last executing test programs:

1m52.911680911s ago: executing program 1 (id=5205):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
syz_io_uring_setup(0x2790, &(0x7f0000000180)={0x0, 0xc386, 0x3010, 0x2, 0x200004}, 0x0, 0x0, &(0x7f0000000000))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x30bd, 0xc000, 0x8, 0x40000185})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r2, &(0x7f0000000200)="a3", 0x1)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

1m52.803943507s ago: executing program 1 (id=5206):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x92, 0x5, 0x6, 0x4}, 0x3a, [0x8000, 0x2c95a, 0xf, 0x8, 0x80, 0x1, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x8, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x5, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0x800, 0x4, 0x4, 0x7, 0x3, 0x8, 0x4c75, 0x80000000, 0xfffffffe, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x40017, 0x0, 0x7, 0x5, 0x3e, 0x3, 0x6, 0xffff, 0x0, 0x9, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0x40c8, 0xf9, 0xe, 0x82c0, 0x6c7, 0x8, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x5, 0xea4, 0x0, 0xb94, 0x7, 0x7fff, 0x1c000, 0x3fe, 0x403, 0x200006, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x2d, 0x4e2, 0x5, 0x4, 0xb, 0x2000004, 0x9, 0x80000001, 0x9, 0x6, 0x47, 0x8200, 0x1, 0xfe000000, 0x8, 0xffffffff, 0x4, 0x4, 0x3, 0x51, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x407, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0xa2, 0x8000, 0x0, 0x5, 0xb, 0x5, 0x5, 0x5, 0x4000000, 0x1eb, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0xfffffffe, 0x3, 0x20000008, 0x4, 0x6d01, 0x2, 0x38, 0x800083, 0x200, 0x80, 0x3, 0x8000004, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x4005, 0x6, 0x8, 0xca, 0x1ff, 0x3, 0x7ff, 0xbe, 0x4, 0x7, 0xe, 0x0, 0x5, 0x1c, 0x8, 0x4, 0x8, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x2, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x9, 0x2, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x6, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xffffffd9, 0xfffff000, 0x10010000, 0x0, 0x7e, 0x9, 0x9602, 0x40007, 0xaf, 0x5, 0x6, 0x227, 0x2, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf3c, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x1, 0xb1e, 0xd7, 0x201, 0xffff3441, 0x4]}, 0x45c)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

1m51.813639199s ago: executing program 1 (id=5210):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='wchan\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f0000003740)=[{{0x0, 0x0, 0x0}, 0x132}], 0x1, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7ffd, 0x0, 0xb, 0x0, 0xfffffe0000000000, 0xfa11, 0x7fffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r3)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a40)={0x0, 0xfffffffffffffefe}, 0x1, 0x0, 0x0, 0x40d4}, 0x2402c0c5)
r5 = syz_usb_connect(0x0, 0x3f, &(0x7f0000003100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000e00)={0x84, &(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0xc0145b0e, &(0x7f0000000000))

1m48.716117384s ago: executing program 1 (id=5225):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYRES8=r1, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRES64=r1], 0x3e, 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x4)
mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x104000, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, &(0x7f00000001c0)=ANY=[@ANYRES16, @ANYRES64=r3], 0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$dvb_demux(&(0x7f0000000000), 0x0, 0x480)
preadv(r8, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/6, 0x6}], 0x1, 0x7, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x1ff}, 0x0)
mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r10 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r10, 0xc0184800, &(0x7f0000000100)={0x4, <r11=>r9})
r12 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r12, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r11})

1m45.517933055s ago: executing program 1 (id=5243):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x50, 0x1, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x1}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x201}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x20048000)
r1 = fsopen(&(0x7f0000000080)='sysfs\x00', 0x0)
fsopen(&(0x7f0000000000)='reiserfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x6)
fchdir(r2)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r3, &(0x7f0000000200)=""/50, 0x32)
getdents(r3, 0xfffffffffffffffd, 0x58)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000002500010325bd7000fcffffff110000000800030047"], 0x1c}, 0x1, 0x0, 0x0, 0x2004c0d3}, 0x200040c4)

1m45.13308153s ago: executing program 1 (id=5244):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8004, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000300)={'gretap0\x00', 0x0, 0x8000, 0x7800, 0x4, 0x5, {{0x5, 0x4, 0x1, 0x13, 0x14, 0x66, 0x0, 0x3, 0x29, 0x0, @rand_addr=0x64010102, @local}}}})
r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x104, r5, 0x5, 0x0, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fa6b3c54e96fb5a20a5b3ea8c0c83f09c5c385cb262c7587"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}], @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x1c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "0342b25086930938cc64de5e4a19142dba6d4b05f5b49469"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "46751f191ea465b7a1d17eb006fce22d8a5b362bf41dc4d2"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "c59bda937a76ee2db5b83039371142c72d3b167b6b091125"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}]]}, 0x104}, 0x1, 0x0, 0x0, 0x20004011}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000002100000008000300c1148b3efa23089f", @ANYRES32=r6, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x35)
nanosleep(0x0, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @broadcast, @broadcast, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{0x2, 0x1}, {0x16, 0x1}, {0x12}, {0x18}]}, @void, @void, @void, @void, @void, @void}, 0x32)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0xfff5, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="640100000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400200100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe80000000000000000000000000000014000400ff0200000000000000000000000000010c00028005000100000000000800074000000000d0000d8008000100ac1414000800020000000000140005", @ANYRESHEX=0x0], 0x164}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
setsockopt(0xffffffffffffffff, 0x82, 0x81, &(0x7f0000000280), 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
fsopen(0x0, 0x1)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
socket$netlink(0x10, 0x3, 0x4)

1m44.518597551s ago: executing program 32 (id=5244):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8004, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000300)={'gretap0\x00', 0x0, 0x8000, 0x7800, 0x4, 0x5, {{0x5, 0x4, 0x1, 0x13, 0x14, 0x66, 0x0, 0x3, 0x29, 0x0, @rand_addr=0x64010102, @local}}}})
r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000580)={0x104, r5, 0x5, 0x0, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "fa6b3c54e96fb5a20a5b3ea8c0c83f09c5c385cb262c7587"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @device_b}, @NL80211_ATTR_MNTR_FLAGS={0x18, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_CONTROL={0x4}]}], @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x1c, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_FCSFAIL={0x4}, @NL80211_MNTR_FLAG_PLCPFAIL={0x4}, @NL80211_MNTR_FLAG_COOK_FRAMES={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}, @NL80211_MNTR_FLAG_ACTIVE={0x4}]}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa, 0xe8, @broadcast}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "0342b25086930938cc64de5e4a19142dba6d4b05f5b49469"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_PLCPFAIL={0x4}]}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "46751f191ea465b7a1d17eb006fce22d8a5b362bf41dc4d2"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}, @NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "c59bda937a76ee2db5b83039371142c72d3b167b6b091125"}, @NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR={0xa}]]}, 0x104}, 0x1, 0x0, 0x0, 0x20004011}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000000002100000008000300c1148b3efa23089f", @ANYRES32=r6, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a0000"], 0x40}}, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x35)
nanosleep(0x0, &(0x7f00000000c0))
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@probe_response={{{}, {}, @broadcast, @broadcast, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{0x2, 0x1}, {0x16, 0x1}, {0x12}, {0x18}]}, @void, @void, @void, @void, @void, @void}, 0x32)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0xfff5, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="640100000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400200100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe80000000000000000000000000000014000400ff0200000000000000000000000000010c00028005000100000000000800074000000000d0000d8008000100ac1414000800020000000000140005", @ANYRESHEX=0x0], 0x164}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
setsockopt(0xffffffffffffffff, 0x82, 0x81, &(0x7f0000000280), 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
fsopen(0x0, 0x1)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
socket$netlink(0x10, 0x3, 0x4)

13.009843793s ago: executing program 2 (id=5653):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r0 = inotify_init()
r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000002, 0x9132, 0xffffffffffffffff, 0x9aa9b000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
memfd_secret(0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f00000002c0)={0x8f, 0x0, 0x1})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000005001000050000000500"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r5, 0x0, &(0x7f0000000480)=""/187}, 0x20)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_MMIO(r1, 0x20, &(0x7f0000000100)="64be365de974de7ab149b947a8218d12625b0c29c0496e90", 0x0, 0x18)
mremap(&(0x7f0000097000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000bff000/0x400000)=nil)
ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ce7000/0x1000)=nil, 0x1000}, 0x1})
r6 = fsopen(&(0x7f0000000000)='binder\x00', 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
fspick(r7, &(0x7f00000002c0)='.\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000200000010ac053002400001020301090224000101030000090400040103010206092105000701221e03090581a64fda353a324edbc4bd0121f4b0764308653a1381e40d1c5186536956c8b775f390ba56159bd3b4ec4cc279b665ea855b15f1572746db826697122a85844f73867ea188e8ffffffff226274947b3a61fc4d9c18f98624c0b239204129"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0})

10.785912989s ago: executing program 5 (id=5665):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={&(0x7f0000000000), 0x0, 0x0, 0x0, 0x3, r0, 0xc00000000000000}, 0x38)

10.736379127s ago: executing program 5 (id=5666):
socket(0x2b, 0x1, 0x1)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
eventfd(0x5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffff7ec]}, 0x0, 0x8)
r1 = gettid()
rt_sigtimedwait(&(0x7f0000000000)={[0xe]}, 0x0, 0x0, 0x8)
tkill(r1, 0x4)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x1, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
madvise(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x16)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040))
socket$unix(0x1, 0x1, 0x0)
socket$key(0xf, 0x3, 0x2)
socket$unix(0x1, 0x7, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640))
socket$nl_route(0x10, 0x3, 0x0)

10.557919337s ago: executing program 5 (id=5667):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
sendmmsg$unix(r1, &(0x7f0000000700)=[{{&(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000440)="a28bdbd53fa214050c08eb545a4de9aa15b36f1ff44f92764024311cde5149dec8fb0f09d4ed34cefa39fbd5583b24e871c5656fceb499e2c04637ca5b9bd1969c0d37b9ac8d4e139e79dd698a7cd9afbe266b98585c85db65a91723161f7e2f0d612b0e6a", 0x65}, {&(0x7f00000004c0)="5fbe7b882b5f3ea28615c65bf394d986acc202c10be6f2dea583e3fcca60fe79b9fab8b817e03d76d1f649906a53f0de1a50ae1e8e55049a1f7f1e0f3b75c4cd69", 0x41}, {&(0x7f00000005c0)="ade5a34e97108380b646410c655a3254238ab9d3eceb8670e0b8f301664bc0d13f9e6faf6e42694781fa2f98d21b6c8b30fc2ffe349afbb2f734524be115587d7247180d4960fdec9bb561f6b7c123060d13facfdb08c579131c6c64a7ffc13ba95cc463a2b217cafbef429039699962f700412c6a0d1cb9e91de0e919eba7128c3085c4125fd623005551d63f41deb8998ec12d0ff4f6a55dbf8a98d161f9fdc8591a4c7f5ef3a70f23eea475c3daf53608c182dfaed742013147792353bb9a959d1e781316f37228a1", 0xca}], 0x3, &(0x7f00000006c0), 0x0, 0x880}}], 0x1, 0x10)
syz_clone(0x648e7000, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f00000001c0), 0x802, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a31000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3ff0000000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200008009100000009000000010000800000000888ee9fdb45ada97dd28bc7af929edb66bbd02e523d043bf43903fe740b612ae94a6f81cfa7e67dd9de81f4b2090a7d3abf2b1e173688d0bdd34ec3498c52b611ae19f5962928950657b17f94939a5db4e94a593679397603e163050b059fd473a230df5c1d96998a784f3eac02cabdf91df238834e562e37118b26a303919243f76751f60b4a8797f6b9e9075004b4ea950185db656e94d869a4f594a778b0fb74ed4c4e5138c8fba780ce4883aeda72ec3d29a6e624d5bcf725d3a6090e9b894d48f48bed4756fe799c603c3c28e46b2285e086b9b3207d8cde57e528ce3766bbc988ed9da4767b6364ab8d741d27b43f7787e1fd9c"], 0x138)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x22}], 0x1, 0x74, 0x0, 0x0)
ioctl$XFS_IOC_FSBULKSTAT(r3, 0xc0205865, &(0x7f00000004c0)={0x0, 0x1, &(0x7f00000006c0), &(0x7f00000003c0)})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x2000000007ffc, 0xe, 0x4, 0x4, 0xa, 0x1000, 0xd35, 0x0, 0x7ffffeffffffb, 0x5, 0x8000000000000001, 0x1, 0xfffffffffffffffd, 0x9, 0x0, 0xbde], 0x2, 0x3c4210})
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000047}, 0x24000010)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r4, 0x4020aed2, &(0x7f0000000780)={0x2000, 0x11000})
syz_emit_ethernet(0x42, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2"], 0x0)
r6 = syz_usb_connect_ath9k(0x3, 0x71, &(0x7f0000000540)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x0, [{{0x9, 0x2, 0xfffffffffffffe57}}]}}, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="94010000100001002bbd700000000000fe8000000000000000000000000000bb000000000000000000000000000000004e2300014e2200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc000000000000000000000000000001000004d532000000fc010000000000000000000000000001feffffffffffffff0000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff0000000000000000000000000000000000000000000000000008400000000000000000000000000006000000000000000010000000000000000000000000000007350000020004007d00000000000000580002006362632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000e0fad3f10cd3a506627800000000074f4c001400686d616328736861323536290000000000000000000000000000000000000000000000000000000000000002000000000000000000000040000000631326d51bba625f7d3b5d1ba5e79409013d3dd305aa75c12513b16a201ca0ad974c210522ecc9390a6bf0e1d2143c12c11b5c00"/383], 0x194}}, 0x4050)
ioctl$XFS_IOC_START_COMMIT(r7, 0x80585882, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f0000000740)={0x2, {0x2, 0x1, 0x5, 0xffff, 0x9, 0x2}})
ioctl$LOOP_SET_STATUS(r8, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x9, 0x9, 0x19, 0x5, "cc7d45a830efb0d768d9ebf448ed12827187fff9e30891461936f6c9443071699b6cc1d4930d977bfb9ee244edf316283c1a3a8ebc23bb56fefdd1c5654ceb2d", "1882d2ec7eba2ea433ba8d94b01659b5398b86944d235d40735c592ec6fca9b0", [0x5, 0x80000000]})
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f00000006c0)={0x2, 'veth1_to_bridge\x00', {0x2}, 0x5})
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="08e1004e"])
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
ioctl$HIDIOCGPHYS(r9, 0x80404812, &(0x7f00000000c0))

10.282448716s ago: executing program 2 (id=5672):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='wchan\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f0000003740)=[{{0x0, 0x0, 0x0}, 0x132}], 0x1, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7ffd, 0x0, 0xb, 0x0, 0xfffffe0000000000, 0xfa11, 0x7fffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a40)={0x0, 0xfffffffffffffefe}, 0x1, 0x0, 0x0, 0x40d4}, 0x2402c0c5)
syz_usb_connect(0x0, 0x3f, &(0x7f0000003100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0e, &(0x7f0000000000))

8.786305979s ago: executing program 5 (id=5679):
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100))
connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x0, 0x7, 0xfa11, 0x1}, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000004340), 0x2, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x4001, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x400d5}, 0x240400c0)
r5 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05640, &(0x7f0000000280)={0x6, @pix={0x8, 0x9d0, 0x38416761, 0x5, 0x3, 0x9, 0x1, 0x7, 0x1, 0x8, 0x2, 0x5}})
socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0xfffffff8, 0x0, 0x0, 0x5a, 0x0, &(0x7f0000000500)="2ca60700cdbb4beb400730fca1dcf9caa1fb4ae1f6e61f1040d351e35c9499eacd423d6351314809b215b0415d69f4c66893772f325d679fbf017742287f319658b582d93e5e95557f7e3bfebbe12a511cdea982000000000000"})
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000039c0), 0x0, 0x0)
ioctl$TIOCGSOFTCAR(r7, 0x541a, &(0x7f0000005480))
pwritev(r6, &(0x7f0000000600)=[{&(0x7f0000000240)="02000000", 0x4}, {&(0x7f0000000280)="f697079a161cfb7702311e629acda76933ddd0c24174eb4d4d28f9", 0x1b}, {&(0x7f0000000780)="527302587e0a4e47ad23efd7abd1f41a89b12677d3fd0c46d23de59d6373581f5408b396f366bbcf6daa7372dcda7c09a7bccddf6afeb75ca9a34570bdf7be6aab9452f2c16e08b0c5e587edec679db0ced3cc071f5a7ab74b5ae2dfb425d0cfce52acca3b6525fca266d39291164b39d691ccd4a1edd64f66e75cfdca2e25d525137d213b825ea8646f8148eca6a2d561a1dec87ad1d3e7b4e75cfa65375b94b041e16118ed0a3acfc872a6a9af74f079ed53f913175814788437eb7457ae1209934f6d254c47a3abbd27e01c16b23a7749e7afcbdb6986c959d119d7a557b6957d52f1bdc0c79038d11e97fe64693324fdc9a3e25ac997f2d861851bd52ba4942833cc9ab04f66ddd52dfe5b0b86be0df4ee0e3540fe71f33d5edd28d203b5d48b21209576a266ff1bd40d24b7b536bfe40c46aea6b4770a858f0c7890e720d1a5b726a926c80e0392239b500c89884cf324193e3765e94fe06a7f3bdd5bbe319043f7909f005b8dd1e27ac0b80f4d49d6230e334dfbd910c759c1b3e4e5a5088941603d6a01890ec363ca802d31156c092ead993a66331e4cfb6197969b3d9889e4647198a3ced295685d8eae23ada20c6c6841e9e4369c6b378b496dc0757219e94bcf754a5a9f3e4eb9aada0aaaaa67bb0352af622beb6e1dbb6bf432939de56b1716e9125c6ad2dc6bd2fe0d656fdd8a7ff423e2b0df17153787873a6384c5c0c0e25e4583", 0x208}], 0x3, 0x10000, 0x4)

7.063213259s ago: executing program 2 (id=5682):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x2, 0x3, 0x4, 0x3}, 0xb, 0x0, 0xd, 0x2, 0x2, 0x1a, 0xe, 0x8, 0x0, 0x7, {0x81, 0x5, 0x5, 0x5, 0x5}}}}]}, 0x78}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b0f, &(0x7f0000000040)={'wlan1\x00', @random="0100"})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x4a82, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r7, 0x3ba0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r10 = dup(r9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r10, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

6.531401386s ago: executing program 4 (id=5686):
r0 = fsopen(&(0x7f00000003c0)='befs\x00', 0x1)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000400)='uid', &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @last={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)

6.396480737s ago: executing program 4 (id=5688):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4207, r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000040)={0x9, {0xf8001004, 0x9, 0x6, 0x80b}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_ENUMOUTPUT(r1, 0xc0485630, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=@newlink={0x50, 0x10, 0x403, 0x2, 0x0, {0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2da8}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
link(&(0x7f0000000140)='.\x00', &(0x7f0000000180)='./file0\x00')
r5 = fsopen(&(0x7f0000000000)='hfsplus\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='+\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]})
ioctl$PPPIOCSPASS(r7, 0x40107447, &(0x7f0000000240)={0x6, &(0x7f0000000200)=[{0x9, 0x5, 0x2, 0x7fff}, {0x8, 0x3, 0x77, 0x5}, {0x0, 0x8, 0x21, 0xfffffff8}, {0x8, 0x1}, {0x8, 0x0, 0x40, 0x4}, {0xf000, 0x6, 0x3, 0x8}]})
pivot_root(0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x7c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x38, 0x12, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1000}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0xfffffff3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0xfffffffffffff5dc}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x5, 0x84}}}, 0xc4}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)
ptrace(0x10, r0)
ptrace$peeksig(0x4212, r0, &(0x7f0000000140)={0x0, 0x0, 0x4}, &(0x7f0000001500))
r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r8, 0x40045612, &(0x7f0000000080))

5.974055727s ago: executing program 2 (id=5691):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x181202, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x1803)
socket(0x80000000000000a, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480))
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
epoll_create1(0x80000)
socket$nl_audit(0x10, 0x3, 0x9)
syz_open_dev$usbfs(&(0x7f0000000080), 0x40000f, 0x8041)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffee6}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r3 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0xaf2e, 0xc000, 0x3, 0xcb, 0x0, r2})
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}, {0x0}], 0x2)
io_uring_enter(r3, 0x2219, 0xcf74, 0x16, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
pipe2(&(0x7f0000000000), 0x80000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

5.465084836s ago: executing program 4 (id=5692):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='wchan\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f0000003740)=[{{0x0, 0x0, 0x0}, 0x132}], 0x1, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7ffd, 0x0, 0xb, 0x0, 0xfffffe0000000000, 0xfa11, 0x7fffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a40)={0x0, 0xfffffffffffffefe}, 0x1, 0x0, 0x0, 0x40d4}, 0x2402c0c5)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000e00)={0x84, &(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0e, &(0x7f0000000000))

4.581173827s ago: executing program 2 (id=5694):
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000000000010711e0920000000000001090224000100000000090400090103000100092105000001220500090581030002"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x3, 0x10000)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000002e00)={0xffffffff, 0xcda, {}, {<r2=>0x0}, 0xce0, 0x8000000000000000})
statx(0xffffffffffffff9c, &(0x7f0000002e40)='./file0\x00', 0x4000, 0x10, &(0x7f0000002e80)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
statx(0xffffffffffffff9c, &(0x7f0000002f80)='./file0\x00', 0x1000, 0x40, &(0x7f0000002fc0)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
stat(&(0x7f00000030c0)='./file0\x00', &(0x7f0000003100)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
fstat(r1, &(0x7f0000003180)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000003200)='./file0\x00', &(0x7f0000003240)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x6900)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000032c0)={0x0, <r8=>0x0}, &(0x7f0000003300)=0xc)
stat(&(0x7f0000003340)='./file0\x00', &(0x7f0000003380)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r10, &(0x7f0000000100)={0x2020, 0x0, <r11=>0x0, <r12=>0x0}, 0x2020)
write$FUSE_INIT(r10, &(0x7f0000002140)={0x50, 0x0, r11, {0x7, 0x27, 0x0, 0x14a4014, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}}, 0x50)
read$FUSE(r10, &(0x7f000000b040)={0x2020, 0x0, <r13=>0x0, 0x0, <r14=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r10, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r13}, 0x10)
syz_fuse_handle_req(r10, &(0x7f0000006c40)="d9cf539302536e60479ecaf012fd80816e33b5b31bc2e76fab1942b8070f75572b73aae90d9691199a2c031ed82d5637429305aeee2bc5bcb51b1872ddef1f0a8ef7e036ef2c0b8bdb9b4b3901128b0d2e130339d5ecea75dae21754f1d50b4f93c6481461efefeef29e393063fafbfa50ac36fe24cd3d9639d72ba0d8fe1f2022daf7e59aa29351e58730c3c2ab6f4747f66bf51373ad60c5ac3f69c224c42dee0c5c0a9a82f127e9915e179b4e3d4ef06b1f1cb080272c668c71ebe84cd18a2e3918c83266fb7a9541dcb2de49ae6c8699a2e3ed8e92512e29b36dabd5e6af75f5d555fa5aa59c158d91aee3b7b4f1d8d2614c98bdff334794b7a8e8ba94671847aa2a960c2eb98b98407b5663fec26d55970191bf982fee18c51de602dc4362e4536bdceb038addad7316310f8a85056236ccecde4755f8fa4ee2f488642958f3a82d5a2a22f04bab00c28c1c5c3b7ed5715e6854463663188be847ace2adae30d52e4380d5e3be64604b4e0574de1dbcde1dad9deaa8fedda026d0cf1cccb2fa47ea1eaba99bbeef129958a73469a7e5fe455989089a82a503213a48c831c0cd807e0a9a88115e338f97ec9616bd4051cac36c835305ffe4891198d3adcdd034a64a5c6977cb6fc2a536bedbe713184ed7759df08fcfdeeabaab45c62b726c2ff48f0d72f1f58eb27aec7ec5cc118e62846408d81f93fc93f7675bc186911bec5135dc3dccac802fd4f8e92cddf9a7a2b3aaf79fd3fc1363bca244df9ac86c4077e768ae358dce823092ea460d6cd15136808061a1c8f83b18834d6f97c5e29bde4cb524e059dfdb86debc137dc702d3a78fde733b17a1934267c003f6360ad16873b1d7b48dd52d089de5c72e50e163e4f1f12aef80fd011c675ac35d9f52c7a6ebb43eb784d502fc785327065e5fb7a83515e3675eb6d762ef8977b1c260881bed726414e435cedf0534c555f745c306566af41063f37687816df8e5aa8489662bb35b7246a43914ed0c94cefd7a0633cb189a00b0a29b627d34defb09ed10337118304175570fad7d56b50d7269d7240703bad2b7a1cd1b3c1043f2bb1deb6d1fe6f90009255baa93b6981076fc3b0801b5036a3238f21abd44bbb60b33c06be510f21a693def159aecf34c21610f246576fbff63b681efdb68d1f58262a7a731db25fdb6558aeafc3b0161709744e77709b55727ed97836f99517a960fadfe3e9c0c2cc6afe20f99cabfc6648ba1d2fa324a06a2a59a4aefa0c20a903435cfc1dcf4b4cd2e71184e77e4496202889492c9fb93af7f24e4f000b8515e5208e4036038d4b30ab799ee0ce5b33098d2e78441b89a78fdc0b627b2167303281af24ad63fd7cec854c1d687e2d7036762a613c99d047023445fe5bc286080f8c1f15176c235bea0b434bb256947a3eeec558cfb21cac41b5b30e7c51fe7ce40ea552ea28bcb31ea316508d22701320ce8afd9a339ffffeeaf6d43676365e0aba386646b2ccfdaf4de28d9992ccfce5a0a3608d5a0c2f954f79b5b601765b850569f31d867f08e15316d6ea035e284e5e70bb009fbb8fa494df145bdc1927d5ce979c4b4d561d756c18f6c9b774b2238c257f6de700940296b855378648732a503883ba868d7d425d62d3535ad2fdce16bb64f227dbcad0846f465bd0ea92bfee1d549b6aa54728b0603a1047e805332fa98c3779b4f76464d1e5af2031bbd020045985bf64670a5065e9ceee06754670d0ce375c5c0d4d0e5bb1b9ae58229cb0d4e5b528022d9721fbcb30cc287c037a1f70635de20ec9502a4bd32d72ba82c0ad9c7f010050092fa6065ad1b172c914740c023b2efbea772b2d200b8d285bc73146335157fa339039c79d73561dfe7de6e9efe6bdd7175575c5db79435bdde8d7c4e39171519080175f2106e8acf90755ea2ecaa1e915c316d7eb193f0ff6f5206f2aa0904de56f4e0a8dece388fb864ea2ec81f089aca717fd42851837ee2a3a768e8f8da46303f057246c586e941c969ff36a8cc8e5615b295072a309183899c917420341137f3432f661e7e416fe559deff0dd1420a0e759cf37e148f01303934d0a362ff5855e6e919b867a75ed4fb78e26198eb0af0f5ff5ef9709b8a37cfe8d72a92ee45e8333300e34884b25fa01856e530a1fd5710bd6b5e21d9c81ca4583f09922aa42ff1b0a3e607c47a138e1a808b8802c14821127b201f4047849216fffa81b812694839b4d7bc39e86387dd003985a3e899e858a237b55aa1d830e561342a7e26aa1281c7fe3824a93419786f04db307439e93a12f83ccbb9e6a4002eb7dc09c2c13940a6b3c6fde81f2ca92ca909f38dc337480b44aee3333ec9555b97f9fd78f34a1800f720dd8919ac7d08abf12e3ecc9b668aac7ed73fe0fb41662636e2bfc38353cae9af15788f39a58d2d1b7e5e293900f1f99bdb2ae9aa0db461e52804997b10143ea04d51592617a5d9e48b6bdea95f4ea1eb0cabe710a4e1ba36bec237262aad8ed652074086f26693d79b353a4df041aa0f466687a957c2ab58bca701f9143cecb153d460df1bf38e7fd878c38ae4b3bfa309c5c0ace910c6fc2e0820e510f3e375864d536707dbbfcf519dce84e31f3601874736bed95e2313f8c2a44cf51b2af8ecfb99df65c38121bf81ca684559f3a7652e82fc0a8875046e2ad59e96562924ce13f9a6c7b31d76847c74943af978388270fc8261beac4d43f6293d0f7d6d2496c2a1ddc7c139086f55d45102ad36b4fe6a0667e5951dc5fa2fb3beacd5157c0e4c9d82e7ec85b892132d4235e6bae91f687f81e3af910c71723fd117cf2988543f1518722dbdfbb09a836ea36297bc83f1f9c10f107f1f15cb7050f025d48b2dd615e6474cad498cd374cd2d55dd1f5adba3d2fb129aa50f8f7869b30fc0eb7f2cbf66a86594ed63ca1d9dec93507bb3840d95afbf568ed82e5faca49d1a6702dec0388f4ba9b2061ffe1f430a637fffbd1d3b3f316dae1439d00185c667bbb3e6e74f15bf8fc51150d362b8533c03c009a0f11e6e55acc5ef727b0b2b60b72178bd9d7c961078c5b64ce81ab6756a6b53a50fa6c234d588edc5ae4811b5b220e6f8da839b444f35dcdf82e04732c8c56ef2863efcebb72f1a67561801e55a5e33847ed7e9714e393319eed1a412e035f4f19eb09fc98f7a544d6ee8e8acb7d13e9428ae8cb9849935aa87dd5c7e0dbb92086b730927ba74a4e49b6e9b8274459c9d77caba02ad5de167d7db9da3abcb0dd1574d6e838f094f57c7971704f398e914495f292e180438c8785bacaa9b1668d6cd1b094bbcf1fc452db12b349dcd0cab243a88a4e1f9b7d8bffa46882712eaef641a498168743e4529ccd1e1b68640440fa2d30909e34e87c1432fd6ad223b8f3f12c0184b6d1249e79ea40590d721e8bce5adee2e24897a572ecacf6a7ce124a7ae43923e80e59b5ddbfd2bfbb8bebbadea669186735772a8cd7f123cf957a5d138a6ae3d12da28d59d0a3f1fc35f4d574ac01dab38f982adaf0ba84a89e02f8f064deddf790fd2af44fac9e1f42e9bb951ce154d0befe8876761212f28cec1f6e75ad9fc7bc373b9044a8014d05d70d02cad12960f48f5e749a45081df4c04820de87ffcdd10a013adf019b1f86890b944d32616a336928cae5200245b186bf8f9f1359f8b4309e0488435fedb2b8048fad805fb56756be89049e7b78ec6ceba35baa8b9ad6a08c8e4cfd1b5fd28d136b1c7930d3be80b737eaaf13b91291340223c7918985bb83ad0031b55dae2a138a4a6ad7b158ab0367bef20b914e5b7987b3b3bc75c84351ef44931d1493d1ab4f357f5995e7f05df673f7c2bb9d5fafadf5814a6c04359f76f343bc623e1a7ba91c86cbf8de53ce129d90e002864506cc69f6de39bab758dd910c2c9c3477dac2617c5b396c5f7ec66b9653434993e417b86a49e3bd19d31981d13411520a844912ba90fd85a45530137124583c2e3afcd186541b0779e0de82fffaeb463cadc6c7e36b930f6ff71b8bfd14ea6e90741590d62a16af0a57a755b0ad262ef401984b276cfd436cbe63cc692f091e396f451219379a03b11d98412bd2d542c3d98753767059a1441e366877a9cc3cf7f1ea434579c5d93b0a38a839d8a25a673726950557d5060d413e77a9f31beb0afbd42ef639f785bb86261af8cedc6bf09f2211f1d347e354330647c7044bb38a134fd74bf69d7a3a8d2b148f5036bfee49ccee861f7f547049d2745e25d01b320b97aa913d9d2d7cddb862e69e62211203619b4ce916c1502a458a87a3fabe8ee2cefb95646993122d3ea92b51df3ef4729a80c0c17f6ad796bb0ab5a0d99baf2e0eb4068bbe9012fe25e4056d6a5d01a2e6febc39d3b33254e19917a898ee4f3d0295a5dafc802a5436c81a1c57d42a258106e5b6e9053770ddc968a32a023e628735eaef19247f0d030bcda624d02b4c2a163b8a3c295235a7ed4939c7958ae4b80f53444163a28eed37f3972055388c4f2cb4bfad3ef205ef58ba7f8a2919e6c649ff0e0c159411c981c797a5c3ef9aa9647ebba14e34348ab49661bb394793facc9d9cb9e87fe27ff36326d6c8d6e53fc9182fb51e316277ca284872d7f3e07d94701f952ad81d4a0429bbc3fa3ebc46028242963820d48caa6e87ecbd9a99b72547c2b15a233f6ed8a7ac37cc69ce183e452b4c59f118a1267bd6ef2edea2681bcb2cc5a4fa5e8a0eb717dee407583a857fff6a125e358bc6c407f3af53de0cddcce5e49b0c1fe5edb5b3dd00c9019e8ef0df374c0ef0bfcd1b5d55fbb841ddeb40c973f2e84102af0d8a053486877531d6d874cd89bf10743025d2531b181da06a5691a61a30b897e82480043341bc9b7ae643a16ace0aea4cee05c0c95e1d1546cb5ea786a95baff5d0ae8e3aa231fdb6ec5168d3f7ee22b0d0b5ef3334acc29c18bf625bdc85a6876ba47f12def7614cf74dfe06a64af7ad3f53decab1388532ddf8e0286a1aa1a2da92da0f2a8572ec5515a27c1694f4073596def602eb4c3c79c841ce46ff75693ae3dd5cccbbb8f89fb6059d398735ece36fb1efa9a56434e2a576d71c2d3086a296dd78ab80fe3b4a7135feccc2e824972300efaef2dbc31d2cd6e016987265362905b2c56959b6e3b734c5419a7d81a0626bf3880d33e35a7259793da9eb1eea9c4a6e52c2aeacb0244b99934bb84fd725b452953b7bcd956887cbbf9315e1aa72e3f5f206d9ea4e09c40afbc9d0307112cf4145e7527667767e05918614f6a4b22fe65a5502dc2fd086285472c4431fe2ecf0b1e81cdcc010d065d703bbc8e5b0d12b5d5ae85cc832119803b9cee05f013f63caee4aa58e6ae07ce3ee3e8edd849c5b09eded34e00cfaf617b2c5213cf3acc0d5647470f87ab9c435a85c9bad098669af676a07edc80c8648fb85e724643b7147895955a27825e80d3cfa5cc3bc36a71f72bd83f9f0d6e94ee65578f97a8acde640010dc075595348d0ec93f88161cd35a1752e59554dbb6cb0f70a41e3c3af69eab11c684dea74342a3229c96ccc2a0bc6425f2fb463721a6415b20e096afcc66e9ddb72652eaa239202d02ebb3d0c9d2abb7b37a7c6cd4776672dd559d6b202dfd3bfcee905d3f0d98f841d71ebc0efd4d831ada3857ec56e91725c907a61c435a5cc4022b8c72af3705e5854796465f3bef5519d9a8f865b43d1ab38dbe9490dc53eee7e5c42509ba1e36053448110665930f93fc5be77de3b1c849e5dfa782f24b8938783a441b7b895dfcb3e5ef2c31b60c2614ea1a258593d418c3ccb06620372b74023d90bff82e18b93871a78b8c64093a07edc22f4da29b09286f7efa4b59b8cea2940f3f099201bd379b543693c561372e17ff83cd8223ac78764a871edfef6ab1394aae22a21ee2f40805b22e340d27ddb140b6a1725898b5c75df700b2504a69b8f9f5aeab858db82167db4a9e85cb863fb7d0bc69a032f9adc0f68fdc8981e87dd55c9db9d56eb0c9c1b5c96c77703ae477e6e6b2fe6796563de13b832b4072cb318a07d7c0ea6fecd3472e265f09bbc5c12e34347841ca70eafe1b1446de9594a229c4cfe548f2ecdf012f80338b279480c20dc12f63fa49a6872dcb0b7673567349cd4dfdea474b84f8afb548919bfe81715fad878bcbbe0471fafeb7192d715b55e213eee22b79a15fecedbb4d8e82792caefd1f2cb0751f8b35e54bb841d62ba6173a7be5cfd80d5dcd9959887d03103b921c623b8945f19c7ea24c0cd37171844d8852bc12126dc0279dbb6f3215c9020c94e9629908819a47895c8f855e840f5c6dad1c0326be89d03f525eb9fea75f4c3e422e39968667ec27a5db61baccc69afbf2b64fcc08d7487471de5c9f48e4cc41d811a9a7686cc790f055187d271b098349cb293713a2072e7e7177947272e528b857993c53bc24e64db1f35dffe25b361f2b11944395b6cf8fc34a6a0b089ca12483b4131add3d2b6fc4e966a218ba4e994d200846f40a48a643cd5fac5c60f3160591648edf5574b7731e0daeb8774532ce22121d40614f1791c225d70f93fcc77ba1c0097db3dad4a011b38b334ae5035374c27b851f4578481329540e58e08361c4775b00a856d2d2c2c21e8bc5ef181521787123528ac960f7ed97f61822a01688c3798df85311bdacc2d5c231254e22d340940dff51c3637c478dd1b1f877d58b81200ae2890df5f2c83eb0f14dfb7ac98ecc192d4d5ed4f2603e9a48bea86b2c995427b737de2218a74d6b87eb24cc1aaf5a96a1d4b7ce065834c88d621bfe92872f13555778e72a7189211e6bb5707901189d5aaab1d3f0aa2ebb4cfb6919d9d28ad272405077401fc7a9c17110d44c76c8e449b59ca9a9604d89cbb9b52fa45de981773688180ffee9b33420dd85f164abbd05b47d7339e03be2ecef86fd3f0c113955a72ead25644f9bde7945ba6880c238fee666fc35927699f57a48fd9c1b4aa8502abbec9e8672225b55cacbac486f0bb6f0e86dd044337e384d7be4d325ea6c210aa4f6d25243790a0604cc8f2a23657ab3a0a04025ef83bf5051ff97f2ccc9f34b09053aa8eea50c2ddd47ae99deeea33b118af80204d0cc548984c0bb2a4abc7a5a314563e58c229b7abb7e995a7bc473a71138e1aa59ff704dbdd59c4aa21ffd643c2c8b6791363b7e1f255110ff53a7b531e6d1d0d65f619aef06ff6904c40085128ebd70c8b73fb2b8e5e2aad347e41fad16890394eb9a83b97cb5e29074390ab427d07b560d1584df67b7fff0aff6a800ad8171cfdbec7777c24520d0a4526671d038c396190c1b989183a2c708e46a7818316ceb3d03fcf9cd835eff646dab4f62d8ab31e78ec76806e20f54f0f76e894c4ae3d315715b5c2f3b28c47f6e64067a7efcabc46b1c9df6f1654bbc399b671caa62d676d182a58c99a7d6404e54b254cc593968c3a4c5c11277eb0e6c931c2e8fb64686908ea1be0a998745760dd44d178ecac0e569aafd31de7dd585db511fdd5afdaec3b1037ef72752cfd63053d30da3dc7e4e9320fe69aa49f3e361e184ba5c1989ae100aa0465bf288609da8fa2481c2245bdc637dd318965223d47773cc57b98660aade523a0a610b2607375564f48b7f0f669d68d64c84652b08110c5b9908b92814176696cb544728ddd27237a38f3b915cf078dbe37b7a5526571cfff30f928325f46a1c561407585bab97dfdb2e5c4ed8496f9567a7b5011754afb06176ea9cbe6cc5ef64878b79107d8836fe17f3f2f74dc0dbf82d79fce19de7b661e99b4a685ca9072abaf2eae7c1cb6b45414fbb8beb264ed1a6bda64a8944ca654eb4b1c140e10bbbc816ca5832a3a1b1129c515c3aea2e154f782de3de188096c7173bca3dd0e79e00877a7cada463566403b38f402da25da10670767179c291632ccf4d2a13cb339d95fce89c897260694767f5bfa37f34ff2e9aeb95abfff44e16ade09c1ea81ed510ac551adb58597a54011b2978acb6ced4b2373f19ffbdf4fccdcd3c3ab2786b81c968349c74edd0433748396877961ffcfd5ac4a4420d03f1d58163f0e1dfa77bff68b4148dc7ab4f443b0bd714ef9df8270672359b73c6c8df0754fe5226dbe1c0b53e242a076e8c6f7c2624c4e0147d337abdfff906da036b6aba92e1ab9d80df6db2d6aa4c7bf5b6e3f9df4bcf329e5d62fff2385683444cb5586e844e361468f5ad61f0fb4cdc7b19c823f060acbf8453a57c8674c684f7ad8b7512f394bddd345e5c152c5a3233d8c12e35335a3922e19858063acc3586591bd9d5789ef05a22ca3dd2fcfa27d0950f3d8ab742092919172b3fb9e6fad509b4c93d0679753c6e38ad39c9b5348058decdfd25f45bebfd75f73555073d06059a219ffe85a405050b4dbddb3c428fedcba6e4fc6b4fe2abedeff98e777e5441e87fc4691e8099a654e82605315ecd39ff37087831cb4f77db816c464e0bfa238d45e176fac4ff5e5bd72927f3d62f7d702a4ad68b07e9d1c29abe33c097a086e2bcef18283c5b05ecf4a289416b605ce295755c25f2a6368ab1cab9dffe1bab4d153660d78bfa08fadece67b2d11c9525eed52c03372bbca45ec366e6e99ae7deb78878eb25d002dcdb7a9e68b97c446d666e406c919f7b1b14befec7a59a9082c859f0254420e4ad039e478a88c171806aab7c36443ae36795a220b0abe911771bf953cd0c625bbcb8dc5255375610f3e3de8c7fa7591a86b94300e1f0febd29c56cfdac6ed799a2d84d9959bacc46323c7e4104f51b767fcedf20080c90ba0197d9819268377f34604f63d5de7414e468b4c397b96b2e5153dc741bdf3e6957a755de88de20695234dae69b5027239c3afbaf4aacfc3f775a951e23c0a36cb723a2b65855701e6e37878e77f7dfd9ef59530e1425971fa92f02a57a16edc44cc4751dd7255b5a4b17797509243926826205d358fe916d3d9652952f92d971937715b10dc3ed69e1cf6531f25565c00ba3979cf51e9f8e01d5e154a1d42336d64e110bc04cff5151c66139f47d88936fcd988c8e83a720d6e559218cd63d19df05b8e2909e3ae8455791effc2cc4b135677ba513526007d7432da2d64ce5e18606d6734a5cdbb7779ce69e3314c9bfec5ef9c637cf5070f1a8121acfdf14e82008b41d315e18e5b451cbd948d9a29ff78c4e1c8bbb814eaa7419365daae728dd226f2e39d327a4dc8b1d91a99b381c3755cc493974dc95608889e224a155c1443c3880544fb2078d3536d161b2ae6f129b200e053b005d0d67c5fe0dcb39c859b3c3728eadcceb07d0343304484fecfb553ca6e8279d37dbb75dc7810348c76c63d8ff98585ded4467bd456b5f104a9bde4ea0b8f795b004a00325c993dc487dfbbbbfd950248c82a35f22c0023006cb4cab37fe668289031b8041370f28d6a9a52e6f17898ca2fea54c0cf2a96b6308b431bc19bb5bdf4608be77d89714a369bde067cae3543ce252e1965c52905248f5464304ead7f7cc359aad43cda54b88454f1f0b57b3fd738ff09ca390509452cb84ea616c427f7a56727b8432ea19baf0df1c29ed173d0786c66e6db3bbdb0cbcaeeed592eeae5e208cfe82a75961e2a35279b8100d7e6dae21e39cf1e887fdc37d3d7670c632d66c563eddf26caf06ec1db3763dba35be5dcb9add81e01e300e775b2bfadc1e3fe445501342b1a7935133c5840891f06bb69ef817a826e401671322ac9498d547d986e1050fcbc76d3e94a7f6281503e78b2e7a1da86dcba1d00ad0e5706fcebc8549da39adc67dcb4069835d5ac1cea07c9089657136ab38ae79866ea9f6ca39503a7c9ecb1affda1d663f7f07253daeab39b1cd3d582046005ad5866a725612c4a6836a7f8866a15a01068f033b28bd2d6f8f2bcc61141921d1dda2b2778ae3cdb17d73e1aa30990bad15899b5487d70b466fa849e31f813696f36e89f4ef8134299cba529541e1e330f94ab149654a44bebf134b6745c0db6989490980ff2680c9f0c2b1d90890b2e0ae9c8e567a83a1469e178091643b5508a86ef78b64a9d7932845c4aabe409f3cb02f529fb9aa5c76eeec4c5fe9fc609b6c39619ef178f598c39a6c696a213ae868725f9c250a7dabe793b47edd638e4c9ae3f786236bac8a3b465671c67e6543997eb15c779ef0b94d228999c2d207e751aafa919c86fd43128cad38a20e11ae12dfcb963b32f795a5dbae16b6dd29be1e3614b82addb2d10344a986d61c02c03426aaf7f5fa72e767859b8654b24c92ff6d128c3e433e6ea69f54a20aba4790e9672e54762f30daa326de44b2e5cac7c7d1e47a9b9096831e06bcec4cdd619e60d7c3c6d74162ca85ee4ba5dd36282635e322a8169be5f1028db897ef8a0ffa74e1fd06f48f171d6c8113452cd4159d421bdf0ed0d1f51dcbd001994c551b713195863592eb6f4601db009fb67bef8e11431d00fdd9365bf99645ad428c4fda537d46df0ca099d935b482f4672e9e775fd83991729260bc89d9006385ca8041c3d79d2c4580364767bd2775a1d4f6c06e945ad09b5be341cc90d4312d1306cc6c5a3beafd5325f65bbab2923a0a22335aa677a1de15b8d89bb4a67683f472d1b5474b189fb50c2defacb17427a726d2a6a59679b37a434c21144c1851951ccfef5a2ee12cbad4c7d418d6ffdbb934ceff935df88dc769ad786f41dd1fd04b0946cff7222947ca47505c5fdc334d383624cb4919d89ce8e5350577b14738382fb6381f4b66430a751dceeecdb1105ced9d275987eac14094904d2b43de37822a26dd6f67e6dc1764c514b4211a83eb0edfbb8a75b6c7150c015470428199abe9d9c38d834b4197f66e45fd8b6e1ef6d8235cfe46068c698a9ce68d8a85190e4d14ee2eb31513d8ffd3096b659fdad228b0bb6302d61c135e8c2b67e5b54111a7f0c033137af8d2d12d19f0bd2e8daf7306cdf82d63f3ebe890c7241db474f38aa6ba429dab5cc0a06c4f3384d912410cb4acce6e834c3f4874461d78f38deac05058010d17a333916fabae0feb597c6e7aeaeccb672afee7538250780eec6746aecb2a992a845c0f882785f7bb488e69405b8721ffdc18cd8cfae235f8350e6c5ccfc23e134a834f6bd08ccb6493ca379cc8c55e8ea4b2b1147171f987f8a14654cb7ccfb71b9be4bb6e91dd29a9fe4afb0b580bf77c60356b810100ff7c214ce5a38162b619929bfa4cf94e79aac0e0cdfb6ca31e30339a8426dced157d186bb92063f2d51da9d60baf2cb95e9ab65068f3fdff840a30a3cfd5a2b8bbba4b04be36f1f6ee4663143a8ccb1e60a5cf23ea0dc131edb153cb6873c632497d6703f04dac05cefccc219c12bc8b4c53eb5263df4bb52f0b18497a6db3b84e5a5404e452d913efba93a7059bbbbe4de94e5855ab289d69fbe5002143dcdb23f126e9c8b5d4e91e8c2059a106158a833020c2ed256c08aee35df8c32f9e09ec2d1a43b18c7427d70b0907793e6e0add1f07b411f24875b85797a564b7e8dd608163ba91cba9f219636c87c9ea714cb2bcc7a1d9b2c40a9621c81454fc4cb0ad74b34519f32e8152c1c4b192cb5e344e37b246172ebc5afe9ffec7a171fe4087b1d9", 0x2000, &(0x7f0000004f40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000004980)={0x90, 0x0, 0x4, {0x1, 0x100000000002, 0x7, 0x1ff, 0x800, 0x8, {0x5, 0x3, 0x10001, 0x3ffffffffffffff, 0x7b7, 0x2, 0xf2a1, 0x0, 0x4, 0x2000, 0x3, r12, r14, 0xffffffff, 0x5}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r15 = geteuid()
statx(0xffffffffffffff9c, &(0x7f0000003400)='./file0\x00', 0x6000, 0x4, &(0x7f0000003440)={0x0, 0x0, 0x0, 0x0, 0x0, <r16=>0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000003940)='./file0\x00', &(0x7f0000003980)={0x0, 0x0, 0x0, 0x0, 0x0, <r17=>0x0}, 0x800)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000003540)={{{@in=@initdev, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r18=>0x0}}, {{@in=@initdev}, 0x0, @in=@private}}, &(0x7f00000028c0)=0xfffffffffffffeda)
r19 = getegid()
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000740)="5c6e5582dde5af6b1c42b4ce36b452feceba092d581185b8b8dc14564f3187df51897693b1298b6010569a468924c7114fd94db8408c9b65d4014b5c5b84d16b11283625b4783d53467726dd8cbfe549958abe8acc08a508580944fed5f7a0030ee14080f40fd62d6734660200287068f8c9a726e040f431acb7a1f5b3f20c6cc39c055bb38ad7e0cdd44c35ad6ff6646f27b4fdcc019538a9db667849297707cd2a5d492c4300e4637d136f0737135894450fdb817901e31dc8d8341febef1f8e1971663e603b9c1ac94e5fb13aba487bc84c687d470788f7081910b5b8f73fffe2d96fb4d2de69b19815276b5807b9a88bbe7992e353c3032e1e22e6478e2bf8af380305e69b6de50ace493738aeee4aa7412b396cfd06bc01c39698dd193d86253820a07f714fc8b698d7335a5114df9cb7578dad254e5c88ac0ec6716252f2305fbdeceaee8fa011fa23bcd47c99a575eccb64c2e02cbe775263c674dec69159ca177551a195a8ea14bb729c1fedd9a1980958d721626606bf18a18db5d013469bc2c385b4c7cd2391981a4f8dbb21488aad65e26fcb656353d13c7a8a2379f91984498548cc5b58e28aa477489cc68c285a0b2b87ec4ca0672776cc6c750d6994cfd2d18f931fff48b8b1c4729a3a86387f6b269eed37fc8dc781fce2171a913c2954aa7620e5cc6aeb737391934ed72f0764806ee85c46da8909d80be5e92f5c7859e76102f183234dc4ad6cc871f19c0c2d8d0236b47a57d9b73d130f7e443376b3740acc9c76ab6344e056d3ab55b212fbee812b348776b0cb510c8c5a081292bd196b18f1b980983d673b0091a357a100290cdbcd5af60ae3ba90d908faf7c9b1142efc6e724588171972ad809b872229fa095a71bd4064ecfa7c707750344a32e33832b9004c493d689e04a961ffdb4f5eea88c91980ec1cebbb9fe4576d3f26a236b5428b41e09121c320ae3884e68cee8da0d5a056b782447b577e070d1c6ae158ee21b2a26750e735653eb5907510c7033c4ac0f5fbaabd30353740e1eb0a42066cc284313a367861523fce8e082beae220fc4b44b314ea7a5ebeab215c4b6564d16670b6e2c01c30a02af90addf25acb7ecbc9b84238b3cdfae2e257da6c682a1c0003d9081471858fd8caacb1bebbfc01d4b587601b3c2056b684c467e4da5832c34aafe108d30ab4181982a47610dc6f460fdb67dfcb9334afcaa65d889b97f1e59ca42e4391a9db8049253136ae1aeafe3109de653157f8d3b8bc27a29b49d1100a9474bf3e0e5b0d2fa7c2f8583194ba650f13baa0ba9134081eebc53ded8b9ac43d3cc098846014d022d20106cff42d95ef07556fe75579784ff9372e84368bea5bc953a13154f8161065f48c44bff4e1cb43f406b749abda7753fac48fd15fdc58104b3879517dc1ed46ce790d6cd016556eb5c19bda4b5953d78e73b63e78ded6e92b5d8740ebe7062c87d252b172cd972caf2c923d09bfc9dcaf81eeea7e13826906ab4e08811a61c2000b5661198ecb5a05f7899f2114f3005c34dce1cd3fa0fad3adcf6f2de58c29e853c3b4799ed4b8ba13b8f3e47491db8bd813cef36a5ca0144c9304254cd6d3ea8ad24c6c3d755b6b56a1271fb3c0d9a6407bb761a9954dbfbc05024e85cbb81623c67e5987ba60c5cbca69631fc265db6470224e3bfe4c7bf6a04c348caa1e15d118bbe590ce20f750718c5a0c9ad3e630033d67731e0721c71d68f1019a79f44188f6f3cc4e47c4d011a9a42d6142482cbefdc0412b09ac930a60aaaab5c6b1e54d58eae0c875fb06d75ea8eb0113e9042e50f711f6e79078e14913d03fdfc61c148cdecf96582da7b40547f803710ee0c174641435e813e492d1f39a35d9a4b3bd39ab740f2c2737e0854862056b05077718e54ac902d36649c86eaf1d1eeb3e55d92d12f3b5e54e0b8e1a4f42d88f4d2529252f8194d5eab3e3edee5283365656de97abac9554e24675e77d27433b15a7d25045468acdf1e67af1cb657e95a3414f6ce80ab189df12bb8712ecaf926e568ac90869c334d080e382e6c43875b8d3b7322aa2de170e2a5017dbe932baacc3fe578abe11b2a12bf2d6803ed082001a016f7052843978c0f020ad293d143d13990088410d85d22b1fd84cef599a7ac17963cf55e6a967253f69c9967a049e70e71c281d890e8067eb2fcabd0219b8f95ce5e7194b5778ce5bc263ca770d4b539f763999eafa5ffbad1c585ef8fd53a0b6552f582aeeca2d3dab6aed2f9d33841d1504845b65a1895e4736a9d3e51273472e3bb97ec36f419521c187ab92a17dcdb703fb1f136c8ff775217bcaabe1fe97f7bd5b30c16728bda3b6cb02052441d5f21a15b340a2eac78f4940284f9176c0601ba04c815691078ee5ccc1b271840e8f0de2dd5e594e40a1143cd5035523cf299dc023d6edc3645714c24f108886c7218fcab72aab12509ceeafd4bd8cf92f3ccde62a6854c84ba69659e410fdb87bab05be11403e7b0e76eb654060dbbb6c20bbe907d9503c8f3e9ab1cbbd0b9c10b5611cd0dc4ab35acc13e7ab4c1d5a5678ea4915da800cc1f8c99ea4331df660cf03ee3a1374e0c05d5ddcbeb89641476bc5815dba0b08a0da7d9aa625bb5060f8803904bdf92bd7e860319e15eb8b6ffedd7a7f623cff314a484a93d714636b58252249f7a4b8546561a14ec8a62d5c9d4e5c29c6c772d7ef78938aaa6c5562ac2ca56f1553391b57d88f6fb5c35ded4901473deb2128332a95b5452fc6aa5c0b291d73b3ca1f00b7ab04b700074ab22082c3c82c6ae7698fe3eccc22287f49feaa31950e8ad0b153aa97f9a667671e73ce251f997121facdc431eae9645e49758257b31b4eceba160b14ee87524d2564b5b748f153f90221639bf7aeb6658574897e1dd75933bf7602d3278391c2cf3a584034df079acb35b546a258101bb1e036fcfbb60672e241369a20a54d1e66d0218827b2d364006d869af0fbcb2f41cfadd30730e62ae1edc9d73421e635b4304e66e26ce33894a07edb353d85d2a8971b678800c9272efc084b644cd1704852717179c1c6007bb730d8af991b46a49636385688c2758f2f4d7190dd4b23ab920456943a4291e48645082ca23ae073f1ce5cacde74807069d4689a58a30ed997c4a7e0e2f46041c13e5796587dd502b51ca1d635bb615c8b0bad97ad20bf76065adbf3fd364874671eac9d1de83d5938888165c28438b1430eec807c6024bf6415cfd90aac555ca0e2ccc7600c60dc32469315a13f939a175e389e4dd2868e2234ac550a9bbe8bd33852e3af0a58e45f050f6adff25737b9e48a042e5140577fc76064507e5118799b1aab1d5dc9c96b8e33c8662de1daebd3c6faccb73750fdb9b4ac586c75697b9e949440bdf7ea164d1f432c203d04a8882a285297db4a93e13041090c8b20f89aac7e8143313f4c41ac84eea1865dd894ee9045db62b26a1794f36291624f0dc9f4964c2eab1b2ccb09148d661a7a45b8e31d182ea9df506b4ebee8dea5cab9b36740aebb0e67feba0d9f859b49c6a3638d1f3d86da72501145689ea79251d51e96580403826ba3abcaf0463652a04cf68d62607bd5865a7fc66c87eab76346f8531c4727bc2fe9828882a42aac0c08a49acdceabbe815ff60fbf8089a9237e032a5ac6cc1b843954cabbe0db4c11356b31f94b1729ccb28424a9db01ec25fbebcf73688d9bb5dad67a7cb21e3967248d8aa1fd6a822d7e23d6241c5f30023d87cb75b1313cabd97bd78b068b2beb6c4fc51825028d31425681fe4ac7eb72baef2a82396e49bc818fdde6477befcc5692bb51cc9fa90261d5695f5752a2f4e37285ea5c751d325f3d1fc4d98d734f19e4fe157d81e3dc6993ad75f7c6fbbbf921ed21a2ead741fab8f44e87100da2d20417b4111f0461d96f34ce65861601f67b13273b832b70a98968cd2a1337c19f46af74a327af1470fa3f0432d81bd9e555232f9d41eec754b72ca4e1085b2138ae92abc0560054f491636b77046c6e4b603bf24aa4ae749e00cc447ae2e5352f2b9ad87a864322de1447c7f1284fb32fe2084fe18870615434eae62d14b22f33e86c4cd38d4d00cba9af8529087ad94af154eaae5e47b57412387864b0fa47607525184837c05fe086d0e126c416ff24be3275237ee7ec3652c061f0a2fea45744f359d479c6c883e2f32d6599946868703dd8ae96691591949ecf8d392c8ec7aa6d51a293c51aec13ea77304ef6eeeead783ed3746cfa2989d6da9534caa444234a40b87e356a222bf9fd5a1230053d7e8399f7425f51a385f42270ebe3ef95e40c58029d3595883d7cca5f8d63448b93ddfba24f43dbe0790ecd6b4c536091c9723b5e46203f33a375148286d214d5a0ef4167cfbdfe0f0130e907c0ca0fd2d87f78792417fe86e3696bec0d33bb53c5839edbfdf1e7cda8048efd44c99ca9bc4569cbb70fcbe11ba171d1e477f8278705b37390bd3682542c53b0d615837de4be23966cdfa6ab83d1b9010dd3784b8bcfebe564bcfab3aa41b0bd72d54c6a55b77e8c4c4a9a705bfb9c62dcc8fa8f27b85ce7702fa09efe5ea64b9f01b9f6f2123b4330c4e83868b8ba2fbd3c6a1592201f83df3f9e95c39ef0035c3a623db3c69e4161a5af50aa8721a280a785936ea683ae013bb6f9001241794adf8698f8d04f38a045c0260ce44c7412dfc7611acf68cd1fd094d2a7015557d2dd7c288aa95a7d862bad6e8eef069366084c827eea152635881bf727f1fd248f29a519ed5400606b30966e43d0956f1ec1c08be500bafca495c188eeb1937f23cfd202023927c68b1262e10dad3766181eaff1cdece2aaba7e64820ebf82792c06b0a7ba33c50974e4b1c7e6bfa3581c4460e3b9d709c844e17ea778c84c9be74202a4e6634a7229869b0efa7133d90d25052f73a49907fdae9fce5a4128b0140cfce3fb748bea3470fa4a4e8487aec6784baa4bddc1998ae538fa71e01c6a29059ddf3aab6857443e1f2566a5c4b51a5b5e217029e91c284ddc01110c77c4a025ffca87c87bfd74c9bf99ed2d77da0db347f7d6d17ee6a2b6d655c4dc7185a1a0a672cf6c71fc9339bca8bd1f32a44dc1cb2aa0c87dceea8054364468853b5e0a4c6fccbfa3945b9fab46f1244c10559566249c864b43bfbcd41b62664081530d57a5983e025831391dfe04b81021e2675b66dffedc760966f2dcf0db1884b979af7963084b29caf9b107f82241094c41db5096fb9a95c773f3b3f8cfc663222c17396332512edf43676110e3b459cfa396c827853f486311544413886f78a3a9cfc274dc6f5016c890ba6fcc130d280d3483e8afe81ba86af34e77a2345dc349f630686e732d793191bccb2ae22a3ea25128af2691cc133ef1c9661662378b66c6b3d8efb63566c2be37fdad6e548c9bb52782e4afeb2d1568bef7937816dbc7aa3a0a1114afaa8aee3e0d7e0b2fc20bb53992eeef503b32cf7f46ad228fdeb0ff7ff03f0ade7499d1ffbd660b06e3e39ebb16506da4cf1299ab58329e96f0db2d5ef4ecbfec8880e2e000aeda53601a6f7274010c2128c60cc4005a10e3fe5f8fe50f397b62a1b7d480cbf76e7f8c06fc2e63792e80b1e5f1d9f8f547d132f25ac8a4975c05c65de137848d3ee525e2b8fc391e2ef5c3a0cb5612a462d729a2a599014e4bca5bc5f362f24aef8896539b9cae568729ce7a4b9e79f2464013d8b4eeb6aeb95c005a32d90e1afa51a2242daf087137b80ff7d8098518c6ca6d4146378bfa98bb53af4cec3b9af06f5d90953a5871f6b3e305911979255e8361887eb09b0dcee45c2760b7427f423f8f2771f517cbaa9f95e3855f1f2ae935355febf0e5fb46348e5a5735240b633ceb3cd170a8da5b332b509be30b352aab2be2ae2583924de16e8fab87d9d00dac4a37d3042f73d261a25ed5a6bc72347cf4078c3edee5fd9f5be46ec9e333fe5ea5c98930ae8c0865e3f6ed19e95132cc89d875c8ed070d8a205d2be3fe44069c669917f64ff0db1bc19a79449dc50e92f27d87503b3b76602fe09fd00f23c5443f84088597ddc555304ea2e43d0bcea90245ccffa5fa7f5123808243c0bbfc9381ef284be9514380cff30e2aa9d57e1d7eba5d90e1599f16fb7758e8ec3971966d03096ebccb42fccca7f36074aa1293192c520a17c8c10c7c73c001e68d338691950c67608329774f4f76d75977dd06898658d9648bf923d1269f508a015527d886889a1777c759728023be4c8742eea2b1f0a95f5e0fc2f6e98898907a8ab647e00a300a337d7af7d74da31b52e7e973f472dd1544227cec909de325c8a1f688aa411f2dce3538d12a64b57705c2dc0ea4497a70b86a7cffb4f5ab7ff45716b027938c195bacdd9cba0984169cdbf67894f70be20edc639ca47a79f378186fac62effc51475d9f263ca49f2a1f07c4a3cf6918be1340660c05ce6ddbac8a5aaffe743078d37a313715597a39088d2f85dbb8cde3455609deb12a92b8e7baa40037b697af104f62b7c7cd6b8d4e119b38139d0abd08959dc2c009e5aa6433a9e6b4c901619ef29087c71139f32ccd465f4683c3151ae029d1812985f154c9802ab635604b9b43081ba92f256851ccc2691fbe1494af321b08bf6c5f593cf69f7e38ec481b5512f3c7870301bdeffeec3fc591a53ed917daa2578e90235d917611e4ea89a8c0e4b85f71f0bc0e0ffed756739a271a7302c493295f89c0da42ad19df14f254cbeb96cc9a9701e1aaa083f85e4d171e663c1a6c4741e2542348252e4b98277fb4707fc2724b37eb27f40c7739a0cde14fe6b884950688d3297dac8d2d0017a5c779235dfa1fb8bf0e78133325c76137855d9b8e63f857bf3fa4f3c89cd107bdbe6118a457f5c757c779ad218787f1d325707f425698dd8f53935020409834e8825dc6eb64a447f0780d35efb3b36efbe1f01610090ad2f5f0bf4e3687916d14599baf1ddfacd25a6f71483a884717baeab23e7f73921c5edae739c6728d7adfd7acffc2fc1fe1096bd010ccd0430411dd628e678888e98ff0768f814c2cf2296750662a192ee80801631bfc69be4e14a1e4b5deffc27abe6336d65ddf0eb29ee2cd7444b6e7ac1003c8e45f09897351638de1805532287c6b60e763038e574b9ce134f2baeb5d343b0dbb1aa028ad6ba2315c0f605571008d1e7cb7b858ce9b1787b8e2e84a7d8e95058c50d7a770d0104378d852a59fad1624293bc7b1e0bce362fa5698e70ef49a351d87c0a8b4159a22febd1ed1e8406f37260f1084d93931c597bbe7f6c2fc971737208959574829e96accbad27ff37ad3bd3363e32c427512272b6a8443da821f4529ee5575b36b637960477165ba1513717ff120f628094d69064ddf1f6b70761f4d637d4b8275756ebfcce1c9463c15b7c495d1a4a2036dea5579c27c155c37d5d5050f420c099122e8539e1f3dd1818ed132ca09e958a9ff5e0e242bcc8a26a0f51bf3a262d0fdd634b11540e907a3471d4b52a5c9635755698357f0187b57a0adf5a8cd306376848b804a0ebac6b21ea0042ad16e505a91cd001c6380fe6475f052df73429edb1ae142710b58d0421f6c65c9fb3bbba61013705486494e991d8888decf47f9fecf42977a3c323cbf636820e727698519e5700856bd10347cae60b0de65281fe9492cc270c9ec7a43a56420a1fe1ec14c4665eb73918d6c8e06e2fbc51bb1a011a18b24c143837f76e7e2fbf51333158307d1560fc92c34c235f907e3f31c988990c09e2a6f72fec19660e59866cee03b60d36314d2425372046a7804cc85931a7ef4604bb76cd5aa6e5d6772249ca7b9ae019426f88faf19bc16194a85f49c962973f12a8306b3c4ec128396d27a0ed0c0d253931facba176f17615064822cf2beddf26de6e18e0bd9ecdae7d13481c9a19db969520f1ee1af885e523f7252053890907bdbc7b7d4c254fe047d55101220d1c9ee820f21b5a129f5d91a5fc99d27654598d1f2aa36fd2017e02a6c292df0892df4af783ff8da0491cd53ca9be22945c579564a2fb13467b97f7a7cb0d8cc327740fe5ef206947c0c90720e623a25990a8b20a8b295cacd93db82fe149a67397233b5ddb89cfea78ab00bad55134026a23f4f39635bd1457ee01c25e12f4578b66127068936e120ba3de08fb74b071ba6e3074d1510a6674ea4464298bb46e878a4263a8c1bd45cb2dc259000201af673f9e00ea32198ae3710728e42059d76521095f37cd3115090ce1948ef7d908db41dd95cc171dc05e905f368ef1747379f6f82421963e0defc1cf3dbc5a3b2f53bd9a62491adb3e253683c971c516447b5bb4765ed57cadd48a1664e52e647d2e70ad889b368d3ed7b9ba37eb61f07aabc36b14d4a4ae3f2c8e4118de3adb971d43caf752b5e98de2e623ca3242caf2a6229fa54afa5a286462cc11858cbb90fa48398cea11172fa4507cc2db5724e95ee91d46f41cf1d52ac63237cfde4ddffb4af66f29d1c051e8eb21991c73a84497c5f5084b612bb8223e3093c0e2b5c07e8804da14a2e9b02c2b85ca2dcfeb0f38f377174dc1bf3a12c6956e7543a466baabb27a6b073fdd052c5103b1308f270053d2615d1d81b9f922b2c0b18d2c63ba1c28394b51334f7e8f69cfa835050f3a1875f2dcec6dc5409b68b86826e0ba88357dc58ed87c0485021b99b9473a5471b3469553d4dc4cc2cd85cd82e46c5557139c2fb2ad9694d741b1b741f12b99a6507b792a0237f343ee01dcf7075fdf917a2173f582337bed99a189257844a72db274bce57dae6f7306dd58ea85dbd40a53df0b12971faa08ac481d12b799d83fe2692ba84433a68d3606796cbdcd7942ec0847fa53fef3433d6cf4caaee6e0af46327a6ea772097ebe17cb473f18049c3d3aa8036ea7974019d60ba15db5ed347e7df3fa8dfaba79334c7bedd0197bb7eb0df2309a6e9867daf686b81bb74b99e5f99e043ae1a88805e73654f542e94b055768a70a21e9980af500e3b5d4a7c9cc8c80dca9733ee35c88654458b6bf6d7a9d5743e752d2bf850f82341c856844caa916873c2e4732576b1b9bcae691941fc430c76d6fcfbdc9f679edecbbd1866072d3ece3c29fa1c8d630af2afa06db83f6379037c28693931480de7b8ad9c689ae530a2390134dbcd75de350979864c814cdd7c0abc395f6d05f2e00da472fbeca3de08f44f4241f013d4b8724b848dd6b045225731b60376de1eb5d28794cadf0dcec98931b8194464b3f9635f4247a4d9530483554ff92885a0e0231be273bd285925d870bfa0c3b6b986cfea0357e0b680501bd9f1ae5f627c302b97864c531f21f227f995eaa02b654f5fbb2868055236fc49cca93a9aef3aa0d39dabf400da2c9c2b25427c8aeb5e3a976533fde96a133b6599f5a7916b6252f57ffa2e481db19031165a944f374c5e8833003f735042dc7192363835b2c5c2ae1f6f56671214e591768e2609ab7f71a4065edae99be251033412f0b987e65a43a341f4176c323fe0d1321fc5b7ca7bf26030f445f3d2b76381525594690a52db5095bbb5d78a2b40d7e911bb463339a56316abbde7ceb77241c35d5d6532e7710db18b45685069a28b6f9621464e93b2cc9f37e11e65f101470b5231d6bb3744d53a6a9273302deb7a86bccfb62efe9e63c01f646e51ca2079fa842194e1322352e92ae99a3ac48b84ac5116f62d5808bfc546d0d2c560e25c2c6cbaecd554bd69af8c90ab3dae1de0b88bb74f632c201d607f9f81101615a026e0dd45013a996bac1adc2812f2e70c2c296e4f4864eab1feaa0e6c275879b79409fdbab908d241d260d95494f0f7f91395ac9b0119f043cfc5ccf182b7042bf73d7618e6ddbc21a226a3f7667985f269db760dcd72c6397aeac98caaa76c0bc98318e8f993d276acdb86ad67949bd6a6c8074e25b9bcf49192fec24e60273cb489785a24fef6bec91dd8fcb60ae16c5e51c16757e187dfc5f0efbe6ccd910bc5a0de2e2d06414f343a1c12c19ef33522d8c8100cc4b1ca22bcb66fef3bea25d9f4c1c2973ba2105fadc34276451962bbeb97f54d537ea7e0bfda2fbc91f54187232f34ab00e09c8aa5539e9c4e929a7571d06de538b400b05465e3b0c0046cdae0105730864703901da7f8a6e987d440e99696cbd0259cc28dd05d792ecbd8bb8c8beb8074fb70fd51ca305e4f510fa23434620a18c4faaad8b21051ddbda033ae85e73bd4b79c37d09ff98eaedc46a78229d5527e42ef1e8c90b633cb127b99fb46d960c3f1c168c3087b1cdbbec7a019ba654682c7d2b6202bc889d827d20fdb7acc10d3d82c4bf9a412a8e0d7b562be34f8cbc8055498b3b8bb4eba3ef45c17d9a8c29a85c8d4dd5c21fd4c9ec42a8a58a9aa20667143792defc9241f458ab742d362e8154686d893409b2f12d337953af5fb3d9eb8bc1d9491fae887ddc01850caddbe602f3325282b985f1c65d8a8697ec85ecc7fd46cc4b8909d969deda7488ca42a0eee6b43c796119b3a8b29a9973e56ceea0723f58cf8c3c7628259627e77c9ee220ec6ac280b2104b27829d282b9448834c1b6ce248f9140ac7e7c5c210ab6c78273863b83efbe6ebd762cebfde8135cf1181bd651af0fa34e022685c72a10ebeaef0afbb4a3a91ad83fa4084a8f3d4b74ef6c772f2fd3969352d09dd3746d19c49a338f74bfb980d13b68bb767ce50116a8f118eb27c9ac0bcef3d9d61bd587eaa87b3caa1f34d4aca8cfd325a61a88d4ffb39e6907c96a5868474273523d7c96134cc927948465fac60e9205678c1fdda7d8849ae2a1c26cc75db0ef5ef4f1fb68d5951a4b9bdc55e52e8180a7ac649d252022e494f82a6ae105b7d7978509ad00b9f07e855683d3b876b6b8545055f530ab21b3b6d1fbc0147feb6b2e7af8df49b5e637023edd291e6df058cbca489603cda1dce49c17453a9b59062db92425be660a6dc1dd23da21ef4dc906426ac833c7ec1f33b0c3db97563c422d6e5a5f8236c3cff89997788fecbc1c93fa3588ac7cdb582ed174f294cb30f3ca0338bc724136a78e7e25a635870500dd8d31136e72e5a0c59d762105e9eda2b2509d9e4e79901179d5a6f2b3511caf299a177708340bf2ddeb474f46a316ac85690c4a3dc3bb1986e28831f88102a7bad4054f4d347892b16dac3809a2895e153b654b28a07d9743c27878ce8591a8bb27f945941c8e516805dad0b2fc07294242312d71027c44e2e197ee956c5e6181b7ec7bf17ae7e048a976c95d6fb8891a3d669c7b093f624ee6e3cff7a9b9e0676c19b19c67497831ebc5bbea36bdbb358a2b78c929f5cc7543b97c1de305d8cf8b85a4f92a2bc2fe5e74c1c8c937d96e31515933778f8230cfeb4e0441ee7b99fb59628277c2bb93c0fb19d1f26a34e6821d434e59a4e6793284ed1c664dea375338fa724066c538ce2aa32291a80fb6a50fa59aaaf6d55e345aec4df0e7d5b60f42b5ba25cb40211c24a919381947bf1584068204e9af9bf7c386f44eeda5e9d1defbb6b4f2ebec1d75db0296557615d3989f82dca8384b313fe7a0c519054417520e3c408ca461efcd476ba85bad", 0x2000, &(0x7f0000003d80)={&(0x7f0000002740)={0x50, 0x0, 0x0, {0x7, 0x2d, 0x10001, 0x420000, 0x80, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x48}}, &(0x7f00000027c0)={0x18, 0x0, 0x8}, &(0x7f0000002800)={0x18, 0x0, 0x9, {0xe}}, &(0x7f0000002840)={0x18, 0xffffffffffffffda, 0xb04, {0xffff094e}}, &(0x7f0000002880)={0x18, 0x0, 0x8, {0x9}}, &(0x7f0000002900)={0x28, 0xffffffffffffffda, 0x2, {{0xe0000000000, 0xffffffff000000, 0x1}}}, &(0x7f0000002940)={0x60, 0x0, 0x1, {{0x3, 0x7e, 0x7, 0x5, 0x3, 0xfe37, 0xfffffffe, 0x9}}}, &(0x7f00000029c0)={0x18, 0x0, 0x1000, {0x6}}, &(0x7f0000002b80)=ANY=[@ANYBLOB="1d00000000000000020000002f6465762f686964726177230000000000ecd694fd405930a6e51fc29f0d02a818b64ef2bfd52309e673e44aba800443711b21660e3e6b4b2245e0f778512492afbeb7b65a7f7a3efc395bb7605c8facf1d4512ec127d0ba9e1cfe1891f7d5ff20ec701049f87868915c02c68846b1b5e1f995178a5d28411b17d8c9120db98b99dd1cbc6760f8355cd95cc8f979622b9bb6e4400c54a7390753addef3e557da1b0fde082ff8dc9f7e9141868422eb2f36a5efb0717206b4234522322480"], &(0x7f0000002a40)={0x20, 0x0, 0x8000000000000000, {0x0, 0x2}}, &(0x7f0000002b00)={0x78, 0x0, 0x5, {0x3, 0xe, 0x0, {0x1, 0x80000001, 0x3, 0x4, 0xe1, 0x1, 0x6, 0x8001, 0x0, 0x4000, 0x8, 0x0, 0x0, 0x81, 0x7}}}, &(0x7f0000002cc0)={0x90, 0x0, 0xcc, {0x3, 0x0, 0x7, 0x4, 0x3, 0x7fffffff, {0x6, 0x7fffffffffffffff, 0xcb8, 0x9, 0x4, 0xeb09, 0x3ac, 0x0, 0xd6, 0x2000, 0x1, 0x0, 0x0, 0x8}}}, &(0x7f0000002d80)=ANY=[@ANYBLOB="700000000000ccbf1f500000000004000100000004000000000000000bcf000000000000000000000500000001000000000000000400000000f3ff0002000000080000002e2e0000000000000500000000000000c3dc0000000000000d000000010100002f64b3762f6869647261772300000000"], &(0x7f0000003e40)={0x490, 0xfffffffffffffff5, 0x3, [{{0x1, 0x0, 0x0, 0x2, 0xb2, 0x0, {0x104, 0x8001, 0x81, 0x2, 0x9, 0x8, 0x1ff, 0x50000000, 0x2, 0x2000, 0x1, r2, r3, 0x0, 0x6}}, {0x4, 0x3, 0xd, 0x1cf9, '/dev/hidraw#\x00'}}, {{0x4, 0x1, 0x6, 0x6, 0xff, 0x9, {0x0, 0x6, 0xcb, 0x7, 0x3, 0x6, 0x6, 0x9dc, 0x2, 0x0, 0x7, r4, r5, 0xb13, 0x51}}, {0x4, 0x5, 0xd, 0x9, '/dev/hidraw#\x00'}}, {{0x4, 0x1, 0x6, 0x5, 0x2, 0x0, {0x4, 0x201, 0x5, 0x6, 0x80000000000000, 0x1, 0x858, 0x3, 0x0, 0xa000, 0x1, r6, r7, 0x7, 0x3fc1}}, {0x0, 0x5, 0x0, 0x6}}, {{0x0, 0x0, 0x6, 0xffffffffffffffff, 0xde0, 0x2, {0x6, 0x4, 0xd, 0xffff, 0x5, 0x7, 0x5, 0x2, 0x10001, 0x1000, 0x7fffffff, r8, r9, 0x4, 0x3}}, {0x3, 0xfffffffffffffe00, 0xd, 0x8, '/dev/hidraw#\x00'}}, {{0x5, 0x1, 0x7, 0x3, 0x8, 0x6, {0x6, 0x40, 0x5c25, 0x7, 0x401, 0x8, 0x5, 0x5, 0x1, 0x6000, 0x1, r12, 0xffffffffffffffff, 0x8, 0xffffff00}}, {0x1, 0x6, 0xb9, 0x9cf, '\xaae\xc0\x06\x13V\xfb\\d\xbd\xf1\n\x0f\v\x7fi\xcf\rF\x04\f{9lQ\x12!\xa2\x03\x16p\x10\xbc\xfe\xe3\xce\xcaS\x02}\xfd\xe3d(\x8e\x8c\x9f^a\n\x87\xed;z\xc5\x92\x98~{]\x87\xe2X\xb9\xa4\xfe\xcdvF\xc7\xdb\x8a\n\xa0sb\xde\xccY\x8fZ\x8e\xf54aG\xaa\xfa\xaa\xc1.\x01\xbd\xb8U\x81M\x13\xf4\xafV\x173\xee\b\xf9~\xe7\r\xb7Q\xec7hu\xd8\xc5\xa3MB\xfc\x8cs\xef\xe0\xb4\xec3@^YF\xff\xac\xa19\xa6SY\x1e\xff?Z\xf0\xbd\xee\xde\x9d\xdd\xf8\xa2\r/tvA\xdd\xbf\x811\xea\xe4\x9a&&q\x8e|\xb0\adU\xb3B\x1c\x98\x9b\xe8\xfc\x14[>\xc4\xc1\x92'}}, {{0x4, 0x2, 0x4, 0x4, 0x8000, 0x1, {0x2, 0x8, 0x4, 0xfffffffffffff001, 0x292, 0x7f, 0x7, 0x0, 0xe, 0x1000, 0x7, r15, r16, 0x1cc8, 0xf705}}, {0x5, 0x1ff, 0x0, 0x6}}]}, &(0x7f0000003a00)={0xa0, 0xffffffffffffffda, 0x9, {{0x5, 0x2, 0x5, 0x400, 0x7fffffff, 0x4, {0x0, 0xb91, 0x6, 0x7b, 0x5, 0x3, 0x8, 0x2, 0x2, 0x8000, 0x401, 0xee00, r17, 0x1, 0x2}}, {0x0, 0x10}}}, &(0x7f0000003ac0)={0x20, 0x0, 0x6, {0x8, 0x0, 0x101, 0x4}}, &(0x7f0000003c40)={0x130, 0x0, 0xfffffffffffff000, {0x4, 0x4, 0x0, '\x00', {0x800, 0x6, 0x6, 0x8, r18, r19, 0x6000, '\x00', 0x7, 0x6, 0x7fffbfffffffffff, 0xea1, {0xe3, 0x6}, {0x7, 0xc}, {0x9, 0x1}, {0x80000001, 0x8}, 0x5, 0x7fff, 0x0, 0x1}}}})
r20 = syz_open_dev$hidraw(&(0x7f0000000040), 0x6a3e983c, 0x8000)
read$hidraw(r20, &(0x7f0000000180)=""/164, 0x83)
syz_usb_ep_write(r0, 0x81, 0x4, &(0x7f0000000140)="082cf084")

4.529735865s ago: executing program 3 (id=5695):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x70bd28, 0x25dfdbff, {0x2, 0x0, 0x20, 0x1, 0x0, 0x0, 0x0, 0x2c43f19b53dfe4bb, 0x2000}, [@RTA_DPORT={0x6, 0x1d, 0x4e23}, @RTA_DST={0x8, 0x1, @remote}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
syz_emit_ethernet(0x3e, &(0x7f0000000680)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0xc, 0x6, '\x00', 0x8, 0x2c, 0x1, @private1, @mcast2, {[@hopopts={0xff}]}}}}}, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x3, 0x8, {0xffffffffffffffff}, {<r1=>0xee00}, 0x40, 0x7})
r2 = getpid()
r3 = gettid()
tkill(r3, 0x8)
r4 = getpgrp(0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000ac0)={&(0x7f0000001040)={0x550, 0x22, 0x2, 0x70bd26, 0x25dfdbfd, {0x15}, [@nested={0x17c, 0x6d, 0x0, 0x1, [@nested={0x4, 0x6}, @generic="d2f80321e36ac65cbcf5e7eea45db4c42f9b459f600290c7fb00fcb0869c74add3ddce894a096f1d6013900216da84a7c19e88489eb0128231b55214a9", @typed={0x4, 0x34}, @generic="bb901436a72de4aa7dfa2fcafcd22f19b416a5cfacfdfde77a7c78601e598f373d0ba6c05e825cd606cca96d374695673afcd9341bbf52f2be9f45ae9c236852b8af43eb23160021a5f2ba93d2164d36bb1ef21ca14447f8a0fd66aa3a8f703841474c4884e008", @typed={0xc5, 0x7c, 0x0, 0x0, @binary="13bd58830a922c04492b5574ec70799b0ebfe835e7c50e3f17947cd537747f38a1f488fb0247cbc09a967855cf2208ac6a170be2a4350b7f77834cc5c7159dabc8c653975bf07ccadd004f07d74d207793273be229b243a5b771cd4e5159accae8cc1acfa15a9cdef633e5af7ca97490ab41a745899e13e67f00200047ccf52aa6240cf2d7d3a4350ab1c428549dfa8e4c4431dbe2317259fe23468c6c2e0368c636f345e3b2b6560ca3f4030ee68b45385868d1e014df880c198c9088c01000d0"}, @nested={0x4, 0x2f}]}, @typed={0x8, 0x8, 0x0, 0x0, @uid=r1}, @typed={0xb9, 0xd0, 0x0, 0x0, @binary="bd302bd4b05d9b6d449d4bcf26858ba85f9d5f85a9230226ef3fcf6dbf35bad5ffe93bcd7ec280baa043e57a71bebba51b0992003321a11e5a263c2a9e7bb12b1442a87f9dd91d4003c713ed9034045b4e1fe1910df3b48d9028c4977fc36fc6e646db883188bc28bd1ae8189867e1ec7f878301e388d10d59adab0afeadfadbc3ad2daa1765d8c56051eaa8c43761444852be4df7cf15f30b3430c9e3c798627b93a6e6437e520da0a58aab5a38181527f11be984"}, @nested={0x1bf, 0x91, 0x0, 0x1, [@generic="0612bd8297df2097c2245120", @generic="d7ebc8c183fc7a6af96dae4848eb5020f3dc76e77375d064252b64a6f918402063b3c2cb39ed2f17e6bb25a8feb91ecf754bc8723460bfe27e58efb87cb2ea27fb0b245226eec3f2b7f1c24d12fca8c7a6f43c2c1853ca58b1657c24367e0c5144acd3054d511fd72cd508c06d63ce70e9e7c708ffddad", @typed={0xc, 0xf7, 0x0, 0x0, @u64=0x2}, @generic="9c343f33876e2049221aa4997a8bc45961b24a03", @typed={0x8, 0x18, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @nested={0x10c, 0x2a, 0x0, 0x1, [@nested={0x107, 0x82, 0x0, 0x1, [@typed={0x8, 0x1d, 0x0, 0x0, @u32=0x3}, @generic="113f224f163dcdf0ae3e8a7ccb987adbe61546eb0ce9f77b36b08bbd3a668a824d867a272dccc0af1cc81894dd46ba8d4fe7475fcd003ec9aaa3122674f0587dbce6a4e1f58ff2a5e52111b9bae15e2148ef0f679ad13fca3718e2e499d2a495b809770d6efabc22ae6aa242ef374411533dde03d486c03f44981e87266381d8e3a3bc131a16067fbf04c0d0fd36129b85b3ed3eadef67747bd406cb5c986b3e2d37b51c8e251f55674c5d470661f661fbc67e270134e6067bfbc0caed3a361929e32e5b7edfe308fddd30b18c3a94f59c37a060822f1545", @generic="62c4141b1c4b51eaed9acb4c5728c40404084004f9b49a658a9906706b6d72e5ab3684"]}]}, @nested={0x4, 0x10e}]}, @generic="2bf52fb41ebcb80a0429fc115e7f5f5dddbffe0679ecb23909ae1fd4d584e60472b4ef388d899ff3ec", @nested={0x14, 0x1f, 0x0, 0x1, [@typed={0x8, 0x18, 0x0, 0x0, @pid=r2}, @nested={0x4, 0xed}, @nested={0x4, 0x9c}]}, @nested={0xed, 0x130, 0x0, 0x1, [@nested={0x4, 0x2e}, @generic="93cb94b2311ced42c539b237bd1d4ffe3b067ac05ab08f2fcf04fe0920f05b9c8cebdcce617c8a7e2716b7d7e5d734d9afe307552c0338978707fcb36455e885b21fd23e2f759d73ddc8b09690887be935a8195c06edb1f4254159bf18f6e15a22eac107b5cdbddd43ba7a86bcc33c851b50e73918dfc1fd68dbc79192eb0512d53bbf874ea7b3aff4ed1aa0c4cfc236558d3fc7ee2cfef4ee95ccf0e5e00d4d1076e64c01b4a790b8981a218106f48fafe067f73adaf384331f54481000bf5f121447538af1bb8e13d34a787032355d798af6b6e1fdb60d69c987bf78", @typed={0x8, 0x13d, 0x0, 0x0, @pid=r3}]}, @typed={0x4, 0xbd}, @typed={0x8, 0xce, 0x0, 0x0, @pid=r4}]}, 0x550}, 0x1, 0x0, 0x0, 0x94}, 0x4)

3.874081974s ago: executing program 0 (id=5697):
socket$inet6_tcp(0xa, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x4, 0x7ffc0001}]})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x10, 0xfb, 0x6}]})
sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000013c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x8000, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
add_key$user(&(0x7f0000000040), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r3=>r1, {0x20000000}}, './file0\x00'})
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000200)={0x2, 0x5})
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x2a)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@getlink={0x1c, 0x12, 0x321, 0x70bd21, 0x8000, {0x7}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'veth1_vlan\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x200000c1}, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x20000000000004)
rseq(0x0, 0x4b, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
read$FUSE(r5, &(0x7f00000093c0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000004200)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x2022012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}}, 0x50)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
close_range(r0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x4f, 0x2}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}})

3.842339952s ago: executing program 5 (id=5698):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYRES16], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000980)={0x1, 0x2, 0x0, 'queue1\x00'})
write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000340)={0x230, 0x7d, 0x0, {{0x500, 0xef, 0x0, 0x0, {0x0, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x14, '\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e<]\xb4Z', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x230)
r2 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "5d9bc136c963254c661fb620148b6f72ca6ae2a44829bfa79ec13499f8ec9077d85d879711d98bb1687ad36dfe5f14a7b0ce15c1e6be0e7ecabfdfde0dfa00b1"}, 0x48, 0xffffffffffffffff)
r3 = syz_usb_connect$uac1(0x2, 0x71, &(0x7f0000000000)=ANY=[@ANYBLOB="12010102000000406b1d01014000f801030109025f00030100400209040000000101"], &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000d80)={0x2c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00031c0000001c0355de09"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r3, &(0x7f00000003c0)={0x14, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x28, @string={0x28, 0x3, "21f8ea53a3f712dd34bd1c42f964364f3d0503e3821f4aab9689661a8323fdda2ead7a74bbea"}}}, 0x0)
pipe2$watch_queue(&(0x7f0000000200)={<r4=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r4, 0x7a)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000180)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "968143deb8b76325598ea9ab22edc6596a000089666f0e299e98210fe66bcf59f94d606fd2d5a7e847643cbb1895c225d7e38762f4c5c637f20150d3f064bbb8", 0x3b}, 0x48, 0xffffffffffffffff)
r5 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$user(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)="fa17df4d76bf6686f5f931918ffe4af2df85558178ac5196e50ad3d67c943fcdae57de4c260ac91c47d3886a68284789aca2276f4084d53f8d29ad1f3b4faa2d883ba1c1a70d4adc7fe5d91b8bb3faa3b05065b4389d4ee628e2872c370b22ae692725165244647896d7f006e3577827e38ab33248b3a028c29e2391d6b97d76c7bbb54c32ef67adb10b048d864e73eb404bd94711f4f80dea76a0b522a6ccb86919ccb063c14668e6c8272f73e811e58b38067a8e4043ad9b", 0xb9, r5)
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00221200000083"], 0x0}, 0x0)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x410000, 0x0)
ioctl$PPPIOCBRIDGECHAN(r6, 0x40047435, &(0x7f0000000280)=0x7)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000300)='e')

2.693323158s ago: executing program 3 (id=5699):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x30bd, 0xc000, 0x8, 0x40000185})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r3 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r3, &(0x7f0000000200)="a3", 0x1)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r3, 0x4144, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r3, 0xc0984124, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

2.218856742s ago: executing program 4 (id=5700):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
clock_gettime(0x0, &(0x7f0000000000)={<r1=>0x0, <r2=>0x0})
timer_settime(r0, 0x0, &(0x7f0000000080)={{0x0, 0x3938700}, {r1, r2+10000000}}, &(0x7f00000001c0))
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000010029bd7000ffdbdf2500000000", @ANYRES32=<r6=>r5, @ANYBLOB="100804002010000024001280110001006272696467655f736c618c65000000000c000580050019"], 0x44}, 0x1, 0x0, 0x0, 0x404c1}, 0x40040d4)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0x7, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x24044040)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
msgsnd(0x0, &(0x7f0000000240)=ANY=[@ANYRESDEC, @ANYRES16=r6, @ANYRES16=r4], 0x2000, 0x0)
pipe2(&(0x7f0000000200), 0x4000)
msgget(0x2, 0x2a7)
r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0)
r8 = eventfd2(0x43, 0x1)
ioctl$VHOST_SET_VRING_KICK(r7, 0x4008af20, &(0x7f0000000000)={0x1, r8})
r9 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r9, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r9, &(0x7f0000000140)={0xa, 0xe64, 0xb, @empty, 0x1}, 0x1c)
r10 = socket(0xa, 0x1, 0x0)
setsockopt$sock_int(r10, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r10, &(0x7f0000000140)={0xa, 0xe64, 0xb, @empty, 0x1}, 0x1c)
connect$inet6(r10, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x2}, 0x1c)
connect$inet6(r9, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x2}, 0x1c)
writev(r8, &(0x7f0000000080)=[{&(0x7f0000000500)=' ,1\t#|^q', 0x8}], 0x1)

2.167943885s ago: executing program 3 (id=5701):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x2, 0x3, 0x4, 0x3}, 0xb, 0x0, 0xd, 0x2, 0x2, 0x1a, 0xe, 0x8, 0x0, 0x7, {0x81, 0x5, 0x5, 0x5, 0x5}}}}]}, 0x78}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b0f, &(0x7f0000000040)={'wlan1\x00', @random="0100"})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x4a82, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r7, 0x3ba0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r10 = dup(r9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r10, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

2.14268383s ago: executing program 0 (id=5702):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4207, r0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000040)={0x9, {0xf8001004, 0x9, 0x6, 0x80b}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_ENUMOUTPUT(r1, 0xc0485630, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=@newlink={0x50, 0x10, 0x403, 0x2, 0x0, {0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @IFLA_IPTUN_TTL={0x5, 0x4, 0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x8044)
r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = landlock_create_ruleset(&(0x7f00000002c0)={0x2da8}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
link(&(0x7f0000000140)='.\x00', &(0x7f0000000180)='./file0\x00')
r5 = fsopen(&(0x7f0000000000)='hfsplus\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='+\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]})
ioctl$PPPIOCSPASS(r7, 0x40107447, &(0x7f0000000240)={0x6, &(0x7f0000000200)=[{0x9, 0x5, 0x2, 0x7fff}, {0x8, 0x3, 0x77, 0x5}, {0x0, 0x8, 0x21, 0xfffffff8}, {0x8, 0x1}, {0x8, 0x0, 0x40, 0x4}, {0xf000, 0x6, 0x3, 0x8}]})
pivot_root(0x0, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x7c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x38, 0x12, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1000}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0xfffffff3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0xfffffffffffff5dc}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x5, 0x84}}}, 0xc4}, 0x1, 0x0, 0x0, 0x40000}, 0x20050800)
ptrace(0x10, r0)
ptrace$peeksig(0x4212, r0, &(0x7f0000000140)={0x0, 0x0, 0x4}, &(0x7f0000001500))
r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r8, 0x40045612, &(0x7f0000000080))

2.092450215s ago: executing program 2 (id=5703):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000029c0)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=r2, @ANYBLOB="0345000000000000140012800c0001006d6163766c616e0004000280b7ec0661b36081eff9200aab00cdcde68a7551e0b311d3beb06103290a2cbd3beb71e2ab7d5c29447a9a37dacf8eeb096f758296edc2c39866b7fef0ff883360c352322f71b49bc5b622c28f6f"], 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000d0400"/20, @ANYRES32=r2, @ANYRES64=r3], 0x50}}, 0x8000) (async)
sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000d0400"/20, @ANYRES32=r2, @ANYRES64=r3], 0x50}}, 0x8000)
socket(0x10, 0x2, 0x0) (async)
r4 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x14) (async)
getsockname$packet(r4, &(0x7f0000000140)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4000000010003904000000000000000080040000", @ANYRES32=r5, @ANYBLOB="01980000000000002000128008000100736974001400028006000e000600000008000100", @ANYRES64=r4], 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, 0x0, 0x0) (async)
setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, 0x0, 0x0)
r7 = open(0x0, 0x600, 0x18e)
read$FUSE(r7, &(0x7f0000000980)={0x2020, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0x2020)
sendmsg$nl_generic(r7, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c0000001d0000042cbd7000fedbdf250100000008003400", @ANYRES32=r8, @ANYBLOB="e8e53fe01932f68276972e576af689e9fc2560c6e564c76e8c49ca7b4689f056d9506b151c9884967006ee905cf63bc8f22cacc5b7237985ac372c62436c19484b4a610677b9ea255ab918183c411dc272b7019651658a3709969b26dce71156d125357e08a3922b27bf94167b9056a504dc77db791e720c7ef1667863af53b80fbdd87cd2629ac75608b2b968f2f94182cfd317658f7cf104b7a1fb4107c1cd3eb3b1621abe3fecf356d43a107be45094040b6075346deb1fb7b913f82ee5e70bb53febf77e303d5bf9e46ef0a1bac328b92bd3"], 0x1c}, 0x1, 0x0, 0x0, 0x20000840}, 0x40040) (async)
sendmsg$nl_generic(r7, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000700)=ANY=[@ANYBLOB="1c0000001d0000042cbd7000fedbdf250100000008003400", @ANYRES32=r8, @ANYBLOB="e8e53fe01932f68276972e576af689e9fc2560c6e564c76e8c49ca7b4689f056d9506b151c9884967006ee905cf63bc8f22cacc5b7237985ac372c62436c19484b4a610677b9ea255ab918183c411dc272b7019651658a3709969b26dce71156d125357e08a3922b27bf94167b9056a504dc77db791e720c7ef1667863af53b80fbdd87cd2629ac75608b2b968f2f94182cfd317658f7cf104b7a1fb4107c1cd3eb3b1621abe3fecf356d43a107be45094040b6075346deb1fb7b913f82ee5e70bb53febf77e303d5bf9e46ef0a1bac328b92bd3"], 0x1c}, 0x1, 0x0, 0x0, 0x20000840}, 0x40040)
recvmsg(r7, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000800), 0x0, &(0x7f0000000880)=""/147, 0x93}, 0x40000200)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=ANY=[@ANYRESHEX=r9, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000700000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000440005000a01010200000000000000000000000000000002320000000a000000fc010000000000000000000000000000000000000400"/180], 0xfc}, 0x1, 0x0, 0x0, 0x400c}, 0x0) (async)
sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000840)=ANY=[@ANYRESHEX=r9, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000700000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000440005000a01010200000000000000000000000000000002320000000a000000fc010000000000000000000000000000000000000400"/180], 0xfc}, 0x1, 0x0, 0x0, 0x400c}, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000600)="05d936277c6f54220002097844ffcf8bd1846f7f83477ca1b278e3e4018a34844b9d62cbd7cd2a62", 0x28, 0x8c1, &(0x7f00000000c0)={0x11, 0x86dd, r5, 0x1, 0x4, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)
syz_usb_disconnect(r0)
r10 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d804dd000000000000010902240001000000000904004001030000000921010000012205"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r10, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00221200000083"], 0x0}, 0x0) (async)
syz_usb_control_io$hid(r10, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00221200000083"], 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000140)='P')
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r12, 0xaece, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r12, 0xaece, 0x0)

1.289421515s ago: executing program 4 (id=5704):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x181202, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x1803)
socket(0x80000000000000a, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480))
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
epoll_create1(0x80000)
socket$nl_audit(0x10, 0x3, 0x9)
syz_open_dev$usbfs(&(0x7f0000000080), 0x40000f, 0x8041)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffee6}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24040045)
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r3 = io_uring_setup(0x1195, &(0x7f0000000040)={0x0, 0xaf2e, 0xc000, 0x3, 0xcb, 0x0, r2})
writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000001480)}, {0x0}], 0x2)
io_uring_enter(r3, 0x2219, 0xcf74, 0x16, 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
pipe2(&(0x7f0000000000), 0x80000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

1.267304071s ago: executing program 0 (id=5705):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
read$FUSE(r0, &(0x7f0000000340)={0x2020}, 0x2020)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x800, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f00000010c0)=0x8)
connect$vsock_stream(r1, &(0x7f0000000300)={0x28, 0x0, 0xffffffff, @host}, 0x10)
connect$vsock_stream(r1, &(0x7f0000000240)={0x28, 0x0, 0x2710, @host}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000001000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="8000000014000300020000000000000000000000000000001400010000000000020000000000000000000001"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x2)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000180)={0x0, 'wlan0\x00', {0x1}, 0x1ff})

1.209237077s ago: executing program 3 (id=5706):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x8800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000100001000000000000ab00000005000a3c000000120a01020000000000000000020000200900020073797a310000000008000440000000000900010073797a3000000000080003400000000a140000001100010000000000000000000000000a"], 0x64}}, 0x0)

1.128716927s ago: executing program 3 (id=5707):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_generic(0x10, 0x3, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040)=<r2=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r3=>0x0)
ioctl$int_in(r2, 0x5452, &(0x7f0000000100)=0x4a7)
io_submit(r3, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r2, 0x0}])
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000380)={0x1, @pix_mp={0x7, 0xf5c1, 0x59455247, 0x5, 0x9f78b373bbb4a735, [{0x1, 0x1000}, {0x200, 0x7}, {0x7, 0x9}, {0x2, 0x80}, {0x3}, {0x2, 0x5}, {0xa0, 0xd}, {0x400, 0x6}], 0x8, 0x0, 0x1, 0x1, 0x7}})
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x8000, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xfff7fff7}], 0x1c)
listen(r4, 0xfffff789)
r6 = accept(r4, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000740)={0x0, @in={{0x2, 0x4e20, @empty}}, 0x0, 0x3, 0x4, 0xfffffff8, 0x95, 0x3ff, 0xb}, &(0x7f00000000c0)=0x9c)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r9, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x1, {0x9, @pix_mp={0x12, 0x5be7, 0x38414262, 0x6, 0xb, [{0x0, 0x10a}, {0xffffffe8, 0x2007}, {0x10000001, 0x9}, {0x641, 0x7fd}, {0x1, 0xb}, {0x7, 0x489aa92e}, {0x5}, {0x103, 0x7}], 0x1, 0x2c, 0x2, 0x0, 0x3}}, 0xffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r10, {0xfff3, 0xfff1}, {}, {0xfff3, 0x1f}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}, @TCA_CHAIN={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x50}, 0x0)

713.582593ms ago: executing program 5 (id=5708):
r0 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, &(0x7f0000000100))
connect$unix(r1, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x3, 0x0, 0x7, 0xfa11, 0x1}, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000004340), 0x2, 0x0)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x4001, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'})
sendmsg$nl_route_sched(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x400d5}, 0x240400c0)
r5 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05640, &(0x7f0000000280)={0x6, @pix={0x8, 0x9d0, 0x38416761, 0x5, 0x3, 0x9, 0x1, 0x7, 0x1, 0x8, 0x2, 0x5}})
socket$inet6_sctp(0xa, 0x801, 0x84)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0xfffffff8, 0x0, 0x0, 0x5a, 0x0, &(0x7f0000000500)="2ca60700cdbb4beb400730fca1dcf9caa1fb4ae1f6e61f1040d351e35c9499eacd423d6351314809b215b0415d69f4c66893772f325d679fbf017742287f319658b582d93e5e95557f7e3bfebbe12a511cdea982000000000000"})
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000039c0), 0x0, 0x0)
ioctl$TIOCGSOFTCAR(r7, 0x541a, &(0x7f0000005480))
pwritev(r6, &(0x7f0000000600)=[{&(0x7f0000000240)="02000000", 0x4}, {&(0x7f0000000280)="f697079a161cfb7702311e629acda76933ddd0c24174eb4d4d28f9", 0x1b}, {&(0x7f0000000780)="527302587e0a4e47ad23efd7abd1f41a89b12677d3fd0c46d23de59d6373581f5408b396f366bbcf6daa7372dcda7c09a7bccddf6afeb75ca9a34570bdf7be6aab9452f2c16e08b0c5e587edec679db0ced3cc071f5a7ab74b5ae2dfb425d0cfce52acca3b6525fca266d39291164b39d691ccd4a1edd64f66e75cfdca2e25d525137d213b825ea8646f8148eca6a2d561a1dec87ad1d3e7b4e75cfa65375b94b041e16118ed0a3acfc872a6a9af74f079ed53f913175814788437eb7457ae1209934f6d254c47a3abbd27e01c16b23a7749e7afcbdb6986c959d119d7a557b6957d52f1bdc0c79038d11e97fe64693324fdc9a3e25ac997f2d861851bd52ba4942833cc9ab04f66ddd52dfe5b0b86be0df4ee0e3540fe71f33d5edd28d203b5d48b21209576a266ff1bd40d24b7b536bfe40c46aea6b4770a858f0c7890e720d1a5b726a926c80e0392239b500c89884cf324193e3765e94fe06a7f3bdd5bbe319043f7909f005b8dd1e27ac0b80f4d49d6230e334dfbd910c759c1b3e4e5a5088941603d6a01890ec363ca802d31156c092ead993a66331e4cfb6197969b3d9889e4647198a3ced295685d8eae23ada20c6c6841e9e4369c6b378b496dc0757219e94bcf754a5a9f3e4eb9aada0aaaaa67bb0352af622beb6e1dbb6bf432939de56b1716e9125c6ad2dc6bd2fe0d656fdd8a7ff423e2b0df17153787873a6384c5c0c0e25e4583", 0x208}], 0x3, 0x10000, 0x4)

351.674875ms ago: executing program 0 (id=5709):
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

313.679995ms ago: executing program 4 (id=5710):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='wchan\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f0000003740)=[{{0x0, 0x0, 0x0}, 0x132}], 0x1, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7ffd, 0x0, 0xb, 0x0, 0xfffffe0000000000, 0xfa11, 0x7fffffff}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r3)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a40)={0x0, 0xfffffffffffffefe}, 0x1, 0x0, 0x0, 0x40d4}, 0x2402c0c5)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000e00)={0x84, &(0x7f0000000900)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0e, &(0x7f0000000000))

201.610841ms ago: executing program 0 (id=5711):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x30bd, 0xc000, 0x8, 0x40000185})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r3 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r3, &(0x7f0000000200)="a3", 0x1)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r3, 0x4144, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r3, 0xc0984124, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

65.081419ms ago: executing program 3 (id=5712):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002c00)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x60000000, 0x5, 0x0, &(0x7f00000001c0), 0x0, 0x1, 0x0, 0x6}, 0x50)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r2, 0x80085665, &(0x7f00000000c0)={0x3, 0x1ff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0xb0}, @exit], &(0x7f00000002c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x4}, 0x94)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r4, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, <r6=>0x0], &(0x7f0000000200), 0x4, r5})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f0000000240)={&(0x7f0000000040)=[r8], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r4, 0xc03864bc, &(0x7f0000000500)={0x200, 0x1, &(0x7f0000000180)=[r5], &(0x7f0000000200), &(0x7f0000000580)=[r6], &(0x7f0000000040)})
close(r3)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x101100, 0x0)
syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000380)=0xfffff272, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)

0s ago: executing program 0 (id=5713):
r0 = socket$inet6(0xa, 0x2, 0x0)
close(0x3)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f00000000c0)={0xa, 0x4e21, 0x80000, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0xfffffffe}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=[@rthdrdstopts={{0x14, 0x29, 0x43, {0x2b, 0x1fffffffffffff98}}}], 0x18}, 0x40440e0)

kernel console output (not intermixed with test programs):

endor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1091.566613][T21902] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1091.591128][T21902] usb 4-1: Product: syz
[ 1091.601835][T21902] usb 4-1: SerialNumber: syz
[ 1091.617417][ T5903] rc_core: IR keymap rc-imon-pad not found
[ 1091.618003][T21902] usb 4-1: config 0 descriptor??
[ 1091.629077][ T5903] Registered IR keymap rc-empty
[ 1091.635490][ T5903] imon 6-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[ 1091.649402][ T5903] imon 6-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1091.665450][T21902] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[ 1091.681784][ T5903] rc rc0: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1091.710150][ T5903] input: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input85
[ 1091.744775][ T5903] imon 6-1:0.0: iMON device (15c2:0041, intf0) on usb<6:2> initialized
[ 1091.998896][T21902] usb 4-1: USB disconnect, device number 81
[ 1092.250200][    C1] imon 6-1:0.0: imon usb_rx_callback_intf0: status(-71)
[ 1092.259183][ T5903] usb 6-1: USB disconnect, device number 2
[ 1093.294829][T22645] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5317'.
[ 1093.737415][ T5896] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 1093.908199][ T5896] usb 5-1: Using ep0 maxpacket: 8
[ 1093.936292][ T5896] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1093.963233][ T5896] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1094.001056][ T5896] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1094.037904][ T5896] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1094.076430][ T5896] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1094.104042][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1094.401390][ T5896] usb 5-1: GET_CAPABILITIES returned 0
[ 1094.432959][ T5896] usbtmc 5-1:16.0: can't read capabilities
[ 1095.586623][T22685] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5322'.
[ 1095.815784][T22685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5322'.
[ 1096.180237][T22685] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1096.348661][T22698] FAULT_INJECTION: forcing a failure.
[ 1096.348661][T22698] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1096.377642][T14031] usb 5-1: USB disconnect, device number 44
[ 1096.397671][T22698] CPU: 0 UID: 0 PID: 22698 Comm: syz.3.5325 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1096.397699][T22698] Tainted: [L]=SOFTLOCKUP
[ 1096.397704][T22698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1096.397713][T22698] Call Trace:
[ 1096.397720][T22698]  <TASK>
[ 1096.397728][T22698]  dump_stack_lvl+0xe8/0x150
[ 1096.397770][T22698]  should_fail_ex+0x412/0x560
[ 1096.397802][T22698]  _copy_to_user+0x31/0xb0
[ 1096.397825][T22698]  simple_read_from_buffer+0xe1/0x170
[ 1096.397854][T22698]  proc_fail_nth_read+0x1bb/0x230
[ 1096.397882][T22698]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1096.397907][T22698]  ? rw_verify_area+0x2a6/0x4d0
[ 1096.397925][T22698]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1096.397950][T22698]  vfs_read+0x20c/0xa70
[ 1096.397965][T22698]  ? fdget_pos+0x246/0x320
[ 1096.397989][T22698]  ? __pfx___mutex_lock+0x10/0x10
[ 1096.398014][T22698]  ? __pfx_vfs_read+0x10/0x10
[ 1096.398035][T22698]  ? __fget_files+0x2a/0x420
[ 1096.398056][T22698]  ? __fget_files+0x3a0/0x420
[ 1096.398071][T22698]  ? __fget_files+0x2a/0x420
[ 1096.398095][T22698]  ksys_read+0x150/0x270
[ 1096.398117][T22698]  ? __pfx_ksys_read+0x10/0x10
[ 1096.398146][T22698]  do_syscall_64+0x14d/0xf80
[ 1096.398168][T22698]  ? trace_irq_disable+0x3b/0x150
[ 1096.398184][T22698]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1096.398203][T22698]  ? clear_bhb_loop+0x40/0x90
[ 1096.398224][T22698]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1096.398241][T22698] RIP: 0033:0x7f094795d04e
[ 1096.398258][T22698] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1096.398274][T22698] RSP: 002b:00007f09487c0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1096.398293][T22698] RAX: ffffffffffffffda RBX: 00007f09487c16c0 RCX: 00007f094795d04e
[ 1096.398306][T22698] RDX: 000000000000000f RSI: 00007f09487c10a0 RDI: 0000000000000004
[ 1096.398318][T22698] RBP: 00007f09487c1090 R08: 0000000000000000 R09: 0000000000000000
[ 1096.398328][T22698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1096.398339][T22698] R13: 00007f0947c16038 R14: 00007f0947c15fa0 R15: 00007f0947d3fa48
[ 1096.398367][T22698]  </TASK>
[ 1096.712259][T22704] FAULT_INJECTION: forcing a failure.
[ 1096.712259][T22704] name failslab, interval 1, probability 0, space 0, times 0
[ 1096.821345][T22711] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5327'.
[ 1096.832943][T22712] fuse: Bad value for 'fd'
[ 1096.902031][T22704] CPU: 1 UID: 0 PID: 22704 Comm: syz.2.5328 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1096.902060][T22704] Tainted: [L]=SOFTLOCKUP
[ 1096.902064][T22704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1096.902070][T22704] Call Trace:
[ 1096.902076][T22704]  <TASK>
[ 1096.902081][T22704]  dump_stack_lvl+0xe8/0x150
[ 1096.902101][T22704]  should_fail_ex+0x412/0x560
[ 1096.902121][T22704]  should_failslab+0xa8/0x100
[ 1096.902137][T22704]  __kmalloc_cache_noprof+0x88/0x660
[ 1096.902151][T22704]  ? subflow_ulp_init+0xd0/0x620
[ 1096.902166][T22704]  subflow_ulp_init+0xd0/0x620
[ 1096.902176][T22704]  ? tcp_set_ulp+0xb1/0x5f0
[ 1096.902193][T22704]  tcp_set_ulp+0x53c/0x5f0
[ 1096.902205][T22704]  mptcp_subflow_create_socket+0x359/0x800
[ 1096.902224][T22704]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[ 1096.902242][T22704]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1096.902256][T22704]  __mptcp_nmpc_sk+0x155/0x790
[ 1096.902273][T22704]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[ 1096.902293][T22704]  ? mptcp_setsockopt+0xf07/0x36a0
[ 1096.902312][T22704]  ? __local_bh_enable_ip+0xd0/0x130
[ 1096.902339][T22704]  mptcp_setsockopt+0xf0f/0x36a0
[ 1096.902361][T22704]  ? __pfx_mptcp_setsockopt+0x10/0x10
[ 1096.902381][T22704]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1096.902406][T22704]  ? __fget_files+0x2a/0x420
[ 1096.902421][T22704]  ? aa_sock_opt_perm+0xff/0x1a0
[ 1096.902440][T22704]  ? sock_common_setsockopt+0x36/0xc0
[ 1096.902460][T22704]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1096.902481][T22704]  do_sock_setsockopt+0x17c/0x1b0
[ 1096.902508][T22704]  __x64_sys_setsockopt+0x13d/0x1b0
[ 1096.902535][T22704]  do_syscall_64+0x14d/0xf80
[ 1096.902558][T22704]  ? trace_irq_disable+0x3b/0x150
[ 1096.902574][T22704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1096.902591][T22704]  ? clear_bhb_loop+0x40/0x90
[ 1096.902613][T22704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1096.902629][T22704] RIP: 0033:0x7f3c9cf9c819
[ 1096.902647][T22704] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1096.902663][T22704] RSP: 002b:00007f3c9dd71028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1096.902692][T22704] RAX: ffffffffffffffda RBX: 00007f3c9d215fa0 RCX: 00007f3c9cf9c819
[ 1096.902705][T22704] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000006
[ 1096.902716][T22704] RBP: 00007f3c9dd71090 R08: 0000000000000004 R09: 0000000000000000
[ 1096.902728][T22704] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1096.902740][T22704] R13: 00007f3c9d216038 R14: 00007f3c9d215fa0 R15: 00007f3c9d33fa48
[ 1096.902770][T22704]  </TASK>
[ 1097.797470][ T5903] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1097.959284][ T5903] usb 4-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[ 1098.011805][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1098.057159][ T5903] usb 4-1: Product: syz
[ 1098.081905][ T5903] usb 4-1: Manufacturer: syz
[ 1098.106118][ T5903] usb 4-1: SerialNumber: syz
[ 1098.152269][ T5903] usb 4-1: config 0 descriptor??
[ 1098.180046][ T5903] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1098.210856][ T5903] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1098.288156][T22711] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5327'.
[ 1098.382134][ T5903] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[ 1098.437277][ T5903] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1098.462428][ T5903] dib0700: firmware download failed at 7 with -22
[ 1099.437458][T14031] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[ 1099.606332][T22711] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1099.636971][T14031] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1099.665468][T14031] usb 6-1: config 0 has no interface number 0
[ 1099.709846][T14031] usb 6-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=c5.77
[ 1099.731320][T14031] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1099.748192][T14031] usb 6-1: Product: syz
[ 1099.756854][T14031] usb 6-1: Manufacturer: syz
[ 1099.764517][T14031] usb 6-1: SerialNumber: syz
[ 1099.774548][T14031] usb 6-1: config 0 descriptor??
[ 1099.789282][T14031] snd-usb-us122l 6-1:0.1: usb_set_interface error
[ 1099.804326][T14031] snd-usb-us122l 6-1:0.1: probe with driver snd-usb-us122l failed with error -22
[ 1099.998766][T22738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1100.016351][T22738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1100.045614][T22738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1100.204629][T22738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1100.249692][T14031] usb 6-1: USB disconnect, device number 3
[ 1100.692826][ T5896] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[ 1100.777728][T22779] FAULT_INJECTION: forcing a failure.
[ 1100.777728][T22779] name failslab, interval 1, probability 0, space 0, times 0
[ 1100.802202][T22779] CPU: 1 UID: 0 PID: 22779 Comm: syz.0.5338 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1100.802233][T22779] Tainted: [L]=SOFTLOCKUP
[ 1100.802239][T22779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1100.802250][T22779] Call Trace:
[ 1100.802258][T22779]  <TASK>
[ 1100.802267][T22779]  dump_stack_lvl+0xe8/0x150
[ 1100.802299][T22779]  should_fail_ex+0x412/0x560
[ 1100.802331][T22779]  should_failslab+0xa8/0x100
[ 1100.802355][T22779]  ? skb_clone+0x212/0x3a0
[ 1100.802380][T22779]  kmem_cache_alloc_noprof+0x87/0x650
[ 1100.802399][T22779]  ? __netlink_lookup+0xc6/0x8b0
[ 1100.802427][T22779]  skb_clone+0x212/0x3a0
[ 1100.802454][T22779]  __netlink_deliver_tap+0x404/0x850
[ 1100.802484][T22779]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1100.802505][T22779]  netlink_deliver_tap+0x19c/0x1b0
[ 1100.802526][T22779]  netlink_unicast+0x7e3/0x9b0
[ 1100.802560][T22779]  ? __pfx_netlink_unicast+0x10/0x10
[ 1100.802588][T22779]  ? netlink_sendmsg+0x650/0xb40
[ 1100.802606][T22779]  ? skb_put+0x11b/0x210
[ 1100.802630][T22779]  netlink_sendmsg+0x813/0xb40
[ 1100.802658][T22779]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1100.802681][T22779]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1100.802711][T22779]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1100.802736][T22779]  ____sys_sendmsg+0x972/0x9f0
[ 1100.802767][T22779]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1100.802795][T22779]  ? import_iovec+0x73/0xa0
[ 1100.802828][T22779]  ___sys_sendmsg+0x2a5/0x360
[ 1100.802854][T22779]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1100.802901][T22779]  ? __fget_files+0x2a/0x420
[ 1100.802917][T22779]  ? __fget_files+0x3a0/0x420
[ 1100.802942][T22779]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1100.802968][T22779]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1100.803000][T22779]  ? __pfx_ksys_write+0x10/0x10
[ 1100.803031][T22779]  do_syscall_64+0x14d/0xf80
[ 1100.803055][T22779]  ? trace_irq_disable+0x3b/0x150
[ 1100.803071][T22779]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1100.803089][T22779]  ? clear_bhb_loop+0x40/0x90
[ 1100.803112][T22779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1100.803133][T22779] RIP: 0033:0x7f7cb8d9c819
[ 1100.803151][T22779] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1100.803165][T22779] RSP: 002b:00007f7cb9d15028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1100.803185][T22779] RAX: ffffffffffffffda RBX: 00007f7cb9015fa0 RCX: 00007f7cb8d9c819
[ 1100.803198][T22779] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1100.803209][T22779] RBP: 00007f7cb9d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1100.803220][T22779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1100.803231][T22779] R13: 00007f7cb9016038 R14: 00007f7cb9015fa0 R15: 00007f7cb913fa48
[ 1100.803258][T22779]  </TASK>
[ 1101.177785][ T5896] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 106, setting to 64
[ 1101.197257][ T5896] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1101.211397][ T5896] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1101.221351][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1101.229625][ T5896] usb 5-1: Product: syz
[ 1101.233916][ T5896] usb 5-1: Manufacturer: syz
[ 1101.238682][ T5896] usb 5-1: SerialNumber: syz
[ 1101.245200][ T5903] usb 4-1: USB disconnect, device number 82
[ 1101.257569][ T5896] usb 5-1: config 0 descriptor??
[ 1101.264158][T22772] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1101.276348][ T5896] usb 5-1: selecting invalid altsetting 0
[ 1101.397497][ T1210] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1101.499237][T21902] usb 5-1: USB disconnect, device number 45
[ 1101.553301][ T1210] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1101.563528][ T1210] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1101.571693][ T1210] usb 6-1: Product: syz
[ 1101.576096][ T1210] usb 6-1: Manufacturer: syz
[ 1101.580799][ T1210] usb 6-1: SerialNumber: syz
[ 1102.188386][T22792] kvm: pic: non byte write
[ 1102.401641][T22783] netlink: 'syz.5.5340': attribute type 27 has an invalid length.
[ 1103.020241][T22783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1103.031136][T22783] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1103.116997][T22808] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5345'.
[ 1103.470517][ T1210] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000118. ret = -EPIPE
[ 1103.513462][ T1210] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1103.532131][ T1210] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1103.577548][ T1210] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -32
[ 1103.746191][T22808] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5345'.
[ 1104.476386][T22808] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1104.595737][T22817] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1104.605107][   T29] audit: type=1326 audit(1775478174.805:1286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1104.708470][   T29] audit: type=1326 audit(1775478174.805:1287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1104.768428][ T1210] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1104.784534][   T29] audit: type=1326 audit(1775478174.805:1288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1104.842634][   T29] audit: type=1326 audit(1775478174.805:1289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1104.886079][   T29] audit: type=1326 audit(1775478174.805:1290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1104.913532][T14031] usb 6-1: USB disconnect, device number 4
[ 1104.944969][   T29] audit: type=1326 audit(1775478174.805:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1104.972880][   T29] audit: type=1326 audit(1775478174.805:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1104.977821][ T1210] usb 5-1: Using ep0 maxpacket: 32
[ 1105.004111][   T29] audit: type=1326 audit(1775478174.805:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1105.055644][ T1210] usb 5-1: config 0 has no interfaces?
[ 1105.064280][ T1210] usb 5-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40
[ 1105.080229][ T1210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1105.110674][   T29] audit: type=1326 audit(1775478174.805:1294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1105.177384][ T1210] usb 5-1: Product: syz
[ 1105.191809][   T29] audit: type=1326 audit(1775478174.805:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22822 comm="syz.2.5348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c9cf9c819 code=0x7ffc0000
[ 1105.244953][T22833] FAULT_INJECTION: forcing a failure.
[ 1105.244953][T22833] name failslab, interval 1, probability 0, space 0, times 0
[ 1105.260211][ T1210] usb 5-1: Manufacturer: syz
[ 1105.269988][ T1210] usb 5-1: SerialNumber: syz
[ 1105.300650][ T1210] usb 5-1: config 0 descriptor??
[ 1105.308565][T22833] CPU: 1 UID: 0 PID: 22833 Comm: syz.0.5351 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1105.308595][T22833] Tainted: [L]=SOFTLOCKUP
[ 1105.308602][T22833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1105.308613][T22833] Call Trace:
[ 1105.308621][T22833]  <TASK>
[ 1105.308629][T22833]  dump_stack_lvl+0xe8/0x150
[ 1105.308659][T22833]  should_fail_ex+0x412/0x560
[ 1105.308689][T22833]  should_failslab+0xa8/0x100
[ 1105.308712][T22833]  ? skb_clone+0x212/0x3a0
[ 1105.308736][T22833]  kmem_cache_alloc_noprof+0x87/0x650
[ 1105.308756][T22833]  ? __netlink_lookup+0xc6/0x8b0
[ 1105.308784][T22833]  skb_clone+0x212/0x3a0
[ 1105.308810][T22833]  __netlink_deliver_tap+0x404/0x850
[ 1105.308840][T22833]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1105.308860][T22833]  netlink_deliver_tap+0x19c/0x1b0
[ 1105.308881][T22833]  netlink_unicast+0x7e3/0x9b0
[ 1105.308915][T22833]  ? __pfx_netlink_unicast+0x10/0x10
[ 1105.308942][T22833]  ? netlink_sendmsg+0x650/0xb40
[ 1105.308968][T22833]  ? skb_put+0x11b/0x210
[ 1105.308992][T22833]  netlink_sendmsg+0x813/0xb40
[ 1105.309020][T22833]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1105.309043][T22833]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1105.309072][T22833]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1105.309097][T22833]  ____sys_sendmsg+0x972/0x9f0
[ 1105.309128][T22833]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1105.309159][T22833]  ? import_iovec+0x73/0xa0
[ 1105.309184][T22833]  ___sys_sendmsg+0x2a5/0x360
[ 1105.309211][T22833]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1105.309266][T22833]  ? __fget_files+0x2a/0x420
[ 1105.309282][T22833]  ? __fget_files+0x3a0/0x420
[ 1105.309308][T22833]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1105.309334][T22833]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1105.309366][T22833]  ? __pfx_ksys_write+0x10/0x10
[ 1105.309397][T22833]  do_syscall_64+0x14d/0xf80
[ 1105.309420][T22833]  ? trace_irq_disable+0x3b/0x150
[ 1105.309436][T22833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1105.309454][T22833]  ? clear_bhb_loop+0x40/0x90
[ 1105.309476][T22833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1105.309493][T22833] RIP: 0033:0x7f7cb8d9c819
[ 1105.309511][T22833] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1105.309525][T22833] RSP: 002b:00007f7cb9d15028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1105.309545][T22833] RAX: ffffffffffffffda RBX: 00007f7cb9015fa0 RCX: 00007f7cb8d9c819
[ 1105.309558][T22833] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[ 1105.309569][T22833] RBP: 00007f7cb9d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1105.309580][T22833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1105.309591][T22833] R13: 00007f7cb9016038 R14: 00007f7cb9015fa0 R15: 00007f7cb913fa48
[ 1105.309620][T22833]  </TASK>
[ 1106.063407][T22821] netlink: 'syz.4.5349': attribute type 4 has an invalid length.
[ 1106.199844][ T5889] usb 5-1: USB disconnect, device number 46
[ 1108.736183][T22884] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5364'.
[ 1108.826559][T22882] program syz.0.5365 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1109.205589][T22891] FAULT_INJECTION: forcing a failure.
[ 1109.205589][T22891] name failslab, interval 1, probability 0, space 0, times 0
[ 1109.241891][T22891] CPU: 0 UID: 0 PID: 22891 Comm: syz.0.5367 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1109.241921][T22891] Tainted: [L]=SOFTLOCKUP
[ 1109.241928][T22891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1109.241937][T22891] Call Trace:
[ 1109.241944][T22891]  <TASK>
[ 1109.241951][T22891]  dump_stack_lvl+0xe8/0x150
[ 1109.241974][T22891]  should_fail_ex+0x412/0x560
[ 1109.241995][T22891]  should_failslab+0xa8/0x100
[ 1109.242012][T22891]  __kmalloc_noprof+0xe8/0x760
[ 1109.242024][T22891]  ? security_task_alloc+0x4d/0x330
[ 1109.242043][T22891]  security_task_alloc+0x4d/0x330
[ 1109.242058][T22891]  copy_process+0x16df/0x3cd0
[ 1109.242079][T22891]  ? copy_process+0x921/0x3cd0
[ 1109.242098][T22891]  ? __pfx_copy_process+0x10/0x10
[ 1109.242115][T22891]  ? __pfx_io_wq_worker+0x10/0x10
[ 1109.242129][T22891]  ? __pfx_io_wq_worker+0x10/0x10
[ 1109.242142][T22891]  create_io_thread+0xfc/0x170
[ 1109.242158][T22891]  ? __pfx_create_io_thread+0x10/0x10
[ 1109.242175][T22891]  ? __pfx_io_wq_worker+0x10/0x10
[ 1109.242190][T22891]  ? __raw_spin_lock_init+0x45/0x100
[ 1109.242203][T22891]  ? __init_swait_queue_head+0xa9/0x150
[ 1109.242221][T22891]  ? create_io_worker+0x27/0x5c0
[ 1109.242233][T22891]  create_io_worker+0x181/0x5c0
[ 1109.242248][T22891]  io_wq_enqueue+0x675/0x8a0
[ 1109.242260][T22891]  ? io_wq_enqueue+0x332/0x8a0
[ 1109.242271][T22891]  ? __pfx_io_wq_work_match_item+0x10/0x10
[ 1109.242286][T22891]  io_submit_sqes+0x15b2/0x24e0
[ 1109.242314][T22891]  __se_sys_io_uring_enter+0x2c6/0x1960
[ 1109.242329][T22891]  ? __fget_files+0x3a0/0x420
[ 1109.242341][T22891]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1109.242353][T22891]  ? fput+0xa0/0xd0
[ 1109.242368][T22891]  ? ksys_write+0x242/0x270
[ 1109.242381][T22891]  ? __pfx_ksys_write+0x10/0x10
[ 1109.242394][T22891]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1109.242407][T22891]  do_syscall_64+0x14d/0xf80
[ 1109.242423][T22891]  ? trace_irq_disable+0x3b/0x150
[ 1109.242434][T22891]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1109.242445][T22891]  ? clear_bhb_loop+0x40/0x90
[ 1109.242458][T22891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1109.242469][T22891] RIP: 0033:0x7f7cb8d9c819
[ 1109.242480][T22891] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1109.242489][T22891] RSP: 002b:00007f7cb9d15028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1109.242502][T22891] RAX: ffffffffffffffda RBX: 00007f7cb9015fa0 RCX: 00007f7cb8d9c819
[ 1109.242509][T22891] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[ 1109.242516][T22891] RBP: 00007f7cb9d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1109.242522][T22891] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001
[ 1109.242528][T22891] R13: 00007f7cb9016038 R14: 00007f7cb9015fa0 R15: 00007f7cb913fa48
[ 1109.242544][T22891]  </TASK>
[ 1109.756511][T22902] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5371'.
[ 1109.938701][T22906] netlink: 'syz.2.5372': attribute type 29 has an invalid length.
[ 1109.949587][T22906] netlink: 'syz.2.5372': attribute type 29 has an invalid length.
[ 1109.961151][T22906] netlink: 500 bytes leftover after parsing attributes in process `syz.2.5372'.
[ 1112.000985][T22943] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1112.013555][T22943] binder: 22942:22943 ioctl 8933 200000000180 returned -22
[ 1112.439805][T22954] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5384'.
[ 1112.868140][ T5903] usb 4-1: new full-speed USB device number 83 using dummy_hcd
[ 1112.887446][T22216] wlan0: Trigger new scan to find an IBSS to join
[ 1113.050123][ T5903] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1113.078240][ T5903] usb 4-1: not running at top speed; connect to a high speed hub
[ 1113.095085][ T5903] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1113.116686][ T5903] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[ 1113.129266][ T5903] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1113.161419][ T5903] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1113.172264][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1113.184245][ T5903] usb 4-1: Product: syz
[ 1113.193965][ T5903] usb 4-1: Manufacturer: syz
[ 1113.212157][ T5903] usb 4-1: SerialNumber: syz
[ 1113.847906][T22210] wlan0: Trigger new scan to find an IBSS to join
[ 1114.045767][    C1] sd 0:0:1:0: [sda] tag#1493 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1114.056309][    C1] sd 0:0:1:0: [sda] tag#1493 CDB: Read(6) 08 00 00 00 00 00
[ 1114.192059][ T5903] usb 4-1: USB disconnect, device number 83
[ 1114.597468][ T1210] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 1114.786095][ T1210] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1114.810131][ T1210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1114.821762][ T1210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1114.838553][ T1210] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1114.872713][ T1210] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1114.887614][ T1210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1114.905685][ T1210] usb 5-1: config 0 descriptor??
[ 1115.188933][ T1210] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[ 1115.549722][ T1210] usb 5-1: USB disconnect, device number 47
[ 1115.851128][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.857672][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.037459][ T1210] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 1116.227786][ T1210] usb 5-1: Using ep0 maxpacket: 8
[ 1116.244799][ T1210] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1116.275334][ T1210] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1116.327105][ T1210] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1116.403631][ T1210] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1116.430745][ T1210] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1116.484836][ T1210] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1116.544086][ T1210] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1116.602854][ T1210] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1116.631331][ T1210] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1116.708499][ T1210] usb 5-1: string descriptor 0 read error: -22
[ 1116.746521][ T1210] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1116.784236][ T1210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1116.836610][ T1210] adutux 5-1:168.0: interrupt endpoints not found
[ 1116.887781][T22220] wlan0: Trigger new scan to find an IBSS to join
[ 1117.051406][ T1210] usb 5-1: USB disconnect, device number 48
[ 1117.193957][T23024] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5404'.
[ 1117.693975][T23033] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5409'.
[ 1117.817506][ T1210] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1117.845926][T23044] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5408'.
[ 1117.863091][T22220] wlan0: Trigger new scan to find an IBSS to join
[ 1118.010824][ T1210] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1118.039803][ T1210] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1118.088415][ T1210] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1118.107563][ T1210] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1118.123502][ T1210] usb 3-1: Manufacturer: syz
[ 1118.131577][ T1210] usb 3-1: config 0 descriptor??
[ 1118.140238][ T1210] igorplugusb 3-1:0.0: incorrect number of endpoints
[ 1118.360165][T23055] xt_hashlimit: max too large, truncated to 1048576
[ 1118.557131][T23059] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5415'.
[ 1118.773874][T23063] SET target dimension over the limit!
[ 1118.927482][T14031] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1119.088472][T22211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1119.107435][T14031] usb 4-1: Using ep0 maxpacket: 8
[ 1119.148632][T14031] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1119.227542][T14031] usb 4-1: New USB device found, idVendor=058f, idProduct=9410, bcdDevice= 0.00
[ 1119.294869][T14031] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1119.346813][T14031] usb 4-1: config 0 descriptor??
[ 1119.372228][T23044] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5408'.
[ 1119.390151][T14031] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1119.776774][T14031] usb 4-1: USB disconnect, device number 84
[ 1119.782651][T23044] bond_slave_0: entered promiscuous mode
[ 1119.788402][T23044] bond_slave_1: entered promiscuous mode
[ 1119.843116][T23044] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1119.850483][T22210] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1119.883274][T23044] bond_slave_0: left promiscuous mode
[ 1119.888806][T23044] bond_slave_1: left promiscuous mode
[ 1119.918095][T23068] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5418'.
[ 1120.587074][ T1210] usb 3-1: USB disconnect, device number 81
[ 1120.859251][T23095] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5426'.
[ 1121.690157][T23110] netlink: 'syz.4.5430': attribute type 3 has an invalid length.
[ 1121.977425][ T1210] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1122.157459][ T1210] usb 6-1: Using ep0 maxpacket: 16
[ 1122.170746][ T1210] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1122.179865][ T1210] usb 6-1: config 4 has an invalid interface number: 28 but max is 0
[ 1122.188332][ T1210] usb 6-1: config 4 has no interface number 0
[ 1122.194861][ T1210] usb 6-1: config 4 interface 28 has no altsetting 0
[ 1122.205477][ T1210] usb 6-1: New USB device found, idVendor=0421, idProduct=008f, bcdDevice=a8.9e
[ 1122.225670][ T1210] usb 6-1: New USB device strings: Mfr=1, Product=10, SerialNumber=3
[ 1122.245540][ T1210] usb 6-1: Product: syz
[ 1122.254133][ T1210] usb 6-1: Manufacturer: syz
[ 1122.267500][ T1210] usb 6-1: SerialNumber: syz
[ 1122.377428][ T5896] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1122.514737][T23112] netlink: 'syz.5.5432': attribute type 1 has an invalid length.
[ 1122.523417][T23112] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1122.535409][T23112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1122.547518][T23112] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1122.563656][ T5896] usb 3-1: Using ep0 maxpacket: 32
[ 1122.570389][ T1210] usb 6-1: bad CDC descriptors
[ 1122.578177][ T5896] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[ 1122.587043][ T5896] usb 3-1: config 0 has no interface number 0
[ 1122.595405][ T1210] usb 6-1: USB disconnect, device number 5
[ 1122.605346][ T5896] usb 3-1: config 0 interface 184 has no altsetting 0
[ 1122.615709][ T5896] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1122.627599][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1122.635856][ T5896] usb 3-1: Product: syz
[ 1122.641793][ T5896] usb 3-1: Manufacturer: syz
[ 1122.646639][ T5896] usb 3-1: SerialNumber: syz
[ 1122.658572][ T5896] usb 3-1: config 0 descriptor??
[ 1122.716130][T23122] blktrace: Concurrent blktraces are not allowed on sg0
[ 1123.273041][ T5896] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1123.306327][ T5896] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1123.420219][ T5896] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 1123.456522][ T5896] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 1123.474425][ T5896] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1123.485783][ T5896] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1123.496134][ T5896] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[ 1123.512223][ T5896] usb 3-1: USB disconnect, device number 82
[ 1124.943620][T23155] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5444'.
[ 1125.321276][T23170] netlink: 'syz.0.5447': attribute type 3 has an invalid length.
[ 1127.204657][T23205] netlink: 'syz.3.5459': attribute type 3 has an invalid length.
[ 1127.282829][T23210] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5460'.
[ 1127.470610][T23210] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5460'.
[ 1127.555311][T23210] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1128.398341][ T1210] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1128.583254][ T1210] usb 6-1: Using ep0 maxpacket: 32
[ 1128.605967][ T1210] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1128.627712][ T1210] usb 6-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[ 1128.653156][ T1210] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1128.681771][ T1210] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1128.722567][ T1210] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1128.752389][ T1210] usb 6-1: Product: syz
[ 1128.761515][ T1210] usb 6-1: Manufacturer: syz
[ 1128.773365][ T1210] usb 6-1: SerialNumber: syz
[ 1128.787201][ T1210] usb 6-1: config 0 descriptor??
[ 1129.218018][ T1210] gs_usb 6-1:0.0: Configuring for 159 interfaces
[ 1129.437737][ T1210] gs_usb 6-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[ 1129.455336][ T1210] gs_usb 6-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[ 1129.480227][ T1210] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -71
[ 1129.537447][ T1210] usb 6-1: USB disconnect, device number 6
[ 1130.047632][ T5896] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[ 1130.057455][T21902] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1130.207448][T21902] usb 4-1: Using ep0 maxpacket: 32
[ 1130.217498][ T5896] usb 3-1: Using ep0 maxpacket: 8
[ 1130.229908][T21902] usb 4-1: config 0 has no interfaces?
[ 1130.230320][T23249] netlink: 220 bytes leftover after parsing attributes in process `syz.5.5473'.
[ 1130.245232][ T5896] usb 3-1: too many endpoints for config 0 interface 0 altsetting 33: 193, using maximum allowed: 30
[ 1130.258053][ T5896] usb 3-1: config 0 interface 0 altsetting 33 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1130.270137][T23249] netlink: 220 bytes leftover after parsing attributes in process `syz.5.5473'.
[ 1130.279694][ T5896] usb 3-1: config 0 interface 0 altsetting 33 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1130.291207][T21902] usb 4-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40
[ 1130.295660][T23249] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5473'.
[ 1130.313917][ T5896] usb 3-1: config 0 interface 0 altsetting 33 has 1 endpoint descriptor, different from the interface descriptor's value: 193
[ 1130.327556][T21902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1130.339374][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1130.349038][T21902] usb 4-1: Product: syz
[ 1130.357315][T21902] usb 4-1: Manufacturer: syz
[ 1130.365560][ T5896] usb 3-1: New USB device found, idVendor=056a, idProduct=010e, bcdDevice= 0.00
[ 1130.374739][T21902] usb 4-1: SerialNumber: syz
[ 1130.383032][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1130.405282][ T5896] usb 3-1: config 0 descriptor??
[ 1130.405296][T21902] usb 4-1: config 0 descriptor??
[ 1130.615511][T23239] netlink: 'syz.3.5470': attribute type 4 has an invalid length.
[ 1130.645584][T23241] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5471'.
[ 1130.775517][T21902] usb 4-1: USB disconnect, device number 85
[ 1130.807549][T22215] wlan0: Trigger new scan to find an IBSS to join
[ 1130.866295][ T5896] usbhid 3-1:0.0: can't add hid device: -71
[ 1130.877028][ T5896] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1130.921223][ T5896] usb 3-1: USB disconnect, device number 83
[ 1131.782616][T23275] �ÿ: renamed from bond_slave_0
[ 1131.897509][ T5896] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 1132.058167][ T5896] usb 3-1: too many configurations: 9, using maximum allowed: 8
[ 1132.068317][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1132.081306][ T5896] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1132.092459][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1132.110793][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1132.120150][ T5896] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1132.131438][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1132.142095][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1132.152152][ T5896] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1132.163571][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1132.188795][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1132.201972][ T5896] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1132.234594][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1132.248282][T21902] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[ 1132.264727][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1132.280491][ T5896] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1132.306902][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1132.318126][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1132.327054][ T5896] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1132.367573][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1132.375681][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1132.384698][ T5896] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1132.397490][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1132.408686][ T5896] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1132.417696][ T5896] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1132.428823][ T5896] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1132.437524][T21902] usb 4-1: Using ep0 maxpacket: 32
[ 1132.439919][ T5896] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1132.444404][T21902] usb 4-1: config 0 has no interfaces?
[ 1132.452340][ T5896] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1132.467428][ T5896] usb 3-1: Product: syz
[ 1132.479888][ T5896] usb 3-1: Manufacturer: syz
[ 1132.480419][T21902] usb 4-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40
[ 1132.484562][ T5896] usb 3-1: SerialNumber: syz
[ 1132.502037][ T5896] usb 3-1: config 0 descriptor??
[ 1132.516108][T21902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1132.537601][T21902] usb 4-1: Product: syz
[ 1132.537812][ T5896] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[ 1132.541810][T21902] usb 4-1: Manufacturer: syz
[ 1132.541829][T21902] usb 4-1: SerialNumber: syz
[ 1132.566578][T21902] usb 4-1: config 0 descriptor??
[ 1132.716409][T23285] netlink: 'syz.5.5487': attribute type 3 has an invalid length.
[ 1132.730597][T23268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1132.742958][T23268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1132.795880][T23280] netlink: 'syz.3.5486': attribute type 4 has an invalid length.
[ 1132.829968][T23286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1132.847766][T23286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1132.882010][    C1] usb 3-1: yurex_control_callback - control failed: -71
[ 1132.882417][ T5889] usb 3-1: USB disconnect, device number 84
[ 1132.902263][ T5889] yurex 3-1:0.0: USB YUREX #0 now disconnected
[ 1132.951221][T21902] usb 4-1: USB disconnect, device number 86
[ 1133.364896][T23288] program syz.4.5488 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1133.724486][T23311] FAULT_INJECTION: forcing a failure.
[ 1133.724486][T23311] name failslab, interval 1, probability 0, space 0, times 0
[ 1133.741053][T23311] CPU: 0 UID: 0 PID: 23311 Comm: syz.3.5497 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1133.741082][T23311] Tainted: [L]=SOFTLOCKUP
[ 1133.741088][T23311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1133.741099][T23311] Call Trace:
[ 1133.741107][T23311]  <TASK>
[ 1133.741114][T23311]  dump_stack_lvl+0xe8/0x150
[ 1133.741143][T23311]  should_fail_ex+0x412/0x560
[ 1133.741176][T23311]  should_failslab+0xa8/0x100
[ 1133.741225][T23311]  __kmalloc_noprof+0xe8/0x760
[ 1133.741243][T23311]  ? do_sys_poll+0x313/0x1120
[ 1133.741270][T23311]  do_sys_poll+0x313/0x1120
[ 1133.741304][T23311]  ? __pfx_do_sys_poll+0x10/0x10
[ 1133.741326][T23311]  ? __lock_acquire+0x6b5/0x2cf0
[ 1133.741341][T23311]  ? is_bpf_text_address+0x26/0x2b0
[ 1133.741395][T23311]  ? set_user_sigmask+0xcd/0x1c0
[ 1133.741410][T23311]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1133.741427][T23311]  __se_sys_ppoll+0x209/0x2b0
[ 1133.741441][T23311]  ? fput+0xa0/0xd0
[ 1133.741457][T23311]  ? __pfx___se_sys_ppoll+0x10/0x10
[ 1133.741478][T23311]  ? __pfx_ksys_write+0x10/0x10
[ 1133.741492][T23311]  ? __x64_sys_ppoll+0x20/0xc0
[ 1133.741506][T23311]  do_syscall_64+0x14d/0xf80
[ 1133.741521][T23311]  ? trace_irq_disable+0x3b/0x150
[ 1133.741530][T23311]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1133.741541][T23311]  ? clear_bhb_loop+0x40/0x90
[ 1133.741554][T23311]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1133.741564][T23311] RIP: 0033:0x7f094799c819
[ 1133.741576][T23311] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1133.741584][T23311] RSP: 002b:00007f09487c1028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1133.741596][T23311] RAX: ffffffffffffffda RBX: 00007f0947c15fa0 RCX: 00007f094799c819
[ 1133.741603][T23311] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1133.741610][T23311] RBP: 00007f09487c1090 R08: 0000000000000000 R09: 0000000000000000
[ 1133.741616][T23311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1133.741622][T23311] R13: 00007f0947c16038 R14: 00007f0947c15fa0 R15: 00007f0947d3fa48
[ 1133.741637][T23311]  </TASK>
[ 1133.962411][T22210] wlan0: Trigger new scan to find an IBSS to join
[ 1133.988769][T23309] fuse: Bad value for 'fd'
[ 1134.034863][T23309] ipip0: entered promiscuous mode
[ 1134.057831][T23309] ipip0: entered allmulticast mode
[ 1134.350249][T23325] syzkaller1: entered promiscuous mode
[ 1134.355880][T23325] syzkaller1: entered allmulticast mode
[ 1134.660314][T23330] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5503'.
[ 1135.597450][ T1210] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[ 1135.749835][ T1210] usb 6-1: config 0 has an invalid interface number: 30 but max is 0
[ 1135.772933][ T1210] usb 6-1: config 0 has no interface number 0
[ 1135.787668][ T1210] usb 6-1: config 0 interface 30 has no altsetting 0
[ 1135.804723][ T1210] usb 6-1: New USB device found, idVendor=06cd, idProduct=0109, bcdDevice=25.04
[ 1135.843308][   T29] kauditd_printk_skb: 68 callbacks suppressed
[ 1135.843317][ T1210] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1135.843324][   T29] audit: type=1326 audit(1775478206.055:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1135.843369][   T29] audit: type=1326 audit(1775478206.055:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1135.987795][ T1210] usb 6-1: Product: syz
[ 1136.020155][ T1210] usb 6-1: Manufacturer: syz
[ 1136.033278][ T1210] usb 6-1: SerialNumber: syz
[ 1136.056334][ T1210] usb 6-1: config 0 descriptor??
[ 1136.081000][ T1210] hub 6-1:0.30: bad descriptor, ignoring hub
[ 1136.103380][ T1210] hub 6-1:0.30: probe with driver hub failed with error -5
[ 1136.132585][   T29] audit: type=1326 audit(1775478206.125:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1136.172773][ T1210] keyspan 6-1:0.30: Keyspan - (without firmware) converter detected
[ 1136.261077][   T29] audit: type=1326 audit(1775478206.125:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1136.362199][   T29] audit: type=1326 audit(1775478206.125:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1136.429471][ T1210] usb 6-1: USB disconnect, device number 7
[ 1136.435789][ T1210] keyspan 6-1:0.30: device disconnected
[ 1136.442941][   T29] audit: type=1326 audit(1775478206.125:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1136.471974][   T29] audit: type=1326 audit(1775478206.125:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1136.577944][   T29] audit: type=1326 audit(1775478206.125:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1136.681929][   T29] audit: type=1326 audit(1775478206.125:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1136.752909][   T29] audit: type=1326 audit(1775478206.125:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23363 comm="syz.3.5515" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x7ffc0000
[ 1136.817461][T22220] wlan0: Trigger new scan to find an IBSS to join
[ 1136.890651][T22210] wlan0: Trigger new scan to find an IBSS to join
[ 1136.942110][T23375] syzkaller0: entered promiscuous mode
[ 1136.948062][T23375] syzkaller0: entered allmulticast mode
[ 1136.968888][T23375] tipc: Started in network mode
[ 1136.974792][T23375] tipc: Node identity 2a469d54e712, cluster identity 4711
[ 1136.983933][T23375] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1137.035499][T23375] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(14)
[ 1137.042141][T23375] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1137.053469][T23375] vhci_hcd vhci_hcd.0: Device attached
[ 1137.062472][T23379] vhci_hcd: connection closed
[ 1137.062818][T22211] vhci_hcd vhci_hcd.5: stop threads
[ 1137.080879][T22211] vhci_hcd vhci_hcd.5: release socket
[ 1137.096026][T22211] vhci_hcd vhci_hcd.5: disconnect device
[ 1137.185256][T23373] tipc: Resetting bearer <eth:syzkaller0>
[ 1137.207019][T23373] tipc: Disabling bearer <eth:syzkaller0>
[ 1137.790470][T22220] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1137.856785][T23400] netlink: 'syz.3.5524': attribute type 10 has an invalid length.
[ 1137.875832][T23400] 8021q: adding VLAN 0 to HW filter on device team0
[ 1137.887953][T23400] bond0: (slave team0): Enslaving as an active interface with an up link
[ 1138.071780][T23407] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5525'.
[ 1138.110555][T23407] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5525'.
[ 1138.243056][T23407] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5525'.
[ 1139.763946][T23434] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5535'.
[ 1139.847558][T22210] wlan0: Trigger new scan to find an IBSS to join
[ 1140.075506][T23446] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5539'.
[ 1140.245585][T23450] netlink: 68 bytes leftover after parsing attributes in process `syz.0.5540'.
[ 1140.264318][T23450] FAULT_INJECTION: forcing a failure.
[ 1140.264318][T23450] name failslab, interval 1, probability 0, space 0, times 0
[ 1140.287885][T23450] CPU: 1 UID: 0 PID: 23450 Comm: syz.0.5540 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1140.287915][T23450] Tainted: [L]=SOFTLOCKUP
[ 1140.287921][T23450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1140.287931][T23450] Call Trace:
[ 1140.287939][T23450]  <TASK>
[ 1140.287948][T23450]  dump_stack_lvl+0xe8/0x150
[ 1140.287979][T23450]  should_fail_ex+0x412/0x560
[ 1140.288013][T23450]  should_failslab+0xa8/0x100
[ 1140.288039][T23450]  __kmalloc_cache_noprof+0x88/0x660
[ 1140.288060][T23450]  ? sctp_v6_to_sk_saddr+0x100/0x1c0
[ 1140.288083][T23450]  ? sctp_association_new+0x89/0x25e0
[ 1140.288107][T23450]  ? __asan_memcpy+0x40/0x70
[ 1140.288129][T23450]  sctp_association_new+0x89/0x25e0
[ 1140.288154][T23450]  ? sctp_do_bind+0x661/0x9d0
[ 1140.288183][T23450]  ? __ipv6_addr_type+0x10c/0x2f0
[ 1140.288213][T23450]  sctp_connect_new_asoc+0x2e4/0x6b0
[ 1140.288239][T23450]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1140.288269][T23450]  ? __local_bh_enable_ip+0xd0/0x130
[ 1140.288292][T23450]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1140.288315][T23450]  ? security_sctp_bind_connect+0x7e/0x2c0
[ 1140.288344][T23450]  sctp_sendmsg+0x1528/0x2c10
[ 1140.288380][T23450]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1140.288405][T23450]  ? aa_sk_perm+0x6d5/0x900
[ 1140.288448][T23450]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1140.288477][T23450]  ? sock_rps_record_flow+0x19/0x400
[ 1140.288506][T23450]  ? inet_sendmsg+0x2f4/0x370
[ 1140.288534][T23450]  ____sys_sendmsg+0x80a/0x9f0
[ 1140.288568][T23450]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1140.288601][T23450]  ? import_iovec+0x73/0xa0
[ 1140.288627][T23450]  ___sys_sendmsg+0x2a5/0x360
[ 1140.288656][T23450]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1140.288711][T23450]  ? __fget_files+0x2a/0x420
[ 1140.288728][T23450]  ? __fget_files+0x3a0/0x420
[ 1140.288756][T23450]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1140.288782][T23450]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1140.288814][T23450]  ? __pfx_ksys_write+0x10/0x10
[ 1140.288843][T23450]  do_syscall_64+0x14d/0xf80
[ 1140.288864][T23450]  ? trace_irq_disable+0x3b/0x150
[ 1140.288880][T23450]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1140.288898][T23450]  ? clear_bhb_loop+0x40/0x90
[ 1140.288918][T23450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1140.288937][T23450] RIP: 0033:0x7f7cb8d9c819
[ 1140.288954][T23450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1140.288969][T23450] RSP: 002b:00007f7cb9d15028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1140.288987][T23450] RAX: ffffffffffffffda RBX: 00007f7cb9015fa0 RCX: 00007f7cb8d9c819
[ 1140.288997][T23450] RDX: 0000000000000041 RSI: 0000200000002dc0 RDI: 0000000000000005
[ 1140.289007][T23450] RBP: 00007f7cb9d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1140.289017][T23450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1140.289027][T23450] R13: 00007f7cb9016038 R14: 00007f7cb9015fa0 R15: 00007f7cb913fa48
[ 1140.289053][T23450]  </TASK>
[ 1140.967630][ T5889] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 1141.002729][T23444] kvm: requested 186057 ns i8254 timer period limited to 200000 ns
[ 1141.038977][T23444] kvm: requested 186057 ns i8254 timer period limited to 200000 ns
[ 1141.137512][ T5889] usb 5-1: Using ep0 maxpacket: 32
[ 1141.196814][ T5889] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1141.393566][ T5889] usb 5-1: config 0 has no interface number 0
[ 1141.459642][ T5889] usb 5-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[ 1141.603456][ T5889] usb 5-1: config 0 interface 1 has no altsetting 0
[ 1141.665103][T23477] FAULT_INJECTION: forcing a failure.
[ 1141.665103][T23477] name failslab, interval 1, probability 0, space 0, times 0
[ 1141.689834][ T5889] usb 5-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[ 1141.714507][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1141.735972][T23477] CPU: 0 UID: 0 PID: 23477 Comm: syz.5.5549 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1141.735999][T23477] Tainted: [L]=SOFTLOCKUP
[ 1141.736006][T23477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1141.736015][T23477] Call Trace:
[ 1141.736023][T23477]  <TASK>
[ 1141.736030][T23477]  dump_stack_lvl+0xe8/0x150
[ 1141.736060][T23477]  should_fail_ex+0x412/0x560
[ 1141.736088][T23477]  should_failslab+0xa8/0x100
[ 1141.736108][T23477]  ? alloc_pid+0x1a6/0x12f0
[ 1141.736134][T23477]  kmem_cache_alloc_noprof+0x87/0x650
[ 1141.736153][T23477]  ? copy_process+0x16df/0x3cd0
[ 1141.736174][T23477]  ? create_io_thread+0xfc/0x170
[ 1141.736206][T23477]  alloc_pid+0x1a6/0x12f0
[ 1141.736238][T23477]  ? __pfx_alloc_pid+0x10/0x10
[ 1141.736272][T23477]  ? fpu_clone+0x347/0xbc0
[ 1141.736299][T23477]  ? __asan_memcpy+0x40/0x70
[ 1141.736316][T23477]  ? copy_thread+0x74b/0x9a0
[ 1141.736343][T23477]  copy_process+0x1b3a/0x3cd0
[ 1141.736374][T23477]  ? copy_process+0x921/0x3cd0
[ 1141.736405][T23477]  ? __pfx_copy_process+0x10/0x10
[ 1141.736431][T23477]  ? __pfx_io_wq_worker+0x10/0x10
[ 1141.736451][T23477]  ? __pfx_io_wq_worker+0x10/0x10
[ 1141.736471][T23477]  create_io_thread+0xfc/0x170
[ 1141.736504][T23477]  ? __pfx_create_io_thread+0x10/0x10
[ 1141.736532][T23477]  ? __pfx_io_wq_worker+0x10/0x10
[ 1141.736555][T23477]  ? __raw_spin_lock_init+0x45/0x100
[ 1141.736574][T23477]  ? __init_swait_queue_head+0xa9/0x150
[ 1141.736591][T23477]  ? create_io_worker+0x27/0x5c0
[ 1141.736611][T23477]  create_io_worker+0x181/0x5c0
[ 1141.736634][T23477]  io_wq_enqueue+0x675/0x8a0
[ 1141.736652][T23477]  ? io_wq_enqueue+0x332/0x8a0
[ 1141.736669][T23477]  ? __pfx_io_wq_work_match_item+0x10/0x10
[ 1141.736693][T23477]  io_submit_sqes+0x204e/0x24e0
[ 1141.736735][T23477]  __se_sys_io_uring_enter+0x2c6/0x1960
[ 1141.736757][T23477]  ? __fget_files+0x3a0/0x420
[ 1141.736778][T23477]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1141.736799][T23477]  ? fput+0xa0/0xd0
[ 1141.736825][T23477]  ? ksys_write+0x242/0x270
[ 1141.736848][T23477]  ? __pfx_ksys_write+0x10/0x10
[ 1141.736872][T23477]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1141.736892][T23477]  do_syscall_64+0x14d/0xf80
[ 1141.736913][T23477]  ? trace_irq_disable+0x3b/0x150
[ 1141.736927][T23477]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1141.736953][T23477]  ? clear_bhb_loop+0x40/0x90
[ 1141.736974][T23477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1141.736991][T23477] RIP: 0033:0x7fd15919c819
[ 1141.737009][T23477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1141.737021][T23477] RSP: 002b:00007fd15a048028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1141.737038][T23477] RAX: ffffffffffffffda RBX: 00007fd159415fa0 RCX: 00007fd15919c819
[ 1141.737051][T23477] RDX: 0000000000007fae RSI: 000000000000742f RDI: 0000000000000003
[ 1141.737062][T23477] RBP: 00007fd15a048090 R08: 0000000000000000 R09: 0000000000000000
[ 1141.737073][T23477] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 1141.737084][T23477] R13: 00007fd159416038 R14: 00007fd159415fa0 R15: 00007fd15953fa48
[ 1141.737112][T23477]  </TASK>
[ 1142.217903][ T5889] usb 5-1: Product: syz
[ 1142.222132][ T5889] usb 5-1: Manufacturer: syz
[ 1142.226745][ T5889] usb 5-1: SerialNumber: syz
[ 1142.239334][ T5889] usb 5-1: config 0 descriptor??
[ 1142.397063][T23484] FAULT_INJECTION: forcing a failure.
[ 1142.397063][T23484] name failslab, interval 1, probability 0, space 0, times 0
[ 1142.423203][T23484] CPU: 1 UID: 0 PID: 23484 Comm: syz.2.5552 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1142.423232][T23484] Tainted: [L]=SOFTLOCKUP
[ 1142.423239][T23484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1142.423249][T23484] Call Trace:
[ 1142.423257][T23484]  <TASK>
[ 1142.423265][T23484]  dump_stack_lvl+0xe8/0x150
[ 1142.423296][T23484]  should_fail_ex+0x412/0x560
[ 1142.423324][T23484]  should_failslab+0xa8/0x100
[ 1142.423340][T23484]  kmem_cache_alloc_node_noprof+0x8f/0x690
[ 1142.423352][T23484]  ? cgroup1_freezing+0x20/0x350
[ 1142.423366][T23484]  ? cgroup1_freezing+0x20/0x350
[ 1142.423393][T23484]  ? dup_task_struct+0x52/0x9a0
[ 1142.423429][T23484]  dup_task_struct+0x52/0x9a0
[ 1142.423453][T23484]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1142.423476][T23484]  copy_process+0x508/0x3cd0
[ 1142.423491][T23484]  ? kstrtoull+0x12f/0x1d0
[ 1142.423508][T23484]  ? kstrtouint+0x6e/0xe0
[ 1142.423524][T23484]  ? get_pid_task+0x20/0x1f0
[ 1142.423542][T23484]  ? __pfx_copy_process+0x10/0x10
[ 1142.423566][T23484]  ? get_pid_task+0x20/0x1f0
[ 1142.423581][T23484]  ? get_pid_task+0x20/0x1f0
[ 1142.423604][T23484]  kernel_clone+0x248/0x8e0
[ 1142.423629][T23484]  ? __pfx_kernel_clone+0x10/0x10
[ 1142.423647][T23484]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1142.423664][T23484]  __x64_sys_clone+0x1b6/0x230
[ 1142.423681][T23484]  ? __pfx___x64_sys_clone+0x10/0x10
[ 1142.423719][T23484]  ? __pfx_ksys_write+0x10/0x10
[ 1142.423749][T23484]  do_syscall_64+0x14d/0xf80
[ 1142.423771][T23484]  ? trace_irq_disable+0x3b/0x150
[ 1142.423780][T23484]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1142.423791][T23484]  ? clear_bhb_loop+0x40/0x90
[ 1142.423803][T23484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1142.423813][T23484] RIP: 0033:0x7f3c9cf9c819
[ 1142.423825][T23484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1142.423837][T23484] RSP: 002b:00007f3c9dd70fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 1142.423857][T23484] RAX: ffffffffffffffda RBX: 00007f3c9d215fa0 RCX: 00007f3c9cf9c819
[ 1142.423870][T23484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000100411
[ 1142.423881][T23484] RBP: 00007f3c9dd71090 R08: 0000000000000000 R09: 0000000000000000
[ 1142.423893][T23484] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 1142.423903][T23484] R13: 00007f3c9d216038 R14: 00007f3c9d215fa0 R15: 00007f3c9d33fa48
[ 1142.423927][T23484]  </TASK>
[ 1142.827525][T22211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1143.041996][ T5889] cx231xx 5-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[ 1143.093378][ T5889] cx231xx 5-1:0.1: Failed to read PCB config
[ 1143.139358][ T5889] cx231xx 5-1:0.1: probe with driver cx231xx failed with error -71
[ 1143.167480][ T5889] usb 5-1: USB disconnect, device number 49
[ 1143.564398][ T5889] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 1143.707550][ T5889] usb 5-1: device descriptor read/64, error -71
[ 1143.837532][ T5903] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 1143.967439][ T5889] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1144.010407][ T5903] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1144.020803][ T5903] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1144.036848][ T5903] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1144.047530][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1144.057856][ T5903] usb 3-1: SerialNumber: syz
[ 1144.109082][ T5889] usb 5-1: device descriptor read/64, error -71
[ 1144.220518][ T5889] usb usb5-port1: attempt power cycle
[ 1144.290888][ T5903] usb 3-1: 0:2 : does not exist
[ 1144.408373][ T5903] usb 3-1: USB disconnect, device number 85
[ 1144.470259][T23226] udevd[23226]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1145.277673][ T5889] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 1145.300178][ T5889] usb 5-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[ 1145.309475][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1145.320380][ T5889] usb 5-1: config 0 descriptor??
[ 1145.333013][ T5889] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input87
[ 1145.462374][   T29] kauditd_printk_skb: 29 callbacks suppressed
[ 1145.462390][   T29] audit: type=1326 audit(1775478215.675:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23554 comm="syz.3.5578" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x0
[ 1145.527702][ T5177] bcm5974 5-1:0.0: could not read from device
[ 1145.540831][ T5177] bcm5974 5-1:0.0: could not read from device
[ 1145.551704][ T5889] usb 5-1: USB disconnect, device number 52
[ 1145.557994][T23226] bcm5974 5-1:0.0: could not read from device
[ 1145.565829][ T5177] bcm5974 5-1:0.0: could not read from device
[ 1145.568411][   T29] audit: type=1326 audit(1775478215.785:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23554 comm="syz.3.5578" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f094799c819 code=0x0
[ 1145.613047][T23226] udevd[23226]: Error opening device "/dev/input/event4": No such file or directory
[ 1145.641756][T23226] udevd[23226]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1145.651137][T23226] udevd[23226]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1145.677670][T23226] udevd[23226]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1145.686026][T23226] udevd[23226]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1146.149408][T23580] fuse: Bad value for 'fd'
[ 1146.587501][T21902] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 1146.778181][T23587] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5587'.
[ 1146.890933][T21902] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[ 1146.945038][T21902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1147.062194][T21902] usb 3-1: Product: syz
[ 1147.066410][T21902] usb 3-1: Manufacturer: syz
[ 1147.087640][T21902] usb 3-1: SerialNumber: syz
[ 1147.103419][   T29] audit: type=1326 audit(1775478217.315:1405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1147.133957][T21902] usb 3-1: config 0 descriptor??
[ 1147.187437][   T29] audit: type=1326 audit(1775478217.375:1406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1147.319062][T21902] hub 3-1:0.0: bad descriptor, ignoring hub
[ 1147.337422][T21902] hub 3-1:0.0: probe with driver hub failed with error -5
[ 1147.364979][   T29] audit: type=1326 audit(1775478217.375:1407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1147.417678][   T29] audit: type=1326 audit(1775478217.375:1408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1147.470434][   T29] audit: type=1326 audit(1775478217.435:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7cb8d9e087 code=0x7ffc0000
[ 1147.520975][   T29] audit: type=1326 audit(1775478217.445:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f7cb8d5d04e code=0x7ffc0000
[ 1147.570502][   T29] audit: type=1326 audit(1775478217.465:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f7cb8d5d04e code=0x7ffc0000
[ 1147.629213][   T29] audit: type=1326 audit(1775478217.465:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23589 comm="syz.0.5588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f7cb8d5d04e code=0x7ffc0000
[ 1147.663264][T21902] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[ 1147.701952][T21902] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1147.751257][T21902] dib0700: firmware download failed at 7 with -22
[ 1148.232465][T23596] dummy0: entered allmulticast mode
[ 1148.422162][T23600] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5590'.
[ 1149.357444][ T5889] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 1149.497437][ T5903] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1149.529283][ T5889] usb 5-1: Using ep0 maxpacket: 8
[ 1149.551266][ T5889] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1149.567192][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1149.585582][ T5889] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1149.599384][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1149.610989][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1149.631350][T21902] usb 3-1: USB disconnect, device number 86
[ 1149.640822][ T5889] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1149.664403][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1149.698802][ T5889] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1149.722686][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1149.748349][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1149.751480][ T5903] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1149.790781][ T5889] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1149.816247][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1149.827504][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1149.827531][ T5903] usb 6-1: Product: syz
[ 1149.827545][ T5903] usb 6-1: Manufacturer: syz
[ 1149.827559][ T5903] usb 6-1: SerialNumber: syz
[ 1149.854138][T23618] FAULT_INJECTION: forcing a failure.
[ 1149.854138][T23618] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1149.874805][T23618] CPU: 0 UID: 0 PID: 23618 Comm: syz.2.5595 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1149.874826][T23618] Tainted: [L]=SOFTLOCKUP
[ 1149.874831][T23618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1149.874839][T23618] Call Trace:
[ 1149.874846][T23618]  <TASK>
[ 1149.874851][T23618]  dump_stack_lvl+0xe8/0x150
[ 1149.874872][T23618]  should_fail_ex+0x412/0x560
[ 1149.874892][T23618]  _copy_to_user+0x31/0xb0
[ 1149.874907][T23618]  put_timespec64+0xc8/0x130
[ 1149.874921][T23618]  ? __pfx_put_timespec64+0x10/0x10
[ 1149.874939][T23618]  poll_select_finish+0x4b5/0x630
[ 1149.874956][T23618]  ? __pfx_poll_select_finish+0x10/0x10
[ 1149.874981][T23618]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1149.874994][T23618]  ? kmem_cache_free+0x187/0x630
[ 1149.875011][T23618]  __se_sys_pselect6+0x27e/0x320
[ 1149.875028][T23618]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1149.875042][T23618]  ? __pfx_ksys_write+0x10/0x10
[ 1149.875055][T23618]  ? __x64_sys_pselect6+0x21/0xf0
[ 1149.875070][T23618]  do_syscall_64+0x14d/0xf80
[ 1149.875084][T23618]  ? trace_irq_disable+0x3b/0x150
[ 1149.875093][T23618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.875104][T23618]  ? clear_bhb_loop+0x40/0x90
[ 1149.875116][T23618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.875126][T23618] RIP: 0033:0x7f3c9cf9c819
[ 1149.875137][T23618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1149.875146][T23618] RSP: 002b:00007f3c9dd71028 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1149.875158][T23618] RAX: ffffffffffffffda RBX: 00007f3c9d215fa0 RCX: 00007f3c9cf9c819
[ 1149.875165][T23618] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000040
[ 1149.875171][T23618] RBP: 00007f3c9dd71090 R08: 0000200000000280 R09: 0000000000000000
[ 1149.875178][T23618] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[ 1149.875184][T23618] R13: 00007f3c9d216038 R14: 00007f3c9d215fa0 R15: 00007f3c9d33fa48
[ 1149.875199][T23618]  </TASK>
[ 1150.075756][ T5889] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1150.087756][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1150.098865][ T5889] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1150.321405][ T5889] usb 5-1: string descriptor 0 read error: -22
[ 1150.338908][ T5889] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1150.383273][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1150.438740][T21902] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[ 1150.453186][ T5889] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1150.618502][T21902] usb 4-1: Using ep0 maxpacket: 32
[ 1150.635013][T21902] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1150.676318][T21902] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1150.714169][T21902] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1150.723314][ T1210] usb 5-1: USB disconnect, device number 53
[ 1150.767976][T21902] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 1150.808473][T21902] usb 4-1: Product: syz
[ 1150.827587][T21902] usb 4-1: Manufacturer: syz
[ 1150.862571][T21902] hub 4-1:4.0: USB hub found
[ 1150.944582][T23611] netlink: 'syz.5.5594': attribute type 27 has an invalid length.
[ 1151.266668][T21902] hub 4-1:4.0: config failed, can't read hub descriptor (err -22)
[ 1151.565583][T23611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1151.581488][T23611] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1151.995378][ T5903] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000118. ret = -EPIPE
[ 1152.024333][ T5903] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1152.075191][ T5903] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1152.118224][ T5903] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -32
[ 1152.328458][T22216] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1152.339140][T22215] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1152.970842][T21902] usb 4-1: USB disconnect, device number 87
[ 1153.308260][ T1210] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[ 1153.317818][T23655] syzkaller0: entered promiscuous mode
[ 1153.338920][T23655] syzkaller0: entered allmulticast mode
[ 1153.402614][ T5903] usb 6-1: USB disconnect, device number 8
[ 1153.538066][ T1210] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1153.568683][ T1210] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1153.626269][ T1210] usb 4-1: config 0 descriptor??
[ 1153.717139][T23666] FAULT_INJECTION: forcing a failure.
[ 1153.717139][T23666] name failslab, interval 1, probability 0, space 0, times 0
[ 1153.762572][T23666] CPU: 1 UID: 0 PID: 23666 Comm: syz.0.5611 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1153.762603][T23666] Tainted: [L]=SOFTLOCKUP
[ 1153.762611][T23666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1153.762621][T23666] Call Trace:
[ 1153.762630][T23666]  <TASK>
[ 1153.762638][T23666]  dump_stack_lvl+0xe8/0x150
[ 1153.762661][T23666]  should_fail_ex+0x412/0x560
[ 1153.762681][T23666]  should_failslab+0xa8/0x100
[ 1153.762695][T23666]  ? skb_clone+0x212/0x3a0
[ 1153.762710][T23666]  kmem_cache_alloc_noprof+0x87/0x650
[ 1153.762726][T23666]  skb_clone+0x212/0x3a0
[ 1153.762741][T23666]  __netlink_deliver_tap+0x404/0x850
[ 1153.762760][T23666]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1153.762771][T23666]  netlink_deliver_tap+0x19c/0x1b0
[ 1153.762783][T23666]  netlink_sendskb+0x68/0x140
[ 1153.762800][T23666]  netlink_unicast+0x3a3/0x9b0
[ 1153.762819][T23666]  ? __pfx_netlink_unicast+0x10/0x10
[ 1153.762838][T23666]  netlink_rcv_skb+0x2b6/0x4b0
[ 1153.762849][T23666]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1153.762863][T23666]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1153.762878][T23666]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1153.762893][T23666]  netlink_unicast+0x80f/0x9b0
[ 1153.762911][T23666]  ? __pfx_netlink_unicast+0x10/0x10
[ 1153.762927][T23666]  ? netlink_sendmsg+0x650/0xb40
[ 1153.762937][T23666]  ? skb_put+0x11b/0x210
[ 1153.762950][T23666]  netlink_sendmsg+0x813/0xb40
[ 1153.762965][T23666]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1153.762978][T23666]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1153.762995][T23666]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1153.763015][T23666]  ____sys_sendmsg+0x972/0x9f0
[ 1153.763034][T23666]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1153.763051][T23666]  ? import_iovec+0x73/0xa0
[ 1153.763065][T23666]  ___sys_sendmsg+0x2a5/0x360
[ 1153.763081][T23666]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1153.763110][T23666]  ? __fget_files+0x2a/0x420
[ 1153.763120][T23666]  ? __fget_files+0x3a0/0x420
[ 1153.763141][T23666]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1153.763165][T23666]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1153.763194][T23666]  ? __pfx_ksys_write+0x10/0x10
[ 1153.763224][T23666]  do_syscall_64+0x14d/0xf80
[ 1153.763247][T23666]  ? trace_irq_disable+0x3b/0x150
[ 1153.763263][T23666]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1153.763280][T23666]  ? clear_bhb_loop+0x40/0x90
[ 1153.763302][T23666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1153.763320][T23666] RIP: 0033:0x7f7cb8d9c819
[ 1153.763337][T23666] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1153.763345][T23666] RSP: 002b:00007f7cb9d15028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1153.763358][T23666] RAX: ffffffffffffffda RBX: 00007f7cb9015fa0 RCX: 00007f7cb8d9c819
[ 1153.763365][T23666] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1153.763372][T23666] RBP: 00007f7cb9d15090 R08: 0000000000000000 R09: 0000000000000000
[ 1153.763378][T23666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1153.763383][T23666] R13: 00007f7cb9016038 R14: 00007f7cb9015fa0 R15: 00007f7cb913fa48
[ 1153.763399][T23666]  </TASK>
[ 1154.684829][T23676] syz.3.5608: vmalloc error: size 70368744185856, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[ 1154.701872][T23676] CPU: 0 UID: 0 PID: 23676 Comm: syz.3.5608 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1154.701915][T23676] Tainted: [L]=SOFTLOCKUP
[ 1154.701923][T23676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1154.701935][T23676] Call Trace:
[ 1154.701944][T23676]  <TASK>
[ 1154.701952][T23676]  dump_stack_lvl+0xe8/0x150
[ 1154.701987][T23676]  warn_alloc+0x249/0x340
[ 1154.702013][T23676]  ? register_lock_class+0x31/0x2e0
[ 1154.702037][T23676]  ? security_file_ioctl+0xc3/0x2a0
[ 1154.702062][T23676]  ? __se_sys_ioctl+0x47/0x170
[ 1154.702084][T23676]  ? __pfx_warn_alloc+0x10/0x10
[ 1154.702104][T23676]  ? __lock_acquire+0x6b5/0x2cf0
[ 1154.702145][T23676]  __vmalloc_node_range_noprof+0x132/0x1730
[ 1154.702169][T23676]  ? __mutex_trylock_common+0x158/0x260
[ 1154.702202][T23676]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1154.702235][T23676]  ? rcu_is_watching+0x15/0xb0
[ 1154.702268][T23676]  ? __mutex_lock+0x319/0x1300
[ 1154.702304][T23676]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1154.702323][T23676]  ? tomoyo_path_number_perm+0x219/0x630
[ 1154.702351][T23676]  ? dvb_demux_do_ioctl+0x320/0x540
[ 1154.702488][T23676]  ? __pfx___mutex_lock+0x10/0x10
[ 1154.702518][T23676]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1154.702552][T23676]  vmalloc_noprof+0xb2/0xe0
[ 1154.702575][T23676]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1154.702609][T23676]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1154.702647][T23676]  dvb_demux_do_ioctl+0x45d/0x540
[ 1154.702683][T23676]  dvb_usercopy+0x199/0x2e0
[ 1154.702712][T23676]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[ 1154.702743][T23676]  ? __pfx_dvb_usercopy+0x10/0x10
[ 1154.702783][T23676]  ? __fget_files+0x3a0/0x420
[ 1154.702801][T23676]  ? __fget_files+0x2a/0x420
[ 1154.702822][T23676]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[ 1154.702852][T23676]  dvb_demux_ioctl+0x29/0x40
[ 1154.702892][T23676]  __se_sys_ioctl+0xfc/0x170
[ 1154.702920][T23676]  do_syscall_64+0x14d/0xf80
[ 1154.702947][T23676]  ? trace_irq_disable+0x3b/0x150
[ 1154.702963][T23676]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.702981][T23676]  ? clear_bhb_loop+0x40/0x90
[ 1154.703006][T23676]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.703024][T23676] RIP: 0033:0x7f094799c819
[ 1154.703044][T23676] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1154.703061][T23676] RSP: 002b:00007f094877f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1154.703082][T23676] RAX: ffffffffffffffda RBX: 00007f0947c16180 RCX: 00007f094799c819
[ 1154.703097][T23676] RDX: 0000400000002000 RSI: 0000000000006f2d RDI: 0000000000000005
[ 1154.703110][T23676] RBP: 00007f0947a32c91 R08: 0000000000000000 R09: 0000000000000000
[ 1154.703124][T23676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1154.703136][T23676] R13: 00007f0947c16218 R14: 00007f0947c16180 R15: 00007f0947d3fa48
[ 1154.703166][T23676]  </TASK>
[ 1154.703175][T23676] Mem-Info:
[ 1154.734722][ T1210] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1154.737000][T23676] active_anon:8575 inactive_anon:1 isolated_anon:0
[ 1154.737000][T23676]  active_file:12735 inactive_file:4195 isolated_file:0
[ 1154.737000][T23676]  unevictable:2793 dirty:216 writeback:0
[ 1154.737000][T23676]  slab_reclaimable:8267 slab_unreclaimable:106953
[ 1154.737000][T23676]  mapped:32933 shmem:2286 pagetables:1765
[ 1154.737000][T23676]  sec_pagetables:0 bounce:0
[ 1154.737000][T23676]  kernel_misc_reclaimable:0
[ 1154.737000][T23676]  free:1328024 free_pcp:19497 free_cma:0
[ 1155.057432][T23676] Node 0 active_anon:33900kB inactive_anon:4kB active_file:50940kB inactive_file:16648kB unevictable:9636kB isolated(anon):0kB isolated(file):0kB mapped:131532kB dirty:864kB writeback:0kB shmem:7608kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13572kB pagetables:6932kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1155.090115][T23676] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1155.120661][T23676] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1155.163300][T23676] lowmem_reserve[]: 0 2492 2493 2493 2493
[ 1155.169545][T23676] Node 0 DMA32 free:1360420kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33700kB inactive_anon:4kB active_file:50940kB inactive_file:16648kB unevictable:9636kB writepending:864kB zspages:0kB present:3129332kB managed:2552596kB mlocked:8100kB bounce:0kB free_pcp:76820kB local_pcp:21396kB free_cma:0kB
[ 1155.212575][T23676] lowmem_reserve[]: 0 0 0 0 0
[ 1155.217742][T23676] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB
[ 1155.251766][T23676] lowmem_reserve[]: 0 0 0 0 0
[ 1155.256550][T23676] Node 1 Normal free:3936808kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1155.289739][T23676] lowmem_reserve[]: 0 0 0 0 0
[ 1155.294499][T23676] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1155.308235][T23676] Node 0 DMA32: 2309*4kB (UME) 3383*8kB (UME) 3259*16kB (UME) 836*32kB (UME) 651*64kB (UME) 652*128kB (UME) 478*256kB (UME) 188*512kB (UME) 127*1024kB (UME) 15*2048kB (UME) 181*4096kB (UM) = 1361084kB
[ 1155.367887][T23676] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1155.397509][T23676] Node 1 Normal: 6*4kB (UM) 6*8kB (UM) 8*16kB (UM) 11*32kB (UM) 8*64kB (UM) 4*128kB (UM) 4*256kB (UM) 2*512kB (M) 3*1024kB (UM) 1*2048kB (U) 959*4096kB (M) = 3936808kB
[ 1155.427654][T23676] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1155.447096][T23676] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=4 hugepages_size=2048kB
[ 1155.477411][T23676] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1155.487006][T23676] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1155.525260][T23676] 19213 total pagecache pages
[ 1155.534183][T23676] 1 pages in swap cache
[ 1155.545540][T23676] Free swap  = 124992kB
[ 1155.549828][T23676] Total swap = 124996kB
[ 1155.554012][T23676] 2097051 pages RAM
[ 1155.557981][T23676] 0 pages HighMem/MovableOnly
[ 1155.562660][T23676] 427068 pages reserved
[ 1155.566822][T23676] 0 pages cma reserved
[ 1155.592267][ T1210] [drm:udl_init] *ERROR* Selecting channel failed
[ 1155.602094][ T5896] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1155.633245][ T1210] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[ 1155.640444][ T1210] [drm] Initialized udl on minor 2
[ 1155.650263][ T1210] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1155.666136][ T1210] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[ 1155.678491][ T5903] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1155.690677][ T1210] usb 4-1: USB disconnect, device number 88
[ 1155.698363][ T5903] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[ 1155.777509][ T5896] usb 6-1: Using ep0 maxpacket: 8
[ 1155.788914][ T5896] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1155.808169][ T5896] usb 6-1: config 4 interface 0 has no altsetting 0
[ 1155.819187][ T5896] usb 6-1: string descriptor 0 read error: -22
[ 1155.825436][ T5896] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1155.840428][ T5896] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[ 1155.850313][T23683] FAULT_INJECTION: forcing a failure.
[ 1155.850313][T23683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1155.876658][ T5896] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1155.884770][T23683] CPU: 1 UID: 0 PID: 23683 Comm: syz.4.5617 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1155.884798][T23683] Tainted: [L]=SOFTLOCKUP
[ 1155.884805][T23683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1155.884814][T23683] Call Trace:
[ 1155.884822][T23683]  <TASK>
[ 1155.884830][T23683]  dump_stack_lvl+0xe8/0x150
[ 1155.884861][T23683]  should_fail_ex+0x412/0x560
[ 1155.884891][T23683]  _copy_from_user+0x2d/0xb0
[ 1155.884913][T23683]  video_usercopy+0x36f/0x14b0
[ 1155.884936][T23683]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1155.884957][T23683]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1155.884976][T23683]  ? __pfx_video_usercopy+0x10/0x10
[ 1155.885002][T23683]  ? __fget_files+0x2a/0x420
[ 1155.885020][T23683]  ? __fget_files+0x2a/0x420
[ 1155.885034][T23683]  ? __fget_files+0x3a0/0x420
[ 1155.885052][T23683]  v4l2_ioctl+0x18d/0x1e0
[ 1155.885077][T23683]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1155.885102][T23683]  __se_sys_ioctl+0xfc/0x170
[ 1155.885125][T23683]  do_syscall_64+0x14d/0xf80
[ 1155.885146][T23683]  ? trace_irq_disable+0x3b/0x150
[ 1155.885162][T23683]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1155.885180][T23683]  ? clear_bhb_loop+0x40/0x90
[ 1155.885201][T23683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1155.885218][T23683] RIP: 0033:0x7f2e85f9c819
[ 1155.885235][T23683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1155.885249][T23683] RSP: 002b:00007f2e86dce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1155.885267][T23683] RAX: ffffffffffffffda RBX: 00007f2e86215fa0 RCX: 00007f2e85f9c819
[ 1155.885280][T23683] RDX: 0000200000000040 RSI: 000000004014563c RDI: 0000000000000003
[ 1155.885291][T23683] RBP: 00007f2e86dce090 R08: 0000000000000000 R09: 0000000000000000
[ 1155.885302][T23683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1155.885313][T23683] R13: 00007f2e86216038 R14: 00007f2e86215fa0 R15: 00007f2e8633fa48
[ 1155.885338][T23683]  </TASK>
[ 1156.084822][ T5896] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1156.095397][ T5896] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1156.102635][ T5896] usb 6-1: media controller created
[ 1156.114625][ T5896] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1156.328957][T23692] FAULT_INJECTION: forcing a failure.
[ 1156.328957][T23692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1156.342722][T23692] CPU: 1 UID: 0 PID: 23692 Comm: syz.3.5621 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1156.342751][T23692] Tainted: [L]=SOFTLOCKUP
[ 1156.342757][T23692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1156.342766][T23692] Call Trace:
[ 1156.342774][T23692]  <TASK>
[ 1156.342781][T23692]  dump_stack_lvl+0xe8/0x150
[ 1156.342811][T23692]  should_fail_ex+0x412/0x560
[ 1156.342843][T23692]  _copy_from_user+0x2d/0xb0
[ 1156.342865][T23692]  kstrtouint_from_user+0xd6/0x180
[ 1156.342886][T23692]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1156.342920][T23692]  proc_fail_nth_write+0x8e/0x210
[ 1156.342946][T23692]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1156.342977][T23692]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1156.343003][T23692]  vfs_write+0x29a/0xb90
[ 1156.343032][T23692]  ? __pfx_vfs_write+0x10/0x10
[ 1156.343053][T23692]  ? __fget_files+0x2a/0x420
[ 1156.343074][T23692]  ? __fget_files+0x3a0/0x420
[ 1156.343090][T23692]  ? __fget_files+0x2a/0x420
[ 1156.343114][T23692]  ksys_write+0x150/0x270
[ 1156.343133][T23692]  ? __pfx_ksys_write+0x10/0x10
[ 1156.343162][T23692]  do_syscall_64+0x14d/0xf80
[ 1156.343184][T23692]  ? trace_irq_disable+0x3b/0x150
[ 1156.343200][T23692]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1156.343217][T23692]  ? clear_bhb_loop+0x40/0x90
[ 1156.343239][T23692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1156.343257][T23692] RIP: 0033:0x7f094795d04e
[ 1156.343280][T23692] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1156.343294][T23692] RSP: 002b:00007f09487c0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1156.343312][T23692] RAX: ffffffffffffffda RBX: 00007f09487c16c0 RCX: 00007f094795d04e
[ 1156.343326][T23692] RDX: 0000000000000001 RSI: 00007f09487c10a0 RDI: 0000000000000005
[ 1156.343346][T23692] RBP: 00007f09487c1090 R08: 0000000000000000 R09: 0000000000000000
[ 1156.343357][T23692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1156.343368][T23692] R13: 00007f0947c16038 R14: 00007f0947c15fa0 R15: 00007f0947d3fa48
[ 1156.343397][T23692]  </TASK>
[ 1156.687464][ T5889] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 1156.837441][ T5889] usb 5-1: Using ep0 maxpacket: 16
[ 1156.844414][ T5889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[ 1156.858070][ T5889] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[ 1156.867298][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.867447][ T1210] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 1156.884598][ T5889] usb 5-1: Product: syz
[ 1156.890454][ T5889] usb 5-1: Manufacturer: syz
[ 1156.895161][ T5889] usb 5-1: SerialNumber: syz
[ 1156.903498][ T5889] usb 5-1: config 0 descriptor??
[ 1156.913202][ T5889] hub 5-1:0.0: bad descriptor, ignoring hub
[ 1156.919653][ T5889] hub 5-1:0.0: probe with driver hub failed with error -5
[ 1156.929845][ T5889] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1156.937505][T21902] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[ 1157.029034][ T1210] usb 3-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[ 1157.042630][ T1210] usb 3-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b
[ 1157.053122][ T1210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1157.066475][ T1210] usb 3-1: Product: syz
[ 1157.070813][ T1210] usb 3-1: Manufacturer: syz
[ 1157.084094][ T1210] usb 3-1: SerialNumber: syz
[ 1157.100706][T21902] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1157.120492][T21902] usb 4-1: config 3 has an invalid interface number: 4 but max is 0
[ 1157.142775][T21902] usb 4-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1157.165382][T21902] usb 4-1: config 3 has no interface number 0
[ 1157.172040][T21902] usb 4-1: config 3 interface 4 altsetting 184 endpoint 0x5 has an invalid bInterval 0, changing to 7
[ 1157.183113][T21902] usb 4-1: config 3 interface 4 altsetting 184 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1157.193541][T21902] usb 4-1: config 3 interface 4 altsetting 184 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[ 1157.206583][T21902] usb 4-1: config 3 interface 4 has no altsetting 0
[ 1157.216021][T21902] usb 4-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=7a.1f
[ 1157.225199][T21902] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1157.234269][ T5896] usb 6-1: USB disconnect, device number 9
[ 1157.245914][T21902] usb 4-1: Product: syz
[ 1157.260749][T21902] usb 4-1: Manufacturer: syz
[ 1157.265390][T21902] usb 4-1: SerialNumber: syz
[ 1157.302900][T23698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.311898][T23698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.326550][T23698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.336233][T23698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.352153][ T1210] gspca_main: pac207-2.14.0 probing 093a:2476
[ 1157.365128][ T1210] gspca_pac207: Failed to read a register (index 0x0000, error -71)
[ 1157.379898][ T1210] usb 3-1: USB disconnect, device number 87
[ 1157.637759][T23704] syzkaller0: entered promiscuous mode
[ 1157.643977][T23704] syzkaller0: entered allmulticast mode
[ 1157.815361][T23707] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1157.837758][T23707] syzkaller0: entered promiscuous mode
[ 1157.843324][T23707] syzkaller0: entered allmulticast mode
[ 1158.227486][ T1210] usb 3-1: new full-speed USB device number 88 using dummy_hcd
[ 1158.400240][ T1210] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1158.409278][ T1210] usb 3-1: not running at top speed; connect to a high speed hub
[ 1158.423509][ T1210] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 1024, setting to 1023
[ 1158.435346][ T1210] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 255, changing to 4
[ 1158.453106][ T1210] usb 3-1: New USB device found, idVendor=041e, idProduct=3042, bcdDevice= 0.40
[ 1158.466547][ T1210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.475138][ T1210] usb 3-1: Product: syz
[ 1158.481205][ T1210] usb 3-1: Manufacturer: syz
[ 1158.486071][ T1210] usb 3-1: SerialNumber: syz
[ 1158.717531][ T1210] usb 3-1: 3:0: cannot get min/max values for control 2 (id 3)
[ 1158.726305][ T1210] usb 3-1: 3:0: failed to get current value for ch 0 (-71)
[ 1158.751801][ T1210] usb 3-1: 3:0: cannot get min/max values for control 2 (id 3)
[ 1158.787569][ T1210] usb 3-1: USB disconnect, device number 88
[ 1158.831485][T23229] udevd[23229]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[ 1159.318561][T14031] usb 5-1: USB disconnect, device number 54
[ 1159.480014][T23724] FAULT_INJECTION: forcing a failure.
[ 1159.480014][T23724] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1159.497164][T23724] CPU: 1 UID: 0 PID: 23724 Comm: syz.4.5631 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1159.497194][T23724] Tainted: [L]=SOFTLOCKUP
[ 1159.497201][T23724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1159.497210][T23724] Call Trace:
[ 1159.497218][T23724]  <TASK>
[ 1159.497226][T23724]  dump_stack_lvl+0xe8/0x150
[ 1159.497257][T23724]  should_fail_ex+0x412/0x560
[ 1159.497297][T23724]  _copy_to_user+0x31/0xb0
[ 1159.497323][T23724]  simple_read_from_buffer+0xe1/0x170
[ 1159.497353][T23724]  proc_fail_nth_read+0x1bb/0x230
[ 1159.497377][T23724]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1159.497402][T23724]  ? rw_verify_area+0x2a6/0x4d0
[ 1159.497422][T23724]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1159.497447][T23724]  vfs_read+0x20c/0xa70
[ 1159.497465][T23724]  ? fdget_pos+0x246/0x320
[ 1159.497485][T23724]  ? __pfx___mutex_lock+0x10/0x10
[ 1159.497508][T23724]  ? __pfx_vfs_read+0x10/0x10
[ 1159.497527][T23724]  ? __fget_files+0x2a/0x420
[ 1159.497548][T23724]  ? __fget_files+0x3a0/0x420
[ 1159.497563][T23724]  ? __fget_files+0x2a/0x420
[ 1159.497588][T23724]  ksys_read+0x150/0x270
[ 1159.497610][T23724]  ? __pfx_ksys_read+0x10/0x10
[ 1159.497641][T23724]  do_syscall_64+0x14d/0xf80
[ 1159.497664][T23724]  ? trace_irq_disable+0x3b/0x150
[ 1159.497681][T23724]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1159.497700][T23724]  ? clear_bhb_loop+0x40/0x90
[ 1159.497723][T23724]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1159.497741][T23724] RIP: 0033:0x7f2e85f5d04e
[ 1159.497760][T23724] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1159.497774][T23724] RSP: 002b:00007f2e86dcdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1159.497794][T23724] RAX: ffffffffffffffda RBX: 00007f2e86dce6c0 RCX: 00007f2e85f5d04e
[ 1159.497807][T23724] RDX: 000000000000000f RSI: 00007f2e86dce0a0 RDI: 0000000000000006
[ 1159.497818][T23724] RBP: 00007f2e86dce090 R08: 0000000000000000 R09: 0000000000000000
[ 1159.497828][T23724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1159.497839][T23724] R13: 00007f2e86216038 R14: 00007f2e86215fa0 R15: 00007f2e8633fa48
[ 1159.497866][T23724]  </TASK>
[ 1159.747912][T21902] radio-si470x 4-1:3.4: could not find interrupt in endpoint
[ 1159.763059][T21902] radio-si470x 4-1:3.4: probe with driver radio-si470x failed with error -5
[ 1159.777879][T21902] usbhid 4-1:3.4: couldn't find an input interrupt endpoint
[ 1159.805764][T21902] usb 4-1: USB disconnect, device number 89
[ 1159.931422][T23732] netlink: 'syz.3.5632': attribute type 3 has an invalid length.
[ 1160.431182][T23742] FAULT_INJECTION: forcing a failure.
[ 1160.431182][T23742] name failslab, interval 1, probability 0, space 0, times 0
[ 1160.444467][T21902] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1160.452385][T23742] CPU: 0 UID: 0 PID: 23742 Comm: syz.2.5638 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1160.452414][T23742] Tainted: [L]=SOFTLOCKUP
[ 1160.452420][T23742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1160.452431][T23742] Call Trace:
[ 1160.452440][T23742]  <TASK>
[ 1160.452448][T23742]  dump_stack_lvl+0xe8/0x150
[ 1160.452478][T23742]  should_fail_ex+0x412/0x560
[ 1160.452517][T23742]  ? create_io_worker+0x27/0x5c0
[ 1160.452542][T23742]  should_failslab+0xa8/0x100
[ 1160.452567][T23742]  __kmalloc_cache_noprof+0x88/0x660
[ 1160.452589][T23742]  ? create_io_worker+0xab/0x5c0
[ 1160.452613][T23742]  ? create_io_worker+0x27/0x5c0
[ 1160.452635][T23742]  create_io_worker+0xab/0x5c0
[ 1160.452661][T23742]  io_wq_enqueue+0x675/0x8a0
[ 1160.452681][T23742]  ? io_wq_enqueue+0x332/0x8a0
[ 1160.452701][T23742]  ? __pfx_io_wq_work_match_item+0x10/0x10
[ 1160.452728][T23742]  io_submit_sqes+0x15b2/0x24e0
[ 1160.452778][T23742]  __se_sys_io_uring_enter+0x2c6/0x1960
[ 1160.452804][T23742]  ? __fget_files+0x3a0/0x420
[ 1160.452825][T23742]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1160.452846][T23742]  ? fput+0xa0/0xd0
[ 1160.452871][T23742]  ? ksys_write+0x242/0x270
[ 1160.452894][T23742]  ? __pfx_ksys_write+0x10/0x10
[ 1160.452918][T23742]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1160.452941][T23742]  do_syscall_64+0x14d/0xf80
[ 1160.452965][T23742]  ? trace_irq_disable+0x3b/0x150
[ 1160.452982][T23742]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1160.452999][T23742]  ? clear_bhb_loop+0x40/0x90
[ 1160.453021][T23742]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1160.453039][T23742] RIP: 0033:0x7f3c9cf9c819
[ 1160.453057][T23742] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1160.453072][T23742] RSP: 002b:00007f3c9dd71028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1160.453092][T23742] RAX: ffffffffffffffda RBX: 00007f3c9d215fa0 RCX: 00007f3c9cf9c819
[ 1160.453105][T23742] RDX: 0000000000007721 RSI: 0000000000002219 RDI: 0000000000000000
[ 1160.453116][T23742] RBP: 00007f3c9dd71090 R08: 0000000000000000 R09: 0000000000000000
[ 1160.453127][T23742] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001
[ 1160.453138][T23742] R13: 00007f3c9d216038 R14: 00007f3c9d215fa0 R15: 00007f3c9d33fa48
[ 1160.453167][T23742]  </TASK>
[ 1160.878089][T21902] usb 5-1: Using ep0 maxpacket: 8
[ 1160.886027][T21902] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1160.918915][T21902] usb 5-1: config 4 interface 0 has no altsetting 0
[ 1160.951308][T21902] usb 5-1: string descriptor 0 read error: -22
[ 1160.957641][T21902] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1160.967037][T21902] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[ 1161.004170][T21902] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1161.034648][T21902] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1161.052788][T21902] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1161.060823][T21902] usb 5-1: media controller created
[ 1161.073460][T21902] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1161.577542][ T5896] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 1161.729899][ T5896] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1161.740190][ T5896] usb 3-1: config 3 has an invalid interface number: 4 but max is 0
[ 1161.748598][ T5896] usb 3-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config
[ 1161.771669][ T5896] usb 3-1: config 3 has no interface number 0
[ 1161.784137][ T5896] usb 3-1: config 3 interface 4 altsetting 184 endpoint 0x5 has an invalid bInterval 0, changing to 7
[ 1161.810465][ T5896] usb 3-1: config 3 interface 4 altsetting 184 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1161.820738][ T5896] usb 3-1: config 3 interface 4 altsetting 184 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[ 1161.851362][ T5896] usb 3-1: config 3 interface 4 has no altsetting 0
[ 1161.882191][ T5896] usb 3-1: New USB device found, idVendor=12cf, idProduct=7111, bcdDevice=7a.1f
[ 1161.891994][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1161.901061][ T5896] usb 3-1: Product: syz
[ 1161.905421][ T5896] usb 3-1: Manufacturer: syz
[ 1161.919891][ T5896] usb 3-1: SerialNumber: syz
[ 1162.359103][T21902] usb 5-1: USB disconnect, device number 55
[ 1163.130698][T23762] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5643'.
[ 1163.941051][ T5896] radio-si470x 3-1:3.4: could not find interrupt in endpoint
[ 1163.949493][ T5896] radio-si470x 3-1:3.4: probe with driver radio-si470x failed with error -5
[ 1163.959203][ T5896] usbhid 3-1:3.4: couldn't find an input interrupt endpoint
[ 1163.971072][ T5896] usb 3-1: USB disconnect, device number 89
[ 1164.189748][T23771] sg_write: data in/out 447452/210 bytes for SCSI command 0x0-- guessing data in;
[ 1164.189748][T23771]    program syz.4.5646 not setting count and/or reply_len properly
[ 1164.444044][T23783] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1165.372305][T23810] netlink: 'syz.4.5658': attribute type 4 has an invalid length.
[ 1165.458229][T23815] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5660'.
[ 1165.807484][ T5889] usb 3-1: new full-speed USB device number 90 using dummy_hcd
[ 1165.816431][T23828] syz.5.5664: vmalloc error: size 70368744185856, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz5,mems_allowed=0-1
[ 1165.837633][T23828] CPU: 0 UID: 0 PID: 23828 Comm: syz.5.5664 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1165.837667][T23828] Tainted: [L]=SOFTLOCKUP
[ 1165.837674][T23828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1165.837686][T23828] Call Trace:
[ 1165.837695][T23828]  <TASK>
[ 1165.837703][T23828]  dump_stack_lvl+0xe8/0x150
[ 1165.837737][T23828]  warn_alloc+0x249/0x340
[ 1165.837764][T23828]  ? register_lock_class+0x31/0x2e0
[ 1165.837790][T23828]  ? security_file_ioctl+0xc3/0x2a0
[ 1165.837816][T23828]  ? __se_sys_ioctl+0x47/0x170
[ 1165.837842][T23828]  ? __pfx_warn_alloc+0x10/0x10
[ 1165.837863][T23828]  ? __lock_acquire+0x6b5/0x2cf0
[ 1165.837907][T23828]  __vmalloc_node_range_noprof+0x132/0x1730
[ 1165.837931][T23828]  ? __mutex_trylock_common+0x158/0x260
[ 1165.837965][T23828]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1165.837998][T23828]  ? rcu_is_watching+0x15/0xb0
[ 1165.838031][T23828]  ? __mutex_lock+0x319/0x1300
[ 1165.838069][T23828]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1165.838090][T23828]  ? tomoyo_path_number_perm+0x219/0x630
[ 1165.838118][T23828]  ? dvb_demux_do_ioctl+0x320/0x540
[ 1165.838154][T23828]  ? __pfx___mutex_lock+0x10/0x10
[ 1165.838183][T23828]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1165.838216][T23828]  vmalloc_noprof+0xb2/0xe0
[ 1165.838245][T23828]  ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1165.838279][T23828]  dvb_dmxdev_set_buffer_size+0xbe/0x1f0
[ 1165.838318][T23828]  dvb_demux_do_ioctl+0x45d/0x540
[ 1165.838351][T23828]  dvb_usercopy+0x199/0x2e0
[ 1165.838380][T23828]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[ 1165.838409][T23828]  ? __pfx_dvb_usercopy+0x10/0x10
[ 1165.838444][T23828]  ? __fget_files+0x3a0/0x420
[ 1165.838462][T23828]  ? __fget_files+0x2a/0x420
[ 1165.838482][T23828]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[ 1165.838512][T23828]  dvb_demux_ioctl+0x29/0x40
[ 1165.838543][T23828]  __se_sys_ioctl+0xfc/0x170
[ 1165.838568][T23828]  do_syscall_64+0x14d/0xf80
[ 1165.838594][T23828]  ? trace_irq_disable+0x3b/0x150
[ 1165.838611][T23828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.838635][T23828]  ? clear_bhb_loop+0x40/0x90
[ 1165.838659][T23828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.838679][T23828] RIP: 0033:0x7fd15919c819
[ 1165.838700][T23828] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1165.838716][T23828] RSP: 002b:00007fd15a048028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1165.838738][T23828] RAX: ffffffffffffffda RBX: 00007fd159415fa0 RCX: 00007fd15919c819
[ 1165.838753][T23828] RDX: 0000400000002000 RSI: 0000000000006f2d RDI: 0000000000000003
[ 1165.838766][T23828] RBP: 00007fd159232c91 R08: 0000000000000000 R09: 0000000000000000
[ 1165.838779][T23828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1165.838791][T23828] R13: 00007fd159416038 R14: 00007fd159415fa0 R15: 00007fd15953fa48
[ 1165.838821][T23828]  </TASK>
[ 1165.838905][T23828] Mem-Info:
[ 1166.137400][T23828] active_anon:8127 inactive_anon:2 isolated_anon:0
[ 1166.137400][T23828]  active_file:12767 inactive_file:4199 isolated_file:0
[ 1166.137400][T23828]  unevictable:768 dirty:310 writeback:0
[ 1166.137400][T23828]  slab_reclaimable:8146 slab_unreclaimable:106383
[ 1166.137400][T23828]  mapped:36039 shmem:2284 pagetables:1825
[ 1166.137400][T23828]  sec_pagetables:0 bounce:0
[ 1166.137400][T23828]  kernel_misc_reclaimable:0
[ 1166.137400][T23828]  free:1343406 free_pcp:8229 free_cma:0
[ 1166.187509][T21902] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1166.197257][T23828] Node 0 active_anon:32508kB inactive_anon:8kB active_file:51068kB inactive_file:16664kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:144156kB dirty:1240kB writeback:0kB shmem:7600kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13680kB pagetables:7172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1166.230966][ T5889] usb 3-1: not running at top speed; connect to a high speed hub
[ 1166.242252][T23828] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1166.242630][ T5889] usb 3-1: config 1 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 55887, setting to 64
[ 1166.285454][T23828] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1166.315577][ T5889] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1166.322418][T23828] lowmem_reserve[]: 0 2492 2493 2493 2493
[ 1166.328749][T23828] Node 0 DMA32 free:1421456kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB free_highatomic:0KB active_anon:32508kB inactive_anon:8kB active_file:51068kB inactive_file:16664kB unevictable:1536kB writepending:1240kB zspages:0kB present:3129332kB managed:2552596kB mlocked:0kB bounce:0kB free_pcp:33096kB local_pcp:12108kB free_cma:0kB
[ 1166.364772][ T5889] usb 3-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[ 1166.374066][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.382267][T21902] usb 5-1: Using ep0 maxpacket: 8
[ 1166.387489][ T5889] usb 3-1: Product: syz
[ 1166.392118][ T5889] usb 3-1: Manufacturer: syz
[ 1166.399596][T21902] usb 5-1: config 0 has no interfaces?
[ 1166.405829][T23828] lowmem_reserve[]: 0 0 0 0 0
[ 1166.412518][ T5889] usb 3-1: SerialNumber: syz
[ 1166.417507][T21902] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[ 1166.426729][T21902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.435448][T23828] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB
[ 1166.466345][T21902] usb 5-1: Product: syz
[ 1166.471644][T21902] usb 5-1: Manufacturer: syz
[ 1166.476581][T23807] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1166.483914][T21902] usb 5-1: SerialNumber: syz
[ 1166.494230][T21902] usb 5-1: config 0 descriptor??
[ 1166.499724][T23828] lowmem_reserve[]: 0 0 0 0 0
[ 1166.507627][T23828] Node 1 Normal free:3936808kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1166.539377][T23828] lowmem_reserve[]: 0 0 0 0 0
[ 1166.546236][T23828] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1166.572373][T23828] Node 0 DMA32: 6254*4kB (UME) 6101*8kB (UME) 3765*16kB (UME) 931*32kB (UME) 684*64kB (UME) 675*128kB (UME) 476*256kB (UME) 194*512kB (UME) 125*1024kB (UME) 20*2048kB (UME) 180*4096kB (UM) = 1421456kB
[ 1166.594061][T23828] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1166.609420][T23828] Node 1 Normal: 6*4kB (UM) 6*8kB (UM) 8*16kB (UM) 11*32kB (UM) 8*64kB (UM) 4*128kB (UM) 4*256kB (UM) 2*512kB (M) 3*1024kB (UM) 1*2048kB (U) 959*4096kB (M) = 3936808kB
[ 1166.637520][T23828] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1166.647613][T23828] Node 0 hugepages_total=6 hugepages_free=6 hugepages_surp=4 hugepages_size=2048kB
[ 1166.658061][T23828] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1166.668090][T23828] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1166.685391][T23828] 19248 total pagecache pages
[ 1166.702833][T23828] 2 pages in swap cache
[ 1166.716017][T23828] Free swap  = 124988kB
[ 1166.729707][T21902] usb 5-1: USB disconnect, device number 56
[ 1166.740737][ T5889] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input88
[ 1166.752687][T23828] Total swap = 124996kB
[ 1166.759360][T23828] 2097051 pages RAM
[ 1166.760672][ T5177] bcm5974 3-1:1.0: could not read from device
[ 1166.769206][T23828] 0 pages HighMem/MovableOnly
[ 1166.776424][T23828] 427068 pages reserved
[ 1166.781131][T23828] 0 pages cma reserved
[ 1166.787658][ T5177] bcm5974 3-1:1.0: could not read from device
[ 1166.809702][ T5177] bcm5974 3-1:1.0: could not read from device
[ 1166.816241][ T5889] usb 3-1: USB disconnect, device number 90
[ 1166.843854][T23226] bcm5974 3-1:1.0: could not read from device
[ 1167.116738][T23837] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5668'.
[ 1167.158731][T23839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5669'.
[ 1167.298135][ T1210] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1167.311697][   T29] kauditd_printk_skb: 7 callbacks suppressed
[ 1167.311714][   T29] audit: type=1326 audit(1775478237.525:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23843 comm="syz.4.5671" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2e85f9c819 code=0x0
[ 1167.462158][T23853] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5674'.
[ 1167.473204][ T1210] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[ 1167.485217][ T1210] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.503236][ T1210] usb 6-1: config 0 descriptor??
[ 1167.792849][ T5896] hid-generic 0008:0091:0009.0021: reserved main item tag 0xd
[ 1167.827722][T18521] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1167.842440][ T5896] hid-generic 0008:0091:0009.0021: item fetching failed at offset 28/32
[ 1167.930650][ T5896] hid-generic 0008:0091:0009.0021: probe with driver hid-generic failed with error -22
[ 1168.137566][T18521] usb 3-1: Using ep0 maxpacket: 8
[ 1168.146116][ T1210] usb 6-1: Cannot read MAC address
[ 1168.186575][ T1210] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[ 1168.200752][T18521] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1168.294944][T18521] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1168.348217][ T1210] usb 6-1: USB disconnect, device number 10
[ 1168.357500][T18521] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1168.416585][T18521] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1168.452761][T18521] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1168.468427][T18521] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1170.247616][T22215] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1170.566295][T18521] usb 3-1: usb_control_msg returned -71
[ 1170.588410][T18521] usbtmc 3-1:16.0: can't read capabilities
[ 1170.622951][T18521] usb 3-1: USB disconnect, device number 91
[ 1171.330082][T23911] IPVS: set_ctl: invalid protocol: 50 172.20.20.187:20001
[ 1171.354185][   T29] audit: type=1326 audit(1775478241.565:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23907 comm="syz.4.5688" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2e85f9c819 code=0x0
[ 1171.770805][T23917] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5685'.
[ 1173.387472][ T5889] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1173.448442][T23940] binder: BINDER_SET_CONTEXT_MGR already set
[ 1173.479994][T23940] binder: 23939:23940 ioctl 4018620d 200000001000 returned -16
[ 1173.507773][T23941] FAULT_INJECTION: forcing a failure.
[ 1173.507773][T23941] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1173.528758][T23941] CPU: 1 UID: 0 PID: 23941 Comm: syz.0.5696 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1173.528789][T23941] Tainted: [L]=SOFTLOCKUP
[ 1173.528793][T23941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1173.528800][T23941] Call Trace:
[ 1173.528804][T23941]  <TASK>
[ 1173.528810][T23941]  dump_stack_lvl+0xe8/0x150
[ 1173.528831][T23941]  should_fail_ex+0x412/0x560
[ 1173.528851][T23941]  _copy_to_user+0x31/0xb0
[ 1173.528865][T23941]  simple_read_from_buffer+0xe1/0x170
[ 1173.528884][T23941]  proc_fail_nth_read+0x1bb/0x230
[ 1173.528901][T23941]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1173.528917][T23941]  ? rw_verify_area+0x2a6/0x4d0
[ 1173.528929][T23941]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1173.528944][T23941]  vfs_read+0x20c/0xa70
[ 1173.528954][T23941]  ? fdget_pos+0x246/0x320
[ 1173.528966][T23941]  ? __pfx___mutex_lock+0x10/0x10
[ 1173.528982][T23941]  ? __pfx_vfs_read+0x10/0x10
[ 1173.528994][T23941]  ? __fget_files+0x2a/0x420
[ 1173.529005][T23941]  ? __fget_files+0x3a0/0x420
[ 1173.529014][T23941]  ? __fget_files+0x2a/0x420
[ 1173.529027][T23941]  ksys_read+0x150/0x270
[ 1173.529040][T23941]  ? __pfx_ksys_read+0x10/0x10
[ 1173.529051][T23941]  ? __pfx_binder_ioctl+0x10/0x10
[ 1173.529143][T23941]  do_syscall_64+0x14d/0xf80
[ 1173.529157][T23941]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.529167][T23941]  ? clear_bhb_loop+0x40/0x90
[ 1173.529180][T23941]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.529191][T23941] RIP: 0033:0x7f7cb8d5d04e
[ 1173.529202][T23941] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1173.529211][T23941] RSP: 002b:00007f7cb9cf3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1173.529223][T23941] RAX: ffffffffffffffda RBX: 00007f7cb9cf46c0 RCX: 00007f7cb8d5d04e
[ 1173.529231][T23941] RDX: 000000000000000f RSI: 00007f7cb9cf40a0 RDI: 0000000000000006
[ 1173.529237][T23941] RBP: 00007f7cb9cf4090 R08: 0000000000000000 R09: 0000000000000000
[ 1173.529243][T23941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1173.529249][T23941] R13: 00007f7cb9016128 R14: 00007f7cb9016090 R15: 00007f7cb913fa48
[ 1173.529265][T23941]  </TASK>
[ 1173.807470][ T5889] usb 3-1: Using ep0 maxpacket: 16
[ 1173.819006][ T5889] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1173.851706][ T5889] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1173.872188][   T29] audit: type=1326 audit(1775478244.075:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1173.903562][ T5889] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1173.917867][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1173.934667][   T29] audit: type=1326 audit(1775478244.075:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1173.959000][ T5889] usb 3-1: config 0 descriptor??
[ 1173.990516][   T29] audit: type=1326 audit(1775478244.075:1424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1174.016969][   T29] audit: type=1326 audit(1775478244.075:1425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1174.045894][   T29] audit: type=1326 audit(1775478244.075:1426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1174.072961][   T29] audit: type=1326 audit(1775478244.075:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1174.103497][   T29] audit: type=1326 audit(1775478244.075:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1174.147744][   T29] audit: type=1326 audit(1775478244.085:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1174.177492][T21902] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[ 1174.287146][   T29] audit: type=1326 audit(1775478244.115:1430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f7cb8d9c819 code=0x7ffc0000
[ 1174.326707][   T29] audit: type=1326 audit(1775478244.115:1431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23942 comm="syz.0.5697" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7cb8d9c819 code=0x0
[ 1174.374752][T21902] usb 6-1: device descriptor read/64, error -71
[ 1174.407687][ T5889] nzxt-smart2 0003:1E71:2009.0022: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0
[ 1174.659879][T21902] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[ 1174.827507][T21902] usb 6-1: device descriptor read/64, error -71
[ 1174.948091][T21902] usb usb6-port1: attempt power cycle
[ 1175.009095][ T5896] usb 3-1: USB disconnect, device number 92
[ 1175.287446][T21902] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1175.328071][T21902] usb 6-1: device descriptor read/8, error -71
[ 1175.367550][T22210] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1175.577461][T21902] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1175.598105][T21902] usb 6-1: device descriptor read/8, error -71
[ 1175.707813][T21902] usb usb6-port1: unable to enumerate USB device
[ 1175.827603][ T5896] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1175.999136][ T5896] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1176.012970][ T5896] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1176.022927][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1176.034525][ T5896] usb 3-1: config 0 descriptor??
[ 1176.243296][T23965] macvlan0: entered promiscuous mode
[ 1176.252180][T23965] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5703'.
[ 1176.253179][T23969] netlink: 48 bytes leftover after parsing attributes in process `syz.2.5703'.
[ 1176.262420][T23965] macvlan0: left promiscuous mode
[ 1176.284703][ T5896] usbhid 3-1:0.0: can't add hid device: -71
[ 1176.298070][ T5896] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1176.311178][ T5896] usb 3-1: USB disconnect, device number 93
[ 1176.588525][T23983] syzkaller0: entered promiscuous mode
[ 1176.601208][T23983] syzkaller0: entered allmulticast mode
[ 1176.797462][ T5889] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[ 1176.962565][ T5889] usb 3-1: Using ep0 maxpacket: 16
[ 1176.970630][ T5889] usb 3-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1176.993188][ T5889] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1177.007681][ T5889] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1177.033631][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1177.054329][ T5889] usb 3-1: config 0 descriptor??
[ 1177.290433][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.296971][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.509672][ T5889] mcp2221 0003:04D8:00DD.0023: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[ 1177.686802][    C0] ==================================================================
[ 1177.694950][    C0] BUG: KASAN: slab-out-of-bounds in mcp2221_raw_event+0x106a/0x1240
[ 1177.703109][    C0] Read of size 1 at addr ffff88807633ffff by task syz.4.5710/23999
[ 1177.710995][    C0] 
[ 1177.713340][    C0] CPU: 0 UID: 0 PID: 23999 Comm: syz.4.5710 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1177.713360][    C0] Tainted: [L]=SOFTLOCKUP
[ 1177.713366][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1177.713374][    C0] Call Trace:
[ 1177.713379][    C0]  <IRQ>
[ 1177.713385][    C0]  dump_stack_lvl+0xe8/0x150
[ 1177.713406][    C0]  print_report+0xba/0x230
[ 1177.713460][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1177.713475][    C0]  kasan_report+0x117/0x150
[ 1177.713491][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1177.713506][    C0]  mcp2221_raw_event+0x106a/0x1240
[ 1177.713520][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1177.713534][    C0]  ? down_trylock+0x50/0xb0
[ 1177.713549][    C0]  hid_input_report+0x41d/0x580
[ 1177.713611][    C0]  ? __pfx_mcp2221_raw_event+0x10/0x10
[ 1177.713625][    C0]  hid_irq_in+0x47e/0x6d0
[ 1177.713677][    C0]  __usb_hcd_giveback_urb+0x376/0x540
[ 1177.713735][    C0]  dummy_timer+0xbbd/0x4650
[ 1177.713758][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1177.713768][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1177.713781][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1177.713790][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1177.713800][    C0]  __hrtimer_run_queues+0x53a/0xcc0
[ 1177.713820][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1177.713835][    C0]  ? ktime_get_update_offsets_now+0x3b2/0x3d0
[ 1177.713850][    C0]  hrtimer_run_softirq+0x182/0x5a0
[ 1177.713867][    C0]  handle_softirqs+0x22a/0x870
[ 1177.713882][    C0]  ? __irq_exit_rcu+0x5f/0x150
[ 1177.713897][    C0]  __irq_exit_rcu+0x5f/0x150
[ 1177.713910][    C0]  irq_exit_rcu+0x9/0x30
[ 1177.713924][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1177.713939][    C0]  </IRQ>
[ 1177.713943][    C0]  <TASK>
[ 1177.713947][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1177.713960][    C0] RIP: 0010:finish_task_switch+0x245/0x920
[ 1177.713975][    C0] Code: 00 00 48 85 db 0f 85 e8 01 00 00 e9 56 05 00 00 4c 8b 75 d0 49 83 c4 48 4c 89 e7 e8 f5 3b 1d 0a e8 f0 94 38 00 fb 4c 8b 65 c0 <49> 8d bc 24 80 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
[ 1177.713985][    C0] RSP: 0018:ffffc9000c04f398 EFLAGS: 00000206
[ 1177.713997][    C0] RAX: 000000000000196f RBX: 0000000000000000 RCX: 0000000080000001
[ 1177.714005][    C0] RDX: 0000000000000006 RSI: ffffffff8defb7d5 RDI: ffffffff8c27d500
[ 1177.714013][    C0] RBP: ffffc9000c04f3f0 R08: ffffffff9011d6b7 R09: 1ffffffff2023ad6
[ 1177.714021][    C0] R10: dffffc0000000000 R11: fffffbfff2023ad7 R12: ffff88801deedb80
[ 1177.714029][    C0] R13: dffffc0000000000 R14: ffff88802ddc1e80 R15: ffff8880b863b998
[ 1177.714041][    C0]  ? finish_task_switch+0x240/0x920
[ 1177.714056][    C0]  __schedule+0x15e5/0x52d0
[ 1177.714071][    C0]  ? __pfx___resched_curr+0x10/0x10
[ 1177.714089][    C0]  ? __pfx___schedule+0x10/0x10
[ 1177.714102][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1177.714116][    C0]  ? irqentry_exit+0x59e/0x620
[ 1177.714131][    C0]  ? preempt_schedule_thunk+0x16/0x30
[ 1177.714143][    C0]  preempt_schedule_common+0x82/0xd0
[ 1177.714156][    C0]  preempt_schedule_thunk+0x16/0x30
[ 1177.714169][    C0]  _raw_spin_unlock_irqrestore+0x74/0x80
[ 1177.714193][    C0]  __wake_up_common_lock+0x190/0x1f0
[ 1177.714217][    C0]  __unix_dgram_recvmsg+0x485/0xd60
[ 1177.714251][    C0]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[ 1177.714278][    C0]  ? irqentry_exit+0x59e/0x620
[ 1177.714307][    C0]  ? unix_dgram_recvmsg+0xb1/0xd0
[ 1177.714325][    C0]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[ 1177.714347][    C0]  sock_recvmsg_nosec+0x10c/0x140
[ 1177.714366][    C0]  ____sys_recvmsg+0x3e3/0x4a0
[ 1177.714384][    C0]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1177.714401][    C0]  ? import_iovec+0x73/0xa0
[ 1177.714423][    C0]  ___sys_recvmsg+0x215/0x590
[ 1177.714438][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[ 1177.714453][    C0]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1177.714468][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1177.714482][    C0]  ? irqentry_exit+0x59e/0x620
[ 1177.714496][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1177.714517][    C0]  do_recvmmsg+0x334/0x800
[ 1177.714533][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1177.714553][    C0]  __x64_sys_recvmmsg+0x198/0x250
[ 1177.714569][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1177.714586][    C0]  do_syscall_64+0x14d/0xf80
[ 1177.714600][    C0]  ? trace_irq_disable+0x3b/0x150
[ 1177.714609][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.714620][    C0]  ? clear_bhb_loop+0x40/0x90
[ 1177.714632][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.714643][    C0] RIP: 0033:0x7f2e85f9c819
[ 1177.714654][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1177.714664][    C0] RSP: 002b:00007f2e86d8c028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1177.714676][    C0] RAX: ffffffffffffffda RBX: 00007f2e86216180 RCX: 00007f2e85f9c819
[ 1177.714685][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[ 1177.714692][    C0] RBP: 00007f2e86032c91 R08: 0000000000000000 R09: 0000000000000000
[ 1177.714700][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1177.714707][    C0] R13: 00007f2e86216218 R14: 00007f2e86216180 R15: 00007f2e8633fa48
[ 1177.714718][    C0]  </TASK>
[ 1177.714723][    C0] 
[ 1178.214883][    C0] Allocated by task 23226:
[ 1178.219281][    C0]  kasan_save_track+0x3e/0x80
[ 1178.223987][    C0]  __kasan_kmalloc+0x93/0xb0
[ 1178.228612][    C0]  __kvmalloc_node_noprof+0x528/0x8a0
[ 1178.233977][    C0]  seq_read_iter+0x202/0xe10
[ 1178.238559][    C0]  vfs_read+0x582/0xa70
[ 1178.242704][    C0]  ksys_read+0x150/0x270
[ 1178.246936][    C0]  do_syscall_64+0x14d/0xf80
[ 1178.251532][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.257415][    C0] 
[ 1178.259749][    C0] Freed by task 23226:
[ 1178.263812][    C0]  kasan_save_track+0x3e/0x80
[ 1178.268479][    C0]  kasan_save_free_info+0x46/0x50
[ 1178.273508][    C0]  __kasan_slab_free+0x5c/0x80
[ 1178.278271][    C0]  kfree+0x1c1/0x630
[ 1178.282183][    C0]  seq_release+0x54/0x70
[ 1178.286940][    C0]  kernfs_fop_release+0x30f/0x460
[ 1178.291960][    C0]  __fput+0x44f/0xa70
[ 1178.295944][    C0]  fput_close_sync+0x11f/0x240
[ 1178.300708][    C0]  __x64_sys_close+0x7e/0x110
[ 1178.305375][    C0]  do_syscall_64+0x14d/0xf80
[ 1178.309958][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.315848][    C0] 
[ 1178.318179][    C0] The buggy address belongs to the object at ffff88807633e000
[ 1178.318179][    C0]  which belongs to the cache kmalloc-cg-4k of size 4096
[ 1178.332482][    C0] The buggy address is located 4095 bytes to the right of
[ 1178.332482][    C0]  allocated 4096-byte region [ffff88807633e000, ffff88807633f000)
[ 1178.347472][    C0] 
[ 1178.349836][    C0] The buggy address belongs to the physical page:
[ 1178.356298][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x76338
[ 1178.365060][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1178.373549][    C0] memcg:ffff888076339011
[ 1178.377782][    C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1178.385343][    C0] page_type: f5(slab)
[ 1178.389323][    C0] raw: 00fff00000000040 ffff88813fe02500 dead000000000100 dead000000000122
[ 1178.397900][    C0] raw: 0000000000000000 0000200000040004 00000000f5000000 ffff888076339011
[ 1178.406475][    C0] head: 00fff00000000040 ffff88813fe02500 dead000000000100 dead000000000122
[ 1178.415135][    C0] head: 0000000000000000 0000200000040004 00000000f5000000 ffff888076339011
[ 1178.423810][    C0] head: 00fff00000000003 ffffea0001d8ce01 00000000ffffffff 00000000ffffffff
[ 1178.432478][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1178.441285][    C0] page dumped because: kasan: bad access detected
[ 1178.447787][    C0] page_owner tracks the page as allocated
[ 1178.453491][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 11495, tgid 11489 (syz.4.1985), ts 397745519729, free_ts 396954014054
[ 1178.476412][    C0]  post_alloc_hook+0x231/0x280
[ 1178.481258][    C0]  get_page_from_freelist+0x24dc/0x2580
[ 1178.486791][    C0]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1178.492581][    C0]  allocate_slab+0x77/0x660
[ 1178.497194][    C0]  refill_objects+0x331/0x3c0
[ 1178.501853][    C0]  __pcs_replace_empty_main+0x2e6/0x730
[ 1178.507395][    C0]  __kmalloc_cache_noprof+0x392/0x660
[ 1178.512772][    C0]  bpf_prog_alloc_no_stats+0xdb/0x4f0
[ 1178.518129][    C0]  bpf_prog_alloc+0x3c/0x1a0
[ 1178.522705][    C0]  __get_filter+0xff/0x400
[ 1178.527188][    C0]  sk_attach_filter+0x24/0x140
[ 1178.531942][    C0]  sk_setsockopt+0x201f/0x2e80
[ 1178.536690][    C0]  do_sock_setsockopt+0x11b/0x1b0
[ 1178.541793][    C0]  __x64_sys_setsockopt+0x13d/0x1b0
[ 1178.546992][    C0]  do_syscall_64+0x14d/0xf80
[ 1178.551628][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.557529][    C0] page last free pid 5835 tgid 5835 stack trace:
[ 1178.563835][    C0]  __free_frozen_pages+0xc2b/0xdb0
[ 1178.568959][    C0]  __slab_free+0x263/0x2b0
[ 1178.573455][    C0]  qlist_free_all+0x97/0x100
[ 1178.578064][    C0]  kasan_quarantine_reduce+0x148/0x160
[ 1178.583522][    C0]  __kasan_slab_alloc+0x22/0x80
[ 1178.588380][    C0]  kmem_cache_alloc_noprof+0x2bc/0x650
[ 1178.593912][    C0]  do_getname+0x2e/0x250
[ 1178.598153][    C0]  user_path_at+0x2a/0x160
[ 1178.602558][    C0]  __x64_sys_umount+0xf6/0x170
[ 1178.607316][    C0]  do_syscall_64+0x14d/0xf80
[ 1178.611912][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.617794][    C0] 
[ 1178.620101][    C0] Memory state around the buggy address:
[ 1178.625787][    C0]  ffff88807633fe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1178.633860][    C0]  ffff88807633ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1178.641923][    C0] >ffff88807633ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1178.650016][    C0]                                                                 ^
[ 1178.657986][    C0]  ffff888076340000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1178.666045][    C0]  ffff888076340080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1178.674177][    C0] ==================================================================
[ 1178.682234][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1178.689512][    C0] CPU: 0 UID: 0 PID: 23999 Comm: syz.4.5710 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1178.700439][    C0] Tainted: [L]=SOFTLOCKUP
[ 1178.704755][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1178.714803][    C0] Call Trace:
[ 1178.718100][    C0]  <IRQ>
[ 1178.720936][    C0]  vpanic+0x56c/0xa60
[ 1178.724922][    C0]  ? __pfx_vpanic+0x10/0x10
[ 1178.729431][    C0]  panic+0xc5/0xd0
[ 1178.733189][    C0]  ? __pfx_panic+0x10/0x10
[ 1178.737628][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1178.742925][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1178.747694][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1178.752975][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1178.758341][    C0]  check_panic_on_warn+0x89/0xb0
[ 1178.763302][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1178.768594][    C0]  end_report+0x73/0x180
[ 1178.772845][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1178.778139][    C0]  kasan_report+0x128/0x150
[ 1178.782652][    C0]  ? mcp2221_raw_event+0x106a/0x1240
[ 1178.787958][    C0]  mcp2221_raw_event+0x106a/0x1240
[ 1178.793072][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1178.798885][    C0]  ? down_trylock+0x50/0xb0
[ 1178.803423][    C0]  hid_input_report+0x41d/0x580
[ 1178.808295][    C0]  ? __pfx_mcp2221_raw_event+0x10/0x10
[ 1178.813774][    C0]  hid_irq_in+0x47e/0x6d0
[ 1178.818138][    C0]  __usb_hcd_giveback_urb+0x376/0x540
[ 1178.823519][    C0]  dummy_timer+0xbbd/0x4650
[ 1178.828050][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1178.832994][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1178.838806][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1178.843741][    C0]  ? __pfx_dummy_timer+0x10/0x10
[ 1178.848677][    C0]  __hrtimer_run_queues+0x53a/0xcc0
[ 1178.853893][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 1178.859618][    C0]  ? ktime_get_update_offsets_now+0x3b2/0x3d0
[ 1178.865695][    C0]  hrtimer_run_softirq+0x182/0x5a0
[ 1178.870898][    C0]  handle_softirqs+0x22a/0x870
[ 1178.875666][    C0]  ? __irq_exit_rcu+0x5f/0x150
[ 1178.880432][    C0]  __irq_exit_rcu+0x5f/0x150
[ 1178.885024][    C0]  irq_exit_rcu+0x9/0x30
[ 1178.889272][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1178.894908][    C0]  </IRQ>
[ 1178.897844][    C0]  <TASK>
[ 1178.900767][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1178.906744][    C0] RIP: 0010:finish_task_switch+0x245/0x920
[ 1178.912550][    C0] Code: 00 00 48 85 db 0f 85 e8 01 00 00 e9 56 05 00 00 4c 8b 75 d0 49 83 c4 48 4c 89 e7 e8 f5 3b 1d 0a e8 f0 94 38 00 fb 4c 8b 65 c0 <49> 8d bc 24 80 16 00 00 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0
[ 1178.932153][    C0] RSP: 0018:ffffc9000c04f398 EFLAGS: 00000206
[ 1178.938221][    C0] RAX: 000000000000196f RBX: 0000000000000000 RCX: 0000000080000001
[ 1178.946186][    C0] RDX: 0000000000000006 RSI: ffffffff8defb7d5 RDI: ffffffff8c27d500
[ 1178.954190][    C0] RBP: ffffc9000c04f3f0 R08: ffffffff9011d6b7 R09: 1ffffffff2023ad6
[ 1178.962167][    C0] R10: dffffc0000000000 R11: fffffbfff2023ad7 R12: ffff88801deedb80
[ 1178.970133][    C0] R13: dffffc0000000000 R14: ffff88802ddc1e80 R15: ffff8880b863b998
[ 1178.978198][    C0]  ? finish_task_switch+0x240/0x920
[ 1178.983430][    C0]  __schedule+0x15e5/0x52d0
[ 1178.987944][    C0]  ? __pfx___resched_curr+0x10/0x10
[ 1178.993152][    C0]  ? __pfx___schedule+0x10/0x10
[ 1178.998002][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1179.003203][    C0]  ? irqentry_exit+0x59e/0x620
[ 1179.007967][    C0]  ? preempt_schedule_thunk+0x16/0x30
[ 1179.013334][    C0]  preempt_schedule_common+0x82/0xd0
[ 1179.018618][    C0]  preempt_schedule_thunk+0x16/0x30
[ 1179.023850][    C0]  _raw_spin_unlock_irqrestore+0x74/0x80
[ 1179.029498][    C0]  __wake_up_common_lock+0x190/0x1f0
[ 1179.034781][    C0]  __unix_dgram_recvmsg+0x485/0xd60
[ 1179.039987][    C0]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[ 1179.045711][    C0]  ? irqentry_exit+0x59e/0x620
[ 1179.050485][    C0]  ? unix_dgram_recvmsg+0xb1/0xd0
[ 1179.055530][    C0]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[ 1179.061091][    C0]  sock_recvmsg_nosec+0x10c/0x140
[ 1179.066111][    C0]  ____sys_recvmsg+0x3e3/0x4a0
[ 1179.070881][    C0]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1179.076171][    C0]  ? import_iovec+0x73/0xa0
[ 1179.080675][    C0]  ___sys_recvmsg+0x215/0x590
[ 1179.085353][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[ 1179.090288][    C0]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1179.095486][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1179.100686][    C0]  ? irqentry_exit+0x59e/0x620
[ 1179.105486][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1179.110258][    C0]  do_recvmmsg+0x334/0x800
[ 1179.114681][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1179.119628][    C0]  __x64_sys_recvmmsg+0x198/0x250
[ 1179.124658][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1179.130206][    C0]  do_syscall_64+0x14d/0xf80
[ 1179.134883][    C0]  ? trace_irq_disable+0x3b/0x150
[ 1179.139903][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.145968][    C0]  ? clear_bhb_loop+0x40/0x90
[ 1179.150653][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.156542][    C0] RIP: 0033:0x7f2e85f9c819
[ 1179.160977][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1179.180603][    C0] RSP: 002b:00007f2e86d8c028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1179.189017][    C0] RAX: ffffffffffffffda RBX: 00007f2e86216180 RCX: 00007f2e85f9c819
[ 1179.196982][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[ 1179.204950][    C0] RBP: 00007f2e86032c91 R08: 0000000000000000 R09: 0000000000000000
[ 1179.212915][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1179.220881][    C0] R13: 00007f2e86216218 R14: 00007f2e86216180 R15: 00007f2e8633fa48
[ 1179.228856][    C0]  </TASK>
[ 1179.232011][    C0] Kernel Offset: disabled
[ 1179.236325][    C0] Rebooting in 86400 seconds..