last executing test programs:

7.596063463s ago: executing program 3 (id=2107):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r1 = syz_open_pts(r0, 0x141601)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x0, &(0x7f00000001c0)})
close_range(r2, 0xffffffffffffffff, 0x0)

7.315765186s ago: executing program 3 (id=2111):
r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x8000000)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(r5, 0x3b88, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x6, 0x0, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000})
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r5, 0x3b72, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)

6.124025498s ago: executing program 3 (id=2116):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
ptrace(0x10, 0x1)
socket$alg(0x26, 0x5, 0x0)
munlockall()

6.061254341s ago: executing program 1 (id=2117):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000280)={0x0, [[0x7ff, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x2], [0x0, 0x40000000, 0xfffffffd], [0x0, 0x20000232, 0x200006, 0x0, 0x0, 0x0, 0x1]], '\x00', [{0x0, 0x1, 0x1}, {0x7, 0x4}, {}, {0x0, 0x1}, {0x400000}, {}, {}, {}, {0x0, 0x9}, {}, {0x8}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
io_cancel(0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x70bd25, 0x0, {{@in=@empty, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x30, 0x80, 0x3c, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x802000000000000}}}, 0xb8}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0000200"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x3a)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
flock(r6, 0x5)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001ec0)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x4, 0x3}]}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x3}}]}}, &(0x7f0000001f00)=""/4096, 0x46, 0x1000, 0x3}, 0x28)
setns(r6, 0x40000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

5.632901595s ago: executing program 0 (id=2121):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r1 = syz_open_pts(r0, 0x141601)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x3)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x0, &(0x7f00000001c0)})
close_range(r2, 0xffffffffffffffff, 0x0)

4.963618972s ago: executing program 3 (id=2122):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x10)
io_uring_setup(0x70bf, &(0x7f0000000000)={0x0, 0x709f, 0x8, 0x2, 0xe8})
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)=ANY=[@ANYBLOB="84010000", @ANYRES16=r2, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a000000000008000900000000000800090067f6"], 0x184}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000440), 0x80, 0x0)
write$cgroup_type(r3, &(0x7f0000000480), 0x9)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r4 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001400010310000000000000000100000085b9e1b3222ef91c4fc7ce8a12d56e32400572e9502b43a83b6c66bda38ca922a8b37557f7df2ab1c32cf7a694d1080f3012bd31ff3e5b410e000000a65fbd74cd21a79a0a73496e9cfcbbe4211ba386719dcf867cb812bccab526525e9d34ab58154a6515e432df88f5011178d02dc403593951e9b4173cda03d1c3cdfd81d230250510c8b1bebe7b9ee438a8b2579bfa"], 0x14}}, 0x0)
socket(0x2d, 0x2, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x49, 0x0, 0x0)
shmctl$SHM_STAT_ANY(0x0, 0xf, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00'})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000000c0)=@raw={'raw\x00', 0x8, 0x3, 0x2f8, 0x170, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x490, 0xffffffff, 0xffffffff, 0x490, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@unspec=@helper={{0x48}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x170}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x1, 0xacc, 0x3, 'snmp_trap\x00', 'syz1\x00', {0x3}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x358)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
r7 = socket$caif_stream(0x25, 0x1, 0x1)
recvmmsg(r7, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}, 0x35}], 0x1, 0x2020, 0x0)

4.796618117s ago: executing program 1 (id=2125):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_open_dev$loop(&(0x7f0000000200), 0x401, 0x800600)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x14507e, 0x80)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000000c0)={r3, 0x1000, {0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x2, 0x1b, 0x15, "54c893c9634edc745dfa1ab0a34a10622e644edb80cc9bd30d00000033de180aa039ec68114b5aba1c98911df5ba72296d56740d56ea4d0434ea3592a4791300", "fc0177a6f3bb16d5d5568693e0e50bbf206c9d8db97c00040000000000005f8a654e14dc7c4cc6020000003b3acc9f02cd3eac8be657b534bfa1142100696b29", "c921095856cdf9fd8199034f3b875fe5c92394e3c7a178fb1c16c99189819ef4", [0x4, 0x9]}})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
sendmsg$ETHTOOL_MSG_EEE_GET(r0, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB="c0010000", @ANYRES16=r1, @ANYBLOB="00022dbd7000fcdbdf25170000003c00018014000200766c616e3000000000000000000000000800030006000000140002007663616e30000000000000000000000008000100", @ANYRES32=0x0, @ANYBLOB="0c000180080003000300000060000180140002006970366772657461703000000000000014000200626f6e645f736c6176655f31000000001400020074756e6c300000000000000000000000080003000400000008000100", @ANYRES32, @ANYBLOB="08b20000", @ANYRES32=0x0, @ANYBLOB="080003000200000044000180080003000200000008000300010000001400020070696d367265673100000000000000000800030003000000140002006e6963766630000000000000000000002c000180080003000300000008000100", @ANYRES32, @ANYBLOB="0800030002000000080003000100000008000300020000005800018008000100", @ANYRES32, @ANYBLOB="140002006e65747063693000000000000000000008000300010000001400020076657468305f6d61637674617000000008000100", @ANYRES32, @ANYBLOB="1400020061700000003c00018008000300010076657468305f766c616e000000000000080003000100000014000200766c616e3000"/74], 0x1c0}}, 0x40000)
r4 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r4, 0x0, 0x8, &(0x7f0000000340)=ANY=[@ANYRES32], 0x1)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f00000000c0)={<r5=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000000)={@private1, 0x1, r5})
r7 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xc9, &(0x7f0000000000)=0x1, 0x4)
ioctl(r7, 0x8916, &(0x7f0000000000))
ioctl(r7, 0x8936, &(0x7f0000000000))

4.2508565s ago: executing program 0 (id=2126):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @call={0x85, 0x0, 0x0, 0x5a}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
pipe(&(0x7f0000000080))
r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r0, &(0x7f0000000040)=[{'LINE2', @void}], 0x6)
socket$inet_udp(0x2, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
futex_waitv(&(0x7f0000001b00)=[{0xfff, &(0x7f0000000940)=0x6, 0x6}], 0x1, 0x0, 0x0, 0x1)

4.188188293s ago: executing program 1 (id=2128):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9c", 0x3}], 0x1}], 0x1, 0x40800)
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x25, 0x0, 0x0)

4.149310531s ago: executing program 3 (id=2129):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$SG_IO(r2, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffd, 0x6, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000200)="672d6a44b036", 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001440)={0x4, 0x0, [{0x80a0000, 0xc3, &(0x7f0000000140)=""/195}, {0x1000, 0x1000, &(0x7f0000000340)=""/4096}, {0xcda0debeaa14ea9c, 0xc5, &(0x7f0000001340)=""/197}, {0xdddd0000, 0x3f, &(0x7f0000000040)=""/63}]})
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r3, &(0x7f0000000000)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10)
recvmmsg(r3, &(0x7f000000e280), 0x58a, 0x42, 0x0)

4.121662903s ago: executing program 0 (id=2130):
r0 = socket(0x23, 0x80805, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)="a31853a67c07b71eb4b570abfe361ede0dbe0fb9c8efef56b956e289a34e5a3c1aef9d583d164f8c5b3c631a312f96cf48928813bf2c446887f5d9d9a3457e56c3d643815a0269de6632eab640d7fc0301a4f5814ce3261a0638240cc46d461fd753caf96439ac9281f83779d4c73b023d4745b120621f9212a7dad5e4e9ba4447192ef87a3a933b7672b93192a9220cad942e394b0b769a290fcd44ef948287294cae1b9c71062ba17c3009fedb50e0fe0ba952ce746a588aaee13fdd41a0370656a86788de3e2d689fbe0380960066a7978706", 0xd4}, {0x0}, {0x0}], 0x3)

4.00519583s ago: executing program 0 (id=2133):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000000c0)=0xfffffffd, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
r3 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
syz_usb_connect(0x3, 0x56, &(0x7f0000000b80)=ANY=[@ANYBLOB="12011003e4aa894021044d04cee60102030109024400011000070b0904c380"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x75391977809f9b89, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002940)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000ac0)="dc", 0x1}], 0x1, 0x0, 0xd0}}], 0x1, 0x8004)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
shutdown(r1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r7 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r7, &(0x7f0000048040)=""/102392, 0x18ff8)
tkill(r3, 0xb)
timer_create(0x2, 0x0, &(0x7f0000000900))
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(0xffffffffffffffff, 0x8)
r8 = syz_usb_connect$uac1(0x2, 0xb8, 0x0, 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @empty, 0x3}, 0x1c)

4.004743934s ago: executing program 1 (id=2134):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r1}, 0x8)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r2, 0x20, &(0x7f0000000100)={0x0, 0x0, <r3=>0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000002240)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='sessionid\x00')
preadv(r4, &(0x7f00000002c0)=[{&(0x7f0000000480)=""/181, 0xb5}, {0x0}], 0x2, 0x0, 0x0)
close_range(r4, r1, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r5, 0x4)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
read$FUSE(r6, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000040)='.\x00', &(0x7f00000000c0)='fusectl\x00', 0x200c494, 0x0)

3.933410585s ago: executing program 4 (id=2136):
clock_gettime(0x0, &(0x7f0000000040))
clock_gettime(0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x3a)
flock(r2, 0x5)
setns(r2, 0x40000000)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
connect$inet6(r3, &(0x7f0000000180)={0xa, 0x4e23, 0x6, @private1, 0xd1}, 0x1c)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000100)={r5, 0x1}, 0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f00000000c0)={r5, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x0, 0x2, 0xfffffff8, 0x1c3e75f5, 0x80000000}, &(0x7f0000000180)=0x98)
recvmmsg(0xffffffffffffffff, 0x0, 0x7b12ca34075fb177, 0x0, &(0x7f0000000080)={r0, r1+60000000})

3.841054601s ago: executing program 4 (id=2137):
write$sndseq(0xffffffffffffffff, &(0x7f00000005c0)=[{0x3, 0x4, 0xed, 0x1, @tick=0x4, {0x2e, 0x10}, {0x4, 0x10}, @raw8={"351ce7e7470d511089000300"}}], 0x1c)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x201, 0x1, 0x1}, 0x1c)
recvmsg$unix(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
fsopen(&(0x7f0000000100)='binder\x00', 0x0)
fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000500))
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x400008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r4, 0x0, &(0x7f0000000080)=""/29}, 0x20)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000006c0)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @private1, 0x7fff}]}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, &(0x7f0000001640))
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

2.502201254s ago: executing program 4 (id=2138):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r0, &(0x7f0000000600)="001a0000000000", 0x7)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)=[0x7], 0x0, 0x0, 0x1, 0x0, r1}}, 0x40)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)

1.897925647s ago: executing program 0 (id=2140):
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r4 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write(r4, &(0x7f0000000040)="0600", 0x2)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000180)=ANY=[], 0xe)
sendfile(r4, r4, &(0x7f0000001000), 0xffff)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r4, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000))

1.874877499s ago: executing program 1 (id=2141):
eventfd(0x400004)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ppoll(&(0x7f0000000100)=[{r1, 0x6268}, {r1, 0x8014}], 0x2, 0x0, 0x0, 0x0)
close(0x3)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000140), &(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xb, 0x2)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fsmount(0xffffffffffffffff, 0x1, 0x2000)
ioctl$SG_IO(r3, 0x2285, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

736.959195ms ago: executing program 2 (id=2142):
write$sndseq(0xffffffffffffffff, &(0x7f00000005c0)=[{0x3, 0x4, 0xed, 0x1, @tick=0x4, {0x2e, 0x10}, {0x4, 0x10}, @raw8={"351ce7e7470d511089000300"}}], 0x1c)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x201, 0x1, 0x1}, 0x1c)
recvmsg$unix(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000500))
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x400008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000006c0)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @private1, 0x7fff}]}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, &(0x7f0000001640))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000003c0)={0x1, [0x0]}, &(0x7f0000000400)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

616.907655ms ago: executing program 4 (id=2143):
r0 = socket(0x23, 0x80805, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)="a31853a67c07b71eb4b570abfe361ede0dbe0fb9c8efef56b956e289a34e5a3c1aef9d583d164f8c5b3c631a312f96cf48928813bf2c446887f5d9d9a3457e56c3d643815a0269de6632eab640d7fc0301a4f5814ce3261a0638240cc46d461fd753caf96439ac9281f83779d4c73b023d4745b120621f9212a7dad5e4e9ba4447192ef87a3a933b7672b93192a9220cad942e394b0b769a290fcd44ef948287294cae1b9c71062ba17c3009fedb50e0fe0ba952ce746a588aaee13fdd41a0370656a86788de3e2d689fbe0380960066a7978706", 0xd4}, {0x0}, {0x0}], 0x3)

489.318815ms ago: executing program 2 (id=2144):
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r4 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write(r4, &(0x7f0000000040)="0600", 0x2)
write$FUSE_NOTIFY_STORE(r4, &(0x7f0000000180)=ANY=[], 0xe)
sendfile(r4, r4, &(0x7f0000001000), 0xffff)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r4, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f000001a000))

434.281213ms ago: executing program 2 (id=2145):
r0 = fsopen(&(0x7f00000003c0)='tracefs\x00', 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x8000000)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(r5, 0x3b88, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000040)={0x28, 0x6, 0x0, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000})
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r5, 0x3b72, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r6, 0x29, 0x1b, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)

326.417538ms ago: executing program 2 (id=2146):
r0 = epoll_create1(0x0)
epoll_pwait(r0, &(0x7f0000000200)=[{}], 0x1, 0x7f, &(0x7f0000000080)={[0xa]}, 0x8)
close_range(r0, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
openat$smackfs_logging(0xffffffffffffff9c, 0x0, 0x2, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x18, 0x0, 0x1)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x2f)
close(0xffffffffffffffff)

263.443865ms ago: executing program 0 (id=2147):
eventfd(0x400004)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ppoll(&(0x7f0000000100)=[{r1, 0x6268}, {r1, 0x8014}], 0x2, 0x0, 0x0, 0x0)
close(0x3)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000140), &(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0xb, 0x2)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fsmount(0xffffffffffffffff, 0x1, 0x2000)
ioctl$SG_IO(r3, 0x2285, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

207.253468ms ago: executing program 4 (id=2148):
write$sndseq(0xffffffffffffffff, &(0x7f00000005c0)=[{0x3, 0x4, 0xed, 0x1, @tick=0x4, {0x2e, 0x10}, {0x4, 0x10}, @raw8={"351ce7e7470d511089000300"}}], 0x1c)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1fd, 0x1, 0x1}, 0x1c)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x201, 0x1, 0x1}, 0x1c)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
fsopen(&(0x7f0000000100)='binder\x00', 0x0)
fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, &(0x7f0000000500))
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x400008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={r4, 0x0, &(0x7f0000000080)=""/29}, 0x20)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000006c0)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @private1, 0x7fff}]}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, &(0x7f0000001640))
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

130.168597ms ago: executing program 2 (id=2149):
writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000300)="a31853a67c07b71eb4b570abfe361ede0dbe0fb9c8efef56b956e289a34e5a3c1aef9d583d164f8c5b3c631a312f96cf48928813bf2c446887f5d9d9a3457e56c3d643815a0269de6632eab640d7fc0301a4f5814ce3261a0638240cc46d461fd753caf96439ac9281f83779d4c73b023d4745b120621f9212a7dad5e4e9ba4447192ef87a3a933b7672b93192a9220cad942e394b0b769a290fcd44ef948287294cae1b9c71062ba17c3009fedb50e0fe0ba952ce746a588aaee13fdd41a0370656a86788de3e2d689fbe0380960066a7978706", 0xd4}, {0x0}], 0x2)

128.79827ms ago: executing program 3 (id=2150):
futex(0xfffffffffffffffd, 0x9, 0x1, 0x0, 0x0, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000100000000000000000000008500000087000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e097d1d500023dc1566fa336fc4a", 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f00000034c0)={0x2020, 0x0, 0x0, <r3=>0x0, <r4=>0x0}, 0xcac)
fchown(r1, r3, r4)
quotactl_fd$Q_QUOTAON(r0, 0xffffffff80000200, r3, &(0x7f00000028c0)='./file0\x00')
r5 = add_key$keyring(&(0x7f0000002840), &(0x7f0000002880)={'syz', 0x0}, 0x0, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x64004004)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a94000000060a010400000000000000000a00000154000480500001800b00010074617267657400004000028008000240000000012c0003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c70000000000000000000000000000000008000100544545000900020073797a32000000000900010073797a3100000000140005800800014000008917080002"], 0xbc}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
keyctl$get_persistent(0x16, r3, r5)
socket(0x11, 0x2, 0x0)
semctl$IPC_INFO(0x0, 0x3, 0x3, &(0x7f0000000200)=""/46)
r7 = socket(0x1, 0x803, 0x0)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080))
socket(0x29, 0x3, 0x0)

127.608788ms ago: executing program 1 (id=2151):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0)={0x0, r1}, 0x8)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r2, 0x20, &(0x7f0000000100)={0x0, 0x0, <r3=>0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000002240)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='sessionid\x00')
preadv(r4, &(0x7f00000002c0)=[{&(0x7f0000000480)=""/181, 0xb5}, {0x0}], 0x2, 0x0, 0x0)
close_range(r4, r1, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r5, 0x4)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0)
read$FUSE(r6, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000040)='.\x00', &(0x7f00000000c0)='fusectl\x00', 0x200c494, 0x0)

58.291049ms ago: executing program 2 (id=2152):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000001a80)="5a384a217a2d82c5ec7bde148b403544b4bdb579f3e3fbf170a3469a03b7ba2a91da2bb5fefdfb5ee8c9a765bd0aa2e8b8b401f3b58de521f3e6db76caf7b9ea41905fac2631a75e5d2e09e06515ff14b80da52516075f57e7407448ffbd076beeb37ba4a5553141482cafea7fcf5fb2b03efdf1b49c8c8170587ce2a60a85024c7adbc4b334ecb3167e533aa35d2741012c718c73d8650095eed7a7569fa74c352893ad1a22c5a77af8f2e7970aed14104738b5cd78bf4f9227f55d2ffb78093c957d1bff072137969865ccfca5afbe63fe8f1a6684bb1eaecbf9172186d97535ff934b122eb8e8262e97bd6fad21d3a14a3786585270769d87b6477cfe0740555c6da4d5e600ae4d5af479dc1ffef196e1332ad95c1c58bc9d1cdac91ef22c1c8f32008601d4fe42493b4cf49166688aa5ed31c4b0dd072f6e4209d418914c3df34c2bbf7726603ffa60954980a1de421eb16f23729f3d9c822089d1f5ed131be61fae0e87ed82495a55162fef5ec693639d3772513e0e1dd42f674da3c9e7dd19bcacd8c68f39e7c51b3b021b1c88b3044a33b28781c3b945b720000587415401aa2187cf293f6e1f0877262954823a45e40630d06b6bb31d1fabd80fbdbcf9ebc9b8dd416dbc156eae3bd7926994196f9fa280c6642db7906dcfc4f5aacfe58f7798742b134e98faf62d2dddd2503240ed38d50809662fcb3f6086b01aa8fc52d0eaf04d3d2a36beaee875fc3d2cb2b97496ac90ea79d279ab0cc8a442df0859765930d95bd82f8282144d1d8dd8eab0285c7743b776421010d7b74acf7bcc6c6e9d38713de9c99df8ac8469590b23ae358de52a6f2d7e00286675b4e2fc168d3f2b9ca6388cb87b97acc90639a1d1d16013910a795d2590f559ceea19f0a0be189c346eaf27d8c53aed71ef8c819cdf0d7239bde7831fc23be532bc065d1812b070655ae6dff2c3261d35ff1a404ef927c028e726107fe26808352e944335b6e9895c6112b49862089e7b37c16efbf7dd7d5569c2dd14915154465c94b50ff43452d66c797bac0acb102cec36acfc561beb71d92ba83d6fa24ccdd5290779c5ee075b9baf835f21b2d76a74c42af035079e62b09ccf512b1cdde4ed0679c230d4739ecec880123845a8b17762a5dd9873dcdeebf809a42899a49b2693c2d87efb3b8a2f2bdda5dacd8084d91d71c603f2c7f0a9e8db7080e575aa8baaae6791530b74e6d9bd887379058673a579de4ab71988b8fef429d45560cabc32553103d1e7156608bba760dde9ea3452a4958ef0dc4d1176de951ace0e05033cc974e80bcde9601e267d80578565d49a497cc981d4e304978262124cf712231335266ea736481669706bd5f997f793f428a7d3ee5bda9b702f88c8c95541441f9f88b7a3b643e4a3aaa32fcc537063e447ba5928e7da583033c1642acc16b42d8baea677a2ba9a189ac745e6c8762257644c5dcc1ed8c60663a17ecd8be62830bd16b9eee4dfcf6cb13d0067f36f4d811fe961d2553a02fb7f117f07099d5c4747345531e807f13a90049a56c7816d76c503c5b7d04394955ba8e53a54309e811ac396ede3142dd41f9a1f695b72e8b75d68db27ff9c5e5fac36337f41aac853add254a4e8f2e3912d77ace9a27e58951d055a5f492accdd4bccb7379533b9b01f10042c294e8afb407c8dc752785f0e6078aa76f0f8598d9c26a6e6cd3948d1b1d6bcf51d7a1b9050fef9be16fe4bc4e40686813940c1748e00602ec782118395e7c07022ca8ac248f5c3b53a45cec6bb7f962add742b68c36cde15ff0f76c1fc596bca8d42c03722f6e78260cb30f47c84d567a089e1ab987c304e1bf70b668d1a35e72980ea7b9ec5a91c49c2a8962bb5f337434ea2ad80438f55ae50040390141eb4a9c2b47ea88adc9034f6d308449e4f40a2c1339a77ffa6e7239dab74f08bf1cc126bf318f47d5bbca4c9f4c9724fca344f93b0fc264ab7fc4d487861798e3d4fc5ce64de71e47bdb31b90d6e3046463082d3eaed3556115084c9111b6d9b0195ea7856aa83259a37bc6e512b762203cb1cd337666bc0620272de220e76f1cbb6ead7d1161610a0ac6c41dec1affb8ed57dd67910ba24545a89d230a1f6e8d86d979f497d1beede4918fbd4b61923d89dbd3440685863c4d1bb3d81973ba48a63133d9251e643c4647ad4aac03dc6db40ad92da439a3543df9483df651aea2c0bafb7f351166d75c746afeb330d610891c1c4f01a04668eff5e8ee2481ee358aa7b28f14c50b010e2c511354cbdea3c058f01f2e83f0db5a8a6e8235eb6eb15f2fb3dd9cd62bce66e5e46f50fc14e5710a4d97256ba724ae7a3cdfab2df2c3eaf131fff623a26b2aa6c9bca974bdb61938ac8cae4f0f1ec85788d0054a386772e38740d7bf1d0acd9d2f140d71e3353d2d97e0eb153685fef685bf06bee0c10e6df49a757018a29bd745a9680775219cb5248367e4c4990e25735948c94039f76c86168a687660ef7d8e2684ea650472198637c944ad226737dd2abf3c71d4f01eb482f80e5e62a16491a4ce110e51a7b5b6dcb2f788d2a929dc3a55b97f9bbf9bac9232a4193f359dde048c46ca16c654c712b8152779b3c495733801bcdd12b5b4b87380fc71cc9442c549dc7b40d351ea690b4b92ec510f23cd232a528b4ca474f3915df278f1574d6dda0e38c52b67cdce8724a920a026569ac8229f73580908e54111b638f93a94c632667d36381fdb6cc7fa6c97c60fb719e5aab698f0a553f47726ecd81207b4c9545f3f3c719ef6c0e847b97b8d0767d66306210ff653ecc97032eaf2504b85d2562bbb94160799046cda1b8877706ecbc100eb4a1de99b727a863c825c19b64a3c5d2db34224ab34e9efc99b792c0eafdd5eaa8e5319aee0effb9e40ae3e1cefd2216cae96cd423ae9b4048e89cf56c28c2d3dc9b05522d84e13f193a96d37c85545625ce39cf33d9de4f96ed7d2c0e813eac440f030595ef467030c1b3381e0e4ca4f36a8e5f9cb4e09bd398d707c5c38f4252182173b1f877f87e933fe59cfc10f88169625c2293d34a22062399543cf88a1097026d6f2effdfc05a50b1519dbae43289f64580a85978aa63ed218c958209c07ddfa9ee021c30b6ac427230bd5b45e86f1e0c47278680237527099fab4c3009e5c356c93a7041610616166b8c287eba20a43eb02351767996c9d1b20f058ff969547f79f381f45463f412d08407eb6f472ca7639c17994f4d9d4e9cb9464b4a096c96582e406ea972898400c11b083d7abfb0a8a0616819d4723fd23aec2e26b1c8b57c7ab0256a055df78beca014eca7ee4d88acd12bd0fb91cc68081958f69c969a37da61445d8dc65f945c288ff465a7678129391997a33e86e412d56af4f556d68f1c9ac6c6eae2f153a7d4755ccd748f3ee17104221030038bf79309b37a232b804cd5673e7ce403e118a899f776e37499f180777bfca4a8e4d2b987b55de542cdb9b8209473a719762a5d3717f69c8539a3bc4bf5c79e7e45626384f9b2b76e465c06ad0f39eafde6408ed883bf629f3f3c84024c636c7fc3eeb61fb33bb03393c23eb5050d401535d877d8f37a660b4bf9994b71b55e65b02a30717b799d6beed60ae51a70c9eae4e1ac391363f9d9a5dda9d82679e906ea31242b08a2b88b48abcf108d1d8ccf6435f5a66f862a59fb4a1c68ade20b4ab39bfb54b6cb41a675310f99509197f56f2ddbf58c18e749e9d5d7fafcf04db05c6a46d0752500957580e31e247a850c8306299f5360ca7a852a5de2ae63df4f1a167ab010621fa21320218a3eb9e3ad88e04eb9d8ed4a57055e9c6b55bba9f28520c5eca8fa7b7863df61b1382f35c2b63076acf244bc81f6ad558bb96c7b6ddd066caf5039694e7db19b3ade35ac3b7b555ae4ed5c0fd90219a729b433d23f39deca9f70852dd1ce3e1b445c9d14be1d7dd3e8a9aa8031dcec3ae918f22eccabb7e23856d223550d672950f7b3278e230c7019e19a86e59275562e5b427968953011b51fd6bac313151f0adf3d90559312afde4cace169ae9a2148a756ef3fdf69c4ef0fc406a44c7d3f70cca1f5dccfbb876a9ce272a4428dcb5fe7eedf34aeb67925fef9af40782944806d85744d727873844a34d6a836d6e9fcf296ba5747703550501b1546f43650c8e80c5a6a3bba2b6657ffafa84ee54bf186d0854cb6a23844566e87823266a3f9f81b1b3e4fadafb9524f61fda29df9f85577b51ad58c9b6ba2491b4c9e91731b769b5ecf14b17bc87cc4c8a82feeb6be4a0f3837330f5e0e5f11888f26d781e5a69837b457e278c21553fac6c34fb597410045f991d60488468eec4dea940dcf5dc00ba5f608effa2ef3575df8c9b31e1796326df0879169cb9808cc4199236667453f5fa9240995748176f9ff98186b6e4cbd53444a32631afddf752bed4f2755e76c24185742b76976cf519de5c8b0262a07a506002d02e43a4d617b4d72e6cfb0d8c4155aef8d89f8d3541d21026bfa578c5f7e97a47b2603bf1f5405e776197f661e8d3c16a4d77b741191119efdaaf4560d06370fe13199a525da5e7e9b821ec5f5799297c45c3eb8715809619fe945cc78a8967e24df52e5d67e85bc1d73db843921fe2beecb6cc3a076fb73227e55eb78e58f618c2a9c66dcc85079f4772ebcc11781c936fba9698deec242d6a14f8bbcd51cce20bc91cc5ea62400eec677c3fc2a0883f7cd030fe3fb3f20c63bd82de9ab62b73f339741d50f94049153c3d1adc24b6b7fc6db720ae6e9c3d8993a85793e73c4791ba25344381bdd7508830adad11732db0e9a2ebc6266d7681984b318dcfa8f99898dcbddb9c635bf634db92bb277190e9c6b1fe0d7d27ccd2848196ef427100f6343bce66a3c2ce1a88aac1f722e75f128086c6eb9764e8fcd08bf4688512b2669dd1fc18ed0816b9f9fd026c88da2acc4a43ee8b2a5bd6689625273abf3b796be0c7e319a9c89cf255e933ff11b1ac859b5fb1bad6781afb42d33cba9564f7c0ae1b3b7d6c6c45b2ed8c0273310f5b98bda44b5c11341ffc5fc7a72634fc620a5832c9cf491bb3bf2bd8edb6a84d521701e8e6ffb9f1d55657b919988c5732540e84fae746e5a966299a7429a262b3403fb3f70c4c5524ea18cfb04bd2159cb914e6a98e267ce6971d0efdc5bb636d9cd15681693edb21f764e7c9bb0d5a07869fae818506f353428252aaa20cbf4bd8ce1ebc4a76ce54c5595bba9b244e0e4a7a537607afa38e41368a8c293fdbd8490d93dbb7f82a89a2d65def069a49290ee087d985c099da3763a2dd79dcb09959c392ebda65680a895a745d726f59086e61106b90900000016622668ce9a80418e91609c529c088326b1bd12d6959741cc19d44f2095dd9b2f1b4cc007c0fb26f77ff244c875c46f4f85e6c65e43f2275331001e1440afc31d8af2f404fb14235e5ef484a55631a581be353672e8a9b47455f50cf4b8bd9030e9b4b298b4b43e920389c5aae890d9ec4d128dd1fcb256d06ad807c03dbac97d5d4d128687585574fbdc595b253e70b9fc8dc4f92ad7f36a9a730e3b94db7897394ba7a334cd6d7b79dee3577035700c560ed50cd70a2855ceb7fa58abfe381027437df41ec4a7bf19b01d4a3dd2d11e98e1e6365777d826e41e75d75df7b11e383faf089c7fa02b1cc4dffe3371b7282a5209d22d6593226716e784db16e3f54ed2f84e3f042df105f2dd8bb2f2b3d530d01a90deaae4854a78cad97e7eb00ed3d12f414c86bf4938878ec66f24aba4ee61d41133e66503174081144ae0630f1fabae5400f0b6cc9119b3c4d1a7382570fe9de7bc91d32fdc8f8f212f25560414fe27528db1026a6f71a373766771bd63b45d09e730be1f46bb608c6e43bfb1ac74469ec6b63e3114209a1b023d7fc6f7d0b0624ca7fed9a197d0ea1760302d47d8f749cf4b4711f9096fae58e941f428d3d46c17590d55cb275352b207970ab498a9fc380c0e23943e7bbfaafa9fc50b2b019f4ee955f52ab2938518a643a20e753d9d6c3144ed8ffbb2638a7d6dff9ad3f085a815e99b1334144e33679add52d473d4c7eaf1740e2bbd5469286b78b1f8853d2e24abd329666cd8c496051b7df363184d633abdc206f84d8119ab15ecc43bd4d3dc75c7c7d0e49764139be5d1c6ffa01ac8829e32d5e6d795f2760b55f6d2a4e487d6c8d24a4fd84f5ebd9b4cd8cd3868fe20658f79e22c29b34c07c127d4bde9cf7d1c3fbf92395012968c0923bc1e040d283d128a84d651de93459773d28990ee096f313334dacac65b09b8ecd5ab776f065ccd253c261bbce2ef637e4be0f384bf9d0705fe276be81a2aa8db6b882055ec11df91d13be28bf3e51c4269a6af8edc79fc9cffb97a7477fd121eb188f7a35e50d1830db8c388604030d26e67745f9cdf609d36463f0214a74b4277245215916379f78c8584a474f1eb28e14bdfef3fc02c09846952a23993bc2eeda301d6e4c58346b0a9ab96b59dfd6429bb90258a1fdc38de55443237e3559cccd7547307918ba6cf18091b3bc538da982c05adebeab41a59c2ee78e8c5dd4d4411a91179dcbaafd602ca0333ee6c6668abe24c836bdd5a5261aadac11fd8f1682044a819b6a3cd85015efcb685eede35ef046a11407e939fcfb7b4edb3f046c7d27947ba9a89e4f7068103ebcb0855d4923c4b9ee3ec5d476c4b72c1f6ed8ad1d991f6ef2f0eaa78758fdca67ede06e552b9df7532cc3f1d407fa23d9f5962e0305cedbff19a96b801f6f93a6fcec281fd30f57cffe8a26e2419f4b6a819281b3eb3bc7195e8cf4b8f3080f73c7b1fae8e7e606b5c8bcc493f8c1cae298995241957ee13d4fea8c92e63f16744bebdce3b8c57cb0f7716ccc950ef38c3133a0296ecd512191b8e9b68d3b232d2b7462174ed3d0f1bc6a0f5027fa4f88e99abaf6017f722f916726ec3eb59f19abd628b733654e4a24227889a99d01fb1e1cf7fb60f1d0a4671d5a7d47b56efaee313c53bfcb970e0878865e914f9e1884bee7f4fb787084315656b34c22dbf42aac3ebac5a500f8ce5d9bc47653f9e37a4d58e3c905db02e5ccf89701f9879831ec147baa80f122eeea1e3c9872669b0a29a24ea60e21d87bd51156f1e13e7d5132cec711f665df124cf7182c75103f35ba36ef96d36524a2525c88ae1fbe4192664080fc2735a789ae7f7b7774aaa9f18e6a8cfe46b714aed5d082ccb8001ca6bf33bd3a833681071fe6143a2daef7a637046c5dfeaa89d9285cf9052b02f699681a276f688b473b751d4da6be75a7d142e6b74897ea18812532579a7f495e4b77af68f5057b74e039adbc16624ecaec8aa058c491a1968e9f3d133304e6e1c150b8b10db993ce67e502bec06b239454ab0eb19af034afb8756a06e0550be1a63e31a85fda372bc5d6f2759adabf29d90eed494bed32cca3cbcdb874a982e0a9e0d81708814c88d88ae30344ae1b7527486e18c63c1c5b6fc74a241c63eab588ed78a295471229b1b5c20cc230bc6d81cdbff66b8d901e6d61cd5f385b31d0b492f36ab440b193fa86c9114fca2f2d1a4f73d9a05b1a26822135c86941ec989a6fd3962af599d3e8a0b9d87cf08205a2d4c2498c1682402a629ff583cdd4abd3ce46e76bb5cea903f01a9e88408584991b2bf5633671d9c4303e1045a6224d59dc3bdead4f4db2c555c92b296551d1f79db944d7e632bb6f6ccc93fb3cd69ab6b97e592e41529917fb5bc21226912815717a277e5edb3577519b8fe9f3885f08c6b24d957be1e119b7d592012fedf58c51344317c209d882fcc3212b39f45b0001b620ae8a3756ff1c5567557694a10da1ec3918d935a3a632f82ab8a3a909b663ac2de45d4a24c3e625eb73ba7c6f6460e2742b05cb438008691e2fae34e709b078759b7c766e7c093633b3224ebc2e1d76bc708f439760f31ddb1ac76251093ecb2e6a917e0910a06dde3acfdce6c24cae79944cce15a8fa07abc9ab6de33861abd43ff1e5948d217acc7aa3fd1a561abdddbad0ea60fb5088c8be468227fae9ac182c98de0b8833aba584f05023cbc4593a155463fc98a5e895d3297208913b4af3c81e7749db4580f6b19a247cc1cb15dc57d8cb2bc164f450fd252d2a903fa8e99ff99616ba949f323e6f9b69a1ff7e0ae57f9473164c1f60014a8e296d3bca29488346ea0220b8d9937a04d0e5a06a8ac25020c5e63c3f887c3c586601b652f9e2bc97ad88a8f1b895ec380da4b525472e290cf29a3ded06308fac229da619325e5221912a828e03e8ded81df5f709b452ce392a3a39c1aadd4612f8acf6247f4dcd082c1253f65279364c99a97757816a86ecddc05ad48a32158565d44aef33c0a6768fcb7af6c9ec8618efa0e8680761d00052f65a80a327bc74a1ad5975621e6c74e4e7b471c882ed63ac777eb34c6346cf603cbdfc14e76198fa83af5a742fbf385c9d528e6586653f24ed5374d70a4a5ea1ac7b4b04b49635f84b18a281921671df2bdc037ca182b9b645bc250c2001c36a46e8a4e4e850acf535edde1b4a233269d8ef7738d5532c75c71670921f8b4ea656ceb4a4066a04bb8a540988cc14e938b141fe51bf0d647de78bedd148cde21eff2428ebac2e4b40c466f2bac3100a16ba6fcffe361e752873c1e92104582ab48dedb3b93ddd29d81fac27b84e9a2538468f91172171e710aa992f3d488360be5f1a8ebf06223ff30d55953beea4abb0b3f6364834be74e9c6b6cf1a498bea069834892678217d12a0196df373e84e7c5c3c8e33d5666892bf2405f5f16203d5d8058f9c9ff54e7cdb429d2dddd14fd0009a9c36e4c4585b373228eec0fdc4d156950e4810f44867968937b4c8efeeebc32737b5a8a1a09c0308e65d528c877d3fa494b1c323baa49fe1c451a4fe1d4badf29e39d5387478b99f17f37fbe2fcb0fb1855a62476bcda1121a38a086c529fbe7b5764e2ae6c686a02051619740baada5a2fb76dc37f4ad80757dcaded49cb38e56674b4797ed403261d83a57832062c9dfc138c447d2543dfb21b44b423ce536b7472342ae0f788a36ea087f500b6476181d5379d7e8d70d8311e9e020f95750d314ab4e2fd4b8229cb354eba745eea10c66c7d0d1128fdfe91d6c7b1d0489264861f5404f6319a9ddc0b1bd0288b62dd76b79f86f0588e3a353b3098e1629de6808c2dc8ee7e432d3f7a4cabf102ad524ce4c6a3a2c962675e985378d904c4d6efade29e3f95ffe80a984d932e53643da5f622d535de5887b04c9c7616f31a16d279f26c02213532e3798645e4a09aa0785ab6e330818140347a2a80abd1d8e271bbf916c492125e914830f28619536ec7a1c842331ef2921b267e3666c96a122447e30928db0d29c958f9e492b8568734eb7f84ccddb1e5dbc0b6cc16c1fda02a524654a0ef8d4d01aad02f1a8fba9dacdb1380e38637203030ef1a8115d62c7c72ac7f7bf74b4decbefdc0f101d804c7f42e68ee44bbaed6fc36f0251b5ae9f42853d0954e46900fd75972f9af23cdf864f2f285f0f31521c5ad6e549084734f8dd510919aeb820ebd723b7ed30a89d6e2af2df8c4d796eb29c508b7306512d698cc153f0d35540bf757f3e25d4c573e71c4b4c8402bde20481d3459f11b477bfc5dab01281fb8e6c76cdad4974c14e0d2cdd93ab64b0810c18e8346ee495d0fc49f3b97a3a40f2d445777951521bd638000808f2c258daa20461eaeb98ccfc952bcd10364ac586843eef5096113b62e57828e5326f752431839cd9e71e13a248873c61065cf311cd6a3b37c12d952474fc8022fb11031d8091622ced80b12018f8a80e84d883c3749a5fac55c6f05e4ea352bc954fea3299aab478c2ae73e787c6dad3df26bd9317c7569f752b956fd806dd1f6d82df9ac538b7c404d1b97402c8ed3e90e9462b6a8bbae259cf20648872b549e01721da0adc082d0f4e03cd38ac5ad787beea3cc3ae43966a1402c7e54a5dd3d3d0cc62ad3a8283b74c2d3779375bae563de07ea3b1945c0bbce91fe1a824e04906255f4165f4e3d727ecca00e9abc587de38b825c6c7f86f4409642d6684205f90a03a880bd317c5aec106a461f3f158f152f26f7b4747213f631c5eb27f2b05ceb5da505ba05e82478e53021c484b08859dbccca5e1e6e38115995db6ba34891a604ab46574f8455f44a0e40658d944110a27908fc9d3b2147d2b3cad2bd9edae0a463b5800cc32f6f944cc7f35e06d67dc7fb227e3dffe2b11c29f8003a8aefd7469ae7488b2af5f3e4a843d40ec183262fa37d82a50cfbebc77253ac7259212fc492a6c33cc4fbc86e78f506a74be94e5edb9e6eb283a9f8a83101f3b3f13429c4a0032a0954c18b3455d2243a2c84ce1c9e8345a2d75f42ba376985fbabd979ffcd97aa6ed6452f1e1fd42a13e8f01271136652de2148fb54af4f3b93813014cfb5476423b0ec06172e0eeba8503a4e16faff749f8fc9b12a822ffae780416d3678432c0d658d5a712d2397291acf14d12412df8e9c353858b7fefbfe3bfb90699c5a4ea50cb895211e35170247eca1d44803beed64a61357cb0fc1f5babacfbac2c027ab56c7f010246f9bd5214b3349e751ab8a6dd7e69eebcf564684fe29c1e035f01caee11cd6a49dbe11a05920f41d3d9ac59d03483a33714603c0d1b5fe38ba9f517d170ded57fcd394bfe25e660e38a089993301ad58ae20cffb4a8d78f987e5fadc6be770249eae31a65c0d5b40156c225c0e1889b5c3a41b13597d7b6f290086f0f2f682e7c63c6f0a3f3b2fa88846cf0ac84b78a54a29c8155a0db21ed3e823d20284cedf75fdb40f6fd3e1099981cbc5f119846bd4ec29e55d0178e9a227b013519c28bdf8e9e04b5e4957719188ecc9331f598bb0719cb97c2408e884601c011b01d86652ba537c1f8713c608dad4994d4ed7f786771cfc51f0495406353b4850b77e9dea4fd684cfeaf6b2763499be4df9b6fb4c624b320da8d84ea25793aee5bd16bfaf5406cfded9f58c3f535f54c03bb1b20f4106a2465dcc3a758c1f1a924e567b99feda45d0742f073558db72c4eac0b729ba726fa086c21b8f4464b908c84e744c0c27a67911889b77c5e5dd8e87106825d939207da3a74289a197174ff2c1cd89d1659f398821f8f2cf0c81dbba69d6933896913904ced56cc50acbd337c36dacf175b264b9e9518d856ccccaaab6d0d329eee8383474e434a2d68c51256f57900e18adb4799ffc2f45fe0f550cd49242f494b9c45e16ef1c005e31f8523f2eb6c4598ccbed376f3a638264fc6fb128a2e63c8490ee3c5b2b2c8ac19f647de6e22ec7574a67ea49c9a5c404fa7b39ad98d2d017f2056239df839a2719be27d993767c1b46decdea2e31f4c8e73d7514bbae8f026048754fdae46017eae25ae6ca1288f3441aa6d0f962f1c62eea19663c8fb895148b36ef2ee1afa363d50f3053ffdcbda2e96e13c619b13b9fa6b31dca929126cf3bf1be8c9374c6fa652bae273679924172c1e4dd4e3f9a5f892532138d91375438c1dc98434d238ec81166aa28f878ef9f130676f55e3ecc808f718e7cedbf40dcb270368762d8", 0x2000, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ioctl(r0, 0x5, &(0x7f0000000040)="3b46ebf6a4008340f0f2788b1496c2e4281cbf10539c4f18f7388bd013f1c9c996f6f269161c3a27ed71ba55b29feba466fa6ff36f000104dfa97f385b35d512eb8c577fb286dd0810c1646f54049b1db16763e7216e8229ffb1e52c52dec3ad3821e2175b88ee40986150933b259807d10d0bdff7fb7ed552e0aa18d2903addb1f9392c684bd9f9482fd02c0dc01066b13a1d7a78d84fa955e781abffc8cae6fc9638d07efd5e333a29df4095a419f3928cef8996f466bec880bbf27764080754fb484e855a9aeffe54ba6d54cc29571472bab076ee2adcf9231c2747d5749bc355f25fb712a93ec84f")
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f0000010280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x800c1}, 0x8004)
accept4(r3, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x20001, 0x0)
r5 = syz_open_dev$video4linux(&(0x7f0000002c00), 0xb244, 0x80000)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r5, 0xc040564b, &(0x7f0000002c40)={0x9, 0x0, 0x1007, 0x1, 0x3, {0x280, 0xffff}, 0x1})
ioctl$KVM_GET_MSRS_sys(r4, 0xc008ae88, &(0x7f00000004c0)={0x2, 0x0, [{0xce, 0x0, 0xffffffff}, {0x4d0, 0x0, 0xfff}]})

0s ago: executing program 4 (id=2153):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'c6xdigio\x00', [0x4f27, 0x1, 0x2, 0x401, 0x1, 0xcc7, 0x2fff, 0x3, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x1, 0x9, 0xe1cb, 0x6, 0x4, 0x3, 0x395, 0x80000089, 0xfffffffd, 0x0, 0xfffffff5, 0xffffeadb, 0x3, 0x3c, 0x8, 0x4, 0x8000000, 0xdffffffa]}) (fail_nth: 4)

kernel console output (not intermixed with test programs):

                                                                                                                                                                                                                                                                                                                                                        
[  293.832733][ T1197] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  294.272566][ T5891] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  294.272597][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.272619][ T5891] usb 5-1: Product: syz
[  294.272633][ T5891] usb 5-1: Manufacturer: syz
[  294.272646][ T5891] usb 5-1: SerialNumber: syz
[  294.283934][ T5891] usb 5-1: config 0 descriptor??
[  294.467302][ T8962] ptrace attach of "./syz-executor exec"[5800] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  294.811710][ T5891] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  294.894612][ T1197] usb 2-1: Using ep0 maxpacket: 8
[  294.897796][ T1197] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  294.897824][ T1197] usb 2-1: config 179 has no interface number 0
[  294.897872][ T1197] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  294.897899][ T1197] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  294.897926][ T1197] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  294.897957][ T1197] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  294.897983][ T1197] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  294.898026][ T1197] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  294.898048][ T1197] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.912699][ T8943] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  297.424555][ T5809] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  297.424866][    C1] raw-gadget.2 gadget.0: ignoring, device is not running
[  297.702754][ T5891] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  298.544051][ T5809] usb 1-1: device descriptor read/64, error -32
[  298.794552][ T5809] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  298.794822][    C1] raw-gadget.2 gadget.0: ignoring, device is not running
[  298.924588][ T5809] usb 1-1: device descriptor read/64, error -32
[  298.956146][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  298.956192][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  298.956500][ T1197] usb 2-1: USB disconnect, device number 16
[  298.965759][ T5891] usb 5-1: USB disconnect, device number 7
[  299.035102][ T5809] usb usb1-port1: attempt power cycle
[  300.214903][ T9013] ptrace attach of "./syz-executor exec"[5807] was attempted by "./syz-executor exec"[9013]
[  300.388771][ T9015] ptrace attach of "./syz-executor exec"[6691] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  301.014552][ T5913] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  301.756528][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  301.877403][ T5913] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  301.877421][ T5913] usb 4-1: config 179 has no interface number 0
[  301.877448][ T5913] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  301.877462][ T5913] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  301.877476][ T5913] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  301.877489][ T5913] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  301.877503][ T5913] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  301.877525][ T5913] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  301.877537][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.884608][ T9016] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  302.705224][ T5809] usb 4-1: USB disconnect, device number 26
[  302.705343][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  302.705406][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  303.174566][ T5913] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  303.333946][ T5913] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  303.333978][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.333999][ T5913] usb 1-1: Product: syz
[  303.334012][ T5913] usb 1-1: Manufacturer: syz
[  303.334026][ T5913] usb 1-1: SerialNumber: syz
[  303.346007][ T5913] usb 1-1: config 0 descriptor??
[  303.554628][ T5913] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  305.244893][ T5913] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  306.523266][ T5913] usb 1-1: USB disconnect, device number 14
[  307.114611][ T5913] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  307.179026][ T9140] FAULT_INJECTION: forcing a failure.
[  307.179026][ T9140] name failslab, interval 1, probability 0, space 0, times 0
[  307.179065][ T9140] CPU: 0 UID: 0 PID: 9140 Comm: syz.2.1084 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  307.179115][ T9140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  307.179141][ T9140] Call Trace:
[  307.179157][ T9140]  <TASK>
[  307.179174][ T9140]  dump_stack_lvl+0x189/0x250
[  307.179203][ T9140]  ? __pfx____ratelimit+0x10/0x10
[  307.179224][ T9140]  ? __pfx_dump_stack_lvl+0x10/0x10
[  307.179244][ T9140]  ? __pfx__printk+0x10/0x10
[  307.179271][ T9140]  ? __pfx___might_resched+0x10/0x10
[  307.179289][ T9140]  ? fs_reclaim_acquire+0x7d/0x100
[  307.179318][ T9140]  should_fail_ex+0x46c/0x600
[  307.179350][ T9140]  should_failslab+0xa8/0x100
[  307.179376][ T9140]  __kmalloc_cache_noprof+0x6f/0x6c0
[  307.179399][ T9140]  ? alloc_pipe_info+0xe9/0x4e0
[  307.179426][ T9140]  alloc_pipe_info+0xe9/0x4e0
[  307.179449][ T9140]  splice_direct_to_actor+0xa6e/0xcd0
[  307.179475][ T9140]  ? __lock_acquire+0xab9/0xd20
[  307.179511][ T9140]  ? __lock_acquire+0xab9/0xd20
[  307.179532][ T9140]  ? __pfx_direct_splice_actor+0x10/0x10
[  307.179554][ T9140]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  307.179588][ T9140]  do_splice_direct+0x187/0x270
[  307.179613][ T9140]  ? __pfx_do_splice_direct+0x10/0x10
[  307.179637][ T9140]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  307.179667][ T9140]  ? rw_verify_area+0x25b/0x4e0
[  307.179691][ T9140]  do_sendfile+0x4ec/0x7f0
[  307.179715][ T9140]  ? __pfx_vfs_write+0x10/0x10
[  307.179741][ T9140]  ? __pfx_do_sendfile+0x10/0x10
[  307.179779][ T9140]  __se_sys_sendfile64+0x13e/0x190
[  307.179806][ T9140]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  307.179834][ T9140]  ? do_syscall_64+0xbe/0xfa0
[  307.179859][ T9140]  do_syscall_64+0xfa/0xfa0
[  307.179877][ T9140]  ? lockdep_hardirqs_on+0x9c/0x150
[  307.179897][ T9140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.179915][ T9140]  ? clear_bhb_loop+0x60/0xb0
[  307.179935][ T9140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.179952][ T9140] RIP: 0033:0x7f7b090beec9
[  307.179968][ T9140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  307.179989][ T9140] RSP: 002b:00007f7b0731e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  307.180009][ T9140] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090beec9
[  307.180023][ T9140] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
[  307.180034][ T9140] RBP: 00007f7b0731e090 R08: 0000000000000000 R09: 0000000000000000
[  307.180046][ T9140] R10: 000000007ffffffd R11: 0000000000000246 R12: 0000000000000001
[  307.180057][ T9140] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  307.180088][ T9140]  </TASK>
[  307.314727][ T5809] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  307.354502][ T5913] usb 1-1: Using ep0 maxpacket: 8
[  307.386015][ T5913] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  307.386041][ T5913] usb 1-1: config 179 has no interface number 0
[  307.386085][ T5913] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  307.386110][ T5913] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  307.386134][ T5913] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  307.386157][ T5913] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  307.386180][ T5913] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  307.386219][ T5913] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  307.386239][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.429476][ T5892] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  307.484632][ T5809] usb 2-1: Using ep0 maxpacket: 8
[  307.488257][ T5809] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  307.488283][ T5809] usb 2-1: config 179 has no interface number 0
[  307.488329][ T5809] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  307.488357][ T5809] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  307.488383][ T5809] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  307.488408][ T5809] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  307.488433][ T5809] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  307.488473][ T5809] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  307.488493][ T5809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.599774][ T5892] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  307.599804][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.599824][ T5892] usb 4-1: Product: syz
[  307.599837][ T5892] usb 4-1: Manufacturer: syz
[  307.599851][ T5892] usb 4-1: SerialNumber: syz
[  307.716717][ T9120] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  307.762956][ T5892] usb 4-1: config 0 descriptor??
[  307.797522][ T9133] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  308.028463][ T5892] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  308.269709][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  308.269778][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  308.269911][ T5809] usb 2-1: USB disconnect, device number 17
[  308.382171][ T9162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  308.393650][ T9162] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  308.474027][ T5803] usb 1-1: USB disconnect, device number 15
[  308.474043][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  308.474202][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  308.507024][ T9164] FAULT_INJECTION: forcing a failure.
[  308.507024][ T9164] name failslab, interval 1, probability 0, space 0, times 0
[  308.507061][ T9164] CPU: 1 UID: 0 PID: 9164 Comm: syz.2.1095 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  308.507082][ T9164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  308.507093][ T9164] Call Trace:
[  308.507100][ T9164]  <TASK>
[  308.507109][ T9164]  dump_stack_lvl+0x189/0x250
[  308.507134][ T9164]  ? __pfx____ratelimit+0x10/0x10
[  308.507155][ T9164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  308.507176][ T9164]  ? __pfx__printk+0x10/0x10
[  308.507203][ T9164]  ? __pfx___might_resched+0x10/0x10
[  308.507226][ T9164]  should_fail_ex+0x46c/0x600
[  308.507259][ T9164]  should_failslab+0xa8/0x100
[  308.507285][ T9164]  __kmalloc_cache_noprof+0x6f/0x6c0
[  308.507306][ T9164]  ? try_to_take_rt_mutex+0x840/0xb00
[  308.507324][ T9164]  ? snd_pcm_oss_change_params_locked+0x1b3/0x3e40
[  308.507348][ T9164]  snd_pcm_oss_change_params_locked+0x1b3/0x3e40
[  308.507367][ T9164]  ? register_lock_class+0x51/0x320
[  308.507396][ T9164]  ? __lock_acquire+0xab9/0xd20
[  308.507426][ T9164]  ? do_raw_spin_lock+0x121/0x290
[  308.507453][ T9164]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  308.507470][ T9164]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  308.507492][ T9164]  ? lockdep_hardirqs_on+0x9c/0x150
[  308.507513][ T9164]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  308.507531][ T9164]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  308.507558][ T9164]  ? mutex_lock_interruptible_nested+0x154/0x1d0
[  308.507582][ T9164]  ? snd_pcm_oss_make_ready+0xc0/0x340
[  308.507604][ T9164]  snd_pcm_oss_make_ready+0x11b/0x340
[  308.507628][ T9164]  snd_pcm_oss_set_trigger+0x95/0x740
[  308.507652][ T9164]  snd_pcm_oss_poll+0x844/0x980
[  308.507679][ T9164]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[  308.507702][ T9164]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[  308.507718][ T9164]  do_sys_poll+0x86c/0xed0
[  308.507745][ T9164]  ? do_sys_poll+0x391/0xed0
[  308.507771][ T9164]  ? __pfx_do_sys_poll+0x10/0x10
[  308.507808][ T9164]  ? __pfx_pollwake+0x10/0x10
[  308.507833][ T9164]  ? __pfx_pollwake+0x10/0x10
[  308.507858][ T9164]  ? __pfx_pollwake+0x10/0x10
[  308.507881][ T9164]  ? __pfx_pollwake+0x10/0x10
[  308.507902][ T9164]  ? __pfx_pollwake+0x10/0x10
[  308.507934][ T9164]  ? __pfx_pollwake+0x10/0x10
[  308.507976][ T9164]  ? do_raw_spin_lock+0x121/0x290
[  308.507999][ T9164]  ? __lock_acquire+0xab9/0xd20
[  308.508042][ T9164]  ? set_user_sigmask+0xc7/0x1b0
[  308.508063][ T9164]  ? __pfx_set_user_sigmask+0x10/0x10
[  308.508094][ T9164]  __se_sys_ppoll+0x1ff/0x260
[  308.508118][ T9164]  ? __pfx___se_sys_ppoll+0x10/0x10
[  308.508144][ T9164]  ? __x64_sys_ppoll+0x20/0xc0
[  308.508167][ T9164]  do_syscall_64+0xfa/0xfa0
[  308.508185][ T9164]  ? lockdep_hardirqs_on+0x9c/0x150
[  308.508204][ T9164]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.508222][ T9164]  ? clear_bhb_loop+0x60/0xb0
[  308.508243][ T9164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.508259][ T9164] RIP: 0033:0x7f7b090beec9
[  308.508276][ T9164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.508290][ T9164] RSP: 002b:00007f7b0731e038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  308.508308][ T9164] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090beec9
[  308.508320][ T9164] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  308.508332][ T9164] RBP: 00007f7b0731e090 R08: 0000000000000000 R09: 0000000000000000
[  308.508342][ T9164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.508353][ T9164] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  308.508381][ T9164]  </TASK>
[  309.098389][ T5892] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  310.440979][ T9200] mkiss: ax0: crc mode is auto.
[  315.279969][    T9] usb 4-1: USB disconnect, device number 27
[  316.034704][ T9218] ptrace attach of "./syz-executor exec"[6691] was attempted by "./syz-executor exec"[9218]
[  316.491864][ T9221] bridge_slave_0: default FDB implementation only supports local addresses
[  316.816000][ T5803] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  317.103088][ T9227] 9pnet_fd: Insufficient options for proto=fd
[  317.106364][ T5803] usb 4-1: config 0 has an invalid interface number: 236 but max is 0
[  317.106390][ T5803] usb 4-1: config 0 has no interface number 0
[  317.106437][ T5803] usb 4-1: config 0 interface 236 altsetting 0 endpoint 0x83 has invalid maxpacket 65535, setting to 64
[  317.110474][ T5803] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  317.110603][ T5803] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.110624][ T5803] usb 4-1: Product: syz
[  317.110637][ T5803] usb 4-1: Manufacturer: syz
[  317.110651][ T5803] usb 4-1: SerialNumber: syz
[  317.126383][ T5803] usb 4-1: config 0 descriptor??
[  317.130803][ T9221] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  317.190940][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  317.191088][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  317.347679][ T5803] usbtouchscreen 4-1:0.236: Failed to read FW rev: -71
[  317.347965][ T5803] usbtouchscreen 4-1:0.236: probe with driver usbtouchscreen failed with error -71
[  317.376904][ T5803] usb 4-1: USB disconnect, device number 28
[  322.902137][ T9365] ptrace attach of "./syz-executor exec"[5807] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  324.374591][ T5803] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  324.552137][ T5803] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  324.552167][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.552187][ T5803] usb 1-1: Product: syz
[  324.552200][ T5803] usb 1-1: Manufacturer: syz
[  324.552214][ T5803] usb 1-1: SerialNumber: syz
[  324.600241][ T5803] usb 1-1: config 0 descriptor??
[  324.813629][ T5803] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  326.384882][ T5803] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  326.431225][ T5803] usb 1-1: USB disconnect, device number 16
[  327.705360][ T9454] ptrace attach of "./syz-executor exec"[5800] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  328.174678][ T5853] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  328.204619][ T5803] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  328.326877][ T5853] usb 1-1: Using ep0 maxpacket: 8
[  328.340398][ T5853] usb 1-1: config 0 has an invalid interface number: 111 but max is 0
[  328.340423][ T5853] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  328.340441][ T5853] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  328.340460][ T5853] usb 1-1: config 0 has no interface number 1
[  328.340518][ T5853] usb 1-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  328.340561][ T5853] usb 1-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=22.8b
[  328.340581][ T5853] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.364574][ T5803] usb 5-1: Using ep0 maxpacket: 8
[  328.367234][ T5803] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  328.367259][ T5803] usb 5-1: config 179 has no interface number 0
[  328.367304][ T5803] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  328.367329][ T5803] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  328.367355][ T5803] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  328.367380][ T5803] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  328.367405][ T5803] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  328.367445][ T5803] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  328.367473][ T5803] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.448222][ T9442] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  328.829381][ T5853] usb 1-1: config 0 descriptor??
[  328.834236][ T5853] qmi_wwan 1-1:0.111: bogus CDC Union: master=0, slave=0
[  328.862648][ T5853] qmi_wwan 1-1:0.111: probe with driver qmi_wwan failed with error -22
[  328.994507][  T982] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  329.065916][ T6024] usb 5-1: USB disconnect, device number 8
[  329.065992][    C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  329.066054][    C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  329.188253][  T982] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  329.188282][  T982] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.188300][  T982] usb 4-1: Product: syz
[  329.188312][  T982] usb 4-1: Manufacturer: syz
[  329.188324][  T982] usb 4-1: SerialNumber: syz
[  329.224586][  T982] usb 4-1: config 0 descriptor??
[  329.249423][ T5853] usb 1-1: USB disconnect, device number 17
[  329.442715][  T982] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  329.484583][ T5809] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  329.645101][ T5809] usb 2-1: Using ep0 maxpacket: 8
[  329.651605][ T5809] usb 2-1: config 0 has an invalid interface number: 111 but max is 0
[  329.651683][ T5809] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  329.651702][ T5809] usb 2-1: config 0 has no interface number 0
[  329.651746][ T5809] usb 2-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  329.652000][ T5809] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=22.8b
[  329.652024][ T5809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.029193][ T5809] usb 2-1: config 0 descriptor??
[  330.047308][ T5809] qmi_wwan 2-1:0.111: probe with driver qmi_wwan failed with error -22
[  330.953223][  T982] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  330.970254][  T982] usb 4-1: USB disconnect, device number 29
[  332.563351][ T1197] usb 2-1: USB disconnect, device number 18
[  337.294579][ T1197] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  337.452437][ T1197] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  337.452468][ T1197] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.452487][ T1197] usb 5-1: Product: syz
[  337.452502][ T1197] usb 5-1: Manufacturer: syz
[  337.452516][ T1197] usb 5-1: SerialNumber: syz
[  337.508018][ T1197] usb 5-1: config 0 descriptor??
[  337.719528][ T1197] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  338.788541][ T1197] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  339.264769][ T1197] usb 5-1: USB disconnect, device number 9
[  342.142266][ T5853] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  342.484854][  T982] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  342.521015][ T5853] usb 2-1: Using ep0 maxpacket: 8
[  342.522937][ T5853] usb 2-1: config 0 has an invalid interface number: 111 but max is 0
[  342.522963][ T5853] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  342.522982][ T5853] usb 2-1: config 0 has no interface number 0
[  342.523027][ T5853] usb 2-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  342.523069][ T5853] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=22.8b
[  342.523091][ T5853] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.161969][ T5853] usb 2-1: config 0 descriptor??
[  343.173096][ T5853] qmi_wwan 2-1:0.111: probe with driver qmi_wwan failed with error -22
[  343.595895][  T982] usb 1-1: Using ep0 maxpacket: 8
[  343.600766][  T982] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  343.600793][  T982] usb 1-1: config 179 has no interface number 0
[  343.600842][  T982] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  343.600868][  T982] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  343.600894][  T982] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  343.600918][  T982] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  343.600942][  T982] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  343.600983][  T982] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  343.601004][  T982] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.810405][ T9679] ptrace attach of "./syz-executor exec"[5800] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  344.391237][ T9685] FAULT_INJECTION: forcing a failure.
[  344.391237][ T9685] name failslab, interval 1, probability 0, space 0, times 0
[  344.391272][ T9685] CPU: 0 UID: 0 PID: 9685 Comm: syz.2.1296 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  344.391295][ T9685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  344.391306][ T9685] Call Trace:
[  344.391313][ T9685]  <TASK>
[  344.391321][ T9685]  dump_stack_lvl+0x189/0x250
[  344.391348][ T9685]  ? __pfx____ratelimit+0x10/0x10
[  344.391369][ T9685]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.391389][ T9685]  ? __pfx__printk+0x10/0x10
[  344.391416][ T9685]  ? __pfx___might_resched+0x10/0x10
[  344.391440][ T9685]  should_fail_ex+0x46c/0x600
[  344.391474][ T9685]  should_failslab+0xa8/0x100
[  344.391501][ T9685]  __kmalloc_cache_noprof+0x6f/0x6c0
[  344.391523][ T9685]  ? nlmon_xmit+0xb0/0x100
[  344.391540][ T9685]  ? rtnl_newlink+0xfb/0x1c80
[  344.391556][ T9685]  ? kasan_save_track+0x4f/0x80
[  344.391581][ T9685]  rtnl_newlink+0xfb/0x1c80
[  344.391598][ T9685]  ? netlink_deliver_tap+0x19c/0x1b0
[  344.391616][ T9685]  ? netlink_unicast+0x811/0xa10
[  344.391639][ T9685]  ? netlink_sendmsg+0x805/0xb30
[  344.391657][ T9685]  ? __sock_sendmsg+0x219/0x270
[  344.391680][ T9685]  ? ____sys_sendmsg+0x508/0x820
[  344.391699][ T9685]  ? ___sys_sendmsg+0x21f/0x2a0
[  344.391717][ T9685]  ? __x64_sys_sendmsg+0x1a1/0x260
[  344.391736][ T9685]  ? do_syscall_64+0xfa/0xfa0
[  344.391755][ T9685]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.391780][ T9685]  ? __pfx_rtnl_newlink+0x10/0x10
[  344.391814][ T9685]  ? __local_bh_enable+0x27b/0x410
[  344.391839][ T9685]  ? __local_bh_enable+0x28c/0x410
[  344.391859][ T9685]  ? reacquire_held_locks+0x127/0x1d0
[  344.391886][ T9685]  ? __pfx___local_bh_enable+0x10/0x10
[  344.391915][ T9685]  ? __local_bh_enable_ip+0x1c0/0x2e0
[  344.391935][ T9685]  ? lockdep_hardirqs_on+0x9c/0x150
[  344.391962][ T9685]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  344.391981][ T9685]  ? dev_hard_start_xmit+0x7f5/0x870
[  344.392006][ T9685]  ? __dev_queue_xmit+0x26f/0x3b70
[  344.392040][ T9685]  ? __dev_queue_xmit+0x26f/0x3b70
[  344.392062][ T9685]  ? __dev_queue_xmit+0x26f/0x3b70
[  344.392089][ T9685]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  344.392117][ T9685]  ? __lock_acquire+0xab9/0xd20
[  344.392164][ T9685]  ? __pfx_rtnl_newlink+0x10/0x10
[  344.392182][ T9685]  rtnetlink_rcv_msg+0x7cf/0xb70
[  344.392204][ T9685]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  344.392222][ T9685]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  344.392243][ T9685]  ? ref_tracker_free+0x61e/0x7c0
[  344.392263][ T9685]  ? __asan_memcpy+0x40/0x70
[  344.392282][ T9685]  ? __pfx_ref_tracker_free+0x10/0x10
[  344.392299][ T9685]  ? __skb_clone+0x63/0x7a0
[  344.392330][ T9685]  netlink_rcv_skb+0x205/0x470
[  344.392351][ T9685]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  344.392371][ T9685]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  344.392403][ T9685]  ? netlink_deliver_tap+0x2e/0x1b0
[  344.392430][ T9685]  netlink_unicast+0x843/0xa10
[  344.392464][ T9685]  ? __pfx_netlink_unicast+0x10/0x10
[  344.392492][ T9685]  ? netlink_sendmsg+0x642/0xb30
[  344.392510][ T9685]  ? skb_put+0x11b/0x210
[  344.392534][ T9685]  netlink_sendmsg+0x805/0xb30
[  344.392552][ T9685]  ? is_bpf_text_address+0x26/0x2b0
[  344.392586][ T9685]  ? __pfx_netlink_sendmsg+0x10/0x10
[  344.392614][ T9685]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  344.392637][ T9685]  ? __pfx_netlink_sendmsg+0x10/0x10
[  344.392657][ T9685]  __sock_sendmsg+0x219/0x270
[  344.392685][ T9685]  ____sys_sendmsg+0x508/0x820
[  344.392712][ T9685]  ? __pfx_____sys_sendmsg+0x10/0x10
[  344.392744][ T9685]  ? import_iovec+0x74/0xa0
[  344.392770][ T9685]  ___sys_sendmsg+0x21f/0x2a0
[  344.392794][ T9685]  ? __pfx____sys_sendmsg+0x10/0x10
[  344.392852][ T9685]  ? __fget_files+0x2a/0x420
[  344.392874][ T9685]  ? __fget_files+0x3a6/0x420
[  344.392906][ T9685]  __x64_sys_sendmsg+0x1a1/0x260
[  344.392931][ T9685]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  344.392963][ T9685]  ? __pfx_ksys_write+0x10/0x10
[  344.392987][ T9685]  ? do_syscall_64+0xbe/0xfa0
[  344.393011][ T9685]  do_syscall_64+0xfa/0xfa0
[  344.393029][ T9685]  ? lockdep_hardirqs_on+0x9c/0x150
[  344.393053][ T9685]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.393071][ T9685]  ? clear_bhb_loop+0x60/0xb0
[  344.393092][ T9685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.393113][ T9685] RIP: 0033:0x7f7b090beec9
[  344.393129][ T9685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.393144][ T9685] RSP: 002b:00007f7b0731e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  344.393165][ T9685] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090beec9
[  344.393179][ T9685] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  344.393191][ T9685] RBP: 00007f7b0731e090 R08: 0000000000000000 R09: 0000000000000000
[  344.393203][ T9685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  344.393215][ T9685] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  344.393252][ T9685]  </TASK>
[  344.538804][ T9691] FAULT_INJECTION: forcing a failure.
[  344.538804][ T9691] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  344.538836][ T9691] CPU: 0 UID: 0 PID: 9691 Comm: syz.2.1299 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  344.538858][ T9691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  344.538869][ T9691] Call Trace:
[  344.538877][ T9691]  <TASK>
[  344.538885][ T9691]  dump_stack_lvl+0x189/0x250
[  344.538912][ T9691]  ? __pfx____ratelimit+0x10/0x10
[  344.538932][ T9691]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.538953][ T9691]  ? __pfx__printk+0x10/0x10
[  344.538989][ T9691]  should_fail_ex+0x46c/0x600
[  344.539022][ T9691]  _copy_to_user+0x31/0xb0
[  344.539047][ T9691]  simple_read_from_buffer+0xe1/0x170
[  344.539076][ T9691]  proc_fail_nth_read+0x1b6/0x220
[  344.539099][ T9691]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  344.539121][ T9691]  ? rw_verify_area+0x2ac/0x4e0
[  344.539142][ T9691]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  344.539162][ T9691]  vfs_read+0x206/0xa30
[  344.539192][ T9691]  ? __pfx_vfs_read+0x10/0x10
[  344.539209][ T9691]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  344.539255][ T9691]  ? mutex_lock_nested+0x154/0x1d0
[  344.539279][ T9691]  ? fdget_pos+0x253/0x320
[  344.539311][ T9691]  ksys_read+0x14b/0x260
[  344.539331][ T9691]  ? __fget_files+0x2a/0x420
[  344.539355][ T9691]  ? __pfx_ksys_read+0x10/0x10
[  344.539380][ T9691]  ? do_syscall_64+0xbe/0xfa0
[  344.539404][ T9691]  do_syscall_64+0xfa/0xfa0
[  344.539423][ T9691]  ? lockdep_hardirqs_on+0x9c/0x150
[  344.539443][ T9691]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.539461][ T9691]  ? clear_bhb_loop+0x60/0xb0
[  344.539483][ T9691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.539501][ T9691] RIP: 0033:0x7f7b090bd8dc
[  344.539517][ T9691] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  344.539532][ T9691] RSP: 002b:00007f7b0731e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  344.539552][ T9691] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090bd8dc
[  344.539565][ T9691] RDX: 000000000000000f RSI: 00007f7b0731e0a0 RDI: 0000000000000004
[  344.539577][ T9691] RBP: 00007f7b0731e090 R08: 0000000000000000 R09: 0000000000000000
[  344.539588][ T9691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  344.539599][ T9691] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  344.539632][ T9691]  </TASK>
[  344.768844][ T1197] usb 2-1: USB disconnect, device number 19
[  345.024743][ T9649] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  345.094787][  T982] usb 1-1: can't set config #179, error -71
[  345.264723][ T5809] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  345.284806][  T982] usb 1-1: USB disconnect, device number 18
[  345.554455][ T5809] usb 4-1: Using ep0 maxpacket: 8
[  345.595559][ T5809] usb 4-1: config 0 has an invalid interface number: 111 but max is 0
[  345.595586][ T5809] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.595605][ T5809] usb 4-1: config 0 has no interface number 0
[  345.595663][ T5809] usb 4-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  345.595707][ T5809] usb 4-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=22.8b
[  345.595729][ T5809] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.710751][ T5809] usb 4-1: config 0 descriptor??
[  345.718683][ T5809] qmi_wwan 4-1:0.111: probe with driver qmi_wwan failed with error -22
[  345.922694][  T982] usb 4-1: USB disconnect, device number 30
[  346.086756][ T9711] mkiss: ax0: crc mode is auto.
[  346.976806][ T9733] 9pnet_fd: Insufficient options for proto=fd
[  347.184521][ T5892] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  347.354524][ T5892] usb 4-1: Using ep0 maxpacket: 8
[  347.357936][ T5892] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  347.357964][ T5892] usb 4-1: config 179 has no interface number 0
[  347.358015][ T5892] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  347.358042][ T5892] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  347.358069][ T5892] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  347.358095][ T5892] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  347.358122][ T5892] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  347.358163][ T5892] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  347.358185][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.473029][ T9732] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  348.356496][ T9751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  348.442328][ T9751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  348.886789][ T1197] usb 4-1: USB disconnect, device number 31
[  348.886789][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  348.886942][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  349.337806][ T1197] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  349.486955][ T1197] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  349.486990][ T1197] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  349.503844][ T1197] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29
[  349.503874][ T1197] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  349.503896][ T1197] usb 1-1: Manufacturer: syz
[  349.503911][ T1197] usb 1-1: SerialNumber: syz
[  349.782817][ T1197] usbhid 1-1:36.0: couldn't find an input interrupt endpoint
[  349.848936][ T1197] usb 1-1: USB disconnect, device number 19
[  351.655191][ T9826] ptrace attach of "./syz-executor exec"[5807] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  356.092393][ T9939] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1392'.
[  360.870035][T10024] ptrace attach of "./syz-executor exec"[6691] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  362.709734][ T1197] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  362.731408][T10049] ptrace attach of "./syz-executor exec"[5800] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  363.149577][ T1197] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  363.149618][ T1197] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.149638][ T1197] usb 2-1: Product: syz
[  363.149653][ T1197] usb 2-1: Manufacturer: syz
[  363.149667][ T1197] usb 2-1: SerialNumber: syz
[  363.296501][ T1197] usb 2-1: config 0 descriptor??
[  363.516144][ T1197] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  365.294882][ T1197] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  365.321762][ T1197] usb 2-1: USB disconnect, device number 20
[  366.204629][ T5809] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  366.547576][ T5809] usb 5-1: device descriptor read/64, error -71
[  368.025197][ T5809] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  368.128128][T10148] FAULT_INJECTION: forcing a failure.
[  368.128128][T10148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.128162][T10148] CPU: 0 UID: 0 PID: 10148 Comm: syz.2.1470 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  368.128183][T10148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  368.128213][T10148] Call Trace:
[  368.128220][T10148]  <TASK>
[  368.128229][T10148]  dump_stack_lvl+0x189/0x250
[  368.128254][T10148]  ? __pfx____ratelimit+0x10/0x10
[  368.128275][T10148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  368.128295][T10148]  ? __pfx__printk+0x10/0x10
[  368.128316][T10148]  ? __might_fault+0xb0/0x130
[  368.128350][T10148]  should_fail_ex+0x46c/0x600
[  368.128383][T10148]  _copy_from_user+0x2d/0xb0
[  368.128406][T10148]  __sys_bpf+0x1e3/0x860
[  368.128432][T10148]  ? __pfx___sys_bpf+0x10/0x10
[  368.128452][T10148]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  368.128494][T10148]  ? ksys_write+0x230/0x260
[  368.128516][T10148]  ? __pfx_ksys_write+0x10/0x10
[  368.128543][T10148]  __x64_sys_bpf+0x7c/0x90
[  368.128566][T10148]  do_syscall_64+0xfa/0xfa0
[  368.128585][T10148]  ? lockdep_hardirqs_on+0x9c/0x150
[  368.128604][T10148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.128626][T10148]  ? clear_bhb_loop+0x60/0xb0
[  368.128647][T10148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.128664][T10148] RIP: 0033:0x7f7b090beec9
[  368.128680][T10148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.128695][T10148] RSP: 002b:00007f7b0731e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  368.128715][T10148] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090beec9
[  368.128728][T10148] RDX: 0000000000000020 RSI: 0000200000000180 RDI: 0000000000000009
[  368.128740][T10148] RBP: 00007f7b0731e090 R08: 0000000000000000 R09: 0000000000000000
[  368.128751][T10148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.128762][T10148] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  368.128791][T10148]  </TASK>
[  368.164657][ T5809] usb 5-1: device descriptor read/64, error -71
[  368.254239][T10150] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1471'.
[  368.286185][ T5809] usb usb5-port1: attempt power cycle
[  368.604678][ T5803] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  368.634537][ T5809] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  368.655410][ T5809] usb 5-1: device descriptor read/8, error -71
[  368.771414][ T5803] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  368.771445][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.771465][ T5803] usb 1-1: Product: syz
[  368.771479][ T5803] usb 1-1: Manufacturer: syz
[  368.771493][ T5803] usb 1-1: SerialNumber: syz
[  368.830830][ T5803] usb 1-1: config 0 descriptor??
[  368.931783][T10158] ptrace attach of "./syz-executor exec"[5807] was attempted by "./syz-executor exec"[10158]
[  369.707539][ T5809] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  369.708568][ T5803] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  370.220622][ T5809] usb 5-1: device not accepting address 13, error -71
[  370.222952][ T5809] usb usb5-port1: unable to enumerate USB device
[  370.790986][ T5803] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  370.828456][ T5803] usb 1-1: USB disconnect, device number 20
[  372.155047][T10226] netlink: 332 bytes leftover after parsing attributes in process `syz.0.1501'.
[  372.524565][ T5809] usb 1-1: new low-speed USB device number 21 using dummy_hcd
[  372.877857][ T5809] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  372.877914][ T5809] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  372.877956][ T5809] usb 1-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  372.877980][ T5809] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.894995][ T5809] usb 1-1: config 0 descriptor??
[  372.899281][ T5809] qmi_wwan 1-1:0.0: probe with driver qmi_wwan failed with error -22
[  373.100276][ T6024] usb 1-1: USB disconnect, device number 21
[  375.334199][T10298] 9pnet_fd: Insufficient options for proto=fd
[  375.507231][ T5803] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  375.664515][ T5803] usb 1-1: Using ep0 maxpacket: 32
[  375.666492][ T5803] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  375.666537][ T5803] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  375.666557][ T5803] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  375.666578][ T5803] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  375.666606][ T5803] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255
[  375.668572][ T5803] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  375.668607][ T5803] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  375.668625][ T5803] usb 1-1: SerialNumber: syz
[  375.893170][T10282] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  375.910984][ T5803] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  375.911009][ T5803] cdc_acm 1-1:1.0: This needs exactly 3 endpoints
[  375.911044][ T5803] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -22
[  375.978294][T10320] FAULT_INJECTION: forcing a failure.
[  375.978294][T10320] name failslab, interval 1, probability 0, space 0, times 0
[  375.978325][T10320] CPU: 1 UID: 0 PID: 10320 Comm: syz.4.1537 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  375.978345][T10320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  375.978355][T10320] Call Trace:
[  375.978361][T10320]  <TASK>
[  375.978368][T10320]  dump_stack_lvl+0x189/0x250
[  375.978391][T10320]  ? __pfx____ratelimit+0x10/0x10
[  375.978409][T10320]  ? __pfx_dump_stack_lvl+0x10/0x10
[  375.978428][T10320]  ? __pfx__printk+0x10/0x10
[  375.978454][T10320]  ? __pfx___might_resched+0x10/0x10
[  375.978476][T10320]  should_fail_ex+0x46c/0x600
[  375.978507][T10320]  should_failslab+0xa8/0x100
[  375.978534][T10320]  __kmalloc_noprof+0xcc/0x7d0
[  375.978564][T10320]  ? kfree+0x51/0x950
[  375.978580][T10320]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  375.978606][T10320]  tomoyo_realpath_from_path+0xe3/0x5d0
[  375.978631][T10320]  ? tomoyo_domain+0xda/0x130
[  375.978656][T10320]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  375.978681][T10320]  tomoyo_path_number_perm+0x1e8/0x5a0
[  375.978707][T10320]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  375.978735][T10320]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  375.978755][T10320]  ? lockdep_hardirqs_on+0x9c/0x150
[  375.978801][T10320]  ? __fget_files+0x2a/0x420
[  375.978828][T10320]  ? __fget_files+0x3a6/0x420
[  375.978849][T10320]  ? __fget_files+0x2a/0x420
[  375.978874][T10320]  security_file_ioctl+0xcb/0x2d0
[  375.978901][T10320]  __se_sys_ioctl+0x47/0x170
[  375.978924][T10320]  do_syscall_64+0xfa/0xfa0
[  375.978942][T10320]  ? lockdep_hardirqs_on+0x9c/0x150
[  375.978961][T10320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.978979][T10320]  ? clear_bhb_loop+0x60/0xb0
[  375.979000][T10320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.979017][T10320] RIP: 0033:0x7f63831feec9
[  375.979034][T10320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.979048][T10320] RSP: 002b:00007f638145e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  375.979067][T10320] RAX: ffffffffffffffda RBX: 00007f6383455fa0 RCX: 00007f63831feec9
[  375.979080][T10320] RDX: 00002000000004c0 RSI: 0000000040345410 RDI: 0000000000000003
[  375.979092][T10320] RBP: 00007f638145e090 R08: 0000000000000000 R09: 0000000000000000
[  375.979104][T10320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.979114][T10320] R13: 00007f6383456038 R14: 00007f6383455fa0 R15: 00007ffd5aa4e3a8
[  375.979146][T10320]  </TASK>
[  375.979259][T10320] ERROR: Out of memory at tomoyo_realpath_from_path.
[  377.710533][ T5853] usb 1-1: USB disconnect, device number 22
[  377.990491][ T5844] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  378.154520][ T5844] usb 5-1: Using ep0 maxpacket: 32
[  378.157117][ T5844] usb 5-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  378.157145][ T5844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.170341][ T5844] usb 5-1: config 0 descriptor??
[  378.189978][ T5844] gspca_main: sq930x-2.14.0 probing 041e:403c
[  378.399967][T10348] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1548'.
[  378.649937][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  378.650004][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  378.654998][ T5844] gspca_sq930x: ucbus_write failed -71
[  378.655118][ T5844] sq930x 5-1:0.0: probe with driver sq930x failed with error -71
[  378.758062][T10380] ptrace attach of "./syz-executor exec"[5807] was attempted by ""[10380]
[  379.891421][ T5844] usb 5-1: USB disconnect, device number 14
[  382.100058][T10423] ptrace attach of "./syz-executor exec"[6691] was attempted by ""[10423]
[  384.564574][ T1197] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  384.704623][ T1197] usb 2-1: device descriptor read/64, error -71
[  384.904755][ T5853] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  384.975053][ T1197] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  385.061870][ T5853] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  385.061897][ T5853] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.061916][ T5853] usb 5-1: Product: syz
[  385.061929][ T5853] usb 5-1: Manufacturer: syz
[  385.061942][ T5853] usb 5-1: SerialNumber: syz
[  385.098444][ T5853] usb 5-1: config 0 descriptor??
[  385.109852][ T1197] usb 2-1: device descriptor read/64, error -71
[  385.215698][ T1197] usb usb2-port1: attempt power cycle
[  385.424650][ T5853] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  386.760692][ T1197] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  386.773426][ T5853] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  386.791698][ T1197] usb 2-1: device descriptor read/8, error -71
[  386.802625][ T5853] usb 5-1: USB disconnect, device number 15
[  386.968467][ T5913] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  387.114644][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  387.117188][ T5913] usb 4-1: config 0 has an invalid interface number: 111 but max is 0
[  387.117215][ T5913] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  387.117234][ T5913] usb 4-1: config 0 has no interface number 0
[  387.117280][ T5913] usb 4-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  387.117323][ T5913] usb 4-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=22.8b
[  387.117345][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.196383][ T5913] usb 4-1: config 0 descriptor??
[  387.211541][ T5913] qmi_wwan 4-1:0.111: probe with driver qmi_wwan failed with error -22
[  387.555831][ T5913] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  387.704893][ T5913] usb 5-1: Using ep0 maxpacket: 8
[  387.711555][ T5913] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  387.711583][ T5913] usb 5-1: config 179 has no interface number 0
[  387.711631][ T5913] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  387.711657][ T5913] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  387.711685][ T5913] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  387.711711][ T5913] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  387.711737][ T5913] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  387.711779][ T5913] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  387.713663][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.833224][T10496] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  388.120053][T10514] FAULT_INJECTION: forcing a failure.
[  388.120053][T10514] name failslab, interval 1, probability 0, space 0, times 0
[  388.120087][T10514] CPU: 1 UID: 0 PID: 10514 Comm: syz.2.1613 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  388.120109][T10514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  388.120120][T10514] Call Trace:
[  388.120127][T10514]  <TASK>
[  388.120136][T10514]  dump_stack_lvl+0x189/0x250
[  388.120161][T10514]  ? __pfx____ratelimit+0x10/0x10
[  388.120182][T10514]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.120201][T10514]  ? __pfx__printk+0x10/0x10
[  388.120227][T10514]  ? __pfx___might_resched+0x10/0x10
[  388.120247][T10514]  ? fs_reclaim_acquire+0x7d/0x100
[  388.120296][T10514]  should_fail_ex+0x46c/0x600
[  388.120333][T10514]  ? __alloc_skb+0x112/0x2d0
[  388.120352][T10514]  should_failslab+0xa8/0x100
[  388.120376][T10514]  ? __alloc_skb+0x112/0x2d0
[  388.120392][T10514]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  388.120422][T10514]  __alloc_skb+0x112/0x2d0
[  388.120445][T10514]  tcp_stream_alloc_skb+0x3d/0x340
[  388.120474][T10514]  tcp_connect+0x14b8/0x5060
[  388.120520][T10514]  ? seqcount_lockdep_reader_access+0x122/0x1c0
[  388.120544][T10514]  ? ktime_get_with_offset+0x93/0x2a0
[  388.120560][T10514]  ? seqcount_lockdep_reader_access+0x174/0x1c0
[  388.120583][T10514]  ? __pfx_tcp_connect+0x10/0x10
[  388.120606][T10514]  ? rt_spin_unlock+0x150/0x200
[  388.120636][T10514]  ? __asan_memset+0x22/0x50
[  388.120661][T10514]  ? __pfx_tcp_fastopen_defer_connect+0x10/0x10
[  388.120695][T10514]  ? inet6_hash_connect+0xd8/0x170
[  388.120721][T10514]  tcp_v6_connect+0x11f7/0x1870
[  388.120756][T10514]  ? __pfx_tcp_v6_connect+0x10/0x10
[  388.120778][T10514]  ? tcp_sendmsg+0x2f/0x50
[  388.120800][T10514]  ? __x64_sys_sendto+0xde/0x100
[  388.120818][T10514]  ? do_syscall_64+0xfa/0xfa0
[  388.120864][T10514]  __inet_stream_connect+0x2ae/0xe70
[  388.120902][T10514]  ? __pfx___inet_stream_connect+0x10/0x10
[  388.120929][T10514]  ? __kasan_kmalloc+0x93/0xb0
[  388.120952][T10514]  ? __kmalloc_cache_noprof+0x1ef/0x6c0
[  388.120975][T10514]  ? tcp_sendmsg_fastopen+0x1de/0x5e0
[  388.121004][T10514]  tcp_sendmsg_fastopen+0x3a7/0x5e0
[  388.121035][T10514]  tcp_sendmsg_locked+0x4ccf/0x5550
[  388.121063][T10514]  ? tcp_sendmsg_locked+0x2c1/0x5550
[  388.121100][T10514]  ? __local_bh_enable+0x27b/0x410
[  388.121125][T10514]  ? __local_bh_enable+0x28c/0x410
[  388.121145][T10514]  ? reacquire_held_locks+0x127/0x1d0
[  388.121172][T10514]  ? __pfx___local_bh_enable+0x10/0x10
[  388.121199][T10514]  ? __local_bh_enable_ip+0x1c0/0x2e0
[  388.121219][T10514]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.121243][T10514]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  388.121276][T10514]  ? rt_spin_unlock+0x161/0x200
[  388.121292][T10514]  ? lock_sock_nested+0x5f/0x130
[  388.121321][T10514]  ? lock_sock_nested+0xdd/0x130
[  388.121345][T10514]  tcp_sendmsg+0x2f/0x50
[  388.121369][T10514]  __sock_sendmsg+0xe5/0x270
[  388.121397][T10514]  __sys_sendto+0x3c7/0x520
[  388.121419][T10514]  ? __pfx___sys_sendto+0x10/0x10
[  388.121465][T10514]  ? ksys_write+0x230/0x260
[  388.121488][T10514]  ? __pfx_ksys_write+0x10/0x10
[  388.121512][T10514]  __x64_sys_sendto+0xde/0x100
[  388.121535][T10514]  do_syscall_64+0xfa/0xfa0
[  388.121553][T10514]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.121573][T10514]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.121592][T10514]  ? clear_bhb_loop+0x60/0xb0
[  388.121612][T10514]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.121630][T10514] RIP: 0033:0x7f7b090beec9
[  388.121647][T10514] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.121661][T10514] RSP: 002b:00007f7b0731e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  388.121679][T10514] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090beec9
[  388.121692][T10514] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  388.121703][T10514] RBP: 00007f7b0731e090 R08: 00002000000001c0 R09: 000000000000001c
[  388.121715][T10514] R10: 0000000020000045 R11: 0000000000000246 R12: 0000000000000001
[  388.121727][T10514] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  388.121758][T10514]  </TASK>
[  388.414942][ T5809] usb 5-1: USB disconnect, device number 16
[  388.414985][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  388.415048][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  388.564637][ T5913] usb 4-1: USB disconnect, device number 32
[  389.178291][T10534] mkiss: ax0: crc mode is auto.
[  395.512187][T10603] FAULT_INJECTION: forcing a failure.
[  395.512187][T10603] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.512209][T10603] CPU: 0 UID: 0 PID: 10603 Comm: syz.1.1643 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  395.512222][T10603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  395.512228][T10603] Call Trace:
[  395.512232][T10603]  <TASK>
[  395.512237][T10603]  dump_stack_lvl+0x189/0x250
[  395.512253][T10603]  ? __pfx____ratelimit+0x10/0x10
[  395.512264][T10603]  ? __pfx_dump_stack_lvl+0x10/0x10
[  395.512275][T10603]  ? __pfx__printk+0x10/0x10
[  395.512286][T10603]  ? __might_fault+0xb0/0x130
[  395.512304][T10603]  should_fail_ex+0x46c/0x600
[  395.512322][T10603]  _copy_from_user+0x2d/0xb0
[  395.512336][T10603]  ___sys_recvmsg+0x12e/0x510
[  395.512352][T10603]  ? __pfx____sys_recvmsg+0x10/0x10
[  395.512376][T10603]  ? __fget_files+0x3a6/0x420
[  395.512394][T10603]  do_recvmmsg+0x30d/0x770
[  395.512410][T10603]  ? __pfx_do_recvmmsg+0x10/0x10
[  395.512420][T10603]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  395.512432][T10603]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  395.512449][T10603]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  395.512471][T10603]  __x64_sys_recvmmsg+0x190/0x240
[  395.512485][T10603]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  395.512499][T10603]  ? do_syscall_64+0xbe/0xfa0
[  395.512511][T10603]  do_syscall_64+0xfa/0xfa0
[  395.512521][T10603]  ? lockdep_hardirqs_on+0x9c/0x150
[  395.512532][T10603]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.512542][T10603]  ? clear_bhb_loop+0x60/0xb0
[  395.512554][T10603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.512563][T10603] RIP: 0033:0x7fdf0a4beec9
[  395.512572][T10603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.512581][T10603] RSP: 002b:00007fdf08726038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  395.512593][T10603] RAX: ffffffffffffffda RBX: 00007fdf0a715fa0 RCX: 00007fdf0a4beec9
[  395.512600][T10603] RDX: 000000000000058a RSI: 000020000000e280 RDI: 0000000000000003
[  395.512606][T10603] RBP: 00007fdf08726090 R08: 0000000000000000 R09: 0000000000000000
[  395.512612][T10603] R10: 0000000000000042 R11: 0000000000000246 R12: 0000000000000001
[  395.512618][T10603] R13: 00007fdf0a716038 R14: 00007fdf0a715fa0 R15: 00007ffe4fbc2758
[  395.512634][T10603]  </TASK>
[  396.971294][    C1] vkms_vblank_simulate: vblank timer overrun
[  397.035415][ T5809] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  397.198675][ T5809] usb 5-1: not running at top speed; connect to a high speed hub
[  397.200965][ T5809] usb 5-1: config 27 has an invalid interface number: 114 but max is 1
[  397.200993][ T5809] usb 5-1: config 27 has an invalid interface number: 104 but max is 1
[  397.201012][ T5809] usb 5-1: config 27 has an invalid descriptor of length 219, skipping remainder of the config
[  397.201033][ T5809] usb 5-1: config 27 has no interface number 0
[  397.201049][ T5809] usb 5-1: config 27 has no interface number 1
[  397.201110][ T5809] usb 5-1: config 27 interface 114 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 1023
[  397.201140][ T5809] usb 5-1: config 27 interface 114 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  397.201167][ T5809] usb 5-1: config 27 interface 114 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  397.201189][ T5809] usb 5-1: config 27 interface 114 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  397.201211][ T5809] usb 5-1: config 27 interface 114 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  397.201232][ T5809] usb 5-1: config 27 interface 114 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  397.201254][ T5809] usb 5-1: config 27 interface 114 altsetting 0 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  397.201280][ T5809] usb 5-1: config 27 interface 114 altsetting 0 has a duplicate endpoint with address 0x2, skipping
[  397.201303][ T5809] usb 5-1: config 27 interface 114 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  397.201328][ T5809] usb 5-1: config 27 interface 114 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  397.201349][ T5809] usb 5-1: config 27 interface 114 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[  397.201387][ T5809] usb 5-1: config 27 interface 104 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  397.201413][ T5809] usb 5-1: config 27 interface 104 has no altsetting 0
[  397.214517][ T5809] usb 5-1: New USB device found, idVendor=110a, idProduct=1130, bcdDevice=3b.16
[  397.214545][ T5809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.214564][ T5809] usb 5-1: Product: syz
[  397.214577][ T5809] usb 5-1: Manufacturer: syz
[  397.214591][ T5809] usb 5-1: SerialNumber: syz
[  397.238111][T10632] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  398.347130][ T5809] ti_usb_3410_5052 5-1:27.114: TI USB 3410 1 port adapter converter detected
[  398.347377][ T5809] ti_usb_3410_5052 5-1:27.114: missing endpoints
[  398.436803][ T5809] ti_usb_3410_5052 5-1:27.104: required endpoints missing
[  398.484868][ T5809] usb 5-1: USB disconnect, device number 17
[  398.832155][    C1] vkms_vblank_simulate: vblank timer overrun
[  399.365305][T10718] FAULT_INJECTION: forcing a failure.
[  399.365305][T10718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.365325][T10718] CPU: 1 UID: 0 PID: 10718 Comm: syz.2.1690 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  399.365337][T10718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  399.365345][T10718] Call Trace:
[  399.365357][T10718]  <TASK>
[  399.365362][T10718]  dump_stack_lvl+0x189/0x250
[  399.365379][T10718]  ? __pfx____ratelimit+0x10/0x10
[  399.365395][T10718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.365406][T10718]  ? __pfx__printk+0x10/0x10
[  399.365426][T10718]  should_fail_ex+0x46c/0x600
[  399.365444][T10718]  _copy_to_user+0x31/0xb0
[  399.365459][T10718]  simple_read_from_buffer+0xe1/0x170
[  399.365474][T10718]  proc_fail_nth_read+0x1b6/0x220
[  399.365487][T10718]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  399.365498][T10718]  ? rw_verify_area+0x2ac/0x4e0
[  399.365509][T10718]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  399.365520][T10718]  vfs_read+0x206/0xa30
[  399.365536][T10718]  ? __pfx_vfs_read+0x10/0x10
[  399.365545][T10718]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  399.365565][T10718]  ? mutex_lock_nested+0x154/0x1d0
[  399.365577][T10718]  ? fdget_pos+0x253/0x320
[  399.365600][T10718]  ksys_read+0x14b/0x260
[  399.365611][T10718]  ? __fget_files+0x2a/0x420
[  399.365624][T10718]  ? __pfx_ksys_read+0x10/0x10
[  399.365637][T10718]  ? do_syscall_64+0xbe/0xfa0
[  399.365650][T10718]  do_syscall_64+0xfa/0xfa0
[  399.365660][T10718]  ? lockdep_hardirqs_on+0x9c/0x150
[  399.365671][T10718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.365681][T10718]  ? clear_bhb_loop+0x60/0xb0
[  399.365693][T10718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.365702][T10718] RIP: 0033:0x7f7b090bd8dc
[  399.365711][T10718] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  399.365720][T10718] RSP: 002b:00007f7b0731e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  399.365732][T10718] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090bd8dc
[  399.365739][T10718] RDX: 000000000000000f RSI: 00007f7b0731e0a0 RDI: 0000000000000004
[  399.365745][T10718] RBP: 00007f7b0731e090 R08: 0000000000000000 R09: 0000000000000000
[  399.365752][T10718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  399.365757][T10718] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  399.365774][T10718]  </TASK>
[  399.891601][T10728] binder: 10727:10728 unknown command 0
[  399.891630][T10728] binder: 10727:10728 ioctl c0306201 200000000080 returned -22
[  399.915563][T10728] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.1694'.
[  399.915702][T10728] netlink: 4268 bytes leftover after parsing attributes in process `syz.3.1694'.
[  400.039891][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.607389][    C1] vkms_vblank_simulate: vblank timer overrun
[  401.214336][    C1] vkms_vblank_simulate: vblank timer overrun
[  402.184557][ T5809] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  402.419853][ T5809] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  402.419884][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.419903][ T5809] usb 2-1: Product: syz
[  402.419917][ T5809] usb 2-1: Manufacturer: syz
[  402.419930][ T5809] usb 2-1: SerialNumber: syz
[  402.457759][ T5809] usb 2-1: config 0 descriptor??
[  402.521212][T10777] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1712'.
[  402.760246][ T5809] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  403.538675][ T5809] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  403.557655][ T5809] usb 2-1: USB disconnect, device number 25
[  403.636014][T10638] udevd[10638]: setting mode of /dev/bus/usb/002/025 to 020664 failed: No such file or directory
[  403.636310][T10638] udevd[10638]: setting owner of /dev/bus/usb/002/025 to uid=0, gid=0 failed: No such file or directory
[  403.697487][T10797] 9pnet: Could not find request transport: fd00000000000000000000005
[  403.954011][T10815] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1726'.
[  404.250816][T10827] FAULT_INJECTION: forcing a failure.
[  404.250816][T10827] name failslab, interval 1, probability 0, space 0, times 0
[  404.250847][T10827] CPU: 1 UID: 0 PID: 10827 Comm: syz.1.1732 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  404.250868][T10827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  404.250879][T10827] Call Trace:
[  404.250886][T10827]  <TASK>
[  404.250894][T10827]  dump_stack_lvl+0x189/0x250
[  404.250920][T10827]  ? __pfx____ratelimit+0x10/0x10
[  404.250940][T10827]  ? __pfx_dump_stack_lvl+0x10/0x10
[  404.250960][T10827]  ? __pfx__printk+0x10/0x10
[  404.250995][T10827]  ? __pfx___might_resched+0x10/0x10
[  404.251014][T10827]  ? fs_reclaim_acquire+0x7d/0x100
[  404.251043][T10827]  should_fail_ex+0x46c/0x600
[  404.251073][T10827]  ? getname_flags+0xb8/0x540
[  404.251096][T10827]  should_failslab+0xa8/0x100
[  404.251119][T10827]  ? getname_flags+0xb8/0x540
[  404.251141][T10827]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  404.251161][T10827]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  404.251194][T10827]  getname_flags+0xb8/0x540
[  404.251216][T10827]  ? __se_sys_acct+0x9d/0x970
[  404.251242][T10827]  __se_sys_acct+0xbd/0x970
[  404.251268][T10827]  ? __pfx___se_sys_acct+0x10/0x10
[  404.251294][T10827]  ? do_syscall_64+0xbe/0xfa0
[  404.251319][T10827]  do_syscall_64+0xfa/0xfa0
[  404.251337][T10827]  ? lockdep_hardirqs_on+0x9c/0x150
[  404.251357][T10827]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.251375][T10827]  ? clear_bhb_loop+0x60/0xb0
[  404.251396][T10827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.251414][T10827] RIP: 0033:0x7fdf0a4beec9
[  404.251429][T10827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.251445][T10827] RSP: 002b:00007fdf08726038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3
[  404.251465][T10827] RAX: ffffffffffffffda RBX: 00007fdf0a715fa0 RCX: 00007fdf0a4beec9
[  404.251479][T10827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000240
[  404.251491][T10827] RBP: 00007fdf08726090 R08: 0000000000000000 R09: 0000000000000000
[  404.251501][T10827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.251513][T10827] R13: 00007fdf0a716038 R14: 00007fdf0a715fa0 R15: 00007ffe4fbc2758
[  404.251545][T10827]  </TASK>
[  405.006310][T10842] FAULT_INJECTION: forcing a failure.
[  405.006310][T10842] name failslab, interval 1, probability 0, space 0, times 0
[  405.006345][T10842] CPU: 0 UID: 0 PID: 10842 Comm: syz.2.1737 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  405.006367][T10842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  405.006379][T10842] Call Trace:
[  405.006386][T10842]  <TASK>
[  405.006394][T10842]  dump_stack_lvl+0x189/0x250
[  405.006420][T10842]  ? __pfx____ratelimit+0x10/0x10
[  405.006440][T10842]  ? __pfx_dump_stack_lvl+0x10/0x10
[  405.006461][T10842]  ? __pfx__printk+0x10/0x10
[  405.006487][T10842]  ? __pfx___might_resched+0x10/0x10
[  405.006505][T10842]  ? fs_reclaim_acquire+0x7d/0x100
[  405.006534][T10842]  should_fail_ex+0x46c/0x600
[  405.006565][T10842]  ? __alloc_skb+0x112/0x2d0
[  405.006583][T10842]  should_failslab+0xa8/0x100
[  405.006608][T10842]  ? __alloc_skb+0x112/0x2d0
[  405.006624][T10842]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  405.006654][T10842]  __alloc_skb+0x112/0x2d0
[  405.006678][T10842]  netlink_ack+0x146/0xa50
[  405.006704][T10842]  ? __local_bh_enable+0x27b/0x410
[  405.006732][T10842]  netlink_rcv_skb+0x28c/0x470
[  405.006752][T10842]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  405.006781][T10842]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  405.006811][T10842]  ? bpf_lsm_capable+0x9/0x20
[  405.006832][T10842]  ? security_capable+0x7e/0x2e0
[  405.006859][T10842]  nfnetlink_rcv+0x282/0x2590
[  405.006890][T10842]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  405.006921][T10842]  ? __dev_queue_xmit+0x26f/0x3b70
[  405.006957][T10842]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  405.006982][T10842]  ? __pfx___dev_queue_xmit+0x10/0x10
[  405.007018][T10842]  ? ref_tracker_free+0x61e/0x7c0
[  405.007038][T10842]  ? __asan_memcpy+0x40/0x70
[  405.007056][T10842]  ? __pfx_ref_tracker_free+0x10/0x10
[  405.007072][T10842]  ? __skb_clone+0x63/0x7a0
[  405.007097][T10842]  ? __skb_clone+0x483/0x7a0
[  405.007132][T10842]  ? skb_clone+0x246/0x3a0
[  405.007157][T10842]  ? __netlink_deliver_tap+0x807/0x850
[  405.007176][T10842]  ? netlink_deliver_tap+0x2e/0x1b0
[  405.007202][T10842]  ? netlink_deliver_tap+0x2e/0x1b0
[  405.007228][T10842]  netlink_unicast+0x843/0xa10
[  405.007263][T10842]  ? __pfx_netlink_unicast+0x10/0x10
[  405.007291][T10842]  ? netlink_sendmsg+0x642/0xb30
[  405.007308][T10842]  ? skb_put+0x11b/0x210
[  405.007331][T10842]  netlink_sendmsg+0x805/0xb30
[  405.007349][T10842]  ? is_bpf_text_address+0x26/0x2b0
[  405.007382][T10842]  ? __pfx_netlink_sendmsg+0x10/0x10
[  405.007410][T10842]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  405.007433][T10842]  ? __pfx_netlink_sendmsg+0x10/0x10
[  405.007453][T10842]  __sock_sendmsg+0x219/0x270
[  405.007481][T10842]  ____sys_sendmsg+0x508/0x820
[  405.007508][T10842]  ? __pfx_____sys_sendmsg+0x10/0x10
[  405.007539][T10842]  ? import_iovec+0x74/0xa0
[  405.007565][T10842]  ___sys_sendmsg+0x21f/0x2a0
[  405.007589][T10842]  ? __pfx____sys_sendmsg+0x10/0x10
[  405.007646][T10842]  ? __fget_files+0x2a/0x420
[  405.007668][T10842]  ? __fget_files+0x3a6/0x420
[  405.007701][T10842]  __x64_sys_sendmsg+0x1a1/0x260
[  405.007726][T10842]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  405.007757][T10842]  ? __pfx_ksys_write+0x10/0x10
[  405.007782][T10842]  ? do_syscall_64+0xbe/0xfa0
[  405.007806][T10842]  do_syscall_64+0xfa/0xfa0
[  405.007825][T10842]  ? lockdep_hardirqs_on+0x9c/0x150
[  405.007845][T10842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.007861][T10842]  ? clear_bhb_loop+0x60/0xb0
[  405.007882][T10842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  405.007900][T10842] RIP: 0033:0x7f7b090beec9
[  405.007916][T10842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  405.007930][T10842] RSP: 002b:00007f7b0731e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  405.007950][T10842] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090beec9
[  405.007964][T10842] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  405.007975][T10842] RBP: 00007f7b0731e090 R08: 0000000000000000 R09: 0000000000000000
[  405.007985][T10842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  405.007996][T10842] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  405.008022][T10842]  </TASK>
[  408.220720][ T5913] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  408.476934][ T5913] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  408.479408][ T5913] usb 5-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  408.479437][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.479458][ T5913] usb 5-1: Product: syz
[  408.479473][ T5913] usb 5-1: Manufacturer: syz
[  408.479487][ T5913] usb 5-1: SerialNumber: syz
[  408.496262][ T5913] usb 5-1: config 0 descriptor??
[  408.516947][ T5913] powermate 5-1:0.0: probe with driver powermate failed with error -5
[  409.389959][T10899] mkiss: ax0: crc mode is auto.
[  413.658667][ T5844] usb 5-1: USB disconnect, device number 18
[  414.174757][ T5913] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  414.204543][ T5844] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  414.357876][ T5913] usb 1-1: Using ep0 maxpacket: 8
[  414.707961][ T5913] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  414.707992][ T5913] usb 1-1: config 179 has no interface number 0
[  414.708040][ T5913] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  414.708067][ T5913] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  414.708093][ T5913] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  414.708116][ T5913] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  414.708137][ T5913] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  414.708185][ T5913] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  414.708206][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.714147][T10915] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  414.724653][ T5844] usb 5-1: Using ep0 maxpacket: 32
[  414.910694][ T5844] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  414.910782][ T5844] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.910794][ T5844] usb 5-1: Product: syz
[  414.910801][ T5844] usb 5-1: Manufacturer: syz
[  414.910809][ T5844] usb 5-1: SerialNumber: syz
[  415.006888][ T5844] usb 5-1: config 0 descriptor??
[  415.491594][ T5844] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  415.557792][T10915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  415.567524][T10915] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.628758][ T5913] usb 1-1: USB disconnect, device number 23
[  415.628814][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  415.628849][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  417.163013][ T5844] gspca_stk1135: reg_w 0x5 err -110
[  417.164080][ T5844] gspca_stk1135: serial bus timeout: status=0x00
[  417.164091][ T5844] gspca_stk1135: Sensor write failed
[  417.164121][ T5844] gspca_stk1135: serial bus timeout: status=0x00
[  417.164135][ T5844] gspca_stk1135: Sensor write failed
[  417.164165][ T5844] gspca_stk1135: serial bus timeout: status=0x00
[  417.164174][ T5844] gspca_stk1135: Sensor read failed
[  417.164203][ T5844] gspca_stk1135: serial bus timeout: status=0x00
[  417.164213][ T5844] gspca_stk1135: Sensor read failed
[  417.164220][ T5844] gspca_stk1135: Detected sensor type unknown (0x0)
[  417.164257][ T5844] gspca_stk1135: serial bus timeout: status=0x00
[  417.164266][ T5844] gspca_stk1135: Sensor read failed
[  417.164294][ T5844] gspca_stk1135: serial bus timeout: status=0x00
[  417.164304][ T5844] gspca_stk1135: Sensor read failed
[  417.164333][ T5844] gspca_stk1135: serial bus timeout: status=0x00
[  417.164342][ T5844] gspca_stk1135: Sensor write failed
[  417.164371][ T5844] gspca_stk1135: serial bus timeout: status=0x00
[  417.164380][ T5844] gspca_stk1135: Sensor write failed
[  417.195679][ T5844] stk1135 5-1:0.0: probe with driver stk1135 failed with error -110
[  417.213746][ T5844] usb 5-1: USB disconnect, device number 19
[  418.989871][T10987] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1786'.
[  419.356212][T10997] netlink: 'syz.4.1790': attribute type 5 has an invalid length.
[  419.594547][ T1197] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  419.819071][ T1197] usb 5-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  419.819101][ T1197] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.836638][ T1197] usb 5-1: config 0 descriptor??
[  419.859431][ T1197] ums-realtek 5-1:0.0: USB Mass Storage device detected
[  420.078589][T11011] netlink: 'syz.4.1790': attribute type 5 has an invalid length.
[  421.564684][ T1197] usb 5-1: USB disconnect, device number 20
[  421.861019][ T5844] usb 1-1: new low-speed USB device number 24 using dummy_hcd
[  422.037495][ T5844] usb 1-1: unable to get BOS descriptor or descriptor too short
[  422.040235][ T5844] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  422.040261][ T5844] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  422.084833][ T5844] usb 1-1: string descriptor 0 read error: -22
[  422.084987][ T5844] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  422.085009][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.302988][ T5844] usb 1-1: 0:2 : does not exist
[  423.022595][ T5844] usb 1-1: USB disconnect, device number 24
[  423.175543][T11061] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1814'.
[  424.784951][ T5809] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  424.937136][ T5809] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  424.937163][ T5809] usb 4-1: config 0 has no interfaces?
[  424.940914][ T5809] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  424.940941][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.940961][ T5809] usb 4-1: Product: syz
[  424.940975][ T5809] usb 4-1: Manufacturer: syz
[  424.940989][ T5809] usb 4-1: SerialNumber: syz
[  424.996585][ T5809] usb 4-1: config 0 descriptor??
[  427.573806][T11121] ptrace attach of "./syz-executor exec"[6691] was attempted by "./syz-executor exec"[11121]
[  427.633654][ T5809] usb 4-1: USB disconnect, device number 33
[  428.252777][   T37] audit: type=1326 audit(1760179459.726:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11134 comm="syz.1.1843" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdf0a4beec9 code=0x0
[  428.504567][ T5853] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  428.658364][ T5853] usb 4-1: config 8 has an invalid interface number: 177 but max is 0
[  428.658393][ T5853] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  428.658413][ T5853] usb 4-1: config 8 has no interface number 0
[  428.658460][ T5853] usb 4-1: config 8 interface 177 altsetting 9 endpoint 0x9 has invalid maxpacket 255, setting to 64
[  428.658486][ T5853] usb 4-1: config 8 interface 177 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  428.658511][ T5853] usb 4-1: config 8 interface 177 has no altsetting 0
[  428.658559][ T5853] usb 4-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  428.658581][ T5853] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.672125][T11126] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  428.879283][ T5853] usb 4-1: string descriptor 0 read error: -71
[  428.892641][ T5853] ir_toy 4-1:8.177: required endpoints not found
[  428.927902][ T5853] usb 4-1: USB disconnect, device number 34
[  430.500178][T11197] FAULT_INJECTION: forcing a failure.
[  430.500178][T11197] name failslab, interval 1, probability 0, space 0, times 0
[  430.500216][T11197] CPU: 0 UID: 0 PID: 11197 Comm: syz.4.1867 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  430.500237][T11197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  430.500252][T11197] Call Trace:
[  430.500263][T11197]  <TASK>
[  430.500271][T11197]  dump_stack_lvl+0x189/0x250
[  430.500297][T11197]  ? __pfx____ratelimit+0x10/0x10
[  430.500318][T11197]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.500339][T11197]  ? __pfx__printk+0x10/0x10
[  430.500366][T11197]  ? __pfx___might_resched+0x10/0x10
[  430.500391][T11197]  should_fail_ex+0x46c/0x600
[  430.500424][T11197]  should_failslab+0xa8/0x100
[  430.500448][T11197]  __kmalloc_noprof+0xcc/0x7d0
[  430.500468][T11197]  ? kfree+0x51/0x950
[  430.500483][T11197]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  430.500508][T11197]  tomoyo_realpath_from_path+0xe3/0x5d0
[  430.500527][T11197]  ? tomoyo_domain+0xda/0x130
[  430.500551][T11197]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  430.500576][T11197]  tomoyo_path_number_perm+0x1e8/0x5a0
[  430.500604][T11197]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  430.500633][T11197]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  430.500655][T11197]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.500707][T11197]  ? __fget_files+0x2a/0x420
[  430.500735][T11197]  ? __fget_files+0x3a6/0x420
[  430.500756][T11197]  ? __fget_files+0x2a/0x420
[  430.500783][T11197]  security_file_ioctl+0xcb/0x2d0
[  430.500812][T11197]  __se_sys_ioctl+0x47/0x170
[  430.500834][T11197]  do_syscall_64+0xfa/0xfa0
[  430.500853][T11197]  ? lockdep_hardirqs_on+0x9c/0x150
[  430.500872][T11197]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.500891][T11197]  ? clear_bhb_loop+0x60/0xb0
[  430.500912][T11197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.500930][T11197] RIP: 0033:0x7f63831feec9
[  430.500946][T11197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.500961][T11197] RSP: 002b:00007f638145e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  430.500981][T11197] RAX: ffffffffffffffda RBX: 00007f6383455fa0 RCX: 00007f63831feec9
[  430.500995][T11197] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  430.501006][T11197] RBP: 00007f638145e090 R08: 0000000000000000 R09: 0000000000000000
[  430.501018][T11197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.501029][T11197] R13: 00007f6383456038 R14: 00007f6383455fa0 R15: 00007ffd5aa4e3a8
[  430.501058][T11197]  </TASK>
[  430.501075][T11197] ERROR: Out of memory at tomoyo_realpath_from_path.
[  431.714873][T11215] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1874'.
[  435.050300][T11276] FAULT_INJECTION: forcing a failure.
[  435.050300][T11276] name failslab, interval 1, probability 0, space 0, times 0
[  435.050333][T11276] CPU: 0 UID: 0 PID: 11276 Comm: syz.2.1899 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  435.050354][T11276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  435.050365][T11276] Call Trace:
[  435.050373][T11276]  <TASK>
[  435.050381][T11276]  dump_stack_lvl+0x189/0x250
[  435.050408][T11276]  ? __pfx____ratelimit+0x10/0x10
[  435.050439][T11276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  435.050459][T11276]  ? __pfx__printk+0x10/0x10
[  435.050486][T11276]  ? __pfx___might_resched+0x10/0x10
[  435.050509][T11276]  should_fail_ex+0x46c/0x600
[  435.050540][T11276]  should_failslab+0xa8/0x100
[  435.050565][T11276]  __kmalloc_cache_noprof+0x6f/0x6c0
[  435.050586][T11276]  ? bpf_prog_alloc_no_stats+0x4a/0x530
[  435.050608][T11276]  ? __vmalloc_noprof+0xb1/0xf0
[  435.050624][T11276]  ? bpf_prog_alloc_no_stats+0xdb/0x530
[  435.050650][T11276]  bpf_prog_alloc_no_stats+0xdb/0x530
[  435.050677][T11276]  bpf_prog_alloc+0x3c/0x1a0
[  435.050703][T11276]  bpf_prog_load+0x735/0x19e0
[  435.050734][T11276]  ? __pfx_bpf_prog_load+0x10/0x10
[  435.050781][T11276]  ? bpf_lsm_bpf+0x9/0x20
[  435.050796][T11276]  ? security_bpf+0x7e/0x300
[  435.050815][T11276]  __sys_bpf+0x507/0x860
[  435.050836][T11276]  ? __pfx___sys_bpf+0x10/0x10
[  435.050854][T11276]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  435.050896][T11276]  ? ksys_write+0x230/0x260
[  435.050918][T11276]  ? __pfx_ksys_write+0x10/0x10
[  435.050945][T11276]  __x64_sys_bpf+0x7c/0x90
[  435.050966][T11276]  do_syscall_64+0xfa/0xfa0
[  435.050985][T11276]  ? lockdep_hardirqs_on+0x9c/0x150
[  435.051005][T11276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.051023][T11276]  ? clear_bhb_loop+0x60/0xb0
[  435.051045][T11276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.051062][T11276] RIP: 0033:0x7f7b090beec9
[  435.051078][T11276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  435.051093][T11276] RSP: 002b:00007f7b0731e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  435.051112][T11276] RAX: ffffffffffffffda RBX: 00007f7b09315fa0 RCX: 00007f7b090beec9
[  435.051126][T11276] RDX: 0000000000000094 RSI: 00002000000005c0 RDI: 0000000000000005
[  435.051139][T11276] RBP: 00007f7b0731e090 R08: 0000000000000000 R09: 0000000000000000
[  435.051150][T11276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.051162][T11276] R13: 00007f7b09316038 R14: 00007f7b09315fa0 R15: 00007ffdd85badc8
[  435.051193][T11276]  </TASK>
[  437.334617][ T5844] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  437.696125][ T5844] usb 5-1: Using ep0 maxpacket: 8
[  438.029453][ T5844] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  438.029484][ T5844] usb 5-1: config 179 has no interface number 0
[  438.030653][ T5844] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  438.030681][ T5844] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  438.030708][ T5844] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  438.030734][ T5844] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  438.030761][ T5844] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  438.030803][ T5844] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  438.030826][ T5844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.218971][T11308] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  439.000205][T11308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  439.001983][T11308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  439.039498][ T5844] usb 5-1: USB disconnect, device number 21
[  439.039568][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  439.039604][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  439.290762][T11346] nbd: must specify a size in bytes for the device
[  439.293028][T11346] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1923'.
[  439.293065][T11346] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1923'.
[  439.534557][ T5844] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  439.569717][T11357] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1928'.
[  439.699092][ T5844] usb 2-1: Using ep0 maxpacket: 8
[  439.701622][ T5844] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  439.701648][ T5844] usb 2-1: config 179 has no interface number 0
[  439.701694][ T5844] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  439.701720][ T5844] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  439.701747][ T5844] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  439.701772][ T5844] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  439.701797][ T5844] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  439.701838][ T5844] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  439.701860][ T5844] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.713509][T11345] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  440.068917][ T1323] ieee802154 phy0 wpan0: encryption failed: -22
[  440.068986][ T1323] ieee802154 phy1 wpan1: encryption failed: -22
[  440.178817][T11345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  440.182697][T11345] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  440.206425][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  440.206497][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  440.206567][ T5844] usb 2-1: USB disconnect, device number 26
[  441.096457][T11390] ptrace attach of "./syz-executor exec"[5807] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  442.553864][T11417] program syz.4.1954 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  442.892860][T11425] FAULT_INJECTION: forcing a failure.
[  442.892860][T11425] name failslab, interval 1, probability 0, space 0, times 0
[  442.892891][T11425] CPU: 1 UID: 0 PID: 11425 Comm: syz.3.1959 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  442.892912][T11425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  442.892923][T11425] Call Trace:
[  442.892930][T11425]  <TASK>
[  442.892938][T11425]  dump_stack_lvl+0x189/0x250
[  442.892963][T11425]  ? __pfx____ratelimit+0x10/0x10
[  442.892985][T11425]  ? __pfx_dump_stack_lvl+0x10/0x10
[  442.893005][T11425]  ? __pfx__printk+0x10/0x10
[  442.893033][T11425]  ? __pfx___might_resched+0x10/0x10
[  442.893056][T11425]  should_fail_ex+0x46c/0x600
[  442.893094][T11425]  should_failslab+0xa8/0x100
[  442.893119][T11425]  __kmalloc_noprof+0xcc/0x7d0
[  442.893141][T11425]  ? kfree+0x51/0x950
[  442.893158][T11425]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  442.893184][T11425]  tomoyo_realpath_from_path+0xe3/0x5d0
[  442.893205][T11425]  ? tomoyo_domain+0xda/0x130
[  442.893231][T11425]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  442.893256][T11425]  tomoyo_path_number_perm+0x1e8/0x5a0
[  442.893284][T11425]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  442.893313][T11425]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  442.893335][T11425]  ? lockdep_hardirqs_on+0x9c/0x150
[  442.893384][T11425]  ? __fget_files+0x2a/0x420
[  442.893411][T11425]  ? __fget_files+0x3a6/0x420
[  442.893432][T11425]  ? __fget_files+0x2a/0x420
[  442.893458][T11425]  security_file_ioctl+0xcb/0x2d0
[  442.893487][T11425]  __se_sys_ioctl+0x47/0x170
[  442.893508][T11425]  do_syscall_64+0xfa/0xfa0
[  442.893527][T11425]  ? lockdep_hardirqs_on+0x9c/0x150
[  442.893547][T11425]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.893565][T11425]  ? clear_bhb_loop+0x60/0xb0
[  442.893587][T11425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.893604][T11425] RIP: 0033:0x7fe2f056eec9
[  442.893620][T11425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  442.893634][T11425] RSP: 002b:00007fe2ee7d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  442.893655][T11425] RAX: ffffffffffffffda RBX: 00007fe2f07c5fa0 RCX: 00007fe2f056eec9
[  442.893669][T11425] RDX: 0000000000000000 RSI: 0000000000005380 RDI: 0000000000000003
[  442.893680][T11425] RBP: 00007fe2ee7d6090 R08: 0000000000000000 R09: 0000000000000000
[  442.893692][T11425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  442.893703][T11425] R13: 00007fe2f07c6038 R14: 00007fe2f07c5fa0 R15: 00007ffc0f436488
[  442.893735][T11425]  </TASK>
[  442.893742][T11425] ERROR: Out of memory at tomoyo_realpath_from_path.
[  442.978551][T11430] ptrace attach of "./syz-executor exec"[6691] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  444.006969][T11448] FAULT_INJECTION: forcing a failure.
[  444.006969][T11448] name failslab, interval 1, probability 0, space 0, times 0
[  444.007002][T11448] CPU: 1 UID: 0 PID: 11448 Comm: syz.2.1965 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  444.007022][T11448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  444.007033][T11448] Call Trace:
[  444.007040][T11448]  <TASK>
[  444.007047][T11448]  dump_stack_lvl+0x189/0x250
[  444.007072][T11448]  ? __pfx____ratelimit+0x10/0x10
[  444.007093][T11448]  ? __pfx_dump_stack_lvl+0x10/0x10
[  444.007112][T11448]  ? __pfx__printk+0x10/0x10
[  444.007137][T11448]  ? __pfx___might_resched+0x10/0x10
[  444.007158][T11448]  should_fail_ex+0x46c/0x600
[  444.007188][T11448]  should_failslab+0xa8/0x100
[  444.007213][T11448]  __kmalloc_noprof+0xcc/0x7d0
[  444.007231][T11448]  ? rcu_is_watching+0x15/0xb0
[  444.007254][T11448]  ? snd_interval_refine+0x602/0xa50
[  444.007277][T11448]  ? snd_pcm_hw_refine+0x967/0x1640
[  444.007302][T11448]  snd_pcm_hw_refine+0x967/0x1640
[  444.007338][T11448]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  444.007396][T11448]  ? __asan_memset+0x22/0x50
[  444.007413][T11448]  ? snd_pcm_oss_change_params_locked+0x7a0/0x3e40
[  444.007433][T11448]  ? snd_pcm_oss_change_params_locked+0x800/0x3e40
[  444.007455][T11448]  snd_pcm_oss_change_params_locked+0xa84/0x3e40
[  444.007474][T11448]  ? register_lock_class+0x51/0x320
[  444.007502][T11448]  ? __lock_acquire+0xab9/0xd20
[  444.007531][T11448]  ? do_raw_spin_lock+0x121/0x290
[  444.007558][T11448]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  444.007573][T11448]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  444.007594][T11448]  ? lockdep_hardirqs_on+0x9c/0x150
[  444.007616][T11448]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  444.007645][T11448]  ? mutex_lock_interruptible_nested+0x154/0x1d0
[  444.007669][T11448]  ? snd_pcm_oss_make_ready+0xc0/0x340
[  444.007691][T11448]  snd_pcm_oss_make_ready+0x11b/0x340
[  444.007727][T11448]  snd_pcm_oss_set_trigger+0x95/0x740
[  444.007754][T11448]  snd_pcm_oss_poll+0x844/0x980
[  444.007771][T11448]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  444.007795][T11448]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[  444.007810][T11448]  ? rt_spin_unlock+0x161/0x200
[  444.007825][T11448]  ? __pfx___pollwait+0x10/0x10
[  444.007848][T11448]  ? __pfx_snd_pcm_oss_poll+0x10/0x10
[  444.007867][T11448]  do_sys_poll+0x86c/0xed0
[  444.007894][T11448]  ? do_sys_poll+0x391/0xed0
[  444.007920][T11448]  ? __pfx_do_sys_poll+0x10/0x10
[  444.007955][T11448]  ? __pfx_pollwake+0x10/0x10
[  444.007978][T11448]  ? __pfx_pollwake+0x10/0x10
[  444.008003][T11448]  ? __pfx_pollwake+0x10/0x10
[  444.008025][T11448]  ? __pfx_pollwake+0x10/0x10
[  444.008048][T11448]  ? __pfx_pollwake+0x10/0x10
[  444.008073][T11448]  ? __pfx_pollwake+0x10/0x10
[  444.008113][T11448]  ? rcu_read_lock_any_held+0xb3/0x120
[  444.008132][T11448]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  444.008153][T11448]  ? vfs_write+0x965/0xb40
[  444.008201][T11448]  ? set_user_sigmask+0xc7/0x1b0
[  444.008222][T11448]  ? __pfx_set_user_sigmask+0x10/0x10
[  444.008244][T11448]  ? do_sys_openat2+0x154/0x1c0
[  444.008266][T11448]  __se_sys_ppoll+0x1ff/0x260
[  444.008290][T11448]  ? __pfx___se_sys_ppoll+0x10/0x10
[  444.008312][T11448]  ? __pfx_ksys_write+0x10/0x10
[  444.008336][T11448]  ? do_syscall_64+0xbe/0xfa0
[  444.008355][T11448]  ? __x64_sys_ppoll+0x20/0xc0
[  444.008376][T11448]  do_syscall_64+0xfa/0xfa0
[  444.008393][T11448]  ? lockdep_hardirqs_on+0x9c/0x150
[  444.008413][T11448]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.008430][T11448]  ? clear_bhb_loop+0x60/0xb0
[  444.008451][T11448]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.008468][T11448] RIP: 0033:0x7f7b090beec9
[  444.008484][T11448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  444.008498][T11448] RSP: 002b:00007f7b072dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  444.008517][T11448] RAX: ffffffffffffffda RBX: 00007f7b09316180 RCX: 00007f7b090beec9
[  444.008531][T11448] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  444.008543][T11448] RBP: 00007f7b072dc090 R08: 0000000000000000 R09: 0000000000000000
[  444.008555][T11448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  444.008566][T11448] R13: 00007f7b09316218 R14: 00007f7b09316180 R15: 00007ffdd85badc8
[  444.008598][T11448]  </TASK>
[  444.244561][ T5803] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  444.504515][ T5803] usb 2-1: Using ep0 maxpacket: 8
[  444.570451][ T5803] usb 2-1: config 0 has an invalid interface number: 111 but max is 0
[  444.570480][ T5803] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  444.570499][ T5803] usb 2-1: config 0 has no interface number 0
[  444.570546][ T5803] usb 2-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  444.570589][ T5803] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=22.8b
[  444.570612][ T5803] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.646528][ T5803] usb 2-1: config 0 descriptor??
[  444.650535][ T5803] qmi_wwan 2-1:0.111: probe with driver qmi_wwan failed with error -22
[  445.010869][T11465] FAULT_INJECTION: forcing a failure.
[  445.010869][T11465] name failslab, interval 1, probability 0, space 0, times 0
[  445.010902][T11465] CPU: 0 UID: 0 PID: 11465 Comm: syz.4.1971 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  445.010924][T11465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  445.010935][T11465] Call Trace:
[  445.010942][T11465]  <TASK>
[  445.010950][T11465]  dump_stack_lvl+0x189/0x250
[  445.010975][T11465]  ? __pfx____ratelimit+0x10/0x10
[  445.010997][T11465]  ? __pfx_dump_stack_lvl+0x10/0x10
[  445.011017][T11465]  ? __pfx__printk+0x10/0x10
[  445.011044][T11465]  ? __pfx___might_resched+0x10/0x10
[  445.011061][T11465]  ? fs_reclaim_acquire+0x7d/0x100
[  445.011088][T11465]  should_fail_ex+0x46c/0x600
[  445.011118][T11465]  should_failslab+0xa8/0x100
[  445.011143][T11465]  __kmalloc_noprof+0xcc/0x7d0
[  445.011165][T11465]  ? tomoyo_encode+0x28b/0x550
[  445.011188][T11465]  tomoyo_encode+0x28b/0x550
[  445.011212][T11465]  tomoyo_realpath_from_path+0x58d/0x5d0
[  445.011242][T11465]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  445.011266][T11465]  tomoyo_path_number_perm+0x1e8/0x5a0
[  445.011294][T11465]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  445.011322][T11465]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  445.011345][T11465]  ? lockdep_hardirqs_on+0x9c/0x150
[  445.011394][T11465]  ? __fget_files+0x2a/0x420
[  445.011421][T11465]  ? __fget_files+0x3a6/0x420
[  445.011442][T11465]  ? __fget_files+0x2a/0x420
[  445.011469][T11465]  security_file_ioctl+0xcb/0x2d0
[  445.011496][T11465]  __se_sys_ioctl+0x47/0x170
[  445.011519][T11465]  do_syscall_64+0xfa/0xfa0
[  445.011538][T11465]  ? lockdep_hardirqs_on+0x9c/0x150
[  445.011558][T11465]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.011576][T11465]  ? clear_bhb_loop+0x60/0xb0
[  445.011598][T11465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.011623][T11465] RIP: 0033:0x7f63831feec9
[  445.011639][T11465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  445.011654][T11465] RSP: 002b:00007f638145e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  445.011674][T11465] RAX: ffffffffffffffda RBX: 00007f6383455fa0 RCX: 00007f63831feec9
[  445.011687][T11465] RDX: 00002000000004c0 RSI: 0000000040345410 RDI: 0000000000000003
[  445.011705][T11465] RBP: 00007f638145e090 R08: 0000000000000000 R09: 0000000000000000
[  445.011716][T11465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  445.011727][T11465] R13: 00007f6383456038 R14: 00007f6383455fa0 R15: 00007ffd5aa4e3a8
[  445.011760][T11465]  </TASK>
[  445.011781][T11465] ERROR: Out of memory at tomoyo_realpath_from_path.
[  446.364545][ T5844] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  446.526182][ T5844] usb 4-1: Using ep0 maxpacket: 8
[  446.528127][ T5844] usb 4-1: config 0 has an invalid interface number: 111 but max is 0
[  446.528151][ T5844] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  446.528172][ T5844] usb 4-1: config 0 has no interface number 0
[  446.528221][ T5844] usb 4-1: config 0 interface 111 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  446.528264][ T5844] usb 4-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=22.8b
[  446.528287][ T5844] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.546673][ T5844] usb 4-1: config 0 descriptor??
[  446.557831][ T5844] qmi_wwan 4-1:0.111: probe with driver qmi_wwan failed with error -22
[  446.653201][  T982] usb 2-1: USB disconnect, device number 27
[  446.846107][  T982] usb 4-1: USB disconnect, device number 35
[  449.054632][ T5844] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  449.206251][ T5844] usb 5-1: config 252 has an invalid interface number: 95 but max is 0
[  449.206270][ T5844] usb 5-1: config 252 has an invalid descriptor of length 0, skipping remainder of the config
[  449.206281][ T5844] usb 5-1: config 252 has no interface number 0
[  449.206306][ T5844] usb 5-1: config 252 interface 95 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  449.206321][ T5844] usb 5-1: config 252 interface 95 altsetting 4 endpoint 0x8 has invalid wMaxPacketSize 0
[  449.206341][ T5844] usb 5-1: config 252 interface 95 altsetting 4 has 3 endpoint descriptors, different from the interface descriptor's value: 5
[  449.206366][ T5844] usb 5-1: config 252 interface 95 has no altsetting 0
[  449.208898][ T5844] usb 5-1: New USB device found, idVendor=07b0, idProduct=0006, bcdDevice=c6.10
[  449.208915][ T5844] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.208925][ T5844] usb 5-1: Product: syz
[  449.208933][ T5844] usb 5-1: Manufacturer: syz
[  449.208940][ T5844] usb 5-1: SerialNumber: syz
[  449.213089][T11551] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  449.495245][T11551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  449.504908][T11551] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  449.755015][ T5844] HFC-S_USB 5-1:252.95: probe with driver HFC-S_USB failed with error -5
[  449.927281][ T5844] usb 5-1: USB disconnect, device number 22
[  452.545161][ T5809] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  452.927996][ T5809] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  452.928024][ T5809] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  452.928043][ T5809] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  452.928062][ T5809] usb 5-1: config 220 has no interface number 2
[  452.928152][ T5809] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  452.928178][ T5809] usb 5-1: config 220 interface 0 has no altsetting 0
[  452.928197][ T5809] usb 5-1: config 220 interface 76 has no altsetting 0
[  452.928214][ T5809] usb 5-1: config 220 interface 1 has no altsetting 0
[  452.933438][ T5809] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  452.933467][ T5809] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.933487][ T5809] usb 5-1: Product: syz
[  452.933501][ T5809] usb 5-1: Manufacturer: syz
[  452.933514][ T5809] usb 5-1: SerialNumber: syz
[  453.233997][ T5809] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  453.234019][ T5809] uvcvideo 5-1:220.0: No valid video chain found.
[  453.234056][ T5809] usb 5-1: selecting invalid altsetting 0
[  453.319890][ T5809] usb 5-1: selecting invalid altsetting 0
[  453.319930][ T5809] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  453.365350][ T5809] usb 5-1: USB disconnect, device number 23
[  453.604577][ T5803] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  453.754585][ T5803] usb 2-1: Using ep0 maxpacket: 8
[  453.759382][ T5803] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  453.759408][ T5803] usb 2-1: config 179 has no interface number 0
[  453.759455][ T5803] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  453.759481][ T5803] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  453.759506][ T5803] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  453.759530][ T5803] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  453.759556][ T5803] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  453.759592][ T5803] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  453.759613][ T5803] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.768748][T11593] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  453.876112][T11615] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2031'.
[  453.876138][T11615] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2031'.
[  454.800535][T11593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.801675][T11593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.855038][ T5803] usb 2-1: USB disconnect, device number 28
[  454.855112][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  454.855147][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  455.004561][ T1197] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  455.159589][ T1197] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  455.159620][ T1197] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.159641][ T1197] usb 5-1: Product: syz
[  455.159655][ T1197] usb 5-1: Manufacturer: syz
[  455.159669][ T1197] usb 5-1: SerialNumber: syz
[  455.198091][ T1197] usb 5-1: config 0 descriptor??
[  455.515962][ T1197] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  455.661889][T11651] ptrace attach of "./syz-executor exec"[6691] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  456.366504][ T1197] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  456.366602][T11657] FAULT_INJECTION: forcing a failure.
[  456.366602][T11657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.366630][T11657] CPU: 1 UID: 0 PID: 11657 Comm: syz.3.2046 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  456.366652][T11657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  456.366661][T11657] Call Trace:
[  456.366668][T11657]  <TASK>
[  456.366675][T11657]  dump_stack_lvl+0x189/0x250
[  456.366699][T11657]  ? __pfx____ratelimit+0x10/0x10
[  456.366718][T11657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  456.366738][T11657]  ? __pfx__printk+0x10/0x10
[  456.366771][T11657]  should_fail_ex+0x46c/0x600
[  456.366802][T11657]  _copy_from_user+0x2d/0xb0
[  456.366825][T11657]  copy_from_bpfptr+0x5c/0x90
[  456.366849][T11657]  bpf_prog_load+0xa83/0x19e0
[  456.366884][T11657]  ? __pfx_bpf_prog_load+0x10/0x10
[  456.366935][T11657]  ? bpf_lsm_bpf+0x9/0x20
[  456.366951][T11657]  ? security_bpf+0x7e/0x300
[  456.366972][T11657]  __sys_bpf+0x507/0x860
[  456.366996][T11657]  ? __pfx___sys_bpf+0x10/0x10
[  456.367015][T11657]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  456.367057][T11657]  ? ksys_write+0x230/0x260
[  456.367079][T11657]  ? __pfx_ksys_write+0x10/0x10
[  456.367104][T11657]  __x64_sys_bpf+0x7c/0x90
[  456.367126][T11657]  do_syscall_64+0xfa/0xfa0
[  456.367144][T11657]  ? lockdep_hardirqs_on+0x9c/0x150
[  456.367163][T11657]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.367181][T11657]  ? clear_bhb_loop+0x60/0xb0
[  456.367202][T11657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.367219][T11657] RIP: 0033:0x7fe2f056eec9
[  456.367235][T11657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  456.367249][T11657] RSP: 002b:00007fe2ee7d6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  456.367268][T11657] RAX: ffffffffffffffda RBX: 00007fe2f07c5fa0 RCX: 00007fe2f056eec9
[  456.367282][T11657] RDX: 0000000000000090 RSI: 00002000000000c0 RDI: 0000000000000005
[  456.367293][T11657] RBP: 00007fe2ee7d6090 R08: 0000000000000000 R09: 0000000000000000
[  456.367304][T11657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  456.367315][T11657] R13: 00007fe2f07c6038 R14: 00007fe2f07c5fa0 R15: 00007ffc0f436488
[  456.367345][T11657]  </TASK>
[  456.369933][ T1197] usb 5-1: USB disconnect, device number 24
[  456.508457][T11660] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2047'.
[  458.124531][ T5809] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  458.276916][ T5809] usb 2-1: config 0 has an invalid interface number: 25 but max is 0
[  458.276943][ T5809] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  458.276962][ T5809] usb 2-1: config 0 has no interface number 0
[  458.277006][ T5809] usb 2-1: config 0 interface 25 altsetting 205 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  458.277033][ T5809] usb 2-1: config 0 interface 25 has no altsetting 0
[  458.280367][ T5809] usb 2-1: New USB device found, idVendor=1b3b, idProduct=2951, bcdDevice=9e.ee
[  458.280395][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.280415][ T5809] usb 2-1: Product: syz
[  458.280429][ T5809] usb 2-1: Manufacturer: syz
[  458.280443][ T5809] usb 2-1: SerialNumber: syz
[  458.294271][ T5809] usb 2-1: config 0 descriptor??
[  458.467897][ T5809] uvcvideo 2-1:0.25: Found Unit with invalid ID 0
[  458.794378][ T5809] uvcvideo 2-1:0.25: Found UVC 0.00 device syz (1b3b:2951)
[  458.794682][ T5809] uvcvideo 2-1:0.25: No valid video chain found.
[  458.930402][ T5803] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  458.998586][ T5892] usb 2-1: USB disconnect, device number 29
[  459.091032][ T5803] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x21, changing to 0x1
[  459.091064][ T5803] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 197, setting to 64
[  459.091105][ T5803] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  459.091126][ T5803] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.096946][ T5803] usb 1-1: config 0 descriptor??
[  459.387495][T11699] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2062'.
[  459.654620][ T5803] ath6kl: Failed to submit usb control message: -71
[  459.654666][ T5803] ath6kl: unable to send the bmi data to the device: -71
[  459.654680][ T5803] ath6kl: Unable to send get target info: -71
[  459.657540][ T5803] ath6kl: Failed to init ath6kl core: -71
[  459.659051][ T5803] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -71
[  459.689097][ T5803] usb 1-1: USB disconnect, device number 25
[  461.439404][T11733] netlink: 'syz.0.2077': attribute type 1 has an invalid length.
[  461.439439][T11733] netlink: 'syz.0.2077': attribute type 1 has an invalid length.
[  463.364536][ T5809] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  463.546580][ T5809] usb 2-1: config 0 has an invalid interface number: 25 but max is 0
[  463.546597][ T5809] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  463.546608][ T5809] usb 2-1: config 0 has no interface number 0
[  463.546633][ T5809] usb 2-1: config 0 interface 25 altsetting 205 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  463.546647][ T5809] usb 2-1: config 0 interface 25 has no altsetting 0
[  463.548427][ T5809] usb 2-1: New USB device found, idVendor=1b3b, idProduct=2951, bcdDevice=9e.ee
[  463.548442][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.548452][ T5809] usb 2-1: Product: syz
[  463.548460][ T5809] usb 2-1: Manufacturer: syz
[  463.548467][ T5809] usb 2-1: SerialNumber: syz
[  463.551522][ T5809] usb 2-1: config 0 descriptor??
[  463.567579][ T5809] uvcvideo 2-1:0.25: Found Unit with invalid ID 0
[  463.936937][ T5809] uvcvideo 2-1:0.25: Found UVC 0.00 device syz (1b3b:2951)
[  463.936961][ T5809] uvcvideo 2-1:0.25: No valid video chain found.
[  464.799462][ T5809] usb 2-1: USB disconnect, device number 30
[  466.775106][T11841] ptrace attach of "./syz-executor exec"[5800] was attempted by "./syz-executor exec"[11841]
[  467.605501][T11847] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2122'.
[  467.605526][T11847] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2122'.
[  468.962153][ T1197] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  470.574075][ T1197] usb 1-1: unable to get BOS descriptor or descriptor too short
[  470.575282][ T1197] usb 1-1: unable to read config index 0 descriptor/start: -71
[  470.575316][ T1197] usb 1-1: can't read configurations, error -71
[  472.482679][T11932] FAULT_INJECTION: forcing a failure.
[  472.482679][T11932] name failslab, interval 1, probability 0, space 0, times 0
[  472.482712][T11932] CPU: 0 UID: 0 PID: 11932 Comm: syz.4.2153 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  472.482734][T11932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  472.482745][T11932] Call Trace:
[  472.482752][T11932]  <TASK>
[  472.482760][T11932]  dump_stack_lvl+0x189/0x250
[  472.482788][T11932]  ? __pfx____ratelimit+0x10/0x10
[  472.482809][T11932]  ? __pfx_dump_stack_lvl+0x10/0x10
[  472.482830][T11932]  ? __pfx__printk+0x10/0x10
[  472.482857][T11932]  ? __pfx___might_resched+0x10/0x10
[  472.482876][T11932]  ? fs_reclaim_acquire+0x7d/0x100
[  472.482904][T11932]  should_fail_ex+0x46c/0x600
[  472.482937][T11932]  should_failslab+0xa8/0x100
[  472.482963][T11932]  __kmalloc_cache_noprof+0x6f/0x6c0
[  472.482986][T11932]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  472.483006][T11932]  ? __request_region+0x5f/0xe0
[  472.483029][T11932]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  472.483054][T11932]  __request_region+0x5f/0xe0
[  472.483081][T11932]  comedi_request_region+0x6d/0x180
[  472.483111][T11932]  c6xdigio_attach+0x49/0x890
[  472.483133][T11932]  comedi_device_attach+0x51f/0x720
[  472.483166][T11932]  comedi_unlocked_ioctl+0x605/0x1020
[  472.483185][T11932]  ? kasan_quarantine_put+0xdd/0x220
[  472.483206][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.483231][T11932]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  472.483267][T11932]  ? smack_log+0xef/0x3f0
[  472.483290][T11932]  ? __pfx_smack_log+0x10/0x10
[  472.483318][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.483336][T11932]  ? smk_access+0x14c/0x4e0
[  472.483364][T11932]  ? smk_tskacc+0x2fc/0x370[  472.483364][T11932]  ? smk_tskacc+0x2fc/0x370
[  472.483390][T11932]  ? smack_file_ioctl+0x24d/0x340
[  472.483416][T11932]  ? __pfx_smack_file_ioctl+0x10/0x10
[  472.483450][T11932]  ? __fget_files+0x3a6/0x420
[  472.483472][T11932]  ? __fget_files+0x2a/0x420
[  472.483498][T11932]  ? bpf_lsm_file_ioctl+0x9/0x20
[  472.483516][T11932]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  472.483537][T11932]  __se_sys_ioctl+0xff/0x170
[  472.483559][T11932]  do_syscall_64+0xfa/0xfa0
[  472.483577][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.483596][T11932]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.483614][T11932]  ? clear_bhb_loop+0x60/0xb0
[  472.483635][T11932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.483657][T11932] RIP: 0033:0x7f63831feec9
[  472.483674][T11932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.483687][T11932] RSP: 002b:00007f638145e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  472.483707][T11932] RAX: ffffffffffffffda RBX: 00007f6383455fa0 RCX: 00007f63831feec9
[  472.483721][T11932] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003
[  472.483737][T11932] RBP: 00007f638145e090 R08: 0000000000000000 R09: 0000000000000000
[  472.483747][T11932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  472.483758][T11932] R13: 00007f6383456038 R14: 00007f6383455fa0 R15: 00007ffd5aa4e3a8
[  472.483790][T11932]  </TASK>
[  472.483803][T11932] comedi comedi3: c6xdigio: I/O port conflict (0x4f27,3)
[  472.483941][T11932] ==================================================================
[  472.483951][T11932] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x3d/0x70
[  472.483976][T11932] Read of size 8 at addr ffff8880580e4830 by task syz.4.2153/11932
[  472.483990][T11932] 
[  472.484000][T11932] CPU: 0 UID: 0 PID: 11932 Comm: syz.4.2153 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  472.484020][T11932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  472.484030][T11932] Call Trace:
[  472.484036][T11932]  <TASK>
[  472.484044][T11932]  dump_stack_lvl+0x189/0x250
[  472.484063][T11932]  ? __virt_addr_valid+0x1c8/0x5c0
[  472.484086][T11932]  ? rcu_is_watching+0x15/0xb0
[  472.484111][T11932]  ? __pfx_dump_stack_lvl+0x10/0x10
[  472.484131][T11932]  ? rcu_is_watching+0x15/0xb0
[  472.484154][T11932]  ? lock_release+0x4b/0x3e0
[  472.484174][T11932]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  472.484195][T11932]  ? __virt_addr_valid+0x1c8/0x5c0
[  472.484218][T11932]  ? __virt_addr_valid+0x4a5/0x5c0
[  472.484241][T11932]  print_report+0xca/0x240
[  472.484264][T11932]  ? sysfs_remove_file_ns+0x3d/0x70
[  472.484286][T11932]  kasan_report+0x118/0x150
[  472.484317][T11932]  ? sysfs_remove_file_ns+0x3d/0x70
[  472.484344][T11932]  sysfs_remove_file_ns+0x3d/0x70
[  472.484367][T11932]  bus_remove_driver+0x19b/0x300
[  472.484392][T11932]  comedi_device_detach_locked+0x175/0x750
[  472.484419][T11932]  comedi_device_attach+0x5d4/0x720
[  472.484443][T11932]  comedi_unlocked_ioctl+0x605/0x1020
[  472.484462][T11932]  ? kasan_quarantine_put+0xdd/0x220
[  472.484482][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.484503][T11932]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  472.484530][T11932]  ? smack_log+0xef/0x3f0
[  472.484551][T11932]  ? __pfx_smack_log+0x10/0x10
[  472.484569][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.484588][T11932]  ? smk_access+0x14c/0x4e0
[  472.484610][T11932]  ? smk_tskacc+0x2fc/0x370
[  472.484632][T11932]  ? smack_file_ioctl+0x24d/0x340
[  472.484655][T11932]  ? __pfx_smack_file_ioctl+0x10/0x10
[  472.484681][T11932]  ? __fget_files+0x3a6/0x420
[  472.484703][T11932]  ? __fget_files+0x2a/0x420
[  472.484725][T11932]  ? bpf_lsm_file_ioctl+0x9/0x20
[  472.484742][T11932]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  472.484762][T11932]  __se_sys_ioctl+0xff/0x170
[  472.484781][T11932]  do_syscall_64+0xfa/0xfa0
[  472.484800][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.484818][T11932]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.484836][T11932]  ? clear_bhb_loop+0x60/0xb0
[  472.484855][T11932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.484872][T11932] RIP: 0033:0x7f63831feec9
[  472.484887][T11932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.484901][T11932] RSP: 002b:00007f638145e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  472.484919][T11932] RAX: ffffffffffffffda RBX: 00007f6383455fa0 RCX: 00007f63831feec9
[  472.484933][T11932] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003
[  472.484945][T11932] RBP: 00007f638145e090 R08: 0000000000000000 R09: 0000000000000000
[  472.484957][T11932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  472.484968][T11932] R13: 00007f6383456038 R14: 00007f6383455fa0 R15: 00007ffd5aa4e3a8
[  472.484989][T11932]  </TASK>
[  472.484996][T11932] 
[  472.485005][T11932] Allocated by task 11127:
[  472.485017][T11932]  kasan_save_track+0x3e/0x80
[  472.485036][T11932]  __kasan_kmalloc+0x93/0xb0
[  472.485054][T11932]  __kmalloc_cache_noprof+0x1ef/0x6c0
[  472.485074][T11932]  tipc_sub_subscribe+0x118/0x6a0
[  472.485094][T11932]  tipc_conn_rcv_sub+0x134/0x370
[  472.485113][T11932]  tipc_topsrv_kern_subscr+0x17b/0x240
[  472.485132][T11932]  tipc_group_create+0x364/0x500
[  472.485151][T11932]  tipc_sk_join+0x24d/0x6b0
[  472.485168][T11932]  tipc_setsockopt+0x735/0x970
[  472.485184][T11932]  do_sock_setsockopt+0x17c/0x1b0
[  472.485202][T11932]  __x64_sys_setsockopt+0x145/0x1b0
[  472.485220][T11932]  do_syscall_64+0xfa/0xfa0
[  472.485237][T11932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.485252][T11932] 
[  472.485256][T11932] Freed by task 11125:
[  472.485265][T11932]  kasan_save_track+0x3e/0x80
[  472.485282][T11932]  __kasan_save_free_info+0x46/0x50
[  472.485297][T11932]  __kasan_slab_free+0x5c/0x80
[  472.485321][T11932]  kfree+0x197/0x950
[  472.485337][T11932]  tipc_conn_delete_sub+0x13c/0x1c0
[  472.485356][T11932]  tipc_topsrv_kern_unsubscr+0x8b/0xb0
[  472.485376][T11932]  tipc_group_delete+0x412/0x480
[  472.485395][T11932]  tipc_sk_leave+0x138/0x4e0
[  472.485411][T11932]  tipc_release+0x5fc/0x21b0
[  472.485426][T11932]  sock_close+0xc0/0x240
[  472.485446][T11932]  __fput+0x45b/0xa80
[  472.485459][T11932]  task_work_run+0x1d4/0x260
[  472.485474][T11932]  do_exit+0x6b5/0x2300
[  472.485495][T11932]  do_group_exit+0x21c/0x2d0
[  472.485515][T11932]  get_signal+0x125d/0x1310
[  472.485532][T11932]  arch_do_signal_or_restart+0xa0/0x790
[  472.485549][T11932]  exit_to_user_mode_loop+0x72/0x130
[  472.485568][T11932]  do_syscall_64+0x2bd/0xfa0
[  472.485585][T11932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.485600][T11932] 
[  472.485605][T11932] The buggy address belongs to the object at ffff8880580e4800
[  472.485605][T11932]  which belongs to the cache kmalloc-512 of size 512
[  472.485621][T11932] The buggy address is located 48 bytes inside of
[  472.485621][T11932]  freed 512-byte region [ffff8880580e4800, ffff8880580e4a00)
[  472.485640][T11932] 
[  472.485644][T11932] The buggy address belongs to the physical page:
[  472.485663][T11932] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880580e5000 pfn:0x580e4
[  472.485682][T11932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  472.485697][T11932] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  472.485713][T11932] page_type: f5(slab)
[  472.485729][T11932] raw: 0080000000000240 ffff88813ff26c80 ffffea0000cc4310 ffffea0001679d10
[  472.485744][T11932] raw: ffff8880580e5000 000000000010000c 00000000f5000000 0000000000000000
[  472.485760][T11932] head: 0080000000000240 ffff88813ff26c80 ffffea0000cc4310 ffffea0001679d10
[  472.485776][T11932] head: ffff8880580e5000 000000000010000c 00000000f5000000 0000000000000000
[  472.485791][T11932] head: 0080000000000002 ffffea0001603901 00000000ffffffff 00000000ffffffff
[  472.485806][T11932] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000004
[  472.485815][T11932] page dumped because: kasan: bad access detected
[  472.485828][T11932] page_owner tracks the page as allocated
[  472.485835][T11932] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5801, tgid 5801 (syz-executor), ts 77459050505, free_ts 77458826756
[  472.485865][T11932]  post_alloc_hook+0x240/0x2a0
[  472.485885][T11932]  get_page_from_freelist+0x28c0/0x2960
[  472.485907][T11932]  __alloc_frozen_pages_noprof+0x181/0x370
[  472.485930][T11932]  alloc_pages_mpol+0xd1/0x380
[  472.485950][T11932]  allocate_slab+0x96/0x3a0
[  472.485965][T11932]  ___slab_alloc+0xb12/0x13f0
[  472.485978][T11932]  __slab_alloc+0xc6/0x1f0
[  472.485991][T11932]  __kmalloc_cache_noprof+0xec/0x6c0
[  472.486010][T11932]  __ipv6_dev_mc_inc+0x44f/0xa50
[  472.486031][T11932]  ipv6_add_dev+0xea1/0x13c0
[  472.486051][T11932]  addrconf_notify+0x794/0x1010
[  472.486065][T11932]  notifier_call_chain+0x1b3/0x3e0
[  472.486085][T11932]  register_netdevice+0x163c/0x1b10
[  472.486104][T11932]  ip6gre_newlink_common+0x3dd/0x590
[  472.486126][T11932]  ip6gre_newlink+0x228/0x360
[  472.486144][T11932]  rtnl_newlink_create+0x30d/0xb00
[  472.486162][T11932] page last free pid 5801 tgid 5801 stack trace:
[  472.486172][T11932]  __free_frozen_pages+0xfb6/0x1140
[  472.486191][T11932]  stack_depot_save_flags+0x436/0x860
[  472.486207][T11932]  kasan_save_track+0x4f/0x80
[  472.486224][T11932]  __kasan_kmalloc+0x93/0xb0
[  472.486242][T11932]  __kmalloc_noprof+0x233/0x7d0
[  472.486261][T11932]  __register_sysctl_table+0x72/0x1340
[  472.486277][T11932]  __addrconf_sysctl_register+0x328/0x4c0
[  472.486300][T11932]  addrconf_sysctl_register+0x168/0x1c0
[  472.486321][T11932]  ipv6_add_dev+0xd84/0x13c0
[  472.486341][T11932]  addrconf_notify+0x794/0x1010
[  472.486354][T11932]  notifier_call_chain+0x1b3/0x3e0
[  472.486373][T11932]  register_netdevice+0x163c/0x1b10
[  472.486392][T11932]  ip6gre_newlink_common+0x3dd/0x590
[  472.486413][T11932]  ip6gre_newlink+0x228/0x360
[  472.486432][T11932]  rtnl_newlink_create+0x30d/0xb00
[  472.486449][T11932]  rtnl_newlink+0x16e4/0x1c80
[  472.486464][T11932] 
[  472.486469][T11932] Memory state around the buggy address:
[  472.486479][T11932]  ffff8880580e4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  472.486491][T11932]  ffff8880580e4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  472.486502][T11932] >ffff8880580e4800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  472.486512][T11932]                                      ^
[  472.486521][T11932]  ffff8880580e4880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  472.486533][T11932]  ffff8880580e4900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  472.486542][T11932] ==================================================================
[  472.665232][T11932] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  472.665252][T11932] CPU: 1 UID: 0 PID: 11932 Comm: syz.4.2153 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  472.665276][T11932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  472.665288][T11932] Call Trace:
[  472.665295][T11932]  <TASK>
[  472.665302][T11932]  dump_stack_lvl+0x99/0x250
[  472.665328][T11932]  ? __asan_memcpy+0x40/0x70
[  472.665347][T11932]  ? __pfx_dump_stack_lvl+0x10/0x10
[  472.665366][T11932]  ? __pfx__printk+0x10/0x10
[  472.665391][T11932]  vpanic+0x237/0x6d0
[  472.665406][T11932]  ? __pfx_vpanic+0x10/0x10
[  472.665421][T11932]  ? preempt_schedule+0xae/0xc0
[  472.665440][T11932]  ? __pfx_preempt_schedule+0x10/0x10
[  472.665461][T11932]  panic+0xb9/0xc0
[  472.665476][T11932]  ? __pfx_panic+0x10/0x10
[  472.665494][T11932]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  472.665516][T11932]  ? is_module_address+0x17/0xf0
[  472.665535][T11932]  ? sysfs_remove_file_ns+0x3d/0x70
[  472.665564][T11932]  check_panic_on_warn+0x89/0xb0
[  472.665588][T11932]  ? sysfs_remove_file_ns+0x3d/0x70
[  472.665610][T11932]  end_report+0x78/0x160
[  472.665631][T11932]  kasan_report+0x129/0x150
[  472.665654][T11932]  ? sysfs_remove_file_ns+0x3d/0x70
[  472.665683][T11932]  sysfs_remove_file_ns+0x3d/0x70
[  472.665707][T11932]  bus_remove_driver+0x19b/0x300
[  472.665731][T11932]  comedi_device_detach_locked+0x175/0x750
[  472.665759][T11932]  comedi_device_attach+0x5d4/0x720
[  472.665786][T11932]  comedi_unlocked_ioctl+0x605/0x1020
[  472.665805][T11932]  ? kasan_quarantine_put+0xdd/0x220
[  472.665824][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.665846][T11932]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  472.665871][T11932]  ? smack_log+0xef/0x3f0
[  472.665892][T11932]  ? __pfx_smack_log+0x10/0x10
[  472.665910][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.665928][T11932]  ? smk_access+0x14c/0x4e0
[  472.665950][T11932]  ? smk_tskacc+0x2fc/0x370
[  472.665972][T11932]  ? smack_file_ioctl+0x24d/0x340
[  472.665995][T11932]  ? __pfx_smack_file_ioctl+0x10/0x10
[  472.666021][T11932]  ? __fget_files+0x3a6/0x420
[  472.666043][T11932]  ? __fget_files+0x2a/0x420
[  472.666065][T11932]  ? bpf_lsm_file_ioctl+0x9/0x20
[  472.666081][T11932]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  472.666101][T11932]  __se_sys_ioctl+0xff/0x170
[  472.666120][T11932]  do_syscall_64+0xfa/0xfa0
[  472.666138][T11932]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.666157][T11932]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.666175][T11932]  ? clear_bhb_loop+0x60/0xb0
[  472.666194][T11932]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  472.666211][T11932] RIP: 0033:0x7f63831feec9
[  472.666227][T11932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.666243][T11932] RSP: 002b:00007f638145e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  472.666264][T11932] RAX: ffffffffffffffda RBX: 00007f6383455fa0 RCX: 00007f63831feec9
[  472.666277][T11932] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003
[  472.666290][T11932] RBP: 00007f638145e090 R08: 0000000000000000 R09: 0000000000000000
[  472.666300][T11932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  472.666311][T11932] R13: 00007f6383456038 R14: 00007f6383455fa0 R15: 00007ffd5aa4e3a8
[  472.666332][T11932]  </TASK>
[  472.666482][T11932] Kernel Offset: disabled