfc171d2f55383332ef73686ddc0bc16a5d913cb2681dfaf351e2289c6182896870af45d6c68a15c3fdb8d98a1731377eb3e66d28f9cbcc014d4c2d82c6a90706f4748cf7acaa47765b94451c046ad3cf4abea7dd3e5abc4dbc8db260e7ccd4b6ed5299622d88fcb662ae0a023c65c24c6efa40073a747838b198df6ed407f276bd980fc8cd9891f6a0da012cd13115bd6080485c5743d47d96a1fef5b3b93e2b37adfbaf5185425ad5b9e4c4bdfbb67bfe03996643edc3a541cddae0516e35db87273596eaee3f1f12cfb59611d71a00b061a8db7caf2202112fe87138fc078f6250bebf67532e9dc516bea3c92af10efa86a8c534bb5e8d842fdbac1114231b5cc8b2a3a53149ed07e9f3283034e49cf6a592e77569385a70645a9c013118711db60d9fd9f0bb34617deb1eb37c1468049bfb36b265f755f2ef4e1effc6a21da18d5f9b50fcd7b86439406c97d6cad4289ae7d44213b0f7277b467a7a5bd4bb4e8f0da031f729792c1c75fc237922aca1947b13fef72019c9bc628233a98240e6ae1d06073fcd169ad5d0ebad8f8f477463760cfa5006ffc821bbc785a37899b5e74a9c745393aabc7d3ade7b93cd011c190c638b8667810ed3e91eaafad3d6d2e09251d6c75da365753cbe7c8fac3893a8878bc42843376c3d6b53a34fa4e04e2fccb73e71ea20cf49b545f4d8e7fd38c8a02b3c5ce4445b5748c92f22608742863d2fcbf0929415311bb0a92fac4d7e710190b2a228b04588c4b26a4a5d75ae583d6a876dfd508371feed164ae4db810d3d29a09f0fb7ab0d82b80970a90ee11f539617476b4bfd92e95f21daa175ffe5c35fbdacec61bfe09846a0b223c6ec46ca3c0d7545a06a8fe822863bc5314d8a4275bd2cea7a5b54b9d67eade1925ce76b419e14bb1dd2a34779b36a27352654d716d2d4411a62c8579794b49684bc015a22b641c762930e3dbf315872c2585cc488f631a050386fdd21ab5049ba53b67c3aec883dca3018d625836d4641d013e7cdc64f000f3b44e310c56e066ad1a2715423561fe4116e6a3c84b80c0560968b23fa12ef81c2cd3f68fe33031eab3378f1b17eb6b9fe3f1b05c5e59d5f8adcec811d8f95d362f0116d1edf0a3375b307eb7ff2c13b80fb1fd68a844a0ed75734b91aaa700e7f6be237e91dd9462c40cca47dce3cd5cd69b14ce3fa7fa39589e4875276d5ef7bd93efb7444f5fd3eb18968900799f34ab309c87b854e1a6c7e2d3fa646cfb604c52cea549eace3e75a2a1b6579614cf846736c529315e62e581d1da7966aad0d20c246405587c8c386ef2813aa8ca554a334ee6d5f89bf1fa4d59c366739eededa88b71a0613c15266fdf6801faacd6dad6b019acdfdeb4ecfc97b310ca10686929a09ce06ae2df0ed19ef0c94659be40c2f90a054b67ace48ae6ba52a56e705cc35efdffd52c1ecab3200778dbdabfefdacbbfccc342038b796037819ffc48de75ec60099bb703f1c2ec3497a32fa499fae8efccb189edcfc3ecc13c2292d79eb4ec2252e65983da30f732b05cb405834b0d70fd11b120fcd6c08006113972c1632e06f4381c12ad3b9b077e40beb21978ae82b2092746e3f423c0bb9b8df7b0f657312d8fafc73aae9b5ada396522803b24335387a2ef02583cabb75310c5a7bff7cddfba2f70581ee356413e1673ff780e321e1cb86ae87e6add4ff0c4c85ecead4a090267505e9e1e3127c07a37ec7fd0ff3e037604b95dbbb236b9a06222684eaae7c6059d2ba11688fed2a73aacd0c4e73f63cd582c804ecc34dafc8633ba3c44536d8737b296a65ad6c8ceaf5438c664852c0ab1eb133293118ddf51bdc1e580b468788d6b4f2838bb5e330dd630de23447da8c8326eaf413498a6d3f2caf73fc0236e9404d51622333a63b9be427d37b3133c62fc8c60a851a868d0e989daf0b13efc64587be1d86b71a11d7481bf8c50ca20c9e1654d63f0db86ddb3304a8c735530727762bc12eccf538da9be6eff85de6d254a763035f1db216be0a3b9b610f7fa76ebcc90099f74aff750bc8e2765c9f3780e90941ab3a035d417ef2f42817df093838f076b46ef356ff8fb56559eeab92f333288729e2320c68aab151ad9fc31fba76b1413484b7934d9593d77ec4628eb1f0d7b8fef99a37946c144ca3fbbf005b72f1179650f2036c982a1124cef5f71751c6a1cde65b6ac47efba76c5b1313111ba7b349dce54aa387deb9250931d557a02f248f2dbc6ac2786cdce8e274cb7a9d15f68878e46e7a6fbd50c8b37d0431efb9f68c791aac07d1d407d0cef2207162c93e9843c6858aba53997c3f33287edc8b3736867ca7f9360f1c91817de129ccda9e517107010c8ac10073dfd3300366423f8357fa6e23285e0b1d5ef52475641a8e092b5d0b4a6fe24a6c7d218f74dac4ca62ac8f7715a8eb3726f81ec90a3a9a8125b62524f4cb661d15ba8b4d497a75fb306c4d6f666403c83d54eb1e3ddce8d62bc0355b101beee78927ceb4453e406cb66590120f4c1271d320bb6710a0253ccbe061da2e144f362e6f826e87421fc517a29c78f0566dcba24a44fbe1f934d81dd58ad931c18dee87a4bc5fa8edd6ca1fe4e2077127728c36866204906809bf11baa06638cfc6e0d224b7f7937e89d944374148a91e330386a126f92e9c556663196310ef94381c59917910d1a48bfa567638e161a9125fdf03c80adc715f16ed1ab65a0a061844636c0e000713c0ede8dbdf472ebcfebe03a9c9147d55c965722a9396524bfcd93d512425ec3c6ea0a990b86ba3e81eee5d5c43661633f84b827cbe66bf31a0b144c804bce05f10d98ede240157f9742d5368c1b3c4743ba3c825a5270a4c54fb25242640c6a0e048f3ddd6f3664bb74ff609ce3c710e3fda640164051dd72f88cd72573c5119e1d076ce3da3582109774d0d79baa678b9d3340af99c08a6bbc7ba4ddd382e09815ebb50e1f284e3123b8e4bc477d65a2f0b4ed777309d04fef051981514f5672107b9acf134d24d1c6adb9224136984962029363bade0d32f57d27c993e4af43d224cbe84278fea3ba5786da48b2c7958d5d63cc1db693f63386811d920ab0c95ef43a98478d277e30026d837889e1d094866cd4959b6ec0cc77180aefa04364c55df8dd69a672652cca72f719587b57a07e36f154326f7829a2e9184c243a16a2fd1fe24b79ccf4d3233c1a92e88bafd614b96e0308c18fae70d2699c51a07b4bffbc393c9506858725a1b489ca5e02fea7351e82162489624cc1798421736d9a186f3787aae090f5581ec3b6176eb9b07879cf3326fbf3e1e31d95bc2341c74e940817960010b6ef81ca56b1a1517dfac1ef0abf20e73ca9c625cff0ab516c7e671dee9877daf76d1100dff26b51aa3ece81b86204922834bda5e00ac55884aaec3c6af2b044e9ed1a216777a387fcd5bf7d698b6e91dd8c24934cd4d78024378b9b9433203dbcc99bfcb166988b4cca7a9e410bd489957b525decfcb0727f64e80a815f278eaef9368987adc97599daf6f429dc62f9f43ac5d2140423a13b0d07d1c5176ed3957629df69c6134a2b8574987582fbeb513b09e41c1b14149a8e53c2add0fed8bd6fd91d63b161ae36d26e98e59e6144d4295c37e4035d81481d97a2cbc8c098137f480107eaf760f", 0xfbc}], 0x1}}, {{&(0x7f0000002780)={0xa, 0x4e20, 0x1, @dev={0xfe, 0x80, '\x00', 0x29}, 0x8}, 0x1c, &(0x7f0000002a40)=[{&(0x7f00000027c0)}, {&(0x7f0000002940)}, {&(0x7f0000002a00)="54f985118a12f7be37d44dbd83d60682aab5cab9cad3d574e5bd555a1c", 0x1d}], 0x3, &(0x7f0000002a80)=[@hopopts_2292={{0x28, 0x29, 0x36, {0x84, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0x6}, @ra={0x5, 0x2, 0xe78}]}}}, @tclass={{0x14, 0x29, 0x43, 0xd2}}, @flowinfo={{0x14, 0x29, 0xb, 0xa}}], 0x58}}], 0x7, 0x24004001)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x0, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x2000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x21, 0x0, [{}, {}, {0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xf}]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}, {0x0, 0x0, 0x3}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538)

4.055147243s ago: executing program 1 (id=2258):
unshare(0x400) (async)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) (async)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x8, 0x0, 0x0) (async)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f0000000080)={0x2, 0x2, 0x5, {0x3, 0x4, 0x6, 0x1}}) (async)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000100)) (async)
r3 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000540)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) (async)
syz_usb_control_io(r3, 0x0, 0x0) (async)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) (async)
syz_usb_connect$cdc_ncm(0x2, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x44f}}]}) (async)
syz_usb_control_io$uac1(r3, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io(r3, 0x0, 0x0) (async, rerun: 32)
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) (async)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000640)={0x2c, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0}) (async)
r4 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1e7d, 0x2dbe, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x8000, 0x2, 0x1, {0x22, 0x2}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x9, 0x0, 0x20}}}}}]}}]}}, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private0, 0x80000}}, 0x0, 0x0, 0x35, 0x0, "317f83735b4bb1eadc74dde27798c831eec04c24eeec7ff3d3137a508003d2d5c89ab0220cefebd4687636457b9822766c1bfea4e01df23c6b48aeaf049a572a9774d3b882eb3b4a66c5ec48c29f065d"}, 0xd8)

4.022537818s ago: executing program 0 (id=2259):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
r1 = socket(0x400000000010, 0x3, 0x0) (async, rerun: 32)
r2 = socket$unix(0x1, 0x1, 0x0) (rerun: 32)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0}) (async)
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000080)=0x10000) (async)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28, 0x8}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40002}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd2d, 0x8007, {0x0, 0x0, 0x0, r3, {0xfff2, 0x5}, {}, {0xffe0, 0x8}}, [@filter_kind_options=@f_u32={{0x8}, {0x14, 0x2, [@TCA_U32_FLAGS={0x8, 0xb, 0x1}, @TCA_U32_DIVISOR={0x5, 0x4, 0x28}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000841}, 0x800) (async)
r5 = syz_open_dev$vbi(&(0x7f0000000140), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x9976, 0x2, 0x2, {0x5, @sliced={0x800, [0x447, 0x2, 0xffb, 0x2, 0x3, 0x0, 0x8, 0x6, 0x6, 0x8000, 0x0, 0x9, 0x5, 0x0, 0xffff, 0xa, 0x800, 0x7, 0x8, 0x7fff, 0xfd, 0x1, 0x7fff, 0x1ff, 0x8001, 0xf0be, 0x401, 0xdc05, 0x0, 0x9, 0xc, 0x1, 0x2, 0x10, 0x4, 0x1640, 0x4, 0xe, 0x5, 0x101, 0x5, 0x0, 0x4, 0x1, 0xda, 0x4, 0x9, 0x1ff], 0x401}}})
ioctl$VIDIOC_QBUF(r5, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x7, 0x4, 0x10, 0x2, {}, {0x2, 0x1, 0x0, 0x0, 0x0, 0xe, "001500"}, 0x0, 0x2, {}, 0xfffffffc}) (async, rerun: 64)
syz_usb_connect$uac1(0x2, 0xba, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010003000000106b1d01014000010203010902a800030156c0020904000000010100000a24010101bb02010211240601040507000a0008000300020005052405060f0f2406020504020002000a000a00040c24020203020250800009010f240605020407002e130a004ef1000924030102020505f58104010000010200000904010101010200000905010920009301050725010003480f0904020000010200000904020101010200000905820920000d02040725012608030081b5eb1aa85a3b40c3b391dd750f909d98ba170114"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}) (rerun: 64)

3.889373169s ago: executing program 2 (id=2260):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000080)=ANY=[@ANYRESOCT=r0], 0x60}}, 0x20000000)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000500)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r1, @ANYRESDEC=r3], 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = openat2(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', &(0x7f0000000400)={0x185002, 0x40, 0x1}, 0x18)
bind$alg(r4, &(0x7f0000000440)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-neon\x00'}, 0x58)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newlink={0x6c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2800, 0xa0102}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_TTL={0x5, 0x4, 0xeb}, @IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e24}, @IFLA_IPTUN_FWMARK={0x8, 0x14, 0xffffffff}, @IFLA_IPTUN_LOCAL={0x8, 0x2, @private=0xa010101}, @IFLA_IPTUN_LINK={0x8}, @IFLA_IPTUN_PMTUDISC={0x5, 0xa, 0x1}, @IFLA_IPTUN_LINK={0x8, 0x1, r5}]}}}]}, 0x6c}}, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x338, 0x2f0, 0xf8, 0xfeffffff, 0x2f0, 0x220, 0x3c8, 0x3c8, 0xffffffff, 0x3c8, 0x3c8, 0x5, 0x0, {[{{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, 0x0, 0x0, 'veth0_to_bond\x00', 'caif0\x00', {}, {}, 0x6}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @broadcast, @remote, @icmp_id}}}}, {{@ip={@loopback, @rand_addr, 0x0, 0x0, 'lo\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id}}}}, {{@ip={@remote, @broadcast, 0x0, 0x0, 'pim6reg0\x00', 'wlan0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv6=@private2, @ipv4=@dev, @port, @gre_key}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
socket(0x40000000015, 0x5, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r9, 0x0, 0xfffffffffffffffb}, 0x18)
write$binfmt_misc(r9, &(0x7f0000000040), 0xe09)
dup(r7)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b1000905827931"], 0x0)

2.82619872s ago: executing program 0 (id=2261):
r0 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000500)={<r1=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
sched_setscheduler(0x0, 0x2, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@loopback, 0x0, 0x3c}, 0x2, @in=@broadcast, 0x6, 0x4, 0x3}]}]}, 0xfc}}, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000600)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x3, @loopback={0x700}, 0x1}, {0xa, 0x0, 0x9, @mcast1}, r1}}, 0x48)

2.70667079s ago: executing program 0 (id=2262):
socket$inet_smc(0x2b, 0x1, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x4cb80, 0x0)
socket(0x40000000015, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket(0xa, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x9, 0x404000)
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'wp512-generic\x00'}, 0x58)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000008dc0)={0xf500000000000000, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf031c1896ac0826786ffcfb99e55c1272594d5be5c7f1de9562bbff01", 0x1f}], 0x1}, 0x40)
close_range(r2, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000300)={r6, 0x8000000, 0x0, 0x4, 0x0, [], [], [0x3], [0x0, 0x10000]})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000400)={r6, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x0, 0x400000], [0x1000], [0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffeff]})
socket$isdn(0x22, 0x2, 0x26)

2.56961893s ago: executing program 4 (id=2263):
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x0, 0x1a}, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29")

2.362483537s ago: executing program 1 (id=2264):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r0}, 0x18)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="020300030d00000000070000000000000300090050000000e9255bb992464e73a02100000000000003000600000000000200000000080000000000000000000002000100000000000000000d000000000300050000"], 0x68}, 0x1, 0x7}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x38, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x60}, 0x1, 0x0, 0x0, 0x24040089}, 0x20008000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$inet(0x2, 0x4000000000000001, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="5c0000000206050000000000000000000000000105000100070000000900020073797a32000000001400078008000600000000000800134000000000050005000a0000000500fe000000000010000300686173683a69702c6d616300"], 0x5c}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000008da4b70800000400396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000240000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000100)='kfree\x00', r3, 0x0, 0x8000000000}, 0x18)
socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000ff00000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00', r5}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000040)={'macsec0\x00', @random="06517dc2e6ea"})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socket(0x28, 0x5, 0x0)

2.361696855s ago: executing program 3 (id=2265):
r0 = io_uring_setup(0x59b1, &(0x7f0000000380)={0x0, 0x8adb, 0x100, 0x1, 0x2f4})
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000480), 0x1)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x7})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000040)={r2, 0x2, 0x2f4e, 0x200, 0x6, [], [0x0, 0x9, 0x7, 0x4], [0x1, 0x3, 0x2, 0x6], [0x4, 0x7, 0x7, 0xd8]})
socket(0x10, 0x3, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x1000004, 0x13, r1, 0x100000000) (fail_nth: 6)

2.262183729s ago: executing program 4 (id=2266):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x1, 0xa, 0x101, 0x0, 0xec0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20044084)

2.261360912s ago: executing program 3 (id=2267):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a05000000000000000000020000000900020073797a310008000008000440000000000900010073797a3000000000080003"], 0x64}, 0x1, 0x0, 0x0, 0x20048801}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x100, &(0x7f0000000400)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xffffffffffffffff}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@allow_other}, {@max_read={'max_read', 0x3d, 0x4}}, {@max_read={'max_read', 0x3d, 0x1}}, {@default_permissions}, {@default_permissions}], [{@obj_role={'obj_role', 0x3d, 'pim6reg\x00'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@subj_type={'subj_type', 0x3d, 'wg1\x00'}}, {@uid_eq}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@appraise}]}}, 0x1, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x100000, @empty, 0x9}, 0x1c)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bc00d08e36655c00"})
r3 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0xc1105511, &(0x7f0000000040))
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x30, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NAT_REG_ADDR_MAX={0x8, 0x4, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x94}, 0x1, 0x0, 0x0, 0x850}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
set_robust_list(&(0x7f0000000180), 0x18)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

2.140020142s ago: executing program 1 (id=2268):
landlock_create_ruleset(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000013bc0)=[{{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000700)="61120d30412baa425595ecdb2fab1551094e0a612820aef5c2058110671fdc6a330c21518fd5e1b5a12dfecc1020f000b038a6c60eccaaa7acb39ddc6022f30c9ce52415488705d117672b428a93b97288be4fcb5fa6859017669b9e8ee11564a9d8e3cf400c514c9ddc3d872d8e6fe96b1fb78ec44631c2fda7dd4e7aff7af4c1752518881b5a18d54187b1f2c4e46fb035febd3676990d0cc3a62d6098d65648bcb46ad1ff936868852e42b8dbe4c342088c327a2288b12325734293c609ef19c0a383f0dd3cc3add60d53c9b1678cad19fcf49420acdcd5f326bf89822b7b43b70d77e752c35af1949d489decd48aa9a37e895237a7bf897939dd0ae885cab13fc9dc3b42a6cb3bf44c980664325e937f49900442d5df7f131829542e7def95cd5c678155a3f8097419575f6742e783a8e9ce3172180f7205ff8808cfcb08b481929438510a7fed929a04e449b59920b508c491ba4271ddb35c2054df39c0734e96f2f38d41a0bdae815e0c2b1412cf2bd89be68640f7c7e8e89e5b4ee19b11581cf802475775b82714676eeefa98a2a480e953d4f639e417a06123c5764d5c68475fb03eae63360b7da8f6d64c4021e5d4cf52472d822f083aa9be4741e48cd4ee55ef91923544c6ae032143302589c28f4fedb7f95decbe7acb6a4092fd6963b27660955cba6d470ea64f2993b4ada9e956cf3d7d56bf271e68a876ce0f28071393d1b08d9b97f5de6ea8bf5867e2b147700b5647dd5a6ba345cd5fcaf256e045d1c23a297203b9f984178a08892cd6d69c6d2675ba54a0ddfd7c0c09825e2c65ac634accefba756afe8711c0de7b25ecbc54b3301e3376e4d6e44ced17ac2de64aef3cfc9806c98e8bcb6a31430e7eb0bf12a18303a63fbee97de895471ef17d6870c83ce125c5b5f9be4c4f92d3b71e2bc5adee04295603748a62fb967dc6bac87059a60da0105a2af4dd38fe0bac34a60535cec6c9d2aa0b890c3af61905b515dba493cb5e6d8f67372d31ad034362b29c21548fdc221528029b38f19baeda176a47cfcf9f74706d904eaf42336821e8ecf9a3687e14756e3e257fdb706214bb5662a5e6dbee69d7438d391117b53a8db65961b1c00b377235b2af71278635374d481af4b367bf6cf734eb770b53d4daf26e17fe662a78830743064b41394ebeee3080674ef1e97ae95097b226ddb5b8e40b095668f45375e70ddc721d450127fefb7e6b12800eeb3a16aa8196f6bdea8cc51b7cac1ff3e2ba4859c6106be53215b69a8c78bf961e50bfd019ef08c0aedb88d7aee7244dbdc889540313664b567cd02ddc97c35ae8bd3ffb1b4c868a4b82b3ca83c1fc30ae0a2e9dac4da29e273347d68c744b30b7369e1f0a22f2a09c9c1c9c5ab3470beab618c94205203c65faf4960db6f08a8417fc34da961b972eec6080b4e73fd69333069c0cab7ac7d1279a5cd974fbbd6c448b66a1c04432660283e4d5ee1598271f8571c6e5060b291f488ea6786f0e59b566d73833b7d522ee47a607b32e3329ad893255dbbec9346f4f29854674d0c7ac9af7b3f52a901efb6c86408e6d5992f1b860bfba3971866872a6a14c4762fb353f74be2364b60d7e46d9d9d7b6c5db4a04090062dcc88025b6371f35a6a30a6dc2d2859de70752588a71ee2d55bd122b59422f4555b424f9a87791235223d5cf8967d029ff22a009acee61527b993f34ab56a84932d079887f4bd14d5088fc183b72ac2bfd62b0c9b64a7ccc3234ad9fcce53dfca05a1164d8fec1206940c93605aa9cf9244b0213e9f8bf63b96514e61292b1a050e40887936e21c5416aca706b05a8b8e021cc07f56026ab1f0746797f817fa6765a0e0b964e43437e7dcf555032750a48b8a74a74d76bc88d9710f4ed5773e60ece4069be16457b239bc4785dcc66bdfca7b52e12b7a899bce20eed2c7568150ae5e680a152622ff7459d1f2bca7875f5c727e0ca2367ad84b997ade4b09c45599c0356983b8d419623bc10367c145436b6baee3cb59d49ad2aaa4e730e13bfeba6f682d8f1c0df16d0a763c20c680cfa0d992f02fee08577c70ae2abfb85162b26219c881801e16067d456de2ced9e071d5d3fa4fbf8f04032434572028317102f77676343c23c6251846d70e5d545bc4e359a3b86e6e66e2609538b09be02457bc8d240c58f83bda22254e22edf382a9c66bb52162f1ef6f075f90e18534a56085413dd82d572dcd63ee59889a4724712f62aa7f0028a4e6833e81e92389547aeb39be1818e5c5312af0c28c7ee8f7e3dbba0ea72fe8551b7ceca146978e184cece508bec2ca35628279a53ce36ac4770e76a65764078c71e642390f1af7e801ee7706f709bd6bbdd6efd851de4531a7b8a4bfca0eebb75bfd046438b57d21d6b260917c1fc121975d6454526033d500aa16209197f2d39a8c15fc482c7a27d81760bd6a44b28e772fc49576a1fe9cc39a5677562efb7a73cb1d85fdf8ec96687431477c3309e944ba00617f89f6b1f638802d8517017fa757cdeaf9f2a2bfae147dd12ccaa380a43f592ba5b32bd25e58574c0a1170b1cfcd6cdab8a781109a424e60724647fa7f209b06bbb4350ac07d10b5e5a4e07a689760acad58644cc5876ce2968116bcb189f3993bb8c5de149c19c94a0e448c268f8c29fda683f7386c44e0f0c373fef1c283ad0bc21580251d5c3b1b1984bab9da1a71bd274ac07557c7eb9a8b9bef59773b45606fbf83727695c48db39296eccd15c55f903f3225ae44861421c125639372d12a9495479d39939c1c05bb8f5286203baad3c0d23368a43b56c487772d7c8ec293cf7bc6aa561402f3d51cfe27f20e1faf3af7885d08f3ea202a386da634ce8557334c58021757fc9140cdec83f9913142ab78b1116e661f3983187e8a1d93eeb18ac253993104adcf35221001426a18e3f725ee446810d8dc2837872f052b5fa98287f2f66e4c8e2ff14a5b2eb377bb3efd35480246e354e2097b1592bf7e6efa01a439202f2b2550f4f7f92d56b2b4252bdd1d8a91c01612323a2eae4bcdaf07e1392dbda4217653f2b2e3064163752230778605765b24686237421e9823931c044bcbffd80236fbb330827298092478f9b42a6eac34addd6388c3b1dd8fa2344888230ddfbcfbb60c76eca25044c968a8bcd2247232425ed64b1e11cc2b5d2f15a847e0ba1efb9f5e40f96d7fa59ded9ba77da5115d1b0ca140dac507da6fede47caf3101b8cde91bd1846aaa98f74ac465130a62b8d41c52726549f84df3a17680895b379f07a73c66a30a9019dc0b2bb29a6af9fe7ef271b3994fd5e7e0bad293e9789adf7707d7a2ab424c9b19589628f06727a5b8c129ea9f053f14e74525af3b708264787bf389127d50aa6851acb1524dadf057f004859c3876726877510e2b65d1edda3792f409fc0b2686468901c3700c0493bc9bfd320391582f29574b37f3262c30c948ecafe97f34d0fb704111536cca98c8027ff21c762144dd3ec7d8c678657ebc21efaf433e078d58c83fb08f52b0bdcf39fb78bf25fd408b8e38d1ff70bd4d6be390f4e82c4de88469e61dafa895a9873b4daa7098b505fd9d2f19f44ad5dace9f482d97dadd29f02d16925d8597dcffaa314527dd8bc39bd01c024cae0ec4d9c7e1c4fb6a33e8d76248c3e20f62e5cc2eb3941f8962bdab86f25cf08f0ce2541f6fdb9b5df5872bb25ae0e26c850fa1303548e010c1e25c94fe2b07cf2447098f166e88a6605792cdd6b099e691ae0b84620330014f5bf314005a93525bcf8d122496eea28f566f9d4f429386bac9f27f1a231f175ad008de8c0821bc8a249506f72be57b5c871c5eaf4d7ee67b1e4a346e7f5f57ee3ed2afa971307e822b9dbffb9d48df2a5660ba4c526a868e77b0f6508deb10ed0f7e81f5ed54b0c914a0721d01ba129b1f70f3044e484a9525bfa325bf9d0bcf59ecd035d5f5b1df816cb7bdb03279cd2dffa1c78db638e8b34e4762fa0b278d1162784014621a814dd96686e3956ca6e47c48b230848ef06dab24e5f39126c7530e7fba397e010b02440d281103b517405942f4a77e5d9a199394ea24e365bdd36b98519bf29b3a6e1b72c49ff389081cb6c1b7f89db0a340997bf45056c6aa11ce234731f838ee38ea72376ca349ed5a87b5be7b4491c15e3130bb647cc6834a38f376b7ed730db291951a6c6faa30a36621cef32fd7754b5e8f960c5afa6291acbb9a2fdfe36ef701d356dbd009c04feb93f1f71f30c67220235c2413cb3791b76ee5b2345850c60aa4f04c8911973398805565e9695485b09da420931231c476cc3b0764748b6e6eac531f2ed1dccada2de18942c05a9783dca9da2653be9a5cb77a8e062ba7a4e52de6a63802a4e5d9a238df7722c84077c4df360992ad2272a52aa1b131dc6c413c19de2fdf0f4bcce49d59d213aa823d81a7a8b9c8cb04dd786cf8e2542868b8dbb2720fb08fae00822abf218a682a185cc7fc7d8f4ca3ecc2c404a69c858d188b30efca8abf718416f739316b1eba679e0656e6060788d17a12befa5174156da11c46c2624daefc93e469246272aef2d6ee0a7d318c9d48544cd6c2541e7eda74ee1ea2bb42056f837c240661816a7b73d686dd1f55c363ebee85497af0539444ba3ad6a311a72ef6b17948ef12433524c80f53e3e1900224887722739df98ca7b9999bff995e231609b9edef82c592cd1bb2671d00bf6a73af2207c4ebe8578f79f2a950ba2f54a919e5048493689b35abd1c715122377cf8f9d80303778b294d69958a", 0xd3b}], 0x1, 0x0, 0x0, 0x40000}}], 0x1, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0xfffffffc, 0xb, 0x0, 0xfffffffc, 0x7f, "db8f2d2b3b7596160c6981acf8805944823a7f"})
write$binfmt_aout(r0, &(0x7f0000000400)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"})
ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
read$FUSE(r2, &(0x7f0000003f80)={0x2020}, 0x2020)
read$usbmon(r2, &(0x7f0000000340)=""/126, 0x7e)
socket$tipc(0x1e, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000e0c076ff000000000000000002000000000000020000000008000400fbffffff08000600ffffff7f"], 0x2c}}, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = socket$igmp6(0xa, 0x3, 0x2)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e23, 0x56aa, @dev={0xfe, 0x80, '\x00', 0x26}, 0x800}, 0x1c)
sendmsg$key(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="02070c070200"], 0x10}}, 0x4400c030)
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = open(&(0x7f0000000040)='./file0\x00', 0x200000, 0x8)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r7)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000020601080000000014"], 0x24}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x0)
r10 = dup(r9)
ioctl$PTP_EXTTS_REQUEST2(r10, 0xc0603d06, &(0x7f0000000040))
sendmsg$NL80211_CMD_GET_WIPHY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="59bb22bd7000000020001100000008002b01"], 0x28}}, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f00000005c0)={0x0, 0x0, @pic={0xf, 0x9, 0x0, 0x7, 0x5, 0x5, 0x2, 0x81, 0x5, 0x1, 0x1, 0x6, 0xf0, 0x8, 0xed, 0x40}})

2.055360316s ago: executing program 4 (id=2269):
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @broadcast, {[@timestamp_addr={0x44, 0x14, 0x8, 0x1, 0x0, [{@remote, 0x4}, {@multicast1}]}]}}, {{0x300, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)

1.797817659s ago: executing program 3 (id=2270):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x24, r2, 0x10, 0x70bd2b, 0x25dfdbfb, {}, [@NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x8001}, @NL80211_ATTR_WIPHY_RTS_THRESHOLD={0x8, 0x40, 0xff800004}]}, 0x24}, 0x1, 0x0, 0x0, 0xc801}, 0x840)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}}, 0x28}}, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="340000001c000100020000000000000007000000", @ANYRES32=r6, @ANYBLOB="400001060c000e8005000100010000000a000200"], 0x34}, 0x1, 0x0, 0x0, 0x20040051}, 0x4048080)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r11 = dup(r10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r11, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x12, r9, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='nv\x00', 0xfff8)
shutdown(r0, 0x1)

1.573956854s ago: executing program 4 (id=2271):
r0 = openat$hwrng(0xffffff9c, &(0x7f0000000000), 0x80800, 0x0)
ioctl$TCGETA(r0, 0x5405, &(0x7f0000000080))
unshare(0x6a040000)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0x0, "4fcb813dd28b42bee2b094a3de6dbfd30a74457bcd1cfd5feffe5c019f45d57f", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000180)={"000000149c0286e08ffad43c40fc0a000000ab65a29e23546aad0281b3aff5eb", r6, <r7=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r7, 0xc0383e04, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0106000000000000000009000000240004801300010062726f6164636173742d6c696e6b00000c0007"], 0x38}}, 0x0)
r10 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r10, 0x4610, &(0x7f0000000000)={0x9})
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet6_mreq(r11, 0x29, 0x18, 0x0, &(0x7f0000000640))
write$uinput_user_dev(r4, &(0x7f0000000500)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55f8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x200000]}, 0x45c)
ioctl$UI_DEV_SETUP(r4, 0x5501, 0x0)
ioctl$UI_GET_SYSNAME(r4, 0x8040552c, &(0x7f0000006480))
open_tree(0xffffffffffffff9c, 0x0, 0x89901)

1.188187494s ago: executing program 1 (id=2272):
prctl$PR_MCE_KILL_GET(0x22)
prctl$PR_MCE_KILL_GET(0x22)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(0xffffffffffffffff, 0x3b87, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0xe6})
prctl$PR_MCE_KILL_GET(0x22)
r0 = memfd_create(&(0x7f0000000040)='.\x00', 0x0)
prctl$PR_MCE_KILL_GET(0x22)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x8000})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x400400, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000140)={0xc, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4})
add_key$user(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, &(0x7f0000000280)="8a64ee7fa8c859f2f3f0dd4b94636ba37e910d41529776c88c8b2ee9a81da10345e15a158a4afbbc4fcf0a478ba3dd1f9e8f6c1bb8c0bf91333d06e8a3c59b672f6cbc573f84745c8820e29fd0f7063c3e997b21cf4fa8d6e5d53cf2574b5d64f6d9e47c6429d11865942f76266a11f79e65772c7dfdd5f2be0558aa7d4adbf1e19134ba90f7e29305783b0fb1a05f2b18f74645ee5bb53a9e87369621e3060bcbdead8eb91d5410", 0xa8, 0xfffffffffffffffc)
r5 = memfd_create(&(0x7f0000000340)='.\x00', 0x5)
r6 = syz_io_uring_setup(0x1beb, &(0x7f0000000380)={0x0, 0xa35d, 0x200, 0x3, 0x384}, &(0x7f0000000400)=<r7=>0x0, &(0x7f0000000440)=<r8=>0x0)
r9 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x80010, 0xffffffffffffffff, 0x10000000)
r10 = openat$cgroup_ro(r5, &(0x7f0000000480)='cgroup.stat\x00', 0x0, 0x0)
r11 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000540), 0x20000, 0x0)
syz_io_uring_submit(r7, r9, &(0x7f0000000580)=@IORING_OP_RENAMEAT={0x23, 0x17, 0x0, r10, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='.\x00', r11})
socket$netlink(0x10, 0x3, 0x6)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000005c0)={<r12=>r6, 0xf, 0x5, 0xa})
write$sequencer(r12, &(0x7f0000000600)=[@echo=0xffffffac, @t={0x81, 0x1, 0xd, 0x4, @generic=0x4}, @generic={0x101}], 0xd)
syz_io_uring_submit(0x0, r8, &(0x7f0000000640)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x9, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, {0x0, 0x0, r0}})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r11, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, r12, 0x0, 0x0, 0x0, 0x6, 0x3101b4, 0x3ef0e9})
r13 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r10, 0x3b88, &(0x7f0000000740)={0xc, <r14=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r13, 0x3b88, &(0x7f0000000780)={0xc, r14})
ioctl$SG_SET_COMMAND_Q(r11, 0x2271, &(0x7f00000007c0)=0x1)
ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000800)={0xc5, 0x0, r12})
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000880)={'vcan0\x00'})

810.070388ms ago: executing program 1 (id=2273):
r0 = io_uring_setup(0x59b1, &(0x7f0000000380)={0x0, 0x8adb, 0x100, 0x1, 0x2f4})
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r0, 0x7, &(0x7f0000000480), 0x1)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x7})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, 0x0, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000040)={r2, 0x2, 0x2f4e, 0x200, 0x6, [], [0x0, 0x9, 0x7, 0x4], [0x1, 0x3, 0x2, 0x6], [0x4, 0x7, 0x7, 0xd8]})
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)=ANY=[@ANYBLOB="201118"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_pidfd_open(0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r7 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2a, &(0x7f0000000200)={0x1, {{0xa, 0x4e24, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}}}, {{0xa, 0x0, 0x0, @mcast1, 0x1000}}}, 0x108)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0xffff, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0x80000}}}, 0x108)
close_range(r5, 0xffffffffffffffff, 0x0)
listen(r4, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)

809.661283ms ago: executing program 3 (id=2274):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x5, 0x3, 0x7fff0000}]})
setreuid(0xffffffffffffffff, 0xee00)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
r2 = landlock_create_ruleset(&(0x7f0000000080)={0x8601, 0x2}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = syz_io_uring_setup(0x1237, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x3, 0x2b9}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000200)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000080)=@l2tp={0x2, 0x0, @local, 0x3}})
io_uring_enter(r4, 0x47bc, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
dup2(r7, r3)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8000)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCGMASK(r8, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
ioctl$EVIOCGUNIQ(r8, 0x80404508, &(0x7f0000000040)=""/33)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x8940, 0x0, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r10 = shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffb000/0x4000)=nil)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@mpls_newroute={0x24, 0x18, 0x601, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_TTL_PROPAGATE={0x4, 0x13}]}, 0x24}}, 0x0)
shmctl$SHM_LOCK(r10, 0xb)

566.018385ms ago: executing program 2 (id=2275):
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8})
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VFAT_IOCTL_READDIR_BOTH(0xffffffffffffffff, 0x82307201, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000100)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}], 0x1, 0x240080e0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000f40)=@gettaction={0x14, 0x32, 0x0, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20048800}, 0x24008080)
r1 = gettid()
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000700), 0x0)
read(r2, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x4058534c, &(0x7f00000000c0)={0x80, 0x0, {0x3}})
tkill(r1, 0x7)
rt_sigprocmask(0x1, &(0x7f0000000040)={[0x3]}, &(0x7f0000000080), 0x8)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a1800000000000000000000b7080000000000007baa00"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r2, 0x408c5333, &(0x7f0000000140)={0x9, 0xfffffffe, 0x1, 'queue0\x00', 0x92})
close_range(r0, r4, 0x2000000)

269.691641ms ago: executing program 2 (id=2276):
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x0, 0x1a}, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29")

0s ago: executing program 2 (id=2277):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$PPPIOCGFLAGS1(r1, 0x8004745a, &(0x7f0000000040))
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f0000000440)=0x1)
r2 = socket$netlink(0x10, 0x3, 0x4)
r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x42, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
pwrite64(r3, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
lseek(r3, 0x5, 0x4)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRES8=r1, @ANYRESOCT=r2, @ANYRESDEC=r2, @ANYRES16=r2], 0x48}, 0x1, 0x0, 0x0, 0x81}, 0x50)
close(r0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000057372408110f0010f340010203010902120001000000000904030000d08dc8e5"], 0x0)

kernel console output (not intermixed with test programs):

0x77/0x7f
[  420.284888][T11310]  ? clear_bhb_loop+0x60/0xb0
[  420.284903][T11310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.284916][T11310] RIP: 0033:0x7f675078e929
[  420.284928][T11310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.284939][T11310] RSP: 002b:00007f6751520038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  420.284953][T11310] RAX: fffffffffffffe00 RBX: 00007f67509b6160 RCX: 00007f675078e929
[  420.284979][T11310] RDX: fffffffffffffd0b RSI: 0000200000000080 RDI: 0000000000000003
[  420.284989][T11310] RBP: 00007f6751520090 R08: 0000000000000000 R09: fffffffffffffd25
[  420.284998][T11310] R10: 0000000000000720 R11: 0000000000000246 R12: 0000000000000001
[  420.285006][T11310] R13: 0000000000000001 R14: 00007f67509b6160 R15: 00007f6750adfa28
[  420.285026][T11310]  </TASK>
[  420.920816][T11324] FAULT_INJECTION: forcing a failure.
[  420.920816][T11324] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  420.962079][T11324] CPU: 0 UID: 0 PID: 11324 Comm: syz.3.1767 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  420.962115][T11324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  420.962127][T11324] Call Trace:
[  420.962134][T11324]  <TASK>
[  420.962143][T11324]  dump_stack_lvl+0x189/0x250
[  420.962176][T11324]  ? __pfx____ratelimit+0x10/0x10
[  420.962204][T11324]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.962233][T11324]  ? __pfx__printk+0x10/0x10
[  420.962254][T11324]  ? __might_fault+0xb0/0x130
[  420.962281][T11324]  should_fail_ex+0x414/0x560
[  420.962311][T11324]  _copy_from_user+0x2d/0xb0
[  420.962331][T11324]  ___sys_sendmsg+0x158/0x2a0
[  420.962358][T11324]  ? __pfx____sys_sendmsg+0x10/0x10
[  420.962415][T11324]  ? __fget_files+0x2a/0x420
[  420.962435][T11324]  ? __fget_files+0x3a0/0x420
[  420.962464][T11324]  __x64_sys_sendmsg+0x19b/0x260
[  420.962491][T11324]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  420.962524][T11324]  ? __pfx_ksys_write+0x10/0x10
[  420.962539][T11324]  ? rcu_is_watching+0x15/0xb0
[  420.962573][T11324]  ? do_syscall_64+0xbe/0x3b0
[  420.962594][T11324]  do_syscall_64+0xfa/0x3b0
[  420.962610][T11324]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.962638][T11324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.962656][T11324]  ? clear_bhb_loop+0x60/0xb0
[  420.962678][T11324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.962696][T11324] RIP: 0033:0x7f1e2518e929
[  420.962713][T11324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.962730][T11324] RSP: 002b:00007f1e25fc4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  420.962749][T11324] RAX: ffffffffffffffda RBX: 00007f1e253b5fa0 RCX: 00007f1e2518e929
[  420.962763][T11324] RDX: 0000000000040880 RSI: 0000200000000000 RDI: 0000000000000004
[  420.962775][T11324] RBP: 00007f1e25fc4090 R08: 0000000000000000 R09: 0000000000000000
[  420.962787][T11324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.962798][T11324] R13: 0000000000000000 R14: 00007f1e253b5fa0 R15: 00007f1e254dfa28
[  420.962825][T11324]  </TASK>
[  421.666948][ T5925] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  421.854064][ T5925] usb 2-1: config 0 has no interfaces?
[  421.864514][ T5925] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  421.882977][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.960510][ T5925] usb 2-1: Product: syz
[  421.973882][ T5925] usb 2-1: Manufacturer: syz
[  421.981431][ T5925] usb 2-1: SerialNumber: syz
[  422.036056][   T24] usb 5-1: USB disconnect, device number 36
[  422.105759][ T5925] usb 2-1: config 0 descriptor??
[  422.801139][T11352] FAULT_INJECTION: forcing a failure.
[  422.801139][T11352] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.816724][T11352] CPU: 0 UID: 0 PID: 11352 Comm: syz.2.1777 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  422.816745][T11352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  422.816755][T11352] Call Trace:
[  422.816761][T11352]  <TASK>
[  422.816768][T11352]  dump_stack_lvl+0x189/0x250
[  422.816796][T11352]  ? __pfx____ratelimit+0x10/0x10
[  422.816819][T11352]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.816852][T11352]  ? __pfx__printk+0x10/0x10
[  422.816874][T11352]  ? __might_fault+0xb0/0x130
[  422.816909][T11352]  should_fail_ex+0x414/0x560
[  422.816934][T11352]  _copy_from_user+0x2d/0xb0
[  422.816950][T11352]  __sys_connect+0x123/0x440
[  422.816968][T11352]  ? __fget_files+0x3a0/0x420
[  422.816986][T11352]  ? __pfx___sys_connect+0x10/0x10
[  422.817011][T11352]  ? __pfx_ksys_write+0x10/0x10
[  422.817023][T11352]  ? rcu_is_watching+0x15/0xb0
[  422.817051][T11352]  __x64_sys_connect+0x7a/0x90
[  422.817069][T11352]  do_syscall_64+0xfa/0x3b0
[  422.817082][T11352]  ? lockdep_hardirqs_on+0x9c/0x150
[  422.817104][T11352]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.817119][T11352]  ? clear_bhb_loop+0x60/0xb0
[  422.817138][T11352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.817153][T11352] RIP: 0033:0x7f675078e929
[  422.817184][T11352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.817198][T11352] RSP: 002b:00007f6751562038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  422.817214][T11352] RAX: ffffffffffffffda RBX: 00007f67509b5fa0 RCX: 00007f675078e929
[  422.817225][T11352] RDX: 000000000000001e RSI: 00002000000016c0 RDI: 0000000000000003
[  422.817235][T11352] RBP: 00007f6751562090 R08: 0000000000000000 R09: 0000000000000000
[  422.817244][T11352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.817253][T11352] R13: 0000000000000000 R14: 00007f67509b5fa0 R15: 00007f6750adfa28
[  422.817275][T11352]  </TASK>
[  425.020022][   T10] usb 2-1: USB disconnect, device number 31
[  425.575894][T11386] FAULT_INJECTION: forcing a failure.
[  425.575894][T11386] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.636954][T11386] CPU: 0 UID: 0 PID: 11386 Comm: syz.4.1784 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  425.636984][T11386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  425.636995][T11386] Call Trace:
[  425.637003][T11386]  <TASK>
[  425.637012][T11386]  dump_stack_lvl+0x189/0x250
[  425.637047][T11386]  ? __pfx____ratelimit+0x10/0x10
[  425.637078][T11386]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.637109][T11386]  ? __pfx__printk+0x10/0x10
[  425.637144][T11386]  should_fail_ex+0x414/0x560
[  425.637193][T11386]  _copy_to_user+0x31/0xb0
[  425.637217][T11386]  simple_read_from_buffer+0xe1/0x170
[  425.637244][T11386]  proc_fail_nth_read+0x1df/0x250
[  425.637272][T11386]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  425.637301][T11386]  ? rw_verify_area+0x258/0x650
[  425.637332][T11386]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  425.637358][T11386]  vfs_read+0x1fd/0x980
[  425.637396][T11386]  ? __pfx___mutex_lock+0x10/0x10
[  425.637417][T11386]  ? __pfx_vfs_read+0x10/0x10
[  425.637450][T11386]  ? __fget_files+0x2a/0x420
[  425.637478][T11386]  ? __fget_files+0x3a0/0x420
[  425.637499][T11386]  ? __fget_files+0x2a/0x420
[  425.637531][T11386]  ksys_read+0x145/0x250
[  425.637553][T11386]  ? __pfx_ksys_read+0x10/0x10
[  425.637582][T11386]  ? rcu_is_watching+0x15/0xb0
[  425.637620][T11386]  ? do_syscall_64+0xbe/0x3b0
[  425.637645][T11386]  do_syscall_64+0xfa/0x3b0
[  425.637662][T11386]  ? lockdep_hardirqs_on+0x9c/0x150
[  425.637690][T11386]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.637708][T11386]  ? clear_bhb_loop+0x60/0xb0
[  425.637734][T11386]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.637755][T11386] RIP: 0033:0x7f256c98d33c
[  425.637775][T11386] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  425.637803][T11386] RSP: 002b:00007f256d88e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  425.637826][T11386] RAX: ffffffffffffffda RBX: 00007f256cbb5fa0 RCX: 00007f256c98d33c
[  425.637841][T11386] RDX: 000000000000000f RSI: 00007f256d88e0a0 RDI: 0000000000000004
[  425.637854][T11386] RBP: 00007f256d88e090 R08: 0000000000000000 R09: 0000000000000000
[  425.637867][T11386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.637878][T11386] R13: 0000000000000000 R14: 00007f256cbb5fa0 R15: 00007f256ccdfa28
[  425.637911][T11386]  </TASK>
[  427.062126][T11413] FAULT_INJECTION: forcing a failure.
[  427.062126][T11413] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  427.076279][T11413] CPU: 0 UID: 0 PID: 11413 Comm: syz.1.1791 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  427.076299][T11413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  427.076319][T11413] Call Trace:
[  427.076325][T11413]  <TASK>
[  427.076331][T11413]  dump_stack_lvl+0x189/0x250
[  427.076376][T11413]  ? __pfx____ratelimit+0x10/0x10
[  427.076401][T11413]  ? __pfx_dump_stack_lvl+0x10/0x10
[  427.076425][T11413]  ? __pfx__printk+0x10/0x10
[  427.076441][T11413]  ? __might_fault+0xb0/0x130
[  427.076464][T11413]  should_fail_ex+0x414/0x560
[  427.076489][T11413]  _copy_from_user+0x2d/0xb0
[  427.076506][T11413]  ___sys_sendmsg+0x158/0x2a0
[  427.076529][T11413]  ? __pfx____sys_sendmsg+0x10/0x10
[  427.076574][T11413]  ? __fget_files+0x2a/0x420
[  427.076591][T11413]  ? __fget_files+0x3a0/0x420
[  427.076616][T11413]  __x64_sys_sendmsg+0x19b/0x260
[  427.076638][T11413]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  427.076665][T11413]  ? __pfx_ksys_write+0x10/0x10
[  427.076680][T11413]  ? rcu_is_watching+0x15/0xb0
[  427.076709][T11413]  ? do_syscall_64+0xbe/0x3b0
[  427.076726][T11413]  do_syscall_64+0xfa/0x3b0
[  427.076745][T11413]  ? lockdep_hardirqs_on+0x9c/0x150
[  427.076768][T11413]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.076783][T11413]  ? clear_bhb_loop+0x60/0xb0
[  427.076801][T11413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.076819][T11413] RIP: 0033:0x7f5860b8e929
[  427.076833][T11413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  427.076853][T11413] RSP: 002b:00007f5861a11038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  427.076875][T11413] RAX: ffffffffffffffda RBX: 00007f5860db5fa0 RCX: 00007f5860b8e929
[  427.076890][T11413] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  427.076903][T11413] RBP: 00007f5861a11090 R08: 0000000000000000 R09: 0000000000000000
[  427.076916][T11413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.076927][T11413] R13: 0000000000000000 R14: 00007f5860db5fa0 R15: 00007f5860edfa28
[  427.076960][T11413]  </TASK>
[  427.284889][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.647993][T11420] FAULT_INJECTION: forcing a failure.
[  427.647993][T11420] name failslab, interval 1, probability 0, space 0, times 0
[  427.695534][T11420] CPU: 0 UID: 0 PID: 11420 Comm: syz.1.1794 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  427.695568][T11420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  427.695581][T11420] Call Trace:
[  427.695589][T11420]  <TASK>
[  427.695598][T11420]  dump_stack_lvl+0x189/0x250
[  427.695634][T11420]  ? __pfx____ratelimit+0x10/0x10
[  427.695664][T11420]  ? __pfx_dump_stack_lvl+0x10/0x10
[  427.695702][T11420]  ? __pfx__printk+0x10/0x10
[  427.695729][T11420]  ? __pfx___might_resched+0x10/0x10
[  427.695758][T11420]  ? fs_reclaim_acquire+0x7d/0x100
[  427.695785][T11420]  should_fail_ex+0x414/0x560
[  427.695815][T11420]  should_failslab+0xa8/0x100
[  427.695840][T11420]  __kmalloc_noprof+0xcb/0x4f0
[  427.695859][T11420]  ? kfree+0x4d/0x440
[  427.695889][T11420]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  427.695921][T11420]  tomoyo_realpath_from_path+0xe3/0x5d0
[  427.695945][T11420]  ? tomoyo_domain+0xd9/0x130
[  427.695972][T11420]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  427.695990][T11420]  tomoyo_path_number_perm+0x1e8/0x5a0
[  427.696011][T11420]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  427.696042][T11420]  ? __lock_acquire+0xab9/0xd20
[  427.696084][T11420]  ? __fget_files+0x2a/0x420
[  427.696108][T11420]  ? __fget_files+0x2a/0x420
[  427.696124][T11420]  ? __fget_files+0x3a0/0x420
[  427.696140][T11420]  ? __fget_files+0x2a/0x420
[  427.696160][T11420]  security_file_ioctl+0xcb/0x2d0
[  427.696179][T11420]  __se_sys_ioctl+0x47/0x170
[  427.696204][T11420]  do_syscall_64+0xfa/0x3b0
[  427.696218][T11420]  ? lockdep_hardirqs_on+0x9c/0x150
[  427.696241][T11420]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.696257][T11420]  ? clear_bhb_loop+0x60/0xb0
[  427.696287][T11420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.696302][T11420] RIP: 0033:0x7f5860b8e929
[  427.696316][T11420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  427.696329][T11420] RSP: 002b:00007f5861a11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  427.696346][T11420] RAX: ffffffffffffffda RBX: 00007f5860db5fa0 RCX: 00007f5860b8e929
[  427.696358][T11420] RDX: 0000200000000080 RSI: 00000000000007b1 RDI: 0000000000000003
[  427.696368][T11420] RBP: 00007f5861a11090 R08: 0000000000000000 R09: 0000000000000000
[  427.696377][T11420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.696386][T11420] R13: 0000000000000000 R14: 00007f5860db5fa0 R15: 00007f5860edfa28
[  427.696409][T11420]  </TASK>
[  427.940895][    C0] vkms_vblank_simulate: vblank timer overrun
[  427.957042][T11420] ERROR: Out of memory at tomoyo_realpath_from_path.
[  428.230387][   T24] IPVS: starting estimator thread 0...
[  428.367573][T11426] IPVS: using max 26 ests per chain, 62400 per kthread
[  429.732837][ T5900] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  430.274517][ T5925] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  430.305309][T11462] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1802'.
[  430.386966][ T5900] usb 2-1: device descriptor read/64, error -71
[  430.472676][ T5925] usb 4-1: Using ep0 maxpacket: 8
[  430.677875][ T5900] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  430.730822][   T30] audit: type=1326 audit(1749863120.321:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11459 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  430.793010][   T30] audit: type=1326 audit(1749863120.321:3287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11459 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  430.815467][    C0] vkms_vblank_simulate: vblank timer overrun
[  430.822671][ T5900] usb 2-1: device descriptor read/64, error -71
[  430.824181][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  430.853882][   T30] audit: type=1326 audit(1749863120.321:3288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11459 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  430.905009][   T30] audit: type=1326 audit(1749863120.321:3289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11459 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  430.938622][ T5900] usb usb2-port1: attempt power cycle
[  430.972032][   T30] audit: type=1326 audit(1749863120.321:3290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11459 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  430.994508][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.022021][   T30] audit: type=1326 audit(1749863120.331:3291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11459 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  431.026929][ T5925] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  431.044689][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.057033][   T30] audit: type=1326 audit(1749863120.331:3292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11459 comm="syz.2.1802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  431.082427][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.307036][ T5900] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  431.337559][ T5900] usb 2-1: device descriptor read/8, error -71
[  431.362699][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.443319][ T5925] usb 4-1: config 0 descriptor??
[  431.577101][ T5900] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  431.597882][ T5900] usb 2-1: device descriptor read/8, error -71
[  431.700746][T11455] FAULT_INJECTION: forcing a failure.
[  431.700746][T11455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.707484][ T5900] usb usb2-port1: unable to enumerate USB device
[  431.753693][T11455] CPU: 1 UID: 0 PID: 11455 Comm: syz.3.1803 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  431.753721][T11455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  431.753733][T11455] Call Trace:
[  431.753741][T11455]  <TASK>
[  431.753749][T11455]  dump_stack_lvl+0x189/0x250
[  431.753781][T11455]  ? __pfx____ratelimit+0x10/0x10
[  431.753809][T11455]  ? __pfx_dump_stack_lvl+0x10/0x10
[  431.753837][T11455]  ? __pfx__printk+0x10/0x10
[  431.753869][T11455]  should_fail_ex+0x414/0x560
[  431.753899][T11455]  _copy_to_user+0x31/0xb0
[  431.753921][T11455]  simple_read_from_buffer+0xe1/0x170
[  431.753946][T11455]  proc_fail_nth_read+0x1df/0x250
[  431.753972][T11455]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  431.753998][T11455]  ? rw_verify_area+0x258/0x650
[  431.754026][T11455]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  431.754050][T11455]  vfs_read+0x1fd/0x980
[  431.754083][T11455]  ? __pfx___mutex_lock+0x10/0x10
[  431.754103][T11455]  ? __pfx_vfs_read+0x10/0x10
[  431.754149][T11455]  ? __fget_files+0x2a/0x420
[  431.754176][T11455]  ? __fget_files+0x3a0/0x420
[  431.754197][T11455]  ? __fget_files+0x2a/0x420
[  431.754228][T11455]  ksys_read+0x145/0x250
[  431.754248][T11455]  ? __pfx_ksys_read+0x10/0x10
[  431.754275][T11455]  ? rcu_is_watching+0x15/0xb0
[  431.754312][T11455]  ? do_syscall_64+0xbe/0x3b0
[  431.754335][T11455]  do_syscall_64+0xfa/0x3b0
[  431.754355][T11455]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.754373][T11455]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  431.754401][T11455]  ? clear_bhb_loop+0x60/0xb0
[  431.754425][T11455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.754445][T11455] RIP: 0033:0x7f1e2518d33c
[  431.754474][T11455] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  431.754490][T11455] RSP: 002b:00007f1e25fc4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  431.754509][T11455] RAX: ffffffffffffffda RBX: 00007f1e253b5fa0 RCX: 00007f1e2518d33c
[  431.754523][T11455] RDX: 000000000000000f RSI: 00007f1e25fc40a0 RDI: 0000000000000004
[  431.754534][T11455] RBP: 00007f1e25fc4090 R08: 0000000000000000 R09: 0000000000000000
[  431.754546][T11455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  431.754556][T11455] R13: 0000000000000000 R14: 00007f1e253b5fa0 R15: 00007f1e254dfa28
[  431.754585][T11455]  </TASK>
[  432.164861][ T5925] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  432.180142][ T5925] usb 4-1: USB disconnect, device number 34
[  432.897049][ T5900] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  433.128002][ T5900] usb 5-1: config 0 has no interfaces?
[  433.165266][ T5900] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  433.179754][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.209669][ T5900] usb 5-1: Product: syz
[  433.232625][ T5900] usb 5-1: Manufacturer: syz
[  433.256369][ T5900] usb 5-1: SerialNumber: syz
[  433.300903][ T5900] usb 5-1: config 0 descriptor??
[  433.392427][T11499] FAULT_INJECTION: forcing a failure.
[  433.392427][T11499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  433.470808][T11499] CPU: 0 UID: 0 PID: 11499 Comm: syz.3.1813 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  433.470829][T11499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  433.470837][T11499] Call Trace:
[  433.470843][T11499]  <TASK>
[  433.470848][T11499]  dump_stack_lvl+0x189/0x250
[  433.470873][T11499]  ? __pfx____ratelimit+0x10/0x10
[  433.470894][T11499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  433.470924][T11499]  ? __pfx__printk+0x10/0x10
[  433.470945][T11499]  ? __might_fault+0xb0/0x130
[  433.470973][T11499]  should_fail_ex+0x414/0x560
[  433.471002][T11499]  _copy_from_user+0x2d/0xb0
[  433.471022][T11499]  eventfd_write+0xdd/0x5c0
[  433.471045][T11499]  ? __pfx_eventfd_write+0x10/0x10
[  433.471064][T11499]  ? rcu_read_lock_any_held+0xb3/0x120
[  433.471078][T11499]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  433.471097][T11499]  ? __pfx_eventfd_write+0x10/0x10
[  433.471116][T11499]  vfs_write+0x27b/0xa90
[  433.471142][T11499]  ? __pfx_vfs_write+0x10/0x10
[  433.471164][T11499]  ? __fget_files+0x2a/0x420
[  433.471180][T11499]  ? __fget_files+0x2a/0x420
[  433.471194][T11499]  ? __fget_files+0x3a0/0x420
[  433.471207][T11499]  ? __fget_files+0x2a/0x420
[  433.471227][T11499]  ksys_write+0x145/0x250
[  433.471241][T11499]  ? __pfx_ksys_write+0x10/0x10
[  433.471251][T11499]  ? rcu_is_watching+0x15/0xb0
[  433.471275][T11499]  ? do_syscall_64+0xbe/0x3b0
[  433.471296][T11499]  do_syscall_64+0xfa/0x3b0
[  433.471308][T11499]  ? lockdep_hardirqs_on+0x9c/0x150
[  433.471328][T11499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.471340][T11499]  ? clear_bhb_loop+0x60/0xb0
[  433.471356][T11499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.471369][T11499] RIP: 0033:0x7f1e2518e929
[  433.471381][T11499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  433.471392][T11499] RSP: 002b:00007f1e25fc4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  433.471406][T11499] RAX: ffffffffffffffda RBX: 00007f1e253b5fa0 RCX: 00007f1e2518e929
[  433.471416][T11499] RDX: 0000000000000008 RSI: 0000200000000040 RDI: 0000000000000005
[  433.471424][T11499] RBP: 00007f1e25fc4090 R08: 0000000000000000 R09: 0000000000000000
[  433.471432][T11499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.471439][T11499] R13: 0000000000000000 R14: 00007f1e253b5fa0 R15: 00007f1e254dfa28
[  433.471458][T11499]  </TASK>
[  434.488547][T11507] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1815'.
[  434.639524][   T30] audit: type=1326 audit(1749863124.471:3293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  434.769807][   T30] audit: type=1326 audit(1749863124.471:3294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  434.996147][   T30] audit: type=1326 audit(1749863124.481:3295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.3.1815" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  435.068599][T11513] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1816'.
[  435.863026][   T10] usb 5-1: USB disconnect, device number 37
[  436.486961][ T5900] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  436.669254][ T5900] usb 2-1: Using ep0 maxpacket: 32
[  436.966511][ T5900] usb 2-1: config index 0 descriptor too short (expected 65298, got 18)
[  437.143311][ T5900] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  437.327802][ T5900] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  437.453432][T11544] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1824'.
[  437.552675][ T5900] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  437.599952][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.606992][ T5925] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  437.609658][ T5900] usb 2-1: Product: syz
[  437.643246][ T5900] usb 2-1: Manufacturer: syz
[  437.652394][ T5900] usb 2-1: SerialNumber: syz
[  437.684277][ T5900] usb 2-1: config 0 descriptor??
[  437.771203][ T5925] usb 1-1: device descriptor read/64, error -71
[  437.923672][T11528] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1820'.
[  437.955806][T11528] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1820'.
[  438.067055][ T5925] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  438.110667][T11557] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1826'.
[  438.179757][   T30] kauditd_printk_skb: 33 callbacks suppressed
[  438.179769][   T30] audit: type=1326 audit(1749863128.021:3329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.3.1826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  438.208809][ T5925] usb 1-1: device descriptor read/64, error -71
[  438.286137][   T30] audit: type=1326 audit(1749863128.021:3330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.3.1826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  438.317676][ T5925] usb usb1-port1: attempt power cycle
[  438.433098][   T30] audit: type=1326 audit(1749863128.021:3331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.3.1826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  438.604500][   T30] audit: type=1326 audit(1749863128.021:3332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.3.1826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  438.639163][   T30] audit: type=1326 audit(1749863128.021:3333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.3.1826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  438.780903][ T5925] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  438.819486][ T5925] usb 1-1: device descriptor read/8, error -71
[  438.844790][   T30] audit: type=1326 audit(1749863128.021:3334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11554 comm="syz.3.1826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  439.098566][ T5925] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  439.490782][ T5925] usb 1-1: device not accepting address 56, error -71
[  439.519403][ T5925] usb usb1-port1: unable to enumerate USB device
[  439.902856][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  439.909299][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  439.923267][ T5900] usb 2-1: USB disconnect, device number 36
[  440.077114][    T9] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  440.247459][    T9] usb 1-1: Using ep0 maxpacket: 8
[  440.256417][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  440.277203][    T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  440.294949][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  440.318149][    T9] usb 1-1: config 0 descriptor??
[  440.661243][ T5925] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  440.781107][    T9] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  440.926922][ T5925] usb 2-1: Using ep0 maxpacket: 8
[  440.946682][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  440.967248][ T5900] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  441.073693][ T5925] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  441.094970][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.142829][ T5900] usb 4-1: config 0 has no interfaces?
[  441.144012][ T5925] usb 2-1: config 0 descriptor??
[  441.188445][ T5900] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  441.407538][ T5925] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1
[  441.421538][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.434232][    T9] usb 1-1: USB disconnect, device number 57
[  441.451224][ T5900] usb 4-1: Product: syz
[  441.461751][ T5900] usb 4-1: Manufacturer: syz
[  441.488694][ T5900] usb 4-1: SerialNumber: syz
[  441.503950][ T5900] usb 4-1: config 0 descriptor??
[  441.578104][T11584] FAULT_INJECTION: forcing a failure.
[  441.578104][T11584] name failslab, interval 1, probability 0, space 0, times 0
[  441.591307][T11584] CPU: 0 UID: 0 PID: 11584 Comm: syz.1.1831 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  441.591336][T11584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  441.591349][T11584] Call Trace:
[  441.591358][T11584]  <TASK>
[  441.591367][T11584]  dump_stack_lvl+0x189/0x250
[  441.591405][T11584]  ? __pfx____ratelimit+0x10/0x10
[  441.591439][T11584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.591473][T11584]  ? __pfx__printk+0x10/0x10
[  441.591502][T11584]  ? __pfx___might_resched+0x10/0x10
[  441.591545][T11584]  ? fs_reclaim_acquire+0x7d/0x100
[  441.591573][T11584]  should_fail_ex+0x414/0x560
[  441.591604][T11584]  should_failslab+0xa8/0x100
[  441.591627][T11584]  kmem_cache_alloc_noprof+0x73/0x3c0
[  441.591658][T11584]  ? getname_flags+0xb8/0x540
[  441.591685][T11584]  getname_flags+0xb8/0x540
[  441.591712][T11584]  do_sys_openat2+0xbc/0x1c0
[  441.591756][T11584]  ? __pfx_do_sys_openat2+0x10/0x10
[  441.591789][T11584]  ? ksys_write+0x22a/0x250
[  441.591809][T11584]  ? __pfx_ksys_write+0x10/0x10
[  441.591825][T11584]  ? rcu_is_watching+0x15/0xb0
[  441.591859][T11584]  __x64_sys_openat+0x138/0x170
[  441.591890][T11584]  do_syscall_64+0xfa/0x3b0
[  441.591910][T11584]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.591929][T11584]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  441.591949][T11584]  ? clear_bhb_loop+0x60/0xb0
[  441.591973][T11584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.591991][T11584] RIP: 0033:0x7f5860b8d290
[  441.592011][T11584] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  441.592028][T11584] RSP: 002b:00007f5861a10b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  441.592048][T11584] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5860b8d290
[  441.592061][T11584] RDX: 0000000000000002 RSI: 00007f5861a10c10 RDI: 00000000ffffff9c
[  441.592075][T11584] RBP: 00007f5861a10c10 R08: 0000000000000000 R09: 00007f5861a10987
[  441.592088][T11584] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  441.592100][T11584] R13: 0000000000000000 R14: 00007f5860db5fa0 R15: 00007f5860edfa28
[  441.592130][T11584]  </TASK>
[  442.053958][ T5925] usb 2-1: USB disconnect, device number 37
[  443.777141][ T5925] usb 4-1: USB disconnect, device number 35
[  444.372807][T11632] program syz.1.1842 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  444.373113][T11632] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  445.205401][T11651] netlink: 27 bytes leftover after parsing attributes in process `syz.3.1850'.
[  445.252756][T11651] FAULT_INJECTION: forcing a failure.
[  445.252756][T11651] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  445.270130][T11651] CPU: 0 UID: 0 PID: 11651 Comm: syz.3.1850 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  445.270161][T11651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  445.270169][T11651] Call Trace:
[  445.270175][T11651]  <TASK>
[  445.270181][T11651]  dump_stack_lvl+0x189/0x250
[  445.270206][T11651]  ? __pfx____ratelimit+0x10/0x10
[  445.270227][T11651]  ? __pfx_dump_stack_lvl+0x10/0x10
[  445.270248][T11651]  ? __pfx__printk+0x10/0x10
[  445.270270][T11651]  should_fail_ex+0x414/0x560
[  445.270291][T11651]  _copy_to_user+0x31/0xb0
[  445.270307][T11651]  simple_read_from_buffer+0xe1/0x170
[  445.270324][T11651]  proc_fail_nth_read+0x1df/0x250
[  445.270343][T11651]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  445.270361][T11651]  ? rw_verify_area+0x258/0x650
[  445.270380][T11651]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  445.270397][T11651]  vfs_read+0x1fd/0x980
[  445.270420][T11651]  ? __pfx___mutex_lock+0x10/0x10
[  445.270433][T11651]  ? __pfx_vfs_read+0x10/0x10
[  445.270454][T11651]  ? __fget_files+0x2a/0x420
[  445.270471][T11651]  ? __fget_files+0x3a0/0x420
[  445.270485][T11651]  ? __fget_files+0x2a/0x420
[  445.270523][T11651]  ksys_read+0x145/0x250
[  445.270536][T11651]  ? __pfx_ksys_read+0x10/0x10
[  445.270561][T11651]  ? rcu_is_watching+0x15/0xb0
[  445.270586][T11651]  ? do_syscall_64+0xbe/0x3b0
[  445.270602][T11651]  do_syscall_64+0xfa/0x3b0
[  445.270614][T11651]  ? lockdep_hardirqs_on+0x9c/0x150
[  445.270635][T11651]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.270649][T11651]  ? clear_bhb_loop+0x60/0xb0
[  445.270665][T11651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.270679][T11651] RIP: 0033:0x7f1e2518d33c
[  445.270690][T11651] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  445.270703][T11651] RSP: 002b:00007f1e25fc4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  445.270718][T11651] RAX: ffffffffffffffda RBX: 00007f1e253b5fa0 RCX: 00007f1e2518d33c
[  445.270728][T11651] RDX: 000000000000000f RSI: 00007f1e25fc40a0 RDI: 0000000000000004
[  445.270737][T11651] RBP: 00007f1e25fc4090 R08: 0000000000000000 R09: 4b6ae4f95a5de35b
[  445.270746][T11651] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  445.270754][T11651] R13: 0000000000000000 R14: 00007f1e253b5fa0 R15: 00007f1e254dfa28
[  445.270775][T11651]  </TASK>
[  445.791441][T11664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1853'.
[  445.802785][T11664] openvswitch: netlink: nsh attribute has 65520 unknown bytes.
[  445.810691][T11664] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  446.017162][ T5925] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  446.207853][ T5925] usb 5-1: config 0 has no interfaces?
[  446.224430][ T5925] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  446.274769][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.305062][ T5925] usb 5-1: Product: syz
[  446.343422][ T5925] usb 5-1: Manufacturer: syz
[  446.370926][ T5925] usb 5-1: SerialNumber: syz
[  446.593566][ T5925] usb 5-1: config 0 descriptor??
[  447.616948][   T10] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  447.849205][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  447.882243][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  448.029035][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  448.062476][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  448.081558][   T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  448.100119][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.134648][   T10] usb 2-1: config 0 descriptor??
[  448.437421][    T9] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  448.743066][T11679] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  448.917033][    T9] usb 1-1: Using ep0 maxpacket: 32
[  448.928833][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  448.939161][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  449.073518][    T9] usb 1-1: New USB device found, idVendor=ae6f, idProduct=79f4, bcdDevice=8f.99
[  449.092668][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.162375][ T5900] usb 5-1: USB disconnect, device number 38
[  449.183525][   T10] plantronics 0003:047F:FFFF.0015: reserved main item tag 0xd
[  449.246742][    T9] usb 1-1: Product: syz
[  449.260981][   T10] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving
[  449.279483][    T9] usb 1-1: Manufacturer: syz
[  449.285156][    T9] usb 1-1: SerialNumber: syz
[  449.314845][    T9] usb 1-1: config 0 descriptor??
[  449.325281][   T10] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  449.475680][T11691] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1861'.
[  449.484788][ T5925] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  449.610279][T11684] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  449.634162][T11684] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  449.697525][ T5925] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  449.707601][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.717495][ T5925] usb 4-1: Product: syz
[  449.721729][ T5925] usb 4-1: Manufacturer: syz
[  449.726440][ T5925] usb 4-1: SerialNumber: syz
[  449.750475][T11691] bridge0: port 3(syz_tun) entered blocking state
[  449.763237][T11691] bridge0: port 3(syz_tun) entered disabled state
[  449.772514][ T5925] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  449.787846][T11691] syz_tun: entered allmulticast mode
[  449.800989][T11695] futex_wake_op: syz.4.1861 tries to shift op by 32; fix this program
[  449.810661][T11691] syz_tun: entered promiscuous mode
[  449.822594][T11691] bridge0: port 3(syz_tun) entered blocking state
[  449.829351][T11691] bridge0: port 3(syz_tun) entered forwarding state
[  449.830588][ T5921] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  450.053166][   T10] usb 4-1: USB disconnect, device number 36
[  450.597379][    T9] usb 2-1: reset high-speed USB device number 38 using dummy_hcd
[  450.982110][T11717] netlink: 'syz.4.1870': attribute type 21 has an invalid length.
[  450.994935][T11717] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1870'.
[  451.005937][T11717] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1870'.
[  451.019387][ T5921] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  451.028616][ T5921] ath9k_htc: Failed to initialize the device
[  451.039764][   T10] usb 4-1: ath9k_htc: USB layer deinitialized
[  451.224212][T11722] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1872'.
[  451.356946][   T10] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  451.517638][   T10] usb 4-1: Using ep0 maxpacket: 16
[  451.527210][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  451.683070][ T5900] usb 2-1: USB disconnect, device number 38
[  451.779594][ T5925] usb 1-1: USB disconnect, device number 58
[  451.935390][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  452.003444][   T10] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  452.020852][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.031339][   T10] usb 4-1: Product: syz
[  452.035682][   T10] usb 4-1: Manufacturer: syz
[  452.070820][   T10] usb 4-1: SerialNumber: syz
[  452.278017][   T10] usb 4-1: config 0 descriptor??
[  452.335593][   T10] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  452.363828][   T10] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  452.955653][   T10] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  453.013160][   T10] em28xx 4-1:0.0: Config register raw data: 0x6c
[  453.065481][   T10] em28xx 4-1:0.0: I2S Audio (1 sample rate(s))
[  453.112003][   T10] em28xx 4-1:0.0: No AC97 audio processor
[  453.615794][   T10] usb 4-1: USB disconnect, device number 37
[  453.768463][T11769] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1884'.
[  453.777550][ T5900] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  453.986985][ T5900] usb 5-1: Using ep0 maxpacket: 16
[  454.044215][ T5900] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  454.089780][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  454.089810][ T5900] usb 5-1: Product: syz
[  454.089828][ T5900] usb 5-1: Manufacturer: syz
[  454.089844][ T5900] usb 5-1: SerialNumber: syz
[  454.093226][ T5900] usb 5-1: config 0 descriptor??
[  454.418711][T11765] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  455.857006][   T10] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  456.019635][   T10] usb 3-1: New USB device found, idVendor=05a4, idProduct=0290, bcdDevice=dc.1b
[  456.029832][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.080573][   T10] usb 3-1: config 0 descriptor??
[  456.115733][   T10] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  456.356527][T11781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.394560][T11781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.883413][ T5921] usb 5-1: USB disconnect, device number 39
[  457.062633][T11794] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1893'.
[  457.626132][T11809] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  457.906947][ T5921] usb 1-1: new full-speed USB device number 59 using dummy_hcd
[  458.059859][ T5921] usb 1-1: unable to get BOS descriptor or descriptor too short
[  458.068326][ T5921] usb 1-1: not running at top speed; connect to a high speed hub
[  458.079207][ T5921] usb 1-1: config 219 has an invalid interface number: 147 but max is 1
[  458.107000][ T5921] usb 1-1: config 219 has an invalid interface number: 147 but max is 1
[  458.115381][ T5921] usb 1-1: config 219 has 1 interface, different from the descriptor's value: 2
[  458.170623][ T5921] usb 1-1: config 219 has no interface number 0
[  458.184022][ T5921] usb 1-1: config 219 interface 147 has no altsetting 0
[  458.206092][ T5921] usb 1-1: config 219 interface 147 has no altsetting 1
[  458.231137][ T5921] usb 1-1: New USB device found, idVendor=07b0, idProduct=0006, bcdDevice=9e.d4
[  458.240623][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.260334][ T5921] usb 1-1: Product: syz
[  458.270600][ T5921] usb 1-1: Manufacturer: syz
[  458.286170][ T5921] usb 1-1: SerialNumber: syz
[  458.501639][T11812] blktrace: Concurrent blktraces are not allowed on sg0
[  458.522396][T11812] FAULT_INJECTION: forcing a failure.
[  458.522396][T11812] name failslab, interval 1, probability 0, space 0, times 0
[  458.590693][ T5900] usb 3-1: USB disconnect, device number 39
[  458.614040][ T5921] HFC-S_USB 1-1:219.147: probe with driver HFC-S_USB failed with error -5
[  458.648616][T11812] CPU: 0 UID: 0 PID: 11812 Comm: syz.4.1897 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  458.648641][T11812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  458.648652][T11812] Call Trace:
[  458.648660][T11812]  <TASK>
[  458.648668][T11812]  dump_stack_lvl+0x189/0x250
[  458.648703][T11812]  ? __pfx____ratelimit+0x10/0x10
[  458.648731][T11812]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.648760][T11812]  ? __pfx__printk+0x10/0x10
[  458.648785][T11812]  ? __pfx___might_resched+0x10/0x10
[  458.648812][T11812]  ? fs_reclaim_acquire+0x7d/0x100
[  458.648839][T11812]  should_fail_ex+0x414/0x560
[  458.648869][T11812]  should_failslab+0xa8/0x100
[  458.648890][T11812]  __kmalloc_noprof+0xcb/0x4f0
[  458.648906][T11812]  ? kfree+0x4d/0x440
[  458.648931][T11812]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  458.648963][T11812]  tomoyo_realpath_from_path+0xe3/0x5d0
[  458.648992][T11812]  ? tomoyo_domain+0xd9/0x130
[  458.649025][T11812]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  458.649047][T11812]  tomoyo_path_number_perm+0x1e8/0x5a0
[  458.649072][T11812]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  458.649110][T11812]  ? __lock_acquire+0xab9/0xd20
[  458.649154][T11812]  ? __fget_files+0x2a/0x420
[  458.649177][T11812]  ? __fget_files+0x2a/0x420
[  458.649196][T11812]  ? __fget_files+0x3a0/0x420
[  458.649216][T11812]  ? __fget_files+0x2a/0x420
[  458.649240][T11812]  security_file_ioctl+0xcb/0x2d0
[  458.649263][T11812]  __se_sys_ioctl+0x47/0x170
[  458.649293][T11812]  do_syscall_64+0xfa/0x3b0
[  458.649309][T11812]  ? lockdep_hardirqs_on+0x9c/0x150
[  458.649337][T11812]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.649355][T11812]  ? clear_bhb_loop+0x60/0xb0
[  458.649378][T11812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.649395][T11812] RIP: 0033:0x7f256c98e929
[  458.649412][T11812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  458.649444][T11812] RSP: 002b:00007f256d88e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  458.649464][T11812] RAX: ffffffffffffffda RBX: 00007f256cbb5fa0 RCX: 00007f256c98e929
[  458.649477][T11812] RDX: 0000000000000000 RSI: 0000000000001274 RDI: 0000000000000006
[  458.649489][T11812] RBP: 00007f256d88e090 R08: 0000000000000000 R09: 0000000000000000
[  458.649500][T11812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  458.649511][T11812] R13: 0000000000000000 R14: 00007f256cbb5fa0 R15: 00007f256ccdfa28
[  458.649539][T11812]  </TASK>
[  458.649547][T11812] ERROR: Out of memory at tomoyo_realpath_from_path.
[  458.669243][ T5921] usb 1-1: USB disconnect, device number 59
[  460.146962][ T5921] usb 5-1: new low-speed USB device number 40 using dummy_hcd
[  460.547042][ T5921] usb 5-1: Invalid ep0 maxpacket: 32
[  460.611344][T11841] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1906'.
[  460.696943][ T5921] usb 5-1: new low-speed USB device number 41 using dummy_hcd
[  460.816995][ T5900] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  460.892646][ T5921] usb 5-1: Invalid ep0 maxpacket: 32
[  460.916161][ T5921] usb usb5-port1: attempt power cycle
[  460.977053][ T5900] usb 4-1: Using ep0 maxpacket: 16
[  461.064930][ T5900] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  461.074385][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  461.083033][ T5900] usb 4-1: Product: syz
[  461.092518][ T5900] usb 4-1: Manufacturer: syz
[  461.111849][ T5900] usb 4-1: SerialNumber: syz
[  461.139439][ T5900] usb 4-1: config 0 descriptor??
[  461.456987][ T5921] usb 5-1: new low-speed USB device number 42 using dummy_hcd
[  461.500911][ T5921] usb 5-1: Invalid ep0 maxpacket: 32
[  461.749835][ T5921] usb 5-1: new low-speed USB device number 43 using dummy_hcd
[  461.868434][ T5921] usb 5-1: Invalid ep0 maxpacket: 32
[  461.874438][ T5921] usb usb5-port1: unable to enumerate USB device
[  462.234866][T11865] overlayfs: missing 'lowerdir'
[  463.197236][ T5900] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  463.356999][ T5900] usb 2-1: Using ep0 maxpacket: 8
[  463.368478][ T5900] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  463.380920][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.400465][ T5900] usb 2-1: Product: syz
[  463.409442][ T5900] usb 2-1: Manufacturer: syz
[  463.425132][   T24] usb 4-1: USB disconnect, device number 38
[  463.437005][ T5921] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  463.451269][ T5900] usb 2-1: SerialNumber: syz
[  463.480963][ T5900] usb 2-1: config 0 descriptor??
[  463.500850][ T5900] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244)
[  463.597179][ T5921] usb 5-1: Using ep0 maxpacket: 16
[  463.609222][ T5921] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  463.618278][ T5921] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  463.629028][ T5921] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  463.655207][ T5921] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  463.738659][ T5900] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  463.769922][ T5900] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  463.773765][ T5921] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  463.792588][ T5900] usb 2-1: USB disconnect, device number 39
[  463.882233][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.953661][ T5921] usb 5-1: SerialNumber: syz
[  464.400154][ T5921] usb 5-1: 0:2 : does not exist
[  464.465773][ T5921] usb 5-1: USB disconnect, device number 44
[  464.745639][T11888] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1919'.
[  465.187847][ T5900] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  465.293648][T11899] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1924'.
[  465.319588][T11901] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1925'.
[  465.337081][T11899] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1924'.
[  465.339515][T11901] netlink: 'syz.3.1925': attribute type 5 has an invalid length.
[  465.358641][T11901] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1925'.
[  465.375939][T11901] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  465.385994][T11901] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  465.394781][ T5900] usb 1-1: Using ep0 maxpacket: 8
[  465.404642][T11901] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  465.410214][ T5900] usb 1-1: New USB device found, idVendor=0bc3, idProduct=0001, bcdDevice=11.85
[  465.413886][T11901] geneve2: entered promiscuous mode
[  465.435016][T11901] geneve2: entered allmulticast mode
[  465.451658][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.472602][ T5900] usb 1-1: Product: syz
[  465.476812][ T5900] usb 1-1: Manufacturer: syz
[  465.497476][ T5900] usb 1-1: SerialNumber: syz
[  465.504860][ T5900] usb 1-1: config 0 descriptor??
[  465.539275][ T5900] ipw 1-1:0.0: IPWireless converter converter detected
[  465.650784][T11908] overlayfs: missing 'lowerdir'
[  465.750333][ T5921] usb 1-1: USB disconnect, device number 60
[  465.773066][ T5921] ipw 1-1:0.0: device disconnected
[  466.029886][ T5900] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  466.236954][ T5900] usb 2-1: Using ep0 maxpacket: 16
[  466.251160][ T5900] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  466.260793][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  466.270853][ T5900] usb 2-1: Product: syz
[  466.275059][ T5900] usb 2-1: Manufacturer: syz
[  466.290273][ T5900] usb 2-1: SerialNumber: syz
[  466.309057][ T5900] usb 2-1: config 0 descriptor??
[  466.490865][T11919] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1930'.
[  466.959048][T11921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1931'.
[  469.062175][ T5921] usb 2-1: USB disconnect, device number 40
[  469.325975][T11950] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  469.539836][T11956] overlayfs: missing 'lowerdir'
[  469.804379][T11961] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1942'.
[  469.911461][T11965] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1938'.
[  470.968740][T11973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1947'.
[  471.005293][T11973] input: syz0 as /devices/virtual/input/input34
[  471.436049][T11988] wireguard: wg1: Could not create IPv4 socket
[  472.571678][T11999] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1954'.
[  474.184544][T12033] loop8: detected capacity change from 0 to 8
[  474.207159][ T7481] Dev loop8: unable to read RDB block 8
[  474.207237][ T7481]  loop8: unable to read partition table
[  474.207488][ T7481] loop8: partition table beyond EOD, truncated
[  474.232200][T12033] Dev loop8: unable to read RDB block 8
[  474.232246][T12033]  loop8: unable to read partition table
[  474.232450][T12033] loop8: partition table beyond EOD, truncated
[  474.232480][T12033] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– �) failed (rc=-5)
[  474.593979][T12042] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1967'.
[  474.906113][T12048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1965'.
[  474.919727][T12048] input: syz0 as /devices/virtual/input/input35
[  475.204735][T12053] overlayfs: missing 'lowerdir'
[  477.869117][T12085] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1978'.
[  478.453978][T12096] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1982'.
[  479.374382][T12113] nvme_fabrics: unknown parameter or missing value 'V' in ctrl creation request
[  479.384146][T12113] nvme_fabrics: unknown parameter or missing value '
œ	«
' in ctrl creation request
[  479.749220][T12122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1986'.
[  479.771351][T12122] input: syz0 as /devices/virtual/input/input36
[  481.146942][ T5921] psmouse serio2: Failed to reset mouse on : -5
[  481.177913][T12135] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1990'.
[  481.256714][T12135] overlayfs: missing 'lowerdir'
[  481.546914][ T5900] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  481.730586][ T5900] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  481.730636][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  481.740892][ T5900] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  481.740920][ T5900] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  481.740941][ T5900] usb 5-1: Manufacturer: syz
[  481.743994][ T5900] usb 5-1: config 0 descriptor??
[  481.877104][ T5900] rc_core: IR keymap rc-hauppauge not found
[  481.877123][ T5900] Registered IR keymap rc-empty
[  481.882439][ T5900] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  481.892384][ T5900] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input38
[  481.961494][T12156] FAULT_INJECTION: forcing a failure.
[  481.961494][T12156] name failslab, interval 1, probability 0, space 0, times 0
[  481.961559][T12156] CPU: 0 UID: 0 PID: 12156 Comm: syz.2.1998 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  481.961582][T12156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  481.961594][T12156] Call Trace:
[  481.961601][T12156]  <TASK>
[  481.961609][T12156]  dump_stack_lvl+0x189/0x250
[  481.961642][T12156]  ? __pfx____ratelimit+0x10/0x10
[  481.961674][T12156]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.961704][T12156]  ? __pfx__printk+0x10/0x10
[  481.961729][T12156]  ? __pfx___might_resched+0x10/0x10
[  481.961758][T12156]  ? fs_reclaim_acquire+0x7d/0x100
[  481.961784][T12156]  should_fail_ex+0x414/0x560
[  481.961814][T12156]  should_failslab+0xa8/0x100
[  481.961837][T12156]  __kmalloc_noprof+0xcb/0x4f0
[  481.961853][T12156]  ? kfree+0x4d/0x440
[  481.961878][T12156]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  481.961910][T12156]  tomoyo_realpath_from_path+0xe3/0x5d0
[  481.961940][T12156]  ? tomoyo_domain+0xd9/0x130
[  481.961972][T12156]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  481.961994][T12156]  tomoyo_path_number_perm+0x1e8/0x5a0
[  481.962019][T12156]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  481.962057][T12156]  ? __lock_acquire+0xab9/0xd20
[  481.962102][T12156]  ? __fget_files+0x2a/0x420
[  481.962125][T12156]  ? __fget_files+0x2a/0x420
[  481.962145][T12156]  ? __fget_files+0x3a0/0x420
[  481.962164][T12156]  ? __fget_files+0x2a/0x420
[  481.962188][T12156]  security_file_ioctl+0xcb/0x2d0
[  481.962218][T12156]  __se_sys_ioctl+0x47/0x170
[  481.962248][T12156]  do_syscall_64+0xfa/0x3b0
[  481.962264][T12156]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.962292][T12156]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.962311][T12156]  ? clear_bhb_loop+0x60/0xb0
[  481.962333][T12156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.962351][T12156] RIP: 0033:0x7f675078e929
[  481.962367][T12156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.962383][T12156] RSP: 002b:00007f6751540038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  481.962402][T12156] RAX: ffffffffffffffda RBX: 00007f67509b6080 RCX: 00007f675078e929
[  481.962415][T12156] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  481.962426][T12156] RBP: 00007f6751540090 R08: 0000000000000000 R09: 0000000000000000
[  481.962437][T12156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.962447][T12156] R13: 0000000000000001 R14: 00007f67509b6080 R15: 00007f6750adfa28
[  481.962474][T12156]  </TASK>
[  481.982099][T12156] ERROR: Out of memory at tomoyo_realpath_from_path.
[  481.989775][T12138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.990174][T12138] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.050740][    C0] igorplugusb 5-1:0.0: receive overflow invalid: 37
[  482.259563][ T5900] usb 5-1: USB disconnect, device number 45
[  482.418783][T12162] netdevsim netdevsim1: Direct firmware load for /
[  482.418783][T12162]  failed with error -2
[  482.430595][T12162] netdevsim netdevsim1: Falling back to sysfs fallback for: /
[  482.430595][T12162] 
[  482.480066][T12163] binder: 12161:12163 ioctl c0306201 2000000003c0 returned -14
[  482.819037][T12169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2001'.
[  482.846094][T12169] input: syz0 as /devices/virtual/input/input39
[  483.508687][   T24] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  483.659920][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2006'.
[  483.677175][   T24] usb 3-1: Using ep0 maxpacket: 16
[  483.717078][   T24] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  483.726235][   T24] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  483.764546][   T24] usb 3-1: Product: syz
[  483.769005][T12190] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  483.806998][   T24] usb 3-1: Manufacturer: syz
[  483.811647][   T24] usb 3-1: SerialNumber: syz
[  484.094160][   T24] usb 3-1: config 0 descriptor??
[  484.356548][T12195] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2008'.
[  484.410208][T12195] overlayfs: missing 'lowerdir'
[  484.894088][T12200] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2011'.
[  485.108523][ T5921] misc userio: Buffer overflowed, userio client isn't keeping up
[  485.155722][T12210] =======================================================
[  485.155722][T12210] WARNING: The mand mount option has been deprecated and
[  485.155722][T12210]          and is ignored by this kernel. Remove the mand
[  485.155722][T12210]          option from the mount to silence this warning.
[  485.155722][T12210] =======================================================
[  486.180469][ T5921] input: PS/2 Generic Mouse as /devices/serio2/input/input37
[  486.301850][ T5900] usb 3-1: USB disconnect, device number 40
[  486.398339][ T5921] psmouse serio2: Failed to enable mouse on 
[  486.827150][ T5921] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  486.916943][   T24] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  486.992029][ T5921] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  487.012627][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.028681][ T5921] usb 3-1: config 0 descriptor??
[  487.086989][   T24] usb 2-1: Using ep0 maxpacket: 16
[  487.112561][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  487.146881][   T24] usb 2-1: config 0 has no interfaces?
[  487.180709][   T24] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79
[  487.223666][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2019'.
[  487.263337][T12233] input: syz0 as /devices/virtual/input/input40
[  487.304052][   T24] usb 2-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[  487.343302][   T24] usb 2-1: Manufacturer: syz
[  487.397111][   T24] usb 2-1: config 0 descriptor??
[  488.406199][T12247] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2022'.
[  488.451367][T12247] overlayfs: missing 'lowerdir'
[  488.905628][ T5921] usb 3-1: Cannot set autoneg
[  488.910730][ T5921] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  488.928019][T12252] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2023'.
[  488.945806][ T5921] usb 3-1: USB disconnect, device number 41
[  489.159448][T12255] usb usb8: usbfs: process 12255 (syz.4.2024) did not claim interface 0 before use
[  489.466959][ T5900] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  489.557058][ T1212] usb 1-1: new full-speed USB device number 61 using dummy_hcd
[  489.649334][ T5900] usb 5-1: Using ep0 maxpacket: 32
[  489.656739][ T5900] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  489.706966][ T1212] usb 1-1: device descriptor read/64, error -71
[  489.925151][ T5900] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  489.978968][ T1212] usb 1-1: new full-speed USB device number 62 using dummy_hcd
[  490.018131][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.067089][ T5900] usb 5-1: Product: syz
[  490.071279][ T5900] usb 5-1: Manufacturer: syz
[  490.145408][ T5900] usb 5-1: SerialNumber: syz
[  490.163117][ T1212] usb 1-1: device descriptor read/64, error -71
[  490.171365][ T5921] usb 2-1: USB disconnect, device number 41
[  490.220495][ T5900] usb 5-1: config 0 descriptor??
[  490.330838][ T1212] usb usb1-port1: attempt power cycle
[  490.686950][ T1212] usb 1-1: new full-speed USB device number 63 using dummy_hcd
[  491.079890][ T1212] usb 1-1: device descriptor read/8, error -71
[  491.416927][ T1212] usb 1-1: new full-speed USB device number 64 using dummy_hcd
[  491.484372][ T1212] usb 1-1: device descriptor read/8, error -71
[  491.590935][ T1212] usb usb1-port1: unable to enumerate USB device
[  492.573046][T12285] program syz.0.2034 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  492.635597][ T5921] usb 5-1: USB disconnect, device number 46
[  492.726234][   T30] audit: type=1326 audit(1749863182.561:3335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12282 comm="syz.3.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  492.795463][   T30] audit: type=1326 audit(1749863182.561:3336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12282 comm="syz.3.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  492.874419][   T30] audit: type=1326 audit(1749863182.561:3337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12282 comm="syz.3.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  492.950084][   T30] audit: type=1326 audit(1749863182.561:3338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12282 comm="syz.3.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  493.147518][T12299] xt_CT: You must specify a L4 protocol and not use inversions on it
[  493.375822][   T30] audit: type=1326 audit(1749863182.561:3339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12282 comm="syz.3.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  493.535348][   T30] audit: type=1326 audit(1749863182.561:3340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12282 comm="syz.3.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  493.621855][   T30] audit: type=1400 audit(1749863182.941:3341): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=12273 comm="syz.1.2030"
[  493.695600][   T30] audit: type=1326 audit(1749863183.041:3342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12295 comm="syz.0.2038" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdf8938e929 code=0x0
[  493.776919][ T5921] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  493.946516][ T5921] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  493.972452][ T5921] usb 4-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a
[  493.983349][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  493.991705][ T5921] usb 4-1: Product: syz
[  493.995994][ T5921] usb 4-1: Manufacturer: syz
[  494.048307][ T5921] usb 4-1: SerialNumber: syz
[  494.104892][ T5921] usb 4-1: config 0 descriptor??
[  494.153005][ T5921] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state.
[  494.170672][ T5921] dvb-usb: bulk message failed: -22 (3/0)
[  494.214499][ T5921] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  494.255422][ T5921] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device)
[  494.297066][ T5921] usb 4-1: media controller created
[  494.343919][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  494.365601][T12307] dvb-usb: bulk message failed: -22 (4/0)
[  494.375571][T12307] dibusb: i2c wr: len=62 is too big!
[  494.375571][T12307] 
[  495.019035][ T5921] dvb-usb: bulk message failed: -22 (6/0)
[  495.046351][ T5921] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device'
[  495.760174][ T5921] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input41
[  495.775037][ T5921] dvb-usb: schedule remote query interval to 150 msecs.
[  495.782184][ T5921] dvb-usb: bulk message failed: -22 (3/0)
[  495.832849][ T5921] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected.
[  495.958715][ T5921] dvb-usb: bulk message failed: -22 (1/0)
[  495.968155][ T5921] dvb-usb: error while querying for an remote control event.
[  496.146938][ T5921] dvb-usb: bulk message failed: -22 (1/0)
[  496.162788][ T5921] dvb-usb: error while querying for an remote control event.
[  496.347698][ T5921] dvb-usb: bulk message failed: -22 (1/0)
[  496.371284][ T5921] dvb-usb: error while querying for an remote control event.
[  496.382377][   T30] audit: type=1326 audit(1749863186.221:3343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12331 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  496.453387][   T30] audit: type=1326 audit(1749863186.251:3344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12331 comm="syz.2.2048" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f675078e929 code=0x7ffc0000
[  496.537251][ T5921] dvb-usb: bulk message failed: -22 (1/0)
[  496.543202][ T5921] dvb-usb: error while querying for an remote control event.
[  496.558152][T12342] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  496.612918][ T5921] usb 4-1: USB disconnect, device number 39
[  496.627327][   T24] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  496.692008][ T5921] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected.
[  496.777085][   T24] usb 1-1: Using ep0 maxpacket: 8
[  496.779245][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  496.803427][   T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=8246, bcdDevice= 0.00
[  496.803455][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.818257][   T24] usb 1-1: config 0 descriptor??
[  496.821591][   T24] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  496.917637][T12351] tap0: tun_chr_ioctl cmd 1074025677
[  496.917810][T12351] tap0: linktype set to 270
[  497.417048][ T5921] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  497.627121][ T5921] usb 5-1: Using ep0 maxpacket: 16
[  497.635604][ T5921] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  497.662035][ T5921] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  497.672573][ T5921] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  497.683784][ T5921] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  497.721454][ T5921] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  497.730948][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  497.742438][ T5921] usb 5-1: SerialNumber: syz
[  497.767091][   T24] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  497.927035][   T24] usb 3-1: Using ep0 maxpacket: 32
[  497.934789][   T24] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  497.952909][   T24] usb 3-1: config 0 has no interface number 0
[  497.970828][   T24] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  497.988086][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.040437][   T24] usb 3-1: Product: syz
[  498.045997][   T24] usb 3-1: Manufacturer: syz
[  498.054069][   T24] usb 3-1: SerialNumber: syz
[  498.071389][   T24] usb 3-1: config 0 descriptor??
[  498.088380][   T24] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  498.305247][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  498.320649][   T24] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  498.335495][   T24] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  498.372332][   T24] usb 3-1: USB disconnect, device number 42
[  498.430780][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  498.474918][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  498.486251][ T5925] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[  498.765817][   T24] quatech2 3-1:0.51: device disconnected
[  498.887675][ T5925] usb 2-1: config 8 has an invalid interface number: 177 but max is 0
[  499.000335][ T5925] usb 2-1: config 8 has no interface number 0
[  499.052462][ T5925] usb 2-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  499.154845][ T5925] usb 2-1: config 8 interface 177 has no altsetting 0
[  499.222151][ T5925] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  499.265738][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.317172][T12372] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  499.752605][   T24] usb 1-1: USB disconnect, device number 65
[  500.435401][ T5921] usb 5-1: 0:2 : does not exist
[  500.460887][T12398] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2067'.
[  500.470293][T12398] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2067'.
[  500.529115][T12398] netlink: 'syz.4.2067': attribute type 20 has an invalid length.
[  500.715440][ T5921] usb 5-1: USB disconnect, device number 47
[  500.829102][T12399] blktrace: Concurrent blktraces are not allowed on sg0
[  501.149734][ T7481] udevd[7481]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  501.280667][T12407] af_packet: tpacket_rcv: packet too big, clamped from 114 to 4294967272. macoff=96
[  501.332703][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  501.340942][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  501.416898][ T5921] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  501.545383][ T5925] usb 2-1: string descriptor 0 read error: -71
[  501.565130][    C1] ir_toy 2-1:8.177: out urb status: -71
[  501.599277][ T5921] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  501.616971][ T5921] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  501.674475][ T5921] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  501.697028][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  501.728062][ T5921] usb 5-1: Product: syz
[  501.732297][ T5921] usb 5-1: Manufacturer: syz
[  501.751708][ T5921] usb 5-1: SerialNumber: syz
[  501.789294][ T5921] cdc_mbim 5-1:1.0: MBIM functional descriptor missing
[  501.806301][ T5921] cdc_mbim 5-1:1.0: bind() failure
[  502.063280][ T5921] usb 5-1: USB disconnect, device number 48
[  502.077070][ T5925] ir_toy 2-1:8.177: could not write reset command: -110
[  502.097971][T12380] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  502.110120][ T5925] ir_toy 2-1:8.177: probe with driver ir_toy failed with error -110
[  502.125158][ T5925] usb 2-1: USB disconnect, device number 42
[  502.267086][T12380] usb 1-1: Using ep0 maxpacket: 16
[  502.393707][ T5900] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  502.529511][T12380] usb 1-1: config 0 interface 0 altsetting 48 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  502.545415][T12380] usb 1-1: config 0 interface 0 has no altsetting 0
[  502.552680][T12380] usb 1-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00
[  502.561982][ T5925] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  502.573138][T12380] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.644780][T12380] usb 1-1: config 0 descriptor??
[  502.679950][ T5900] usb 4-1: Using ep0 maxpacket: 16
[  502.691404][ T5900] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  502.700921][ T5900] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  502.716956][ T5925] usb 2-1: Using ep0 maxpacket: 8
[  502.723242][ T5900] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  502.733015][ T5900] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  502.742956][ T5925] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  502.793576][ T5900] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  502.797973][ T5925] usb 2-1: New USB device found, idVendor=05ac, idProduct=8246, bcdDevice= 0.00
[  502.805630][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.820653][ T5900] usb 4-1: SerialNumber: syz
[  502.860579][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  502.903025][T12441] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  502.992478][ T5925] usb 2-1: config 0 descriptor??
[  503.015766][ T5925] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  503.216064][T12419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  503.249103][T12419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  503.340960][T12380] logitech 0003:046D:C219.0016: unknown main item tag 0x2
[  503.469876][ T5900] usb 4-1: 0:2 : does not exist
[  503.502285][ T5900] usb 4-1: USB disconnect, device number 40
[  503.544280][T12380] logitech 0003:046D:C219.0016: hidraw0: USB HID v0.01 Device [HID 046d:c219] on usb-dummy_hcd.0-1/input0
[  503.560279][T12419] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  503.588934][T12419] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  503.592139][T12380] logitech 0003:046D:C219.0016: no inputs found
[  503.626247][ T7481] udevd[7481]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  504.604248][T12466] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2083'.
[  504.816967][T12380] usb 1-1: USB disconnect, device number 66
[  505.057092][ T5925] usb 2-1: USB disconnect, device number 43
[  505.307270][T12380] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  505.537519][T12380] usb 1-1: Using ep0 maxpacket: 8
[  505.544253][T12380] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  505.656011][T12380] usb 1-1: config 0 has no interfaces?
[  505.692395][T12380] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  505.716336][T12380] usb 1-1: config 0 has no interfaces?
[  505.865712][T12380] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  505.906873][T12380] usb 1-1: config 0 has no interfaces?
[  505.913852][T12380] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  505.938698][T12380] usb 1-1: config 0 has no interfaces?
[  505.944586][T12380] usb 1-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a
[  505.973997][T12380] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.988871][T12486] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  505.996339][T12486] batman_adv: batadv0: Removing interface: batadv_slave_0
[  506.007345][T12380] usb 1-1: config 0 descriptor??
[  506.015893][T12486] FAULT_INJECTION: forcing a failure.
[  506.015893][T12486] name failslab, interval 1, probability 0, space 0, times 0
[  506.029182][T12486] CPU: 1 UID: 0 PID: 12486 Comm: syz.4.2090 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  506.029220][T12486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  506.029237][T12486] Call Trace:
[  506.029245][T12486]  <TASK>
[  506.029254][T12486]  dump_stack_lvl+0x189/0x250
[  506.029291][T12486]  ? __pfx____ratelimit+0x10/0x10
[  506.029323][T12486]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.029354][T12486]  ? __pfx__printk+0x10/0x10
[  506.029388][T12486]  should_fail_ex+0x414/0x560
[  506.029420][T12486]  should_failslab+0xa8/0x100
[  506.029443][T12486]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  506.029465][T12486]  ? __alloc_skb+0x112/0x2d0
[  506.029494][T12486]  __alloc_skb+0x112/0x2d0
[  506.029523][T12486]  arp_create+0x189/0x990
[  506.029552][T12486]  ? __pfx_arp_create+0x10/0x10
[  506.029569][T12486]  ? batadv_primary_if_get_selected+0x7a/0x410
[  506.029608][T12486]  ? batadv_bla_send_claim+0xd0/0xc50
[  506.029636][T12486]  batadv_bla_send_claim+0x16a/0xc50
[  506.029665][T12486]  ? lockdep_hardirqs_on+0x9c/0x150
[  506.029704][T12486]  ? __pfx_batadv_bla_send_claim+0x10/0x10
[  506.029729][T12486]  ? batadv_bla_update_orig_address+0x534/0x880
[  506.029756][T12486]  batadv_bla_update_orig_address+0x56c/0x880
[  506.029784][T12486]  ? batadv_bla_update_orig_address+0x24e/0x880
[  506.029810][T12486]  ? __pfx_batadv_bla_update_orig_address+0x10/0x10
[  506.029830][T12486]  ? batadv_primary_if_get_selected+0x7a/0x410
[  506.029859][T12486]  ? __pfx_batadv_primary_if_get_selected+0x10/0x10
[  506.029898][T12486]  batadv_primary_if_update_addr+0x1ee/0x400
[  506.029934][T12486]  batadv_primary_if_select+0x191/0x2d0
[  506.029966][T12486]  batadv_hardif_disable_interface+0x778/0xfc0
[  506.030003][T12486]  ? batadv_hardif_disable_interface+0x3fd/0xfc0
[  506.030032][T12486]  ? __pfx_batadv_hardif_disable_interface+0x10/0x10
[  506.030060][T12486]  ? dev_hard_start_xmit+0x2d4/0x830
[  506.030086][T12486]  ? netlink_deliver_tap+0x19c/0x1b0
[  506.030106][T12486]  ? netlink_unicast+0x72f/0x8d0
[  506.030127][T12486]  ? do_syscall_64+0xfa/0x3b0
[  506.030142][T12486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.030164][T12486]  batadv_meshif_destroy_netlink+0x91/0x270
[  506.030189][T12486]  ? __pfx_batadv_meshif_destroy_netlink+0x10/0x10
[  506.030208][T12486]  rtnl_dellink+0x477/0x710
[  506.030234][T12486]  ? __pfx_rtnl_dellink+0x10/0x10
[  506.030264][T12486]  ? kasan_quarantine_put+0xdd/0x220
[  506.030292][T12486]  ? lockdep_hardirqs_on+0x9c/0x150
[  506.030410][T12486]  ? __pfx_rtnl_dellink+0x10/0x10
[  506.030430][T12486]  rtnetlink_rcv_msg+0x7cc/0xb70
[  506.030455][T12486]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  506.030475][T12486]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  506.030494][T12486]  ? ref_tracker_free+0x63a/0x7d0
[  506.030519][T12486]  ? __copy_skb_header+0xa7/0x550
[  506.030547][T12486]  ? __pfx_ref_tracker_free+0x10/0x10
[  506.030574][T12486]  ? __skb_clone+0x63/0x7a0
[  506.030608][T12486]  netlink_rcv_skb+0x208/0x470
[  506.030632][T12486]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  506.030654][T12486]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  506.030697][T12486]  ? netlink_deliver_tap+0x2e/0x1b0
[  506.030720][T12486]  ? netlink_deliver_tap+0x2e/0x1b0
[  506.030748][T12486]  netlink_unicast+0x75b/0x8d0
[  506.030775][T12486]  netlink_sendmsg+0x805/0xb30
[  506.030801][T12486]  ? __pfx_netlink_sendmsg+0x10/0x10
[  506.030823][T12486]  ? aa_sock_msg_perm+0x94/0x160
[  506.030844][T12486]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  506.030865][T12486]  ? __pfx_netlink_sendmsg+0x10/0x10
[  506.030884][T12486]  __sock_sendmsg+0x219/0x270
[  506.030901][T12486]  ____sys_sendmsg+0x505/0x830
[  506.030926][T12486]  ? __pfx_____sys_sendmsg+0x10/0x10
[  506.030953][T12486]  ? import_iovec+0x74/0xa0
[  506.030972][T12486]  ___sys_sendmsg+0x21f/0x2a0
[  506.030994][T12486]  ? __pfx____sys_sendmsg+0x10/0x10
[  506.031042][T12486]  ? __fget_files+0x2a/0x420
[  506.031059][T12486]  ? __fget_files+0x3a0/0x420
[  506.031084][T12486]  __x64_sys_sendmsg+0x19b/0x260
[  506.031106][T12486]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  506.031134][T12486]  ? __pfx_ksys_write+0x10/0x10
[  506.031147][T12486]  ? rcu_is_watching+0x15/0xb0
[  506.031175][T12486]  ? do_syscall_64+0xbe/0x3b0
[  506.031192][T12486]  do_syscall_64+0xfa/0x3b0
[  506.031205][T12486]  ? lockdep_hardirqs_on+0x9c/0x150
[  506.031228][T12486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.031243][T12486]  ? clear_bhb_loop+0x60/0xb0
[  506.031261][T12486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.031292][T12486] RIP: 0033:0x7f256c98e929
[  506.031306][T12486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  506.031343][T12486] RSP: 002b:00007f256d88e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  506.031361][T12486] RAX: ffffffffffffffda RBX: 00007f256cbb5fa0 RCX: 00007f256c98e929
[  506.031374][T12486] RDX: 0000000020000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  506.031385][T12486] RBP: 00007f256d88e090 R08: 0000000000000000 R09: 0000000000000000
[  506.031396][T12486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  506.031406][T12486] R13: 0000000000000000 R14: 00007f256cbb5fa0 R15: 00007f256ccdfa28
[  506.031433][T12486]  </TASK>
[  506.034801][T12486] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  506.552547][T12486] batman_adv: batadv0: Removing interface: batadv_slave_1
[  506.957099][T12380] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  507.168155][T12380] usb 3-1: Using ep0 maxpacket: 32
[  507.187203][T12380] usb 3-1: config 0 has an invalid interface number: 9 but max is 0
[  507.200558][T12380] usb 3-1: config 0 has no interface number 0
[  507.236663][T12380] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  507.257591][T12380] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.273327][T12380] usb 3-1: Product: syz
[  507.282870][T12380] usb 3-1: Manufacturer: syz
[  507.287685][ T5925] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  507.308962][T12380] usb 3-1: SerialNumber: syz
[  507.348539][T12380] usb 3-1: config 0 descriptor??
[  507.359318][T12380] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  507.504647][ T5925] usb 2-1: device descriptor read/64, error -71
[  507.536960][ T5900] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  507.689092][ T5900] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  507.700425][ T5900] usb 5-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00
[  507.733390][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.749106][ T5925] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  507.815345][ T5900] usb 5-1: config 0 descriptor??
[  507.904831][ T5925] usb 2-1: device descriptor read/64, error -71
[  508.133690][ T5921] usb 1-1: USB disconnect, device number 67
[  508.187310][ T5925] usb usb2-port1: attempt power cycle
[  508.436620][ T5900] elecom 0003:056E:00E6.0017: hidraw0: USB HID v0.00 Device [HID 056e:00e6] on usb-dummy_hcd.4-1/input0
[  508.537018][ T5925] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  508.623753][ T5925] usb 2-1: device descriptor read/8, error -71
[  508.860265][ T5900] usb 5-1: USB disconnect, device number 49
[  508.918016][ T5925] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  508.950665][ T5925] usb 2-1: device descriptor read/8, error -71
[  508.979318][T12380] gspca_topro: reg_r err -71
[  508.984014][T12380] gspca_topro: Sensor soi763a
[  509.059798][T12380] usb 3-1: USB disconnect, device number 43
[  509.067285][ T5925] usb usb2-port1: unable to enumerate USB device
[  510.450366][T12543] FAULT_INJECTION: forcing a failure.
[  510.450366][T12543] name failslab, interval 1, probability 0, space 0, times 0
[  510.467067][T12543] CPU: 1 UID: 0 PID: 12543 Comm: syz.1.2104 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  510.467094][T12543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  510.467105][T12543] Call Trace:
[  510.467114][T12543]  <TASK>
[  510.467122][T12543]  dump_stack_lvl+0x189/0x250
[  510.467168][T12543]  ? __pfx____ratelimit+0x10/0x10
[  510.467199][T12543]  ? __pfx_dump_stack_lvl+0x10/0x10
[  510.467248][T12543]  ? __pfx__printk+0x10/0x10
[  510.467287][T12543]  should_fail_ex+0x414/0x560
[  510.467322][T12543]  should_failslab+0xa8/0x100
[  510.467347][T12543]  __kmalloc_cache_noprof+0x70/0x3d0
[  510.467368][T12543]  ? sctp_add_bind_addr+0x8c/0x370
[  510.467395][T12543]  sctp_add_bind_addr+0x8c/0x370
[  510.467422][T12543]  sctp_copy_local_addr_list+0x30b/0x4e0
[  510.467449][T12543]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  510.467472][T12543]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  510.467497][T12543]  ? sctp_v6_is_any+0x64/0x80
[  510.467524][T12543]  ? sctp_copy_one_addr+0x93/0x360
[  510.467550][T12543]  sctp_bind_addr_copy+0xb3/0x3c0
[  510.467575][T12543]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  510.467612][T12543]  sctp_connect_new_asoc+0x2e0/0x690
[  510.467644][T12543]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  510.467671][T12543]  ? __local_bh_enable_ip+0x12d/0x1c0
[  510.467712][T12543]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  510.467744][T12543]  ? security_sctp_bind_connect+0x7e/0x2e0
[  510.467771][T12543]  sctp_sendmsg+0x155c/0x2810
[  510.467812][T12543]  ? __pfx_sctp_sendmsg+0x10/0x10
[  510.467845][T12543]  ? aa_sk_perm+0x81e/0x950
[  510.467876][T12543]  ? __pfx_aa_sk_perm+0x10/0x10
[  510.467905][T12543]  ? sock_rps_record_flow+0x19/0x410
[  510.467931][T12543]  ? inet_sendmsg+0x2f4/0x370
[  510.467956][T12543]  __sock_sendmsg+0x19c/0x270
[  510.467981][T12543]  ____sys_sendmsg+0x52d/0x830
[  510.468017][T12543]  ? __pfx_____sys_sendmsg+0x10/0x10
[  510.468063][T12543]  ? import_iovec+0x74/0xa0
[  510.468090][T12543]  ___sys_sendmsg+0x21f/0x2a0
[  510.468126][T12543]  ? __pfx____sys_sendmsg+0x10/0x10
[  510.468205][T12543]  ? __fget_files+0x2a/0x420
[  510.468228][T12543]  ? __fget_files+0x3a0/0x420
[  510.468264][T12543]  __sys_sendmmsg+0x227/0x430
[  510.468298][T12543]  ? __pfx___sys_sendmmsg+0x10/0x10
[  510.468324][T12543]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  510.468376][T12543]  ? ksys_write+0x22a/0x250
[  510.468410][T12543]  ? __pfx_ksys_write+0x10/0x10
[  510.468427][T12543]  ? rcu_is_watching+0x15/0xb0
[  510.468478][T12543]  __x64_sys_sendmmsg+0xa0/0xc0
[  510.468506][T12543]  do_syscall_64+0xfa/0x3b0
[  510.468524][T12543]  ? lockdep_hardirqs_on+0x9c/0x150
[  510.468553][T12543]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.468572][T12543]  ? clear_bhb_loop+0x60/0xb0
[  510.468596][T12543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.468615][T12543] RIP: 0033:0x7f5860b8e929
[  510.468633][T12543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  510.468649][T12543] RSP: 002b:00007f5861a11038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  510.468670][T12543] RAX: ffffffffffffffda RBX: 00007f5860db5fa0 RCX: 00007f5860b8e929
[  510.468711][T12543] RDX: 0000000000000002 RSI: 00002000000007c0 RDI: 0000000000000003
[  510.468724][T12543] RBP: 00007f5861a11090 R08: 0000000000000000 R09: 0000000000000000
[  510.468737][T12543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  510.468748][T12543] R13: 0000000000000000 R14: 00007f5860db5fa0 R15: 00007f5860edfa28
[  510.468780][T12543]  </TASK>
[  510.907142][T12541] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2103'.
[  511.025319][T12546] fuse: Unknown parameter '01777777777777777777777å l0‹‡2<Té·�º‰»�ÖLÈœ
OÚ}'
[  512.530770][T12590] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2115'.
[  512.530804][T12590] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2115'.
[  512.785633][T12602] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2114'.
[  512.846176][T12602] input: syz0 as /devices/virtual/input/input43
[  514.738592][T12634] loop4: detected capacity change from 0 to 4
[  514.772847][ T7481] Dev loop4: unable to read RDB block 4
[  514.802998][ T7481]  loop4: AHDI p1 p2
[  514.813721][ T7481] loop4: partition table partially beyond EOD, truncated
[  514.854988][ T7481] loop4: p1 size 4227858431 extends beyond EOD, truncated
[  514.876919][ T1212] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  514.907104][T12634] Dev loop4: unable to read RDB block 4
[  514.922801][T12634]  loop4: AHDI p1 p2
[  514.926772][T12634] loop4: partition table partially beyond EOD, truncated
[  514.934683][T12634] loop4: p1 size 4227858431 extends beyond EOD, truncated
[  515.037010][T12380] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  515.069777][ T1212] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  515.069835][ T1212] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  515.069862][ T1212] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  515.069901][ T1212] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  515.069922][ T1212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.092579][ T1212] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  515.093456][ T1212] usb 4-1: invalid MIDI out EP 0
[  515.196981][T12380] usb 5-1: Using ep0 maxpacket: 8
[  515.220975][T12380] usb 5-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 128, changing to 11
[  515.221009][T12380] usb 5-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  515.221035][T12380] usb 5-1: config 1 interface 0 has no altsetting 0
[  515.230710][ T1212] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  515.265102][T12380] usb 5-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.40
[  515.856301][T12380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.856333][T12380] usb 5-1: Manufacturer: ᯕ
[  515.946408][T12380] usb 5-1: SerialNumber: Ђ
[  516.130682][ T5925] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  516.319032][ T5925] usb 2-1: Using ep0 maxpacket: 32
[  516.337673][ T5925] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  516.347291][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  516.358304][T12380] usbhid 5-1:1.0: can't add hid device: -71
[  516.364342][T12380] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  516.373275][ T5925] usb 2-1: config 0 descriptor??
[  516.391269][T12380] usb 5-1: USB disconnect, device number 50
[  516.591668][ T5925] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  516.601503][ T5925] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  516.626632][ T5925] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  516.683779][ T5925] usb 2-1: media controller created
[  516.888318][ T5925] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  517.242292][T12670] program syz.4.2139 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  517.451177][T12674] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  517.554488][T12380] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  518.381987][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  518.382003][   T30] audit: type=1326 audit(1749863208.201:3349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  518.822076][   T30] audit: type=1326 audit(1749863208.201:3350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  518.876908][ T5900] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  518.906957][   T30] audit: type=1326 audit(1749863208.201:3351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  519.027571][   T30] audit: type=1326 audit(1749863208.201:3352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  519.117039][ T5925] az6027: usb out operation failed. (-110)
[  519.127550][ T1212] usb 4-1: USB disconnect, device number 41
[  519.171435][   T30] audit: type=1326 audit(1749863208.201:3353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f256c92ab19 code=0x7ffc0000
[  519.209566][ T5925] az6027: usb out operation failed. (-32)
[  519.300997][ T5925] stb0899_attach: Driver disabled by Kconfig
[  519.447024][ T5925] az6027: no front-end attached
[  519.447024][ T5925] 
[  519.459089][ T5925] az6027: usb out operation failed. (-71)
[  519.466932][   T30] audit: type=1326 audit(1749863208.201:3354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f256c92ab19 code=0x7ffc0000
[  519.493194][ T5925] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  519.505624][ T5925] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input45
[  519.532866][   T30] audit: type=1326 audit(1749863208.201:3355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  519.557613][ T5900] usb 3-1: config 0 has no interfaces?
[  519.617869][ T5925] dvb-usb: schedule remote query interval to 400 msecs.
[  519.634305][ T5900] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  519.648033][ T5925] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  519.674986][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.677076][   T30] audit: type=1326 audit(1749863208.201:3356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f256c92ab19 code=0x7ffc0000
[  519.711105][ T5900] usb 3-1: Product: syz
[  519.715327][ T5900] usb 3-1: Manufacturer: syz
[  519.738298][ T5925] usb 2-1: USB disconnect, device number 48
[  519.795598][   T30] audit: type=1326 audit(1749863208.201:3357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  519.820926][T12695] FAULT_INJECTION: forcing a failure.
[  519.820926][T12695] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  519.854392][ T5900] usb 3-1: SerialNumber: syz
[  519.864435][T12695] CPU: 1 UID: 0 PID: 12695 Comm: syz.1.2147 Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  519.864457][T12695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  519.864467][T12695] Call Trace:
[  519.864473][T12695]  <TASK>
[  519.864480][T12695]  dump_stack_lvl+0x189/0x250
[  519.864509][T12695]  ? __pfx____ratelimit+0x10/0x10
[  519.864533][T12695]  ? __pfx_dump_stack_lvl+0x10/0x10
[  519.864557][T12695]  ? __pfx__printk+0x10/0x10
[  519.864583][T12695]  should_fail_ex+0x414/0x560
[  519.864614][T12695]  _copy_to_user+0x31/0xb0
[  519.864632][T12695]  simple_read_from_buffer+0xe1/0x170
[  519.864652][T12695]  proc_fail_nth_read+0x1df/0x250
[  519.864673][T12695]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  519.864706][T12695]  ? rw_verify_area+0x258/0x650
[  519.864728][T12695]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  519.864746][T12695]  vfs_read+0x1fd/0x980
[  519.864773][T12695]  ? __pfx___mutex_lock+0x10/0x10
[  519.864788][T12695]  ? __pfx_vfs_read+0x10/0x10
[  519.864812][T12695]  ? __fget_files+0x2a/0x420
[  519.864831][T12695]  ? __fget_files+0x3a0/0x420
[  519.864846][T12695]  ? __fget_files+0x2a/0x420
[  519.864869][T12695]  ksys_read+0x145/0x250
[  519.864884][T12695]  ? __pfx_ksys_read+0x10/0x10
[  519.864905][T12695]  ? rcu_is_watching+0x15/0xb0
[  519.864932][T12695]  ? do_syscall_64+0xbe/0x3b0
[  519.864949][T12695]  do_syscall_64+0xfa/0x3b0
[  519.864961][T12695]  ? lockdep_hardirqs_on+0x9c/0x150
[  519.864983][T12695]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.864998][T12695]  ? clear_bhb_loop+0x60/0xb0
[  519.865034][T12695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  519.865049][T12695] RIP: 0033:0x7f5860b8d33c
[  519.865063][T12695] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  519.865076][T12695] RSP: 002b:00007f5861a11030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  519.865091][T12695] RAX: ffffffffffffffda RBX: 00007f5860db5fa0 RCX: 00007f5860b8d33c
[  519.865102][T12695] RDX: 000000000000000f RSI: 00007f5861a110a0 RDI: 0000000000000009
[  519.865112][T12695] RBP: 00007f5861a11090 R08: 0000000000000000 R09: 0000000000000000
[  519.865121][T12695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  519.865129][T12695] R13: 0000000000000000 R14: 00007f5860db5fa0 R15: 00007f5860edfa28
[  519.865152][T12695]  </TASK>
[  520.166987][   T30] audit: type=1326 audit(1749863208.201:3358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12682 comm="syz.4.2143" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f256c92ab19 code=0x7ffc0000
[  520.256316][ T5900] usb 3-1: config 0 descriptor??
[  520.477876][ T5925] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  520.808929][T12678] delete_channel: no stack
[  520.876898][ T5925] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  521.236949][ T5925] usb 2-1: Using ep0 maxpacket: 32
[  521.247517][ T5925] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  521.268865][ T5925] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  521.467322][T12380] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  521.918346][ T5925] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  521.982636][ T5925] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  522.065151][ T5925] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  522.083242][ T5925] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  522.126875][T12380] usb 5-1: config 0 has no interfaces?
[  522.140041][ T5900] usb 3-1: USB disconnect, device number 44
[  522.154374][ T5925] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  522.247832][T12380] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  522.307019][T12380] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  522.325921][T12380] usb 5-1: Product: syz
[  522.343215][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.351562][   T10] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  522.355054][T12380] usb 5-1: Manufacturer: syz
[  522.364007][T12380] usb 5-1: SerialNumber: syz
[  522.394004][ T5925] usb 2-1: config 0 descriptor??
[  522.405477][T12380] usb 5-1: config 0 descriptor??
[  522.673074][   T10] usb 1-1: config 0 has no interfaces?
[  522.871601][   T10] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  522.997389][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.011187][   T10] usb 1-1: Product: syz
[  523.015480][   T10] usb 1-1: Manufacturer: syz
[  523.032001][   T10] usb 1-1: SerialNumber: syz
[  523.094710][ T5925] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 49 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  523.097668][   T10] usb 1-1: config 0 descriptor??
[  524.861349][ T5925] usb 2-1: USB disconnect, device number 49
[  524.872454][ T5925] usblp0: removed
[  525.089971][T12380] usb 5-1: USB disconnect, device number 51
[  525.156877][ T5900] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  525.274895][T12380] usb 1-1: USB disconnect, device number 69
[  525.280994][ T5925] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  525.391834][ T5900] usb 3-1: Using ep0 maxpacket: 32
[  525.399766][ T5900] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  525.409217][ T5900] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  525.420568][ T5900] usb 3-1: config 0 descriptor??
[  525.454102][ T5925] usb 2-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[  525.475017][ T5925] usb 2-1: config 3 has 1 interface, different from the descriptor's value: 2
[  525.495637][ T5925] usb 2-1: config 3 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  525.518320][ T5925] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  525.535438][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.545622][ T5925] usb 2-1: Product: syz
[  525.552296][ T5925] usb 2-1: Manufacturer: syz
[  525.557290][ T5925] usb 2-1: SerialNumber: syz
[  525.581659][ T5925] cdc_ncm 2-1:3.0: invalid descriptor buffer length
[  525.588814][ T5925] cdc_ncm 2-1:3.0: CDC Union missing and no IAD found
[  525.594881][T12751] netlink: 'syz.4.2163': attribute type 1 has an invalid length.
[  525.595723][ T5925] cdc_ncm 2-1:3.0: bind() failure
[  525.627758][ T5900] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  525.639410][ T5900] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  525.650360][ T5900] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  525.657674][ T5900] usb 3-1: media controller created
[  525.689107][ T5900] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  525.755894][T12754] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  525.794997][ T5925] usb 2-1: USB disconnect, device number 50
[  525.832549][ T5900] az6027: usb out operation failed. (-71)
[  525.847441][ T5900] az6027: usb out operation failed. (-71)
[  525.863567][ T5900] stb0899_attach: Driver disabled by Kconfig
[  525.883826][ T5900] az6027: no front-end attached
[  525.883826][ T5900] 
[  525.907533][T12751] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2163'.
[  525.916627][T12751] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  525.917686][ T5900] az6027: usb out operation failed. (-71)
[  525.937724][T12751] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  525.966861][ T5900] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  525.981740][ T5900] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input46
[  526.009845][ T5900] dvb-usb: schedule remote query interval to 400 msecs.
[  526.040417][ T5900] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  526.057175][ T5900] usb 3-1: USB disconnect, device number 45
[  526.129335][ T5900] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  526.204868][   T30] kauditd_printk_skb: 102 callbacks suppressed
[  526.204886][   T30] audit: type=1326 audit(1749863216.041:3461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.3.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  526.233988][   T30] audit: type=1326 audit(1749863216.041:3462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.3.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  526.259437][   T30] audit: type=1326 audit(1749863216.041:3463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.3.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  526.282189][   T30] audit: type=1326 audit(1749863216.041:3464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.3.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  526.308191][   T30] audit: type=1326 audit(1749863216.041:3465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.3.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  526.333496][   T30] audit: type=1326 audit(1749863216.041:3466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.3.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  526.359782][   T30] audit: type=1326 audit(1749863216.041:3467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.3.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  526.424463][   T30] audit: type=1326 audit(1749863216.051:3468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12764 comm="syz.3.2169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  526.706922][   T10] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  526.880889][   T10] usb 4-1: config 0 has no interfaces?
[  526.893624][   T10] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  526.920725][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.944690][T12787] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2177'.
[  526.972957][   T10] usb 4-1: Product: syz
[  526.980951][   T10] usb 4-1: Manufacturer: syz
[  526.985617][   T10] usb 4-1: SerialNumber: syz
[  527.030198][   T10] usb 4-1: config 0 descriptor??
[  528.729584][T12829] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2191'.
[  529.290447][T12831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2193'.
[  529.318625][T12831] input: syz0 as /devices/virtual/input/input47
[  529.463688][ T5925] usb 4-1: USB disconnect, device number 42
[  529.929125][T12852] netlink: 'syz.2.2199': attribute type 71 has an invalid length.
[  529.997922][T12852] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2199'.
[  530.339267][T12866] input: syz0 as /devices/virtual/input/input48
[  530.422816][   T30] audit: type=1326 audit(1749863220.261:3469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12862 comm="syz.0.2203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8938e929 code=0x7ffc0000
[  530.542920][   T30] audit: type=1326 audit(1749863220.261:3470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12862 comm="syz.0.2203" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fdf8938e929 code=0x7ffc0000
[  531.446604][T12885] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  531.456711][T12885] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  531.540836][T12885] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  531.550394][T12885] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  531.813172][T12885] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  531.819672][T12885] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  531.967591][T12885] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  531.973745][T12885] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  532.109072][T12885] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  532.115331][T12885] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  532.720682][T12912] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  532.727400][T12912] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  532.735766][T12912] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  532.752565][T12912] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  532.766515][T12912] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  533.785917][ T5925] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  533.977946][ T5925] usb 4-1: Using ep0 maxpacket: 16
[  534.003644][ T5925] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  534.024163][ T5925] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  534.055096][ T5925] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  534.097025][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.117679][ T5925] usb 4-1: Product: syz
[  534.127272][ T5925] usb 4-1: Manufacturer: syz
[  534.141265][ T5925] usb 4-1: SerialNumber: syz
[  534.388994][ T5925] cdc_ncm 4-1:1.0: bind() failure
[  534.434442][ T5925] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  534.454065][ T5925] cdc_ncm 4-1:1.1: bind() failure
[  534.504859][ T5925] usb 4-1: USB disconnect, device number 43
[  534.800148][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  534.806232][ T5848] Bluetooth: hci3: command 0x0406 tx timeout
[  534.813425][ T5848] Bluetooth: hci2: command 0x0406 tx timeout
[  534.819624][ T5848] Bluetooth: hci1: command 0x0406 tx timeout
[  534.825639][ T5848] Bluetooth: hci0: command 0x0406 tx timeout
[  535.889256][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  535.889274][   T30] audit: type=1326 audit(1749863225.721:3475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8938e929 code=0x7ffc0000
[  535.917749][    C0] vkms_vblank_simulate: vblank timer overrun
[  535.954271][   T30] audit: type=1326 audit(1749863225.721:3476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fdf8938e929 code=0x7ffc0000
[  536.031551][   T30] audit: type=1326 audit(1749863225.721:3477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8938e929 code=0x7ffc0000
[  536.054167][    C0] vkms_vblank_simulate: vblank timer overrun
[  536.215027][   T30] audit: type=1326 audit(1749863225.721:3478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fdf8938e929 code=0x7ffc0000
[  536.237388][    C0] vkms_vblank_simulate: vblank timer overrun
[  536.327964][   T30] audit: type=1326 audit(1749863225.731:3479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8938e929 code=0x7ffc0000
[  536.350675][    C0] vkms_vblank_simulate: vblank timer overrun
[  536.364642][T12979] overlayfs: missing 'lowerdir'
[  536.391499][   T30] audit: type=1326 audit(1749863225.731:3480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12953 comm="syz.0.2230" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf8938e929 code=0x7ffc0000
[  536.518070][T12983] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2238'.
[  536.846910][T12948] Bluetooth: hci0: command 0x0406 tx timeout
[  536.846975][T12948] Bluetooth: hci1: command 0x0406 tx timeout
[  536.847009][T12948] Bluetooth: hci2: command 0x0406 tx timeout
[  536.847043][T12948] Bluetooth: hci3: command 0x0406 tx timeout
[  536.847075][T12948] Bluetooth: hci4: command 0x0406 tx timeout
[  537.386964][   T10] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  537.764077][   T10] usb 1-1: config 0 has no interfaces?
[  537.798687][   T30] audit: type=1326 audit(1749863227.611:3481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.2244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  537.866303][   T10] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  537.946916][   T30] audit: type=1326 audit(1749863227.611:3482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.2244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  537.978871][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  538.016591][   T10] usb 1-1: Product: syz
[  538.031601][   T30] audit: type=1326 audit(1749863227.611:3483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.2244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  538.057850][   T10] usb 1-1: Manufacturer: syz
[  538.094942][   T10] usb 1-1: SerialNumber: syz
[  538.116434][   T10] usb 1-1: config 0 descriptor??
[  538.159626][   T30] audit: type=1326 audit(1749863227.611:3484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13002 comm="syz.4.2244" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  539.155609][   T10] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  539.334354][   T10] usb 3-1: config 0 has no interfaces?
[  539.353163][   T10] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  539.364096][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.375304][   T10] usb 3-1: Product: syz
[  539.396558][   T10] usb 3-1: Manufacturer: syz
[  539.420904][   T10] usb 3-1: SerialNumber: syz
[  539.465584][   T10] usb 3-1: config 0 descriptor??
[  539.725207][T13024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  539.735953][T13024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  540.216367][T13030] overlayfs: missing 'lowerdir'
[  540.395730][T12992] delete_channel: no stack
[  540.435332][ T5925] usb 1-1: USB disconnect, device number 70
[  540.580776][T13036] SET target dimension over the limit!
[  540.856939][ T5921] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  540.933368][T13046] overlayfs: missing 'lowerdir'
[  541.022803][ T5921] usb 4-1: Using ep0 maxpacket: 32
[  541.031529][ T5921] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  541.040401][ T5921] usb 4-1: config 0 has no interface number 0
[  541.047185][ T5921] usb 4-1: config 0 interface 12 has no altsetting 0
[  541.056891][ T5921] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  541.066492][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  541.075893][ T5921] usb 4-1: Product: syz
[  541.086056][ T5921] usb 4-1: Manufacturer: syz
[  541.129833][ T5921] usb 4-1: SerialNumber: syz
[  541.168703][ T5921] usb 4-1: config 0 descriptor??
[  541.348744][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  541.348762][   T30] audit: type=1326 audit(1749863231.191:3487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13047 comm="syz.4.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  541.386849][   T30] audit: type=1326 audit(1749863231.191:3488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13047 comm="syz.4.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  541.432370][   T30] audit: type=1326 audit(1749863231.191:3489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13047 comm="syz.4.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  541.531721][   T30] audit: type=1326 audit(1749863231.221:3490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13047 comm="syz.4.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  541.587134][   T30] audit: type=1326 audit(1749863231.221:3491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13047 comm="syz.4.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  541.684311][   T30] audit: type=1326 audit(1749863231.221:3492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13047 comm="syz.4.2256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f256c98e929 code=0x7ffc0000
[  541.857164][ T5925] usb 3-1: USB disconnect, device number 46
[  542.080014][T13066] loop2: detected capacity change from 0 to 7
[  542.130454][T13066] Dev loop2: unable to read RDB block 7
[  542.150612][T13066]  loop2: AHDI p1 p2
[  542.155072][T13066] loop2: partition table partially beyond EOD, truncated
[  542.168302][T13066] loop2: p1 size 4227858431 extends beyond EOD, truncated
[  542.297033][   T10] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  542.396946][ T5925] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  542.449611][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  542.462161][   T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  542.475289][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.495271][   T10] usb 2-1: config 0 descriptor??
[  542.515930][   T10] pwc: Askey VC010 type 2 USB webcam detected.
[  542.567300][ T5925] usb 3-1: Using ep0 maxpacket: 32
[  542.583238][ T5925] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  542.606988][ T5925] usb 3-1: config 0 has no interface number 0
[  542.613130][ T5925] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  542.659847][ T5925] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  542.690629][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.699823][ T5925] usb 3-1: Product: syz
[  542.704049][ T5925] usb 3-1: Manufacturer: syz
[  542.719792][ T5921] f81534 4-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71
[  542.728552][ T5921] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  542.735907][ T5921] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  542.746201][T13063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  542.751615][ T5925] usb 3-1: SerialNumber: syz
[  542.755649][T13063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  542.763089][ T5921] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  542.791537][ T5925] usb 3-1: config 0 descriptor??
[  542.797178][   T10] pwc: send_video_command error -71
[  542.802436][   T10] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  542.813860][ T5925] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  542.841203][ T5921] usb 4-1: USB disconnect, device number 44
[  542.845710][   T10] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  542.859629][ T5925] em28xx 3-1:0.132: Video interface 132 found: isoc
[  542.932269][   T10] usb 2-1: USB disconnect, device number 51
[  543.475164][   T10] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  543.672963][   T10] usb 1-1: config 0 has no interfaces?
[  543.690781][   T10] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  543.700453][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.710268][   T10] usb 1-1: Product: syz
[  543.728311][   T10] usb 1-1: Manufacturer: syz
[  543.739707][   T10] usb 1-1: SerialNumber: syz
[  543.762740][   T10] usb 1-1: config 0 descriptor??
[  543.814716][   T30] audit: type=1326 audit(1749863233.651:3493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.3.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  543.893749][   T30] audit: type=1326 audit(1749863233.651:3494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.3.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  543.958852][ T5925] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[  543.966215][T13095] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  544.085134][ T5925] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  544.094999][   T30] audit: type=1326 audit(1749863233.651:3495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.3.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  544.106125][T13097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2270'.
[  544.126737][ T5925] em28xx 3-1:0.132: board has no eeprom
[  544.156290][   T30] audit: type=1326 audit(1749863233.651:3496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13084 comm="syz.3.2267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1e2518e929 code=0x7ffc0000
[  544.216953][ T5925] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  544.228777][ T5925] em28xx 3-1:0.132: analog set to isoc mode.
[  544.241452][ T5921] em28xx 3-1:0.132: Registering V4L2 extension
[  544.506404][ T5921] em28xx 3-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  544.522244][ T5921] em28xx 3-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  544.534414][ T5921] em28xx 3-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  544.545618][ T5921] em28xx 3-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  544.651898][T13108] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2271'.
[  544.689020][T13108] input: syz0 as /devices/virtual/input/input49
[  544.947841][ T5925] usb 3-1: USB disconnect, device number 47
[  544.961253][ T5921] em28xx 3-1:0.132: failed to trigger read from i2c address 0x84 (error=-19)
[  544.987365][ T5925] em28xx 3-1:0.132: Disconnecting em28xx
[  545.136902][   T10] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  545.324821][ T5921] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[  545.339777][ T5921] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[  545.355398][ T5921] em28xx 3-1:0.132: No AC97 audio processor
[  545.357449][   T10] usb 2-1: Using ep0 maxpacket: 32
[  545.406014][ T5921] usb 3-1: Decoder not found
[  545.407903][   T10] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  545.470014][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.515232][ T5921] em28xx 3-1:0.132: failed to create media graph
[  545.564526][   T10] usb 2-1: config 0 descriptor??
[  545.635031][ T5921] em28xx 3-1:0.132: V4L2 device video103 deregistered
[  545.763831][ T5921] em28xx 3-1:0.132: Remote control support is not available for this card.
[  545.764131][T13122] ==================================================================
[  545.780666][T13122] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xc7/0x430
[  545.788064][T13122] Read of size 8 at addr ffff88807a9f4738 by task v4l_id/13122
[  545.795608][T13122] 
[  545.797938][T13122] CPU: 0 UID: 0 PID: 13122 Comm: v4l_id Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  545.797959][T13122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  545.797969][T13122] Call Trace:
[  545.797976][T13122]  <TASK>
[  545.797984][T13122]  dump_stack_lvl+0x189/0x250
[  545.798011][T13122]  ? __virt_addr_valid+0x1c8/0x5c0
[  545.798027][T13122]  ? rcu_is_watching+0x15/0xb0
[  545.798051][T13122]  ? __pfx_dump_stack_lvl+0x10/0x10
[  545.798074][T13122]  ? rcu_is_watching+0x15/0xb0
[  545.798097][T13122]  ? lock_release+0x4b/0x3e0
[  545.798120][T13122]  ? __virt_addr_valid+0x1c8/0x5c0
[  545.798135][T13122]  ? __virt_addr_valid+0x4a5/0x5c0
[  545.798155][T13122]  print_report+0xd2/0x2b0
[  545.798175][T13122]  ? v4l2_fh_open+0xc7/0x430
[  545.798189][T13122]  kasan_report+0x118/0x150
[  545.798205][T13122]  ? v4l2_fh_open+0xc7/0x430
[  545.798221][T13122]  v4l2_fh_open+0xc7/0x430
[  545.798235][T13122]  ? __pfx___mutex_lock+0x10/0x10
[  545.798252][T13122]  em28xx_v4l2_open+0x157/0x9a0
[  545.798280][T13122]  v4l2_open+0x20c/0x360
[  545.798297][T13122]  chrdev_open+0x4cc/0x5e0
[  545.798315][T13122]  ? __pfx_chrdev_open+0x10/0x10
[  545.798333][T13122]  ? __pfx_chrdev_open+0x10/0x10
[  545.798349][T13122]  do_dentry_open+0xdf3/0x1970
[  545.798374][T13122]  vfs_open+0x3b/0x340
[  545.798391][T13122]  ? path_openat+0x2ecd/0x3830
[  545.798425][T13122]  path_openat+0x2ee5/0x3830
[  545.798445][T13122]  ? arch_stack_walk+0xfc/0x150
[  545.798481][T13122]  ? __pfx_path_openat+0x10/0x10
[  545.798500][T13122]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.798521][T13122]  do_filp_open+0x1fa/0x410
[  545.798539][T13122]  ? __lock_acquire+0xab9/0xd20
[  545.798558][T13122]  ? __pfx_do_filp_open+0x10/0x10
[  545.798585][T13122]  ? _raw_spin_unlock+0x28/0x50
[  545.798603][T13122]  ? alloc_fd+0x64c/0x6c0
[  545.798621][T13122]  do_sys_openat2+0x121/0x1c0
[  545.798640][T13122]  ? __pfx_do_sys_openat2+0x10/0x10
[  545.798658][T13122]  ? exc_page_fault+0x76/0xf0
[  545.798679][T13122]  ? do_user_addr_fault+0xc8a/0x1390
[  545.798698][T13122]  __x64_sys_openat+0x138/0x170
[  545.798718][T13122]  do_syscall_64+0xfa/0x3b0
[  545.798730][T13122]  ? lockdep_hardirqs_on+0x9c/0x150
[  545.798750][T13122]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.798764][T13122]  ? clear_bhb_loop+0x60/0xb0
[  545.798779][T13122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.798793][T13122] RIP: 0033:0x7f04a8ea7407
[  545.798805][T13122] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  545.798818][T13122] RSP: 002b:00007ffef4881690 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  545.798832][T13122] RAX: ffffffffffffffda RBX: 00007f04a9593880 RCX: 00007f04a8ea7407
[  545.798843][T13122] RDX: 0000000000000000 RSI: 00007ffef4882f1b RDI: ffffffffffffff9c
[  545.798853][T13122] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  545.798861][T13122] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  545.798869][T13122] R13: 00007ffef48818e0 R14: 00007f04a96fa000 R15: 000055666186d4d8
[  545.798884][T13122]  </TASK>
[  545.798889][T13122] 
[  546.102367][T13122] Allocated by task 5921:
[  546.106695][T13122]  kasan_save_track+0x3e/0x80
[  546.111378][T13122]  __kasan_kmalloc+0x93/0xb0
[  546.115964][T13122]  __kmalloc_cache_noprof+0x230/0x3d0
[  546.121330][T13122]  em28xx_v4l2_init+0x10b/0x2e70
[  546.126266][T13122]  em28xx_init_extension+0x120/0x1c0
[  546.131547][T13122]  process_scheduled_works+0xae1/0x17b0
[  546.137091][T13122]  worker_thread+0x8a0/0xda0
[  546.141671][T13122]  kthread+0x70e/0x8a0
[  546.145731][T13122]  ret_from_fork+0x3fc/0x770
[  546.150316][T13122]  ret_from_fork_asm+0x1a/0x30
[  546.155071][T13122] 
[  546.157390][T13122] Freed by task 5921:
[  546.161363][T13122]  kasan_save_track+0x3e/0x80
[  546.166043][T13122]  kasan_save_free_info+0x46/0x50
[  546.171105][T13122]  __kasan_slab_free+0x62/0x70
[  546.175872][T13122]  kfree+0x18e/0x440
[  546.179776][T13122]  em28xx_v4l2_init+0x1683/0x2e70
[  546.184801][T13122]  em28xx_init_extension+0x120/0x1c0
[  546.190124][T13122]  process_scheduled_works+0xae1/0x17b0
[  546.195670][T13122]  worker_thread+0x8a0/0xda0
[  546.200250][T13122]  kthread+0x70e/0x8a0
[  546.204315][T13122]  ret_from_fork+0x3fc/0x770
[  546.208910][T13122]  ret_from_fork_asm+0x1a/0x30
[  546.213689][T13122] 
[  546.216008][T13122] The buggy address belongs to the object at ffff88807a9f4000
[  546.216008][T13122]  which belongs to the cache kmalloc-8k of size 8192
[  546.230066][T13122] The buggy address is located 1848 bytes inside of
[  546.230066][T13122]  freed 8192-byte region [ffff88807a9f4000, ffff88807a9f6000)
[  546.244031][T13122] 
[  546.246352][T13122] The buggy address belongs to the physical page:
[  546.252755][T13122] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7a9f0
[  546.261509][T13122] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  546.270005][T13122] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  546.277557][T13122] page_type: f5(slab)
[  546.281539][T13122] raw: 00fff00000000040 ffff88801a442280 ffffea0001acf200 dead000000000004
[  546.290116][T13122] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  546.298697][T13122] head: 00fff00000000040 ffff88801a442280 ffffea0001acf200 dead000000000004
[  546.307365][T13122] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  546.316042][T13122] head: 00fff00000000003 ffffea0001ea7c01 00000000ffffffff 00000000ffffffff
[  546.324716][T13122] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  546.333378][T13122] page dumped because: kasan: bad access detected
[  546.339785][T13122] page_owner tracks the page as allocated
[  546.345489][T13122] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5499, tgid 5499 (start-stop-daem), ts 52433356678, free_ts 52353055982
[  546.366328][T13122]  post_alloc_hook+0x240/0x2a0
[  546.371102][T13122]  get_page_from_freelist+0x21e4/0x22c0
[  546.376668][T13122]  __alloc_frozen_pages_noprof+0x181/0x370
[  546.382471][T13122]  alloc_pages_mpol+0x232/0x4a0
[  546.387316][T13122]  allocate_slab+0x8a/0x3b0
[  546.391825][T13122]  ___slab_alloc+0xbfc/0x1480
[  546.396509][T13122]  __kmalloc_cache_noprof+0x296/0x3d0
[  546.401887][T13122]  tomoyo_init_log+0x111f/0x1f70
[  546.406859][T13122]  tomoyo_supervisor+0x340/0x1480
[  546.411912][T13122]  tomoyo_env_perm+0x149/0x1e0
[  546.416672][T13122]  tomoyo_find_next_domain+0x15cf/0x1aa0
[  546.422296][T13122]  tomoyo_bprm_check_security+0x11c/0x180
[  546.428016][T13122]  security_bprm_check+0x89/0x270
[  546.433045][T13122]  bprm_execve+0x8ee/0x1450
[  546.437557][T13122]  do_execveat_common+0x510/0x6a0
[  546.442581][T13122]  __x64_sys_execve+0x94/0xb0
[  546.447286][T13122] page last free pid 5498 tgid 5498 stack trace:
[  546.453608][T13122]  __free_frozen_pages+0xc71/0xe70
[  546.458717][T13122]  __put_partials+0x161/0x1c0
[  546.463395][T13122]  put_cpu_partial+0x17c/0x250
[  546.468165][T13122]  __slab_free+0x2f7/0x400
[  546.472584][T13122]  qlist_free_all+0x97/0x140
[  546.477179][T13122]  kasan_quarantine_reduce+0x148/0x160
[  546.482673][T13122]  __kasan_slab_alloc+0x22/0x80
[  546.487540][T13122]  __kmalloc_noprof+0x224/0x4f0
[  546.492390][T13122]  tomoyo_supervisor+0xbd5/0x1480
[  546.497509][T13122]  tomoyo_env_perm+0x149/0x1e0
[  546.502281][T13122]  tomoyo_find_next_domain+0x15cf/0x1aa0
[  546.507912][T13122]  tomoyo_bprm_check_security+0x11c/0x180
[  546.513641][T13122]  security_bprm_check+0x89/0x270
[  546.518667][T13122]  bprm_execve+0x8ee/0x1450
[  546.523172][T13122]  do_execveat_common+0x510/0x6a0
[  546.528195][T13122]  __x64_sys_execve+0x94/0xb0
[  546.532929][T13122] 
[  546.535278][T13122] Memory state around the buggy address:
[  546.540903][T13122]  ffff88807a9f4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  546.549059][T13122]  ffff88807a9f4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  546.557122][T13122] >ffff88807a9f4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  546.565175][T13122]                                         ^
[  546.571062][T13122]  ffff88807a9f4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  546.579118][T13122]  ffff88807a9f4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  546.587176][T13122] ==================================================================
[  546.629359][T13122] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  546.636629][T13122] CPU: 0 UID: 0 PID: 13122 Comm: v4l_id Not tainted 6.16.0-rc1-syzkaller-00157-g02adc1490e6d #0 PREEMPT(full) 
[  546.648382][T13122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  546.658464][T13122] Call Trace:
[  546.661808][T13122]  <TASK>
[  546.664754][T13122]  dump_stack_lvl+0x99/0x250
[  546.669359][T13122]  ? __asan_memcpy+0x40/0x70
[  546.673979][T13122]  ? __pfx_dump_stack_lvl+0x10/0x10
[  546.679181][T13122]  ? __pfx__printk+0x10/0x10
[  546.683773][T13122]  panic+0x2db/0x790
[  546.687697][T13122]  ? __pfx_panic+0x10/0x10
[  546.692129][T13122]  ? check_panic_on_warn+0x75/0xb0
[  546.697283][T13122]  ? v4l2_fh_open+0xc7/0x430
[  546.701879][T13122]  check_panic_on_warn+0x89/0xb0
[  546.706824][T13122]  ? v4l2_fh_open+0xc7/0x430
[  546.711425][T13122]  end_report+0x78/0x160
[  546.715662][T13122]  kasan_report+0x129/0x150
[  546.720165][T13122]  ? v4l2_fh_open+0xc7/0x430
[  546.724790][T13122]  v4l2_fh_open+0xc7/0x430
[  546.729211][T13122]  ? __pfx___mutex_lock+0x10/0x10
[  546.734247][T13122]  em28xx_v4l2_open+0x157/0x9a0
[  546.739134][T13122]  v4l2_open+0x20c/0x360
[  546.743391][T13122]  chrdev_open+0x4cc/0x5e0
[  546.747821][T13122]  ? __pfx_chrdev_open+0x10/0x10
[  546.752774][T13122]  ? __pfx_chrdev_open+0x10/0x10
[  546.757758][T13122]  do_dentry_open+0xdf3/0x1970
[  546.762533][T13122]  vfs_open+0x3b/0x340
[  546.766599][T13122]  ? path_openat+0x2ecd/0x3830
[  546.771389][T13122]  path_openat+0x2ee5/0x3830
[  546.775985][T13122]  ? arch_stack_walk+0xfc/0x150
[  546.780847][T13122]  ? __pfx_path_openat+0x10/0x10
[  546.785802][T13122]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.791888][T13122]  do_filp_open+0x1fa/0x410
[  546.796397][T13122]  ? __lock_acquire+0xab9/0xd20
[  546.801277][T13122]  ? __pfx_do_filp_open+0x10/0x10
[  546.806321][T13122]  ? _raw_spin_unlock+0x28/0x50
[  546.811175][T13122]  ? alloc_fd+0x64c/0x6c0
[  546.815512][T13122]  do_sys_openat2+0x121/0x1c0
[  546.820209][T13122]  ? __pfx_do_sys_openat2+0x10/0x10
[  546.825425][T13122]  ? exc_page_fault+0x76/0xf0
[  546.830111][T13122]  ? do_user_addr_fault+0xc8a/0x1390
[  546.835405][T13122]  __x64_sys_openat+0x138/0x170
[  546.840262][T13122]  do_syscall_64+0xfa/0x3b0
[  546.844765][T13122]  ? lockdep_hardirqs_on+0x9c/0x150
[  546.850019][T13122]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.856098][T13122]  ? clear_bhb_loop+0x60/0xb0
[  546.860787][T13122]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  546.866680][T13122] RIP: 0033:0x7f04a8ea7407
[  546.871097][T13122] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  546.890708][T13122] RSP: 002b:00007ffef4881690 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  546.899127][T13122] RAX: ffffffffffffffda RBX: 00007f04a9593880 RCX: 00007f04a8ea7407
[  546.907105][T13122] RDX: 0000000000000000 RSI: 00007ffef4882f1b RDI: ffffffffffffff9c
[  546.915084][T13122] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  546.923059][T13122] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  546.931030][T13122] R13: 00007ffef48818e0 R14: 00007f04a96fa000 R15: 000055666186d4d8
[  546.939017][T13122]  </TASK>
[  546.942393][T13122] Kernel Offset: disabled
[  546.946726][T13122] Rebooting in 86400 seconds..