last executing test programs:

6.895879959s ago: executing program 1 (id=3302):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
execveat(0xffffffffffffffff, &(0x7f0000000800)='./file0/file0\x00', 0x0, 0x0, 0x400)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000002c0)=ANY=[@ANYRES8=r0])
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x5a, 0xa, 0x3, "3258c5c04000000000000000001b0000f4ff4000000000000000e91aba2800"})
socket$nl_netfilter(0x10, 0x3, 0xc)

6.804771607s ago: executing program 1 (id=3305):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r1)
openat$cgroup_devices(r1, &(0x7f0000000ac0)='devices.deny\x00', 0x2, 0x0)
syz_emit_ethernet(0x6f, &(0x7f0000000200)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x61, 0xfffd, 0x4000, 0x1, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x0, 0x0, 0x43f6}, {"7871edb5bd2531a06454addc79a692849ffd0e5cea4ae266bcbe3929b3065f4e5d6ca0883d248fa6b174fdbd85ea8aa2b1461dc96de29086e5"}}}}}}, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r2, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @local}, {0x0, @local}, 0x4c, {0x2, 0x0, @rand_addr=0x65010100}, 'ip6erspan0\x00'})
sendmmsg$sock(r0, &(0x7f0000000a40)=[{{&(0x7f0000000080)=@un=@abs={0x1, 0x0, 0x4e21}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000100)="1a598aa59845c0b8d3b3", 0xa}, {&(0x7f0000000280)="34b38af11e2fb20ef9cfb1b40f187b2a5b413594a6afd74360ef3745eba0d1c5a82975e9713be721e7bdcd0f1a12aca5e9b05a312ebafe7017496dcba85ff33bc226f22b3aea861c88c542e0be644b9d55d051a46cf3a2d55568069ea9c98c2780db8b4de88fb4e5cf23b52c6e676d89a15a48a146d18857d0bfaf64974ca5b07b9a952d5c8bf1c683e169a9c9688da3f0408e5c8c231861d67024c1e97b97b7b6f6efa8ad201d3394b4256675011d876f7590ef3161465364e8456c8eebe05cd46f11302e0084656ff78e371715", 0xce}, {&(0x7f0000000140)="571b639cca", 0x5}, {&(0x7f0000000380)="45e51522036da791a4d53d771a64a7298869425aea48d002d99ace95770411a8b3d4828c78ed3ad3634f19b2898c35bf97a76630e275c17affde77e3278aab4628eb29c472428202ea7fb1e007de2e929e9989b37bde2b3ec935ecd373", 0x5d}], 0x4, &(0x7f0000000400)=[@timestamping={{0x10, 0x1, 0x25, 0x5}}, @mark={{0x10, 0x1, 0x24, 0x81}}, @txtime={{0x14, 0x1, 0x3d, 0x7d}}], 0x34}}, {{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000440)="c1074b36a6f3ba80afc262139a080f31e9d748faae3fc528ea2cf8329bbf78e6c62f052edb86cef3111dd1b59705c37b08004728149c9b955d6a2c35fe8a2c8d4712379da05b49beed6231b6354d0519f7ef166c1c5aa988a0dfb2e1be4db85d67ef7643f9c960e25a467745855587a251204620ca4dd066157fd7954f50d59dcedbfe0d2e462b902b580143bcb39a42fc8d314d1dd84256615d7edfba0bfc66f6c29370a5400774bb4e52ab2d95143250fc6d322d251ec3b999a40f28a819a2cfd417addeee", 0xc6}, {&(0x7f0000000540)="7ce027f122cfbeb63afbd6312bff33633377a22f87e47cf785749650764155852ebc91ef7c5632327117614e1edf89fbe4ee6de128012b8cf89ac3a5b7cb64093ccffd6c2423edb7df", 0x49}, {&(0x7f00000005c0)="9fc36b34bedade3df54a45c690861f3e0e2efc6ed6ccc9f744e8edd0386aed4fc3439b022b307d5b80b61ead37bb45992be6086005c91f71c0b01fb881fdbeba29218b9e", 0x44}, {&(0x7f0000000640)="538a1d56bd64e2b94271c2b02749a83f093e2843ab507e2a29c9ed160ec9aee5ce26afd04397f2cf789b0c80cbadcc7c46cbeb6acb2a67f0d3b228953af5c08ee7acf4299f88b049aff34967184bd916967001eb0ea4e2b0a33af52cdb31506f329d0aa521815db486920e63304884856bfd182ad2fed59c124ee5f1", 0x7c}, {&(0x7f00000006c0)="d2c3f67aeb21520408858f71e4498637e449c02bbab96fa0d83d79feab97e0190461f255f101c8e81b72f6d1b30b875ddca8b58c50453e8127f9644e72cb391f45bfe72302649b06c1a98bc7af95f8311d6040dfc9f6a697654dd0adc7852251abf4350d1edaa4abfd2cd07d33cfd2beab167cf3542fca442c5045616e8978a4b88fd486722704b7a3b174a9d04e01be61", 0x91}, {&(0x7f0000000780)="072d065e90f8079aaddc1f7b44fe8125ef72b17e5ab0f7bcfe33e07e46ea92a2b8d08ac0066c133069eaf7e3ca067358327d02c8084c1d7115f76babf6dbecc5ec18b5f5cda4597ce947cb2c97634ece69db85e7dc7a041d50735277d5c5b93f5bc568a2280157f823e307ddd4d6409be605d10b04e33ddf104a8da54e865e38767853a022e1c8e5d342c765f2ef4526227d4cdf451944eebafae98c47997524a6ed6ffb164190ba8b4db0978685c1575b255cec60155cb897eeac", 0xbb}], 0x6, &(0x7f0000000880)=[@timestamping={{0x10, 0x1, 0x25, 0x4}}, @mark={{0x10, 0x1, 0x24, 0x1}}, @mark={{0x10, 0x1, 0x24, 0x7}}, @mark={{0x10, 0x1, 0x24, 0xab}}], 0x40}}, {{&(0x7f00000008c0)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}}, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000940)="408ff105f91b0c5a7818bd40a0d418a7804cc98ee9e41baa6aab597610ddb2c13e515e02fc4374e0dd8f28dffc57d0a88297b4269c9f26040883a9e97388e76ef627dd9ece1ef392bf2a635ed9c6a0b14ff08bd05a31521b916fb417558ab79311b47bc083316da8", 0x68}], 0x1, &(0x7f0000000a00)=[@txtime={{0x14, 0x1, 0x3d, 0x400}}, @txtime={{0x14, 0x1, 0x3d, 0x6}}], 0x28}}], 0x3, 0x4040001)

6.5312914s ago: executing program 1 (id=3306):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0x7fffffff, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xfb}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_opts(r1, 0x0, 0xd, &(0x7f0000000100)="ac", 0x1)
recvmmsg(r0, &(0x7f0000002980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002740)=""/20, 0x14, 0x2000000}, 0x6}], 0x1, 0x10100, 0x0)

6.52786297s ago: executing program 4 (id=3307):
sched_setattr(0x0, 0x0, 0x0) (async)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
socket$packet(0x11, 0xa, 0x300) (async)
r0 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
r1 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
ppoll(&(0x7f0000000200)=[{r1, 0x40}], 0x1, 0x0, 0x0, 0x0) (async)
connect$unix(r1, &(0x7f0000000340)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a076b876c1d0048007ea60864160af3650400410038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r4 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) (async)
write$tun(r3, &(0x7f0000003040)={@val={0x8, 0x800}, @val={0x0, 0x3, 0x0, 0x1}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x89, 0x0, @rand_addr, @multicast2=0xe0000001}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0x36) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) (async)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, 0x0})
ioctl$KVM_SET_CLOCK(r6, 0x4188aec6, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x20000000000003, 0x1004}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x602, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x21)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000000))
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r6, 0x4068aea3, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)

6.339372954s ago: executing program 1 (id=3308):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='source', &(0x7f0000000400)='//\xf2/\x06\b\xa30\\\x00\x00\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\n\x8c<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/\xd15)\xeatn\xa3\x88\x13i\xb6\x7ft\x95\xd7\x01o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x94\x00\x00\x00\x00\x00\x00\x00g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xef\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xba\xec\x99@\xd2\t\n\xb1o', 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xfffffffffffffffe, 0x7, 0xfa11, 0xffffffff}, 0x0)
accept4(r1, &(0x7f00000002c0)=@rc={0x1f, @fixed}, &(0x7f0000000000)=0x80, 0x80800)
socket$inet_mptcp(0x2, 0x1, 0x106)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffc000/0x1000)=nil)
openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x448000, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000c80)={'syz1\x00', {0x40, 0x6e2f, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xb0, 0x80, 0x5, 0x5, 0x7fffffff, 0x0, 0x46, 0x838, 0xffffff0c, 0x3, 0x9, 0x8, 0x2, 0x4, 0x6c1, 0x400004, 0x3, 0x2, 0x0, 0x800, 0x6, 0x6, 0x5, 0x10001, 0x7, 0x6, 0x77, 0x8001, 0x7, 0xd, 0x401, 0x7, 0x8, 0x3, 0x4, 0xff, 0x1, 0x0, 0xfffffe01, 0x0, 0x40399, 0x101, 0x2, 0x100db, 0x1, 0xc, 0x7, 0xf, 0x2, 0x1, 0x0, 0x800, 0x7f, 0x9, 0x3, 0x21c2, 0x0, 0xc10d, 0x7, 0x8, 0x9, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x100, 0x27, 0x2, 0x9, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x0, 0x10000, 0x3, 0x9f3, 0x800, 0x0, 0xe842, 0xff6, 0xca, 0x9, 0x7, 0x7, 0x6, 0x9, 0x6, 0xc7, 0x27f, 0xf, 0x1, 0x550, 0x2, 0x3, 0x8, 0x2, 0x0, 0x4000003d, 0x13d, 0x101, 0x9, 0x10001, 0x9f, 0xe2d8, 0x783, 0x5, 0x0, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x102, 0x1], [0x62e2adfb, 0x809f57, 0x4, 0x80000000, 0x7, 0x8, 0x1, 0xfffffff7, 0x1, 0x2, 0x4, 0x4, 0x6, 0x4800001, 0x0, 0x2e, 0x7, 0x2, 0x5, 0x7, 0x1, 0x7, 0xffff8000, 0x8, 0x3, 0x6, 0x10001, 0xfff, 0x0, 0x8, 0xffef2f9e, 0x9, 0x6, 0xc, 0x9a8, 0x5, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0xb3, 0xcf, 0x2, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x1d7, 0x5, 0xfe, 0x7ff, 0x2, 0x5, 0x6, 0x4, 0x5, 0x9d, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x4, 0x400002, 0xf, 0x5, 0xfffffffd, 0x10001, 0x2, 0x4, 0x2, 0x2, 0x9, 0x7fffffff, 0x3, 0x2, 0x7, 0x9, 0x5, 0x5, 0x2, 0xffffff7f, 0x8, 0x1, 0x5, 0x8, 0xc6d9, 0x631, 0x200, 0x4, 0x1, 0x4, 0x5, 0x40, 0xffff, 0x5, 0x7ff, 0x6, 0x10, 0x7, 0x1, 0x6, 0x80000000, 0x3, 0x3, 0x10000, 0x9, 0x2, 0xffffffff, 0x4, 0x4, 0x4, 0x2, 0x8001, 0x40000000, 0x105, 0xb9, 0xfff, 0x400, 0x22, 0x2, 0x75, 0x9]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
ioctl$UI_SET_PROPBIT(r5, 0x4004556e, 0x8)
restart_syscall()
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(0xffffffffffffffff, r4, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
open(0x0, 0x143862, 0x32)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040))
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

6.284960117s ago: executing program 4 (id=3309):
r0 = socket(0x28, 0x5, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000009c0)={'ip6tnl0\x00', &(0x7f0000000940)={'syztnl1\x00', 0x0, 0x4, 0xe, 0x1, 0x0, 0x2, @loopback, @private1, 0x8, 0x7, 0x28f498b0, 0x6}}) (fail_nth: 9)

6.170098321s ago: executing program 4 (id=3312):
r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000751c0110e60f00989ad1010203010902240001000000000904290202b48cbb0009050402100000fa000905820240"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000800)={0x24, &(0x7f0000000600)={0x40, 0x18, 0x6, "9eaa95fb4ff9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$pidfd(0xffffff9c, &(0x7f0000000000), 0x450582, 0x0)
pidfd_send_signal(r1, 0x30, &(0x7f0000000140)={0x11, 0x4, 0x6}, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5801000040000701feffffff00000000017c0000040042800c00018006000600800a0000340102802e0114802a0102"], 0x158}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)={{0x12, 0x1, 0x250, 0x20, 0x12, 0x1b, 0x10, 0x41e, 0x4041, 0x4025, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x7, 0x40, 0x7, [{{0x9, 0x4, 0xf1, 0x4, 0x0, 0x87, 0xa2, 0x44, 0x5}}]}}]}}, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000180), 0x12, 0x40000)
read$usbfs(r4, &(0x7f0000004240)=""/184, 0xb8)
syz_usb_control_io(r3, &(0x7f0000001340)={0x2c, 0x0, &(0x7f0000001100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x440a}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000002900)={0x1c, &(0x7f00000027c0)={0x40, 0x1}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
r5 = io_uring_setup(0x6b52, &(0x7f00000006c0)={0x0, 0x456f, 0x3, 0x1, 0x57})
r6 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r6, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24)
listen(r6, 0x4)
recvmmsg(r6, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}}], 0x1, 0x40000100, 0x0)
close_range(r5, r6, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$sierra_net(r3, &(0x7f00000000c0)={0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="200dd8000000d80c50548dc98e9a2d127548b0fd4744d9cf9455280af884da9acb4879942eaf28e4b06c0793b97408b153feed79d2422189ca98e36bfea0c9de291920cb6427c999986a7369a4ee96e62eb8c491f6c6ccea07600359c12a3f62189ac0718d64de956d3aee9f0a786e57829b942fc13ca8d602f76a613e6b3963551ab67cc9a302caae7ef6d42b7747ce594f6d1841a2456185c2e633e03e1667adac6978e3212ca376158090fd5114e55dd2ee228449a297a02d70cafcc2991debafa7e8a4c51bb3bc47692430f1562a8a3f58f57078ef470d4b56c88f42a6ddb37260855adcda34e93184dea300288f1e3ffc17619f1b779fff12aa24e4bfaba882750abd21827466c27a55960f753c188859ff2de658e4faa9f0a59f444367b2bdcd46a63e09e901f1698f455e0b471b801ef29e014f5441406abddebaa015e354c5c27cf8d0faf99b9886e0e1e11879"], &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0xf4ff}}}, &(0x7f0000000380)={0x10, &(0x7f00000002c0)={0x40, 0x31, 0x87, "a11cb32c2e3920cd877468c082b65b126e3382ca64777728ef2e1de927c14b031f4514094aa1d753c08a36dc7a76be3be8c490a2d61df70b9d8c8288ba094fcc1816d53a69fbfb6193767551d536a4e6d2e9f392f7f910da96d383eee8b8b03e09242149c986d10c00c3ba340d1fedbee61c54ff190e5043239ce447ad60ad4c902168efb47313"}, &(0x7f0000000840)={0xa1, 0x1, 0x400, "c267298573f797817fb2614ee6d5bba74f2389f0482eb128d157a7717d267b1d56d7807f025458a614bd0c9e5abdd3076243147a142f0908369368435925f28aea7b0b9bff841b544a453128b33c176de9512c1a75d3d42885b5332ad6721cb0bd569acf6af4bc7d7319bc12e076298052a5a218e399526d0860b5f42fc97a5096158baae0126ffc2f5d6936df6686879dd64be40878a86614015eff54511d4a8e230bb602f322af1c33a739d90546bfe3de27c35a22664058c739913ce8626cdd1a1ec6465897e21e94ce249ba418043aa1a1c9ef79a678d76d05b0ca8436d3a54243e3a447199862c5b6d62699ca5255611f95356ee46398d9e8a2a66c2d956922472bf5c625501818982380d51a93e8cb187c8460706ac4a13b2ce6c940b9471902b30969f9164f9af140dcf08f1f0becbdaf37c6e54f6de1a814fe5d169532a1a62c15d4a0976c1428d67d48c4fd0258d38e3794b4dc91f21b34201e9e55d823b582352c4f9ecc887fe2a9cc4648280424f41ed80cfe20b87b42d5c6a90abf690c4fc54d12358f34032c09af5a77a2abfae97dcf35f345d1f40a635031834936f33694af614c2b30b41b46be764d3be54d96f55ae992270c7ab4852fced502adff664d5eb704f72d902f9a1bb27ba02f46f367630cc31157b59cab0f0cd886f0fcb33823fb70dc4fe52ea0f9a11ffb668d4702ea5b22e2049d0997b0cfa6cccc205a7dfaff863ab6d0f44033eeb64f727213440b9c5fb91414fab7f74a6c681f70ff4f6d530262beb116c2ba4d2fa200c940bd2e8a42dfd66cfd419fabc42c2bd97c96541ae5687b31ec379b425e43924ef2bc363d904bdf28f65d58bc87642cde4685ce15338ef2400109dbc5ee796213feb0e65421f674f9fc0824ea9c1fa9832748777f21bc2d57d5ffa9ce0b4ed3e3217fcf5549c8f8775d52fc3a44f3ae47fa6d9823803876f9a8467bbe1ad57650690a69d8e6015f5b8a8d636f33a3d6b4b88ab2d85cace41f5b2aaeb0207ba4c6e2009fccc064ad21c0f9146c48912cd92706d65f3b217a8e95023297a9afd1d5042ce08910723b4e3a80bd433043061d8f3a24997856893d760edd70b385f38f7b7ce43a574e73480cdda29fccd16e38b86bdbeebaf48838af9ecffb840d0ae95f78f5e52b70686f7c9af88df271e5e36e88d7c6ec0895ac93970bf100264cc00fea7ab7b3be511ed8596430ac808abd43b8e18656a9e403a9cb77eca5527ca863a6f639dad4ca1f27cb4a950d077b151d67aafda4bce7b5d6ed9844f689dd58bbed2ec6ec0265415533163f00acf4fff8f51f66c15ef1cef5a516f93c9dc73c7e8e2174b47253aa19c7e5d0963d8bf986965908a46f81410457d3ab9737c8cbd29197b1f8152726f522d3b9708987f38b3012d55bf568d92b6f538c0ef48b1556f63ccaa40c1685f2e633b6e1"}, &(0x7f0000000100)={0x21, 0x0, 0x4, "b48d2db4"}})
syz_usb_control_io$printer(r0, 0x0, 0x0)

6.129165049s ago: executing program 0 (id=3313):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000feffffff0000000000000000850000001900000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x5, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffff26)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41000, 0x13}, 0x94)
close(0x3)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, &(0x7f0000002240)="2d12376647d788ad2cdbd0e68c140c7f72d35ae5869c470a1f53ea73c32220190e02cb0b770bb154d1d5d1b343cb1feadca1752e4397955e1a151721f1b28b9e32b7966f9ddd7ad3822c5ff3dc03786c1c86c2a6f7c271710c573396ca95e95a524201b0bf0539042ae14072693f9734306f7a21f92421e8e0ea335d07d1f2839c4c195930cd35c65dfc527de84f2cab4f0c78474734d7c5cba0c70ee0fd10ad5ed3f4b70308c29000e8cd98d57c90c7d9298ee4a2c41b141614627880ace9cfde45a0ae5f6f5cf3eb31254454e92eacdab64eb048b144e4fcc16afe59e7d7dad7696df64aa223d14d69bbe8ee2f76e1d4a32477a7cf108fea86a7e085c1575f683857cff342574109f74cf05e3f63f328f46735ba0578d84b4978ce545621b1666ca7da451d40e961a037822eebcbba9bf9e92af7281442efcaa8e0d3ecd6111d8fc1c742d0e7efe8e51a1c5e6ea04fec02a986cba677d9dc642d110df6f55c786c73f7ce4ebf9415bdb2680d0ff4597006d96e3c164114a4effae84380e492822c002b2e96f160a0784fd0ebe448eddaa801921576287f61a15be332a94eea951c0826874d105173a6b3f2a6e420ed5ef00b1f699b74c524a1859cb7d6dfb7257b6f0b92e17ce21237da0ec892735601b29693dce455876447f76df303a8cb34bd9c9241da9904c1c17d416753c71aeed9cc07d26b4a438df4e302cf120cda73c04d5a1b7295f1cb7ff88084211adde5fdf991f97cb522b56c561ad1119a4675fbf566b77660dfd457467652d23c739cc9ba93bbd5b464c46e46187ce71d7aab533e670c861b227454d7c21f9f16000eee0c1772a152c26acd2744c5553ace622369f15d5354a3b5ac4bb9261a766830d351fa931558dee7ff30768b2e29025c3b115179ed6a12ea76a23db3626bc033f85a43c3c3f50b75b89a418277837ba571189e708f4aaaacc19537e7aa156b7058c200e8f9be1da8a63c7e878f3e733060a1cb24a2a09ea76413efdc4e0b1027a09c6830b4ca5ccd4695e2e0bb1610a21b0cc66012aab283b6c5dfbd20aef8d7ad04e4c618a065a588d05e3f780126eee290cf0f94fb4a2c5a8cb97f60d9e50301a4f01f3787ab052ef8782d6ef0f92385ab59015670a054dab1ab0400be74fdc4ac3d18fb5b5da13e55a05e29ad14dd0abf0435dea601ce80573548f3c8f21ecfcbe5361d1505a91c355d8477fe7e3866be005acae25cbab7bd8684294963c3c95924f7d62ca0ed2d7aa01048cbdcd4d7ae9717d4feb97e1e825f6156e9c5fc456509798d2f5adc9356752a8974894ff5bf9d14aab3ddf18fd4f9af23c66f7e4ef7e345e769260fd9d2a22ddd078dd7e44f904ea78dd3db5b0f4a8d7ce9ae7909cedde165b7458da24d576fc0e18d3c27cccaff21146ad51c1681c629a8f0b8a4ae213c88910c54de9af7890b0a4414e0d38c31d76a130b587b764260655f17f901f96b835a1fecb1f7438f5e18ff60720d37d19b1a9ae3e03dc10aa1c4f2abb918883d56ddd4e74b48a4aeadccf2329956ed18b2001d1e1e80bdf325449beda911916f802234f5b182264754cd3bb26b2ae658cc0ee185a19cba7f9e54e47c32f8b87d0fed97c911d28f971e70be5fb830109a57b600f734a4cc734cbb67a58e6a696ccb39c328c537fe467fd194183aad728f95b0a4afb4557615408a83785c0d313e666d1dab18d49a4feaf12993e73f5537998a1ed25b93f9bca346376129dee3a5a78675d30bd19a78b77f45ea8b5b48cb4c78a1bc30df00badb811585966b8f8ef42d89236f5e99f849a44d62d1431eb187333dcde91582a29e777b9cd6e1bc86eff512ba48d6030681d395bfb8c5259b0c22028400a1d3929a6e3fa0fcda3deb9cf8e7e079c21d7c20b1670eb880789ae809608bac2b05c45da5a3a0377d1d06b917a5a6ee7dbf35f54c327d7d7921266bcb4e8e816b02872139d03d575c491ee077140f7d1aca286f977869288bf90eedaf41727abcd79056936d830bf6480bf6b4573e4dd402f6206099716593a04813cd07437ffa80f10f72ef64e320e48fa59b5ac0e412d9ed14bfc2e9365c67fc21c327d5699f58c3984db4f3ec0c362b633a784c4dfba44187801a0f0fc0f6b7a4610594556b33f1617c7b8b4f95d5d6fba7553512a6098a2e64d10a45347f3a41d11e19f7690ebcbfb9239c59b489061aad4317a08c435fa92c4f5feb662f6413c3d06dca92647fef304d9f8e96a78b5251b0a4d15710937428ab676cc7da5f0006cd04f7fa884625116a0cbddabc012cf55e3f26a4b411cfa1ba8473c3aef570cd23fe2165bf1f9b54632c7e76e5a5818bb70086c5fa609f2199424b8f2de5387a5bf44d3f246bec62433182b0c950ecc2968dba1e6a845c48c506daf90ffb0c13d376be0ac8283abb4e4283f703206a47c2b9c6a642d4bf4a245b8ec978b09d8620fc5d9f917842f83bf5e2efd976e9b98c38a8f836773357ad6d23fca68ee26431acf0196ef0fcef25a979782dc2f1688acacc53b1b2c2f694b638c1256a869f56098b89bb4a14b2dc2d187773e6a75f7d37ed91b8f8aee84c0bdbaeec229139809eaa9948e7a5e18d783ece0cd7ea8996dc3e650b1cff351ad9fbd661f303f40de084d111ec1489ae42d2fc55ce8d892a3d6290f2d2eb72733b4fdc8c433569c34854a84653884b3d90652f499eeb83886bd4246b41f231141cf1a412f1c7840fb8a1595895cfdec1961d887ac9dd1f5ad4b66bbb451d5471fcb1fb4bb25a4c4d43b9c0e3c72a00e8fc83f700c812b1b9c2f37e40bd746c39cbbca41e6fecb8d64424c82e640d8f887cb7d8e75828b2969e1628c7000fba626381dcfdc7262b2b06f47f898d0aa0dab8636c089d4339a37e80f20f8f5196608a3d1ac1418ff9ac0ac54c45c124b15a77d61d50ca05e1603b1b6476cf09d79b138a7f7394a9cf35e6d64654504663db381712da505d0985cd9a4edbd067c0f09c393486b138f01deb4771566d987ac16a6ed0ac5c9b592a20878e5b4050e594f376523697a0aba321a6704db28b0f0fcdf0d8e2a6f1788064d49807f080d7aa29f795935d61bcf152fe39a45a713fd0a3b2982f65437828e110b2edcdbd7b462d5ef8e87ad0aa2352cf3fb1e05787602ed66efd77a7b88c73e76dd1b368e5845cc032ed719635b0db27b39ddc12d899b742a1499ffaa4b95c0a1f29cd85a7d2d30be5bd1fd384a6e4dd3b93b46352ece5144a2ce989bcb8e6255e04e6d5d0a6b4b2736715b116b06189491b4a4a9fd9e482413b2b8851b273b10820040b490de9414fcdee5126ddbedaaddcb8c844cc7e0264f65c4d3607dddf0dbd88a7f3d1ff35bea1bcb48eb576e7083fd8bf8d6a6a1567f77819c3bbe93ff92418632d30fa2b933b33fcf163b5a942d870f22d13ad6be938ddf61de391b35e68fc9ad71aeb7cddfb73e071162bfd1c7facd10e50e9f8046c7ee6f89830b70955a3908c18cc79138c335a5159adb3229e02576cbd1829b4c67504fbe785e3c2129d53cbc3b00a62b232e16a01e01b2dc159fea676ea8c0ad0d8f41ea1840092f4900d26f48b5c549211240a5c5ab663b4f9ac463df05c86af9a3f2e595d4f9981b108d44e9ee060fc8736d7ff71a609252fe6becd2aacb23b7ac66ad8a3dfca068fb7846b9588a0b027e45f96d73cdf6c2d9494c6c5c129a8f5a1e8c4f4e6a1adec722ba74e5a002b1c87793cfc5c689ac82881ac346c3e5be4f6570d3669f797916e2018a784d6a88671c6cd803585ba49cabea506177c5e41145d2c7f192012e1478e409d2dde7de2ac2b03b9d808afaf5f761032fd562d587c653eb07ad8ede76dc1aa8a1e7fb5a56f04e3dfa10e77ee1e51f6879c2670278c8471e03b0f62eee8ec60336b604b6721a81d8ef630749dac6298b488ec09a4aa61ced579231d4231a9cf6d7f20683194e6709fbea4ed66cfdec9a7238bbad6894ceb6c0ca3307274f2749be8450180456280289d0179d8396902250cddd7a440c24ae7df78bc8e146b1b8e5c9924d2b07646ff577da61968503bad37d240aacc9dbba0f665acf1d56667d1aa7e497b7947cca22f7a55113f5e10bc9987e9b5d9405f625a604f7099cf365ea8d3530dfba6b9977f8441e23147049ae8bf0231d824397e885589c693d8a7e756e46baf67f21b062cf6d8db25140c4301233bcb18b408e3c7959056a3307546f09f13e2e732dc26b9bab0ac74d72bc0f115f7cf682aed23d9c627da1c4e4b221bd85a6c19f0391b23137f551cfb99cb1da33d42840439d0ec5f2d0e75c74d15918460e915c18dccf2f9d0ee508292c871ec9f4f2a2d1628a914487df2e8aa43bbb0bf1427e2f99e8eaaa588df310b9e50aeba057b2ce863eaaf9ecca3fc190d88bf10", 0xfffffffffffffee9, 0x4004085, 0x0, 0x49)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000340)=0x1, 0x4)

5.90818529s ago: executing program 0 (id=3315):
socket$packet(0x11, 0x3, 0x300) (async)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x4000000000080002, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1000000) (async)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000540)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000540)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async, rerun: 32)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async, rerun: 32)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38) (async)
writev(r4, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
ioctl$int_in(r3, 0x5452, &(0x7f0000000140)=0x2)
writev(r3, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x11) (async)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
bind$packet(r1, &(0x7f0000000d00)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x14) (async, rerun: 32)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
vmsplice(r7, &(0x7f00000004c0)=[{&(0x7f0000000080)='Q', 0x1}], 0x1, 0xd)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) (async)
setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000040)=0x2, 0x4) (async)
socket$netlink(0x10, 0x3, 0x2)

5.864718118s ago: executing program 0 (id=3316):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000c0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)

5.771830605s ago: executing program 3 (id=3318):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000000)=0x28, 0x4)
sendmmsg$inet6(r0, &(0x7f0000001340)=[{{&(0x7f0000000140)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0xa}}, 0x1c, 0x0}}], 0x1, 0xc040)
setsockopt$inet6_udp_int(r0, 0x11, 0x65, &(0x7f0000000080)=0x4, 0x4)
sendmmsg$inet6(r0, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x1400}}], 0x1, 0x40000)

5.609567526s ago: executing program 3 (id=3320):
r0 = socket$rxrpc(0x21, 0x2, 0x2)
sendto$rxrpc(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e22, 0xe, @remote, 0x8}}, 0x24)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket(0x11, 0x3, 0x1)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000000)={'team0\x00', <r4=>0x0})
bind$packet(r2, &(0x7f00000001c0)={0x11, 0x3, r4, 0x1, 0x8, 0x6, @broadcast}, 0x14)
socket$packet(0x11, 0x3, 0x300)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)}, 0x20004840)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000680)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x2048010}, 0x40000)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0)={0x0}, 0x1, 0x0, 0x0, 0x11}, 0x0)
r6 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x1, 0x20}, 0xc)
sendmsg$DEVLINK_CMD_RATE_DEL(r6, &(0x7f0000000500)={&(0x7f0000000240), 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="02002abddf254d0000000e00a80066697273746e616d650000000800030003000000080003000000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x810}, 0x80)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000540)={0xa, 0x4e24, 0x8, @loopback, 0x9}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1, 0x0, 0xffffffffffffff1d}, 0x44004804)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x13b)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000340)={0x2000, r7}, 0x0)
landlock_restrict_self(r2, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000280)='./file0/file0\x00', 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000002700)={0x1, 0x2, 0x1, 0xfffffff8}, 0x10)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x111, 0x5}}, 0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x13f, 0x6}}, 0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty}}, 0xffffec47, 0x9, 0xffff1895, 0x100, 0x25, 0x7}, 0xfffffffffffffcfa)

4.730954187s ago: executing program 3 (id=3323):
userfaultfd(0x80001)
socket(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80", @ANYRES16=r2, @ANYRES32=r2], 0x44}}, 0x2000800)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008804}, 0x20040040) (fail_nth: 9)

4.620491553s ago: executing program 0 (id=3324):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x7fffffff, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xfb}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_opts(r1, 0x0, 0xd, &(0x7f0000000100)="ac", 0x1)
recvmmsg(r0, &(0x7f0000002980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002740)=""/20, 0x14}, 0x6}], 0x1, 0x10100, 0x0)
r2 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000140)={{{@in6=@mcast2, @in6}}, {{@in6=@private0}, 0x0, @in6=@private2}}, &(0x7f0000000080)=0xe4)

4.25176027s ago: executing program 3 (id=3325):
socket$inet6(0xa, 0x2, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000100)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x27, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)

3.867657653s ago: executing program 3 (id=3327):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x24, &(0x7f0000000000)={0x40, 0xe, 0x4, "49f08a22"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x3bd4, &(0x7f0000000180)={0x0, 0xcc19, 0x130c8, 0x6, 0x30e}, &(0x7f0000000100), &(0x7f0000000200))
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r1, 0xc, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000100)={0x20, 0x8, 0x4, "de4a0633"}, 0x0, 0x0})

3.86146446s ago: executing program 1 (id=3328):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000)
prctl$PR_GET_SECUREBITS(0x1b)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r0, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @mcast2}, 0x1c)
mmap$fb(&(0x7f00001eb000/0x2000)=nil, 0x2000, 0xc, 0x30, r0, 0xb1000)
sendmmsg$inet6(r0, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)='B', 0x1}], 0x1}}], 0x1, 0x400c404)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x2da, 0x105401)
mmap$snddsp_control(&(0x7f0000ada000/0x4000)=nil, 0x1000, 0x2000000, 0x30, r1, 0x83000000)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0xb7, 0x93, 0xe3, 0x40, 0xeb1a, 0xe303, 0xfca0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xa1, 0x7, 0x8a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2}}]}}]}}]}}, 0x0)
exit(0xfe)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r2)
close(r2)
ioctl$HIDIOCSUSAGE(r2, 0x4018480c, &(0x7f0000000000)={0x2, 0x100, 0x3ff, 0x59, 0x7, 0x954d})
sendmmsg$inet6(r0, &(0x7f0000004740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x48c0)

3.384566989s ago: executing program 0 (id=3329):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@broadcast, @local}, 0x10)
setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000000c0)={0x0, 0x0, 0x5, 0x4, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100}, 0x10)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300))
r1 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x40000)
ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0xc0844123, &(0x7f0000000000)=0x6)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r1, r1, r1}, &(0x7f0000000100)=""/83, 0x53, &(0x7f0000000340)={&(0x7f0000000300)={'rmd160-generic\x00'}})
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x8a, 0x31, 0x7c, 0x40, 0x545, 0x800d, 0x30a, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xb3, 0x8e, 0xd1}}]}}]}}, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2eb2b00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x8010)
r4 = socket$igmp(0x2, 0x3, 0x2)
r5 = userfaultfd(0x80001)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000380)={0x2, 0x0, @ioapic={0x0, 0xe6, 0x2, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87}, {0x9, 0x8, 0x8, '\x00', 0x10}, {0xff, 0x7f, 0xd3, '\x00', 0x69}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0xf5, '\x00', 0xb4}, {0xf, 0x4, 0x54, '\x00', 0xff}, {0x75, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc}, {0x7f, 0x5, 0x4a, '\x00', 0x8}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xfb, 0x58, 0xff, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x8, '\x00', 0x6}, {0xf, 0xee, 0x8, '\x00', 0x3}, {0x3d, 0x2, 0xf, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x9}, {0x4, 0xc, 0x5, '\x00', 0xe9}, {0x7, 0x2, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x83, '\x00', 0x7c}, {0x10, 0x6, 0x92, '\x00', 0x10}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_GET_NESTED_STATE(r8, 0xc080aebe, &(0x7f0000000440))
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x44})
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000100)={{&(0x7f000089c000/0x1000)=nil, 0x1000}, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_CONTINUE(r5, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000000040), 0x4)

2.958431221s ago: executing program 2 (id=3330):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x80782, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x2)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000000))
r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x6)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
write(r0, &(0x7f0000000100)="df", 0x1)
write(r1, 0x0, 0xff81)

2.861694877s ago: executing program 2 (id=3331):
socket$inet6(0xa, 0x2, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000100)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0) (fail_nth: 9)

2.439926822s ago: executing program 2 (id=3332):
r0 = socket(0x10, 0x803, 0x0)
bind$netlink(r0, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404c084}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xf00, &(0x7f0000000340)={&(0x7f0000000180)=@newlink={0x2c, 0x10, 0x801, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r1, 0x0, 0x5a01}, [@IFLA_ADDRESS={0xa, 0x1, @link_local}]}, 0x2c}}, 0x0)

2.430464614s ago: executing program 2 (id=3333):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0x4, 0xc52d}}}}]}, 0x44}}, 0x4c850)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xfff3}, {0x0, 0xfff3}, {0xd, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xfff1, 0xb}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041004}, 0x0) (fail_nth: 9)

2.249153128s ago: executing program 4 (id=3334):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000c0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0)

2.105155339s ago: executing program 2 (id=3335):
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x7, 0x400) (async, rerun: 32)
syz_usb_connect(0x2, 0x75d, &(0x7f0000000180)={{0x12, 0x1, 0x1, 0x5a, 0x99, 0xf0, 0x10, 0x413c, 0x4004, 0x36a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74b, 0x4, 0x4, 0xff, 0x160, 0x3, [{{0x9, 0x4, 0x95, 0xfe, 0x6, 0x68, 0xd3, 0x91, 0xb, [@cdc_ncm={{0x6, 0x24, 0x6, 0x0, 0x1, 'K'}, {0x5, 0x24, 0x0, 0xb10}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x4, 0x4, 0x4}, {0x6, 0x24, 0x1a, 0x200, 0x14}, [@country_functional={0x12, 0x24, 0x7, 0x0, 0xfff, [0x7fff, 0x1, 0x800, 0x0, 0x3ab1, 0x6]}, @mbim_extended={0x8, 0x24, 0x1c, 0x1000, 0x1a, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x9}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0x9, 0x3, 0x14}]}], [{{0x9, 0x5, 0x5, 0x10, 0x20, 0x0, 0x3, 0x8f}}, {{0x9, 0x5, 0xb, 0x0, 0x10, 0x4, 0x1, 0x5}}, {{0x9, 0x5, 0x5, 0x10, 0x20, 0x20, 0x7, 0x20}}, {{0x9, 0x5, 0xc, 0x0, 0x40, 0x6, 0x5, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x9}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x4, 0xe6e}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0xf0, 0x8, 0xe3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0xff81}]}}, {{0x9, 0x5, 0xe, 0x2, 0x208, 0x7, 0x7f, 0x6, [@generic={0xf, 0x2, "d838eb2b20cbfd6e087ecdda3a"}]}}]}}, {{0x9, 0x4, 0x43, 0xc1, 0xd, 0x4e, 0xef, 0x5e, 0x6, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x6, 0x6, 0x1004}, @as_header={0x7, 0x24, 0x1, 0xfc, 0x8, 0x1007}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x9, 0x4, 0x3, 0xe, "a6d05679"}]}, @uac_as={[@format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x40, 0x1, 0x4, 0xff, '/'}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x8, 0x2, 0x0, 0x6, "527fa97ad2b0"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0xf4, 0x4, 0x0, 0x2, "f1", 'u'}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x6, 0x2, 0x2, 0x5, 'aU', "3c8177"}]}], [{{0x9, 0x5, 0x9, 0x4, 0x10, 0x9, 0x7, 0xfd, [@generic={0x29, 0x24, "e0019260e06bc2e267795dcd455c0c16125aa5ae821751038e48c5b79e3bb3bd5c8880df6ef106"}, @generic={0x8f, 0xe, "69821ea3bad6c569e3050daf1631014b1f479dd327cd6bf4f620e218b810d4bdb7c0580fb1a86e386bbf6522ab383bd3006b14fcd70256afe23e97285c8230de91c3f6ad66fb3ff7aa8f68f3685aca03756324b753416aa6de35ae072625c70c6d3240bb69a1d2b4dbc4295c6f2cb3f85d25ee7cb04c5be76c79064088888766b7f27f4f518e9b98c5d0745157"}]}}, {{0x9, 0x5, 0x9, 0x10, 0x10, 0xeb, 0xfe, 0xc}}, {{0x9, 0x5, 0x80, 0xb, 0x3ff, 0x7, 0xae, 0x41, [@generic={0x8a, 0x1, "103a65b97cf276e65e5b065b052fe5ca75b36dcd62666fb4230a23527e593a6af66d4b59d02060a82d203a6bcad7bed6ac434445cc373a8e137791454261bcc2222a3c56cacd7fa6a3df2140ad152619528a92fbaf2266287186828cb124763c424446614d4874743b4813d44236dda2b5cb508dc57b6bbe4f02dd367d4fcd09f26219bffc9c3add"}, @generic={0x30, 0x22, "642d950c1678981dd0cd8c623217a12f58bc3056f7dd6bc68a5fc0995209c3d1d7ee6f71bf8e5f0d5d8c94e07c84"}]}}, {{0x9, 0x5, 0xe, 0x0, 0x10, 0xf6, 0x6, 0x1}}, {{0x9, 0x5, 0x8, 0x0, 0x10, 0x7, 0x3, 0x6, [@generic={0x6d, 0x11, "4974e13a53ba8a819d6ff716572d9b1576bc44e0b893d3c3bbc0963746a5c989f77b8f6087db3939021d5a04f2c078392ef923cce511896e3fe82edc5eff5903cf40d6022bceb6ab3841880b597f0ef372332f65e538a9313ab82b00ce48444f5f29fa9eccc641bc397b81"}, @generic={0x10, 0x22, "37eaf3489c40d5a2550f8c4caf51"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x400, 0x50, 0x80, 0x9d, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x3, 0xe6}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0xb, 0x6}]}}, {{0x9, 0x5, 0x4, 0x10, 0x3ff, 0xd, 0x2, 0x1, [@generic={0x40, 0x24, "2aab7acb7589c90d1d72800ac3ac6a4ef552d6851a9a1b4b272670b1e09a11594925f8936070854cb8bf5dc5222b5652ec50c5f45c25f64c0473b280c32d"}, @generic={0x8d, 0x21, "2de5e2ac678e7fd3bac87f59d34f1fe07a3bbba8c02d92969d8f675eaef4bee8e69c32489e18e65ec24f524ca27eba559745f89de6a264679cbb12ca580ce59488507cb62b822b544c339a51ee087174426590cbb9666fab0ef6571aaec2c666975615ecb83a116d1084380709d701099ef3328fda588e0a9013e2a7ec9c56fd4a11a9795928b16c644d50"}]}}, {{0x9, 0x5, 0xb, 0x3, 0x3ff, 0x1, 0x2, 0x1, [@generic={0xd1, 0x4, "7195298d5ee57ba4208847e77adc1afd3f65176414c3722d685165ec851e2f7db43d9c4c78387edd01e0172138ff2f72d62cd960dc1fa1d700f7f85cb89bf8999a3087aa0fb18c957a22a861f03e8e4bd4b7d085db31e11439401889e38ccdf7109ddd4e750d62b2a5912c1d457fe6e0161dc3001bcef646295e9c89adf4bc027425b002c89f30060c59d97c9509f51cd699f94ab51f2131d6e9bfbe6b8f7b8b04860609616d6106256a6a5931aa33f455be4848776e344776f2a7f8b76775660d20f5f5cb7d8ebf1df2f23d6edecc"}]}}, {{0x9, 0x5, 0x3, 0x10, 0x200, 0x86, 0xf8, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x21, 0x101}, @generic={0x4c, 0x10, "6eab489ae94380c8589838eed65da0785fbdefd048f6df92d9b288e5d880c8a12f2084b4d5064dd231298903e3868a5f43defbe603b4739b3614228e9ada5ede6028ad32199dff800715"}]}}, {{0x9, 0x5, 0xb, 0x10, 0x30, 0xf5, 0x4, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x1}]}}, {{0x9, 0x5, 0xa, 0x10, 0x40, 0x3, 0x9, 0xa}}, {{0x9, 0x5, 0x6, 0x12, 0x440, 0x40, 0x5, 0x81}}, {{0x9, 0x5, 0x9, 0x10, 0x3ff, 0x0, 0x5, 0x4}}]}}, {{0x9, 0x4, 0xf0, 0x0, 0x0, 0xff, 0xff, 0xff, 0xf}}, {{0x9, 0x4, 0x4, 0x5, 0x8, 0x35, 0xdb, 0x70, 0x8, [], [{{0x9, 0x5, 0xc, 0x4, 0x3ff, 0x47, 0x7f, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xf, 0x6}]}}, {{0x9, 0x5, 0xd, 0x4, 0x40, 0x6, 0x1, 0x1}}, {{0x9, 0x5, 0x3, 0x3, 0x20, 0x40, 0x0, 0x89}}, {{0x9, 0x5, 0x2, 0x1, 0x30, 0xc1, 0x6, 0x8, [@generic={0x97, 0x22, "9a2077cdcc14ca23fa7e371d9db4c7bb5b4151f6bf5ac1c283a408901a230775b9917a793f531192363a44213a490bced07cc304d286b17fe6bf82dd0108f55b74b762d1df8ad56fe7fe474f5f7444a5cad714b7109bde9920f4ba501c85eeae41987ad86cf9ef402da41fc525d5c741207758958d889bfb24893af9df3b3195ebf884047c678b5cabf2f00a3e52576bba65ee1a56"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x200, 0xe, 0x2, 0x4}}, {{0x9, 0x5, 0xd, 0x4, 0x20, 0xf7, 0x2, 0xa, [@generic={0xbc, 0xc, "8f3a6680b5758741592a3f1d4e7da9d83ee932d2c2cb77d96bf2dc4d43a3910903b1cae3a67846f598414058d36c806cab32d5b0010d804559abdc3f81687b3f4209b57edf23db6e16eec134b22898592ebe76c5f64adbe7c2fc86e171494dbf752e54f8b70edf401e51db51d0020be04e68183cef34c6e4f12d49368379a1c7d80d8b5e39cc5a77940ef1dc4cb4d903bcd0f8c0949124b13274af704c758235c84b6a431ff1dea3d41f3d856d91d95087e5b5a9f4f0f9cad68b"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0xea66}]}}, {{0x9, 0x5, 0x9, 0x0, 0x10, 0xa, 0x2, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x8, 0x2}]}}, {{0x9, 0x5, 0xc, 0x4, 0x3ff, 0x1, 0x5, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x40, 0xfff9}]}}]}}]}}]}}, &(0x7f00000009c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x3, 0x1, 0xf7, 0xff}, 0x4c, &(0x7f0000000080)=ANY=[@ANYBLOB="050f4c00240b10010242000603050001141004000ac2b7b1e94b6d81395de0b0ef9bcaf9141004406d31a492665f704a879c39aa7f41bc54d2671f0299605af457db29854d40a1ff46d44d9a"], 0x2, [{0xc0, &(0x7f0000000900)=@string={0xc0, 0x3, "39a6102a9a53ef38dbe16f34fb08845aef564c750dda556a6654150a143c3550d17c5a93c1a105104ebe1ca779c6df7bc94c72cece83efe70cfb7866e8237f25342657f5a8ef57aa086f169035b049a928867fa339124a188b7f4ea68e0cadc0a05ff0f8229c2de9260e4762c3fe5a20d16bb3afd233658124ca25c668513a2282b13fb3245d37542e17450ce2a97c7ec78ddfa5fb8f0a4cee709ea37a1ab7d9cf67a51b1f8a575cbf83cadbca8d5f38111d7de7c30524b46d6bde01fbe9"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x439}}]}) (async, rerun: 32)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
fsopen(&(0x7f0000000a40)='incremental-fs\x00', 0x1) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a00)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x3}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000000}, 0x200400c4) (async)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0}) (rerun: 64)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x2, 0xe}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x4, 0x9}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) (async)
close(0x3) (async)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f00090582", @ANYRES32=r0], 0x0)

1.922981176s ago: executing program 2 (id=3336):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
syz_emit_ethernet(0x32, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x17c1, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "d482449a"}}}}}}, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r3, 0x80085665, &(0x7f00000000c0)={0x3, 0x1ff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0xc6b2, 0x0, 0x800, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
keyctl$clear(0x11, 0xfffffffffffffffd)
close(0xffffffffffffffff)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
getpid()
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080)
read$FUSE(r0, &(0x7f00000005c0)={0x2020}, 0x2020)
socket$igmp6(0xa, 0x3, 0x3a)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000580), r5)
sendmsg$FOU_CMD_GET(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x2c, r6, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @dev={0xac, 0x14, 0x14, 0x16}}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e20}, @FOU_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
getsockname$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'vcan0\x00'})

1.912124015s ago: executing program 4 (id=3337):
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xc5fffffd)
syz_emit_ethernet(0x32, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x17c1, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "d482449a"}}}}}}, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r3, 0x80085665, &(0x7f00000000c0)={0x3, 0x1ff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0xc6b2, 0x0, 0x800, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000380), 0x292d82, 0x0)
close(r4)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
getpid()
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080)
read$FUSE(r0, &(0x7f00000005c0)={0x2020}, 0x2020)
socket$igmp6(0xa, 0x3, 0x3a)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000580), r6)
sendmsg$FOU_CMD_GET(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x2c, r7, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @dev={0xac, 0x14, 0x14, 0x16}}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e20}, @FOU_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
getsockname$packet(r0, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000280)=0x14)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'vcan0\x00'})

1.339564246s ago: executing program 3 (id=3338):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='source', &(0x7f0000000400)='//\xf2/\x06\b\xa30\\\x00\x00\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\n\x8c<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/\xd15)\xeatn\xa3\x88\x13i\xb6\x7ft\x95\xd7\x01o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x94\x00\x00\x00\x00\x00\x00\x00g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xef\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xba\xec\x99@\xd2\t\n\xb1o', 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xfffffffffffffffe, 0x7, 0xfa11, 0xffffffff}, 0x0)
accept4(r1, &(0x7f00000002c0)=@rc={0x1f, @fixed}, &(0x7f0000000000)=0x80, 0x80800)
socket$inet_mptcp(0x2, 0x1, 0x106)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
shmget$private(0x0, 0x1000, 0x40, &(0x7f0000ffc000/0x1000)=nil)
openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x448000, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000c80)={'syz1\x00', {0x40, 0x6e2f, 0x11f9, 0xfff8}, 0x4c, [0x8, 0x8, 0xb0, 0x80, 0x5, 0x5, 0x7fffffff, 0x0, 0x46, 0x838, 0xffffff0c, 0x3, 0x9, 0x8, 0x2, 0x4, 0x6c1, 0x400004, 0x3, 0x2, 0x0, 0x800, 0x6, 0x6, 0x5, 0x10001, 0x7, 0x6, 0x77, 0x8001, 0x7, 0xd, 0x401, 0x7, 0x8, 0x3, 0x4, 0xff, 0x1, 0x0, 0xfffffe01, 0x0, 0x40399, 0x101, 0x2, 0x100db, 0x1, 0xc, 0x7, 0xf, 0x2, 0x1, 0x0, 0x800, 0x7f, 0x9, 0x3, 0x21c2, 0x0, 0xc10d, 0x7, 0x8, 0x9, 0x3], [0x2, 0xc, 0xff, 0x7, 0xa, 0x9, 0x1000, 0x100, 0x27, 0x2, 0x9, 0x2, 0x4, 0x7, 0x2c85, 0xf77, 0x60, 0xb, 0x1, 0x8, 0x71e4, 0x0, 0x10000, 0x3, 0x9f3, 0x800, 0x0, 0xe842, 0xff6, 0xca, 0x9, 0x7, 0x7, 0x6, 0x9, 0x6, 0xc7, 0x27f, 0xf, 0x1, 0x550, 0x2, 0x3, 0x8, 0x2, 0x0, 0x4000003d, 0x13d, 0x101, 0x9, 0x10001, 0x9f, 0xe2d8, 0x783, 0x5, 0x0, 0x4, 0x8, 0x3460, 0xffff, 0x8a42, 0x4000, 0x102, 0x1], [0x62e2adfb, 0x809f57, 0x4, 0x80000000, 0x7, 0x8, 0x1, 0xfffffff7, 0x1, 0x2, 0x4, 0x4, 0x6, 0x4800001, 0x0, 0x2e, 0x7, 0x2, 0x5, 0x7, 0x1, 0x7, 0xffff8000, 0x8, 0x3, 0x6, 0x10001, 0xfff, 0x0, 0x8, 0xffef2f9e, 0x9, 0x6, 0xc, 0x9a8, 0x5, 0x3, 0x5, 0x3, 0x690bd85f, 0x7, 0x3, 0x9, 0x200, 0xb3, 0xcf, 0x2, 0x6, 0x0, 0x7fff, 0xc8, 0x8, 0x1d7, 0x5, 0xfe, 0x7ff, 0x2, 0x5, 0x6, 0x4, 0x5, 0x9d, 0x1, 0x7825], [0x3, 0x0, 0x4, 0x4, 0x400002, 0xf, 0x5, 0xfffffffd, 0x10001, 0x2, 0x4, 0x2, 0x2, 0x9, 0x7fffffff, 0x3, 0x2, 0x7, 0x9, 0x5, 0x5, 0x2, 0xffffff7f, 0x8, 0x1, 0x5, 0x8, 0xc6d9, 0x631, 0x200, 0x4, 0x1, 0x4, 0x5, 0x40, 0xffff, 0x5, 0x7ff, 0x6, 0x10, 0x7, 0x1, 0x6, 0x80000000, 0x3, 0x3, 0x10000, 0x9, 0x2, 0xffffffff, 0x4, 0x4, 0x4, 0x2, 0x8001, 0x40000000, 0x105, 0xb9, 0xfff, 0x400, 0x22, 0x2, 0x75, 0x9]}, 0x45c)
ioctl$UI_DEV_CREATE(r5, 0x5501)
ioctl$UI_SET_PROPBIT(r5, 0x4004556e, 0x8)
restart_syscall()
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(0xffffffffffffffff, r4, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
open(0x0, 0x143862, 0x32)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040))
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

728.654924ms ago: executing program 1 (id=3339):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="021800001c000000000000000000000005000600000000000a00030000000000000000000000000000000000000000000000000000000000020012000000000000000000fcffffff0600ff0000000000000000000000000000000000000000000000000001000000fe8000000000002100000000000000bb050005002b0000000a00000000000000fc010000000200000002000000000000000000000000000008001900000000000a00000000000000fe8000000000000000000000000000bb000000000a"], 0xe0}}, 0x0)
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000080)={0xfffffffc, "5e5c3446aa0ecd604c893eba3198600b1891109654fe9676d14574be70b6225c", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_FILE_INFO(r6, 0xc0383e04, &(0x7f0000000580)={""/32, 0x0, 0x0, 0xffffffffffffff2e, 0x0, 0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c000f22a931055960cbe993d6f48045a604d0db65cf37a79148b1fa76d913c563a1cd0b12551c472d632f032206d2f2582c4ffaed150518582bbf1ef370e302bc08fe2ea5f1c457f395a5f42152cd675d78e768ad5f17fb51491b904a874d96667950e2f6bfa26d9f7377e0853193fa350d71bbf49720de32c8bef7fe07d79e87339eac88def979eb9db1fc13cbc382e6e617ac26a58d48706182e06724ec26e39619dca1ab88ff0c92fb303e295940cfd1209cfcfb05d9119103a91f82fd3661d40e889c0a9447e5c18a5b4e5caeffcc48bcb24b9a749be0337338485a5f4f7efe454e79718df922069c6456527e45cfe64ed6c9652ffd4d9446"])
write$FUSE_INIT(r8, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
r9 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000500)={{{@in6=@local, @in=@loopback}}, {{@in=@multicast1}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e21}]}}}]}, 0x3c}}, 0x4000)
syz_fuse_handle_req(r8, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r10 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)
getdents64(r10, 0x0, 0x0)
syz_fuse_handle_req(r8, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e110096704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6cc90e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f56c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111fe6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab42fa6104d5a99aa36b73ac3622ccae122524c28a6557cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd41322a8b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc40821258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a166470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001040)=ANY=[@ANYBLOB="b00000000000000000000000000000000000000000200000000000000000000000000000000000000200000000000000000020000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000c0000000000000", @ANYRES32=0x0, @ANYRES32=r8, @ANYBLOB='\x00!\x00\x00\x00\x00\x00\x00Fw\x00'/28], 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newqdisc={0xa0, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x4, 0x3}, {0xffff, 0xfff5}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}, @TCA_STAB={0x6c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x14, 0x8670, 0x5, 0x1, 0x5c4}}, {0x4}}, {{0x1c, 0x1, {0x22, 0x0, 0x2, 0xf21, 0x0, 0x2, 0x0, 0x3}}, {0xa, 0x2, [0x3, 0x8, 0x0]}}, {{0x1c, 0x1, {0x2, 0x9, 0x7fff, 0x101, 0x0, 0x4, 0x7}}, {0x4}}]}]}, 0xa0}}, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x8417f, 0x0)

177.196365ms ago: executing program 0 (id=3340):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newtaction={0x100, 0x30, 0x1, 0x0, 0x25dfdbfd, {}, [{0xec, 0x1, [@m_vlan={0xe8, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0xb9, 0x6, "c41e7eb67d8bddf6ecca3fcfc9c8bab23844138f07000a0d92a7c53dab5f6efff3b82af16c6fe8ed98d677af03d42c7b6f52d0c9b3b91022cdc26be7b68959db6d37205258a3bb5d2faa69929636c7dc47998ce5d6f688811aaecab49d53f2cb6448509bedfc2302afaa37cc22bb68a769159577c1baeeb59bb2f26c1d42a8d4621a37d9a0664d53def1c7b17515fc94f8e13ccfc648cc208f882bc16ca65775e4fa615ea3b2a1fad88f9f0c439c5a2474a1035a40"}, {0xc}, {0xc}}}]}]}, 0x100}}, 0x4000840)
syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000080)=@mgmt_frame=@deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {}, @device_a, @device_a, @from_mac=@broadcast, {0xf, 0x8}}, 0x3a, @void}, 0x1a)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b02"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0x20008054)

0s ago: executing program 4 (id=3341):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x2b)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000140)={0x0, &(0x7f00000012c0)=""/255, &(0x7f0000002580), &(0x7f00000000c0), 0x1, r0}, 0x38)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) (async)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_type(r1, &(0x7f0000000100), 0x2, 0x0) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600) (async)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) (async)
setsockopt$sock_int(r4, 0x1, 0x31, &(0x7f0000001600), 0x4) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) (async)
write$cgroup_type(r2, &(0x7f0000000280), 0x9)
syz_usb_connect(0x3, 0x46, &(0x7f0000000000)=ANY=[@ANYRESHEX=r0], 0x0) (async)
ioctl$KIOCSOUND(r3, 0x4b2f, 0x80000000)

kernel console output (not intermixed with test programs):

 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  697.816092][T15397] RIP: 0023:0xf7fb2539
[  697.816112][T15397] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  697.816128][T15397] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  697.816151][T15397] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c0a
[  697.816162][T15397] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  697.816170][T15397] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  697.816177][T15397] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  697.816185][T15397] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  697.816214][T15397]  </TASK>
[  698.510235][T15397] loop2: detected capacity change from 0 to 7
[  698.551218][T15397]  loop2:
[  698.569062][T15397] loop2: partition table partially beyond EOD, truncated
[  698.587906][ T9829] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.677299][ T9829] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[  698.698334][ T5907] usb 1-1: USB disconnect, device number 6
[  698.778232][T15306] batman_adv: batadv0: Adding interface: batadv_slave_1
[  698.785638][T15306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  698.813049][T15306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  698.850014][T15306] hsr_slave_0: entered promiscuous mode
[  698.857239][T15306] hsr_slave_1: entered promiscuous mode
[  698.863340][T15306] debugfs: 'hsr0' already exists in 'hsr'
[  698.869487][T15306] Cannot create hsr debugfs directory
[  699.099911][ T9829] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.114381][T15406] futex_wake_op: syz.0.2992 tries to shift op by -1; fix this program
[  699.123951][ T9829] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20001 - 0
[  699.467490][ T9832] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  699.589854][   T52] Bluetooth: hci4: command tx timeout
[  700.478889][ T9829] bridge_slave_1: left allmulticast mode
[  700.496119][ T9829] bridge_slave_1: left promiscuous mode
[  700.523898][ T9829] bridge0: port 2(bridge_slave_1) entered disabled state
[  700.607623][ T9829] bridge_slave_0: left allmulticast mode
[  700.613356][ T9829] bridge_slave_0: left promiscuous mode
[  700.654139][T15417] binder: 15416:15417 ioctl 400454d9 800005c0 returned -22
[  700.670356][ T9829] bridge0: port 1(bridge_slave_0) entered disabled state
[  700.694987][T15417] binder: 15416:15417 ioctl 8004ae98 80000580 returned -22
[  700.889818][T15423] futex_wake_op: syz.1.2997 tries to shift op by -1; fix this program
[  701.400588][ T5907] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  701.441502][T15432] FAULT_INJECTION: forcing a failure.
[  701.441502][T15432] name failslab, interval 1, probability 0, space 0, times 0
[  701.454426][T15432] CPU: 0 UID: 0 PID: 15432 Comm: syz.2.3000 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  701.454459][T15432] Tainted: [L]=SOFTLOCKUP
[  701.454467][T15432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  701.454479][T15432] Call Trace:
[  701.454488][T15432]  <TASK>
[  701.454498][T15432]  dump_stack_lvl+0xe8/0x150
[  701.454530][T15432]  should_fail_ex+0x412/0x560
[  701.454561][T15432]  should_failslab+0xa8/0x100
[  701.454585][T15432]  __kmalloc_noprof+0xde/0x7e0
[  701.454605][T15432]  ? tomoyo_encode+0x28b/0x550
[  701.454637][T15432]  tomoyo_encode+0x28b/0x550
[  701.454669][T15432]  tomoyo_realpath_from_path+0x58d/0x5d0
[  701.454706][T15432]  ? tomoyo_path_number_perm+0x219/0x630
[  701.454729][T15432]  tomoyo_path_number_perm+0x246/0x630
[  701.454754][T15432]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  701.454776][T15432]  ? __lock_acquire+0x6b5/0x2cf0
[  701.454889][T15432]  ? __fget_files+0x2a/0x420
[  701.454917][T15432]  ? __fget_files+0x3a0/0x420
[  701.454938][T15432]  ? __fget_files+0x2a/0x420
[  701.454963][T15432]  security_file_ioctl_compat+0xc3/0x2a0
[  701.454996][T15432]  __ia32_compat_sys_ioctl+0x139/0x950
[  701.455028][T15432]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  701.455060][T15432]  ? __fget_files+0x3a0/0x420
[  701.455089][T15432]  ? fput+0xa0/0xd0
[  701.455113][T15432]  ? ksys_write+0x242/0x270
[  701.455144][T15432]  ? __pfx_ksys_write+0x10/0x10
[  701.455180][T15432]  __do_fast_syscall_32+0x1d2/0x540
[  701.455204][T15432]  ? lockdep_hardirqs_on+0x7a/0x110
[  701.455222][T15432]  ? do_fast_syscall_32+0x33/0x70
[  701.455241][T15432]  ? asm_int80_emulation+0x1a/0x20
[  701.455260][T15432]  ? do_int80_emulation+0x20e/0x400
[  701.455281][T15432]  ? rcu_is_watching+0x15/0xb0
[  701.455303][T15432]  do_fast_syscall_32+0x33/0x70
[  701.455326][T15432]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  701.455350][T15432] RIP: 0023:0xf7fb2539
[  701.455367][T15432] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  701.455386][T15432] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  701.455409][T15432] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0185500
[  701.455430][T15432] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  701.455443][T15432] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  701.455456][T15432] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  701.455468][T15432] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  701.455500][T15432]  </TASK>
[  701.455596][T15432] ERROR: Out of memory at tomoyo_realpath_from_path.
[  701.696193][   T52] Bluetooth: hci4: command tx timeout
[  701.702391][T11536] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  701.852841][ T9829] bond1 (unregistering): Released all slaves
[  701.876102][ T5907] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  701.885327][ T5907] usb 1-1: New USB device found, idVendor=055d, idProduct=9001, bcdDevice=31.44
[  701.927122][ T5907] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.973520][ T9829] bond0 (unregistering): Released all slaves
[  701.984097][ T5907] usb 1-1: config 0 descriptor??
[  702.014550][ T5907] pwc: Samsung MPC-C30 USB webcam detected.
[  702.036457][T11536] usb 5-1: Using ep0 maxpacket: 32
[  702.048719][T11536] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  702.082565][T11536] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.133017][T11536] usb 5-1: Product: syz
[  702.142309][T11536] usb 5-1: Manufacturer: syz
[  702.236349][   T30] audit: type=1326 audit(1770143955.674:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.266757][T11536] usb 5-1: SerialNumber: syz
[  702.272445][T15425] xfrm0: entered promiscuous mode
[  702.278863][T15425] xfrm0: entered allmulticast mode
[  702.304913][ T5907] pwc: send_video_command error -71
[  702.315237][T11536] usb 5-1: config 0 descriptor??
[  702.320454][   T30] audit: type=1326 audit(1770143955.674:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.344124][ T5907] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  702.352199][ T5907] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  702.363755][T11536] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  702.378618][ T5907] usb 1-1: USB disconnect, device number 7
[  702.384765][   T30] audit: type=1326 audit(1770143955.674:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.439360][   T30] audit: type=1326 audit(1770143955.674:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.458718][ T9829] tipc: Left network mode
[  702.641073][   T30] audit: type=1326 audit(1770143955.674:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.733917][   T30] audit: type=1326 audit(1770143955.684:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.764471][   T30] audit: type=1326 audit(1770143955.684:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.787644][   T30] audit: type=1326 audit(1770143955.684:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.814015][   T30] audit: type=1326 audit(1770143955.684:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  702.840179][   T30] audit: type=1326 audit(1770143955.684:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15434 comm="syz.2.3001" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  703.239577][T15449] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  703.269427][T15449] netdevsim netdevsim0: Direct firmware load for /
[  703.269427][T15449]  failed with error -2
[  703.293676][T15449] netdevsim netdevsim0: Falling back to sysfs fallback for: /
[  703.293676][T15449] 
[  703.705104][T15306] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  704.067309][T15443] delete_channel: no stack
[  704.108655][T11536] gspca_topro: Sensor cx0342
[  704.202745][T15306] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  704.305229][T15306] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  704.457431][T11536] usb 5-1: USB disconnect, device number 101
[  704.461126][T15306] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  705.326628][T15306] 8021q: adding VLAN 0 to HW filter on device bond0
[  705.420674][T15481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3007'.
[  705.445713][T15481] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3007'.
[  706.150742][T15306] 8021q: adding VLAN 0 to HW filter on device team0
[  706.217251][T15498] futex_wake_op: syz.1.3011 tries to shift op by -1; fix this program
[  706.387905][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  706.395244][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  706.422378][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  706.429639][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  706.444936][T15502] binder: 15500:15502 ioctl c0306201 800001c0 returned -22
[  706.761629][ T9829] hsr_slave_0: left promiscuous mode
[  706.902033][ T9829] hsr_slave_1: left promiscuous mode
[  706.909997][ T9829] batman_adv: batadv0: Removing interface: batadv_slave_0
[  706.945932][ T9829] batman_adv: batadv0: Removing interface: batadv_slave_1
[  707.099295][T15513] futex_wake_op: syz.0.3015 tries to shift op by -1; fix this program
[  707.677417][T15519] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3016'.
[  707.715616][T15519] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3016'.
[  707.752744][T15519] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3016'.
[  708.069021][T15522] Set syz0 is full, maxelem 0 reached
[  708.569561][ T9829] team0 (unregistering): Port device team_slave_1 removed
[  708.646387][ T9829] team0 (unregistering): Port device team_slave_0 removed
[  710.402327][T15306] 8021q: adding VLAN 0 to HW filter on device batadv0
[  710.522371][T15547] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3025'.
[  710.595163][T15554] FAULT_INJECTION: forcing a failure.
[  710.595163][T15554] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  710.632915][T15306] veth0_vlan: entered promiscuous mode
[  710.661543][T15306] veth1_vlan: entered promiscuous mode
[  710.678533][T15554] CPU: 0 UID: 0 PID: 15554 Comm: syz.1.3025 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  710.678567][T15554] Tainted: [L]=SOFTLOCKUP
[  710.678574][T15554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  710.678585][T15554] Call Trace:
[  710.678595][T15554]  <TASK>
[  710.678603][T15554]  dump_stack_lvl+0xe8/0x150
[  710.678635][T15554]  should_fail_ex+0x412/0x560
[  710.678664][T15554]  _copy_to_user+0x31/0xb0
[  710.678693][T15554]  simple_read_from_buffer+0xe1/0x170
[  710.678719][T15554]  proc_fail_nth_read+0x1bb/0x230
[  710.678747][T15554]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  710.678774][T15554]  ? rw_verify_area+0x2a6/0x4d0
[  710.678796][T15554]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  710.678821][T15554]  vfs_read+0x20c/0xa70
[  710.678842][T15554]  ? fdget_pos+0x246/0x320
[  710.678864][T15554]  ? __pfx___mutex_lock+0x10/0x10
[  710.678886][T15554]  ? __pfx_vfs_read+0x10/0x10
[  710.678923][T15554]  ? __fget_files+0x2a/0x420
[  710.678948][T15554]  ? __fget_files+0x3a0/0x420
[  710.678966][T15554]  ? __fget_files+0x2a/0x420
[  710.678995][T15554]  ksys_read+0x150/0x270
[  710.679024][T15554]  ? __pfx_ksys_read+0x10/0x10
[  710.679056][T15554]  ? asm_int80_emulation+0x1a/0x20
[  710.679078][T15554]  ? asm_int80_emulation+0x1a/0x20
[  710.679097][T15554]  do_int80_emulation+0x111/0x400
[  710.679121][T15554]  ? clear_bhb_loop+0x60/0xb0
[  710.679138][T15554]  ? clear_bhb_loop+0x60/0xb0
[  710.679159][T15554]  asm_int80_emulation+0x1a/0x20
[  710.679178][T15554] RIP: 0023:0xf711572b
[  710.679196][T15554] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  710.679214][T15554] RSP: 002b:00000000f53b54bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  710.679236][T15554] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f53b55d0
[  710.679250][T15554] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  710.679262][T15554] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  710.679273][T15554] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  710.679285][T15554] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  710.679316][T15554]  </TASK>
[  710.944930][T15306] veth0_macvtap: entered promiscuous mode
[  711.214979][T15306] veth1_macvtap: entered promiscuous mode
[  711.247182][T15306] batman_adv: batadv0: Interface activated: batadv_slave_0
[  711.274413][T15306] batman_adv: batadv0: Interface activated: batadv_slave_1
[  711.358648][T10853] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  711.626091][T10853] usb 3-1: Using ep0 maxpacket: 32
[  712.002273][T10853] usb 3-1: config 2 has an invalid interface number: 88 but max is 0
[  712.013779][T10853] usb 3-1: config 2 has no interface number 0
[  712.039351][T10853] usb 3-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256
[  712.051059][ T9824] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  712.146419][ T9813] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  712.170046][T10853] usb 3-1: config 2 interface 88 has no altsetting 0
[  712.201035][T10853] usb 3-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  712.238761][ T9813] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  712.263112][ T9813] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  712.266128][T10853] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.296545][T10853] usb 3-1: Product: syz
[  712.307461][T10853] usb 3-1: Manufacturer: syz
[  712.335183][T10853] usb 3-1: SerialNumber: syz
[  712.411779][T15562] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  712.442750][ T9829] IPVS: stop unused estimator thread 0...
[  712.573145][ T9813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  712.596176][ T9813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  712.670252][ T9829] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  712.681699][T15562] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  712.696565][ T9829] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  712.816089][ T5898] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  712.976342][ T5898] usb 2-1: device descriptor read/64, error -71
[  713.033118][T15583] FAULT_INJECTION: forcing a failure.
[  713.033118][T15583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  713.126631][T15583] CPU: 1 UID: 0 PID: 15583 Comm: syz.4.3032 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  713.126667][T15583] Tainted: [L]=SOFTLOCKUP
[  713.126675][T15583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  713.126687][T15583] Call Trace:
[  713.126697][T15583]  <TASK>
[  713.126705][T15583]  dump_stack_lvl+0xe8/0x150
[  713.126739][T15583]  should_fail_ex+0x412/0x560
[  713.126768][T15583]  _copy_to_user+0x31/0xb0
[  713.126800][T15583]  simple_read_from_buffer+0xe1/0x170
[  713.126828][T15583]  proc_fail_nth_read+0x1bb/0x230
[  713.126860][T15583]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  713.126901][T15583]  ? rw_verify_area+0x2a6/0x4d0
[  713.126928][T15583]  ? tun_chr_write_iter+0x18a/0x200
[  713.126948][T15583]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  713.126978][T15583]  vfs_read+0x20c/0xa70
[  713.127003][T15583]  ? fdget_pos+0x246/0x320
[  713.127031][T15583]  ? __pfx___mutex_lock+0x10/0x10
[  713.127054][T15583]  ? __pfx_vfs_read+0x10/0x10
[  713.127084][T15583]  ? __fget_files+0x2a/0x420
[  713.127111][T15583]  ? __fget_files+0x3a0/0x420
[  713.127130][T15583]  ? __fget_files+0x2a/0x420
[  713.127161][T15583]  ksys_read+0x150/0x270
[  713.127191][T15583]  ? __pfx_ksys_read+0x10/0x10
[  713.127223][T15583]  ? asm_int80_emulation+0x1a/0x20
[  713.127245][T15583]  ? asm_int80_emulation+0x1a/0x20
[  713.127265][T15583]  do_int80_emulation+0x111/0x400
[  713.127289][T15583]  ? clear_bhb_loop+0x60/0xb0
[  713.127308][T15583]  ? clear_bhb_loop+0x60/0xb0
[  713.127332][T15583]  asm_int80_emulation+0x1a/0x20
[  713.127350][T15583] RIP: 0023:0xf717572b
[  713.127369][T15583] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  713.127386][T15583] RSP: 002b:00000000f54364bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  713.127409][T15583] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54365d0
[  713.127424][T15583] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  713.127435][T15583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  713.127447][T15583] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  713.127458][T15583] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  713.127488][T15583]  </TASK>
[  713.486716][ T5898] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  713.593526][T15590] netlink: 'syz.3.3031': attribute type 10 has an invalid length.
[  713.652250][ T5898] usb 2-1: device descriptor read/64, error -71
[  713.734157][T15594] netlink: 'syz.3.3031': attribute type 10 has an invalid length.
[  713.795560][ T5898] usb usb2-port1: attempt power cycle
[  713.855852][T10853] asix 3-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  713.866704][T10853] asix 3-1:2.88: probe with driver asix failed with error -71
[  713.892248][T10853] usb 3-1: USB disconnect, device number 74
[  714.128195][ T5914] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  714.166598][ T5898] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  714.239336][ T5898] usb 2-1: device descriptor read/8, error -71
[  714.323193][T15590] team0: Port device netdevsim0 added
[  714.329191][ T5914] usb 1-1: Using ep0 maxpacket: 8
[  714.349408][ T5914] usb 1-1: config 1 interface 0 altsetting 248 bulk endpoint 0x82 has invalid maxpacket 32
[  714.361341][ T5914] usb 1-1: config 1 interface 0 has no altsetting 0
[  714.373620][T15594] team0: Port device netdevsim0 removed
[  714.387267][ T5914] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  714.396914][ T5914] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.406170][ T5914] usb 1-1: Product: syz
[  714.406338][    T9] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  714.410633][ T5914] usb 1-1: Manufacturer: syz
[  714.457517][ T5914] usb 1-1: SerialNumber: syz
[  714.468206][T15594] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  714.496278][ T5898] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  714.510357][T15593] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  714.537254][ T5898] usb 2-1: device descriptor read/8, error -71
[  714.582099][    T9] usb 5-1: Using ep0 maxpacket: 8
[  714.616720][    T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  714.656238][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  714.656978][ T5898] usb usb2-port1: unable to enumerate USB device
[  714.686419][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  714.707883][    T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  714.731275][    T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  714.748424][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  714.758034][T15593] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  714.771770][T15593] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  714.792245][ T5914] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  714.821559][ T5914] usb 1-1: USB disconnect, device number 8
[  714.970739][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  714.970760][   T30] audit: type=1326 audit(1770143968.494:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  715.109898][    T9] usb 5-1: GET_CAPABILITIES returned 0
[  715.123908][    T9] usbtmc 5-1:16.0: can't read capabilities
[  715.134600][   T30] audit: type=1326 audit(1770143968.494:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  715.283424][   T30] audit: type=1326 audit(1770143968.534:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  715.481435][   T30] audit: type=1326 audit(1770143968.534:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  715.508332][T15611] geneve2: entered allmulticast mode
[  715.562090][T15615] batman_adv: batadv0: Interface activated: dummy0
[  715.569013][T15615] batadv0: mtu less than device minimum
[  715.576550][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.576903][   T30] audit: type=1326 audit(1770143968.534:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  715.588260][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.620212][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.631130][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.642102][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.653156][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.664027][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.674881][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.685735][T15615] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0)
[  715.755510][   T30] audit: type=1326 audit(1770143968.534:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=41 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  715.797259][   T30] audit: type=1326 audit(1770143968.534:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  715.913185][   T30] audit: type=1326 audit(1770143968.534:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  716.379862][   T30] audit: type=1326 audit(1770143968.534:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  716.479024][   T30] audit: type=1326 audit(1770143968.534:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15603 comm="syz.2.3037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  717.441339][ T9829] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  717.517983][ T5914] usb 5-1: USB disconnect, device number 102
[  719.112198][T15651] netlink: 'syz.4.3048': attribute type 10 has an invalid length.
[  719.350934][T15655] bridge2: entered promiscuous mode
[  719.425871][T15658] bridge1: entered promiscuous mode
[  719.706151][ T5907] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[  719.902492][T15673] sg_write: data in/out 214457/140 bytes for SCSI command 0x0-- guessing data in;
[  719.902492][T15673]    program syz.0.3056 not setting count and/or reply_len properly
[  719.935061][ T5907] usb 2-1: device descriptor read/64, error -71
[  720.396113][ T5907] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  720.666910][ T5907] usb 2-1: device descriptor read/64, error -71
[  720.769003][T15679] futex_wake_op: syz.4.3057 tries to shift op by -1; fix this program
[  720.777028][ T5907] usb usb2-port1: attempt power cycle
[  720.924660][T15681] FAULT_INJECTION: forcing a failure.
[  720.924660][T15681] name failslab, interval 1, probability 0, space 0, times 0
[  720.951865][T15681] CPU: 1 UID: 0 PID: 15681 Comm: syz.2.3058 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  720.951896][T15681] Tainted: [L]=SOFTLOCKUP
[  720.951901][T15681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  720.951908][T15681] Call Trace:
[  720.951914][T15681]  <TASK>
[  720.951920][T15681]  dump_stack_lvl+0xe8/0x150
[  720.951941][T15681]  should_fail_ex+0x412/0x560
[  720.951959][T15681]  should_failslab+0xa8/0x100
[  720.951975][T15681]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[  720.951993][T15681]  ? __alloc_skb+0x1d7/0x390
[  720.952007][T15681]  ? __local_bh_enable_ip+0xd0/0x130
[  720.952019][T15681]  ? __alloc_skb+0x193/0x390
[  720.952033][T15681]  __alloc_skb+0x1d7/0x390
[  720.952052][T15681]  nl80211_send_scan_start+0x2f/0x170
[  720.952068][T15681]  nl80211_trigger_scan+0x1aee/0x1f50
[  720.952089][T15681]  genl_family_rcv_msg_doit+0x22a/0x330
[  720.952110][T15681]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  720.952133][T15681]  ? bpf_lsm_capable+0x9/0x20
[  720.952149][T15681]  ? security_capable+0x7e/0x2c0
[  720.952167][T15681]  genl_rcv_msg+0x61c/0x7a0
[  720.952186][T15681]  ? __pfx_genl_rcv_msg+0x10/0x10
[  720.952201][T15681]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  720.952215][T15681]  ? __pfx_nl80211_trigger_scan+0x10/0x10
[  720.952226][T15681]  ? __pfx_nl80211_post_doit+0x10/0x10
[  720.952244][T15681]  ? __pfx_ref_tracker_free+0x10/0x10
[  720.952257][T15681]  ? __skb_clone+0x63/0x7a0
[  720.952277][T15681]  netlink_rcv_skb+0x232/0x4b0
[  720.952290][T15681]  ? __pfx_genl_rcv_msg+0x10/0x10
[  720.952306][T15681]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  720.952317][T15681]  ? genl_rcv+0x19/0x40
[  720.952341][T15681]  ? down_read+0x272/0x2e0
[  720.952354][T15681]  ? genl_rcv+0xd/0x40
[  720.952369][T15681]  genl_rcv+0x28/0x40
[  720.952383][T15681]  netlink_unicast+0x80f/0x9b0
[  720.952406][T15681]  ? __pfx_netlink_unicast+0x10/0x10
[  720.952423][T15681]  ? __alloc_skb+0x193/0x390
[  720.952436][T15681]  ? netlink_sendmsg+0x650/0xb40
[  720.952448][T15681]  ? skb_put+0x11b/0x210
[  720.952464][T15681]  netlink_sendmsg+0x813/0xb40
[  720.952482][T15681]  ? __pfx_netlink_sendmsg+0x10/0x10
[  720.952497][T15681]  ? aa_sock_msg_perm+0xf1/0x1b0
[  720.952512][T15681]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  720.952526][T15681]  ? __pfx_netlink_sendmsg+0x10/0x10
[  720.952538][T15681]  ____sys_sendmsg+0xa68/0xad0
[  720.952559][T15681]  ? __pfx_____sys_sendmsg+0x10/0x10
[  720.952578][T15681]  ? kstrtoull+0x12f/0x1d0
[  720.952597][T15681]  ___sys_sendmsg+0x2a5/0x360
[  720.952611][T15681]  ? __lock_acquire+0x6b5/0x2cf0
[  720.952630][T15681]  ? __pfx____sys_sendmsg+0x10/0x10
[  720.952647][T15681]  ? get_pid_task+0x20/0x1f0
[  720.952660][T15681]  ? get_pid_task+0x20/0x1f0
[  720.952671][T15681]  ? get_pid_task+0x20/0x1f0
[  720.952698][T15681]  ? __fget_files+0x2a/0x420
[  720.952711][T15681]  ? __fget_files+0x3a0/0x420
[  720.952730][T15681]  __sys_sendmsg+0x183/0x260
[  720.952747][T15681]  ? __pfx___sys_sendmsg+0x10/0x10
[  720.952769][T15681]  ? __pfx_ksys_write+0x10/0x10
[  720.952791][T15681]  __do_fast_syscall_32+0x1d2/0x540
[  720.952841][T15681]  ? lockdep_hardirqs_on+0x7a/0x110
[  720.952852][T15681]  ? do_fast_syscall_32+0x33/0x70
[  720.952864][T15681]  ? asm_int80_emulation+0x1a/0x20
[  720.952875][T15681]  ? do_int80_emulation+0x20e/0x400
[  720.952891][T15681]  do_fast_syscall_32+0x33/0x70
[  720.952907][T15681]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  720.952928][T15681] RIP: 0023:0xf7fb2539
[  720.952946][T15681] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  720.952963][T15681] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  720.952985][T15681] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800009c0
[  720.952998][T15681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  720.953010][T15681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  720.953020][T15681] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  720.953031][T15681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  720.953060][T15681]  </TASK>
[  721.416110][ T5907] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  721.436905][ T5907] usb 2-1: device descriptor read/8, error -71
[  721.485603][T15682] net_ratelimit: 10 callbacks suppressed
[  721.485628][T15682] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check.
[  721.692582][ T5907] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  721.728847][ T5907] usb 2-1: device descriptor read/8, error -71
[  721.745156][T15687] bridge1: entered promiscuous mode
[  721.753541][T15687] FAULT_INJECTION: forcing a failure.
[  721.753541][T15687] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  721.753583][T15687] CPU: 0 UID: 0 PID: 15687 Comm: syz.3.3060 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  721.753600][T15687] Tainted: [L]=SOFTLOCKUP
[  721.753605][T15687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  721.753612][T15687] Call Trace:
[  721.753618][T15687]  <TASK>
[  721.753624][T15687]  dump_stack_lvl+0xe8/0x150
[  721.753644][T15687]  should_fail_ex+0x412/0x560
[  721.753662][T15687]  _copy_to_user+0x31/0xb0
[  721.753681][T15687]  simple_read_from_buffer+0xe1/0x170
[  721.753697][T15687]  proc_fail_nth_read+0x1bb/0x230
[  721.753717][T15687]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  721.753735][T15687]  ? rw_verify_area+0x2a6/0x4d0
[  721.753751][T15687]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  721.753769][T15687]  vfs_read+0x20c/0xa70
[  721.753785][T15687]  ? fdget_pos+0x246/0x320
[  721.753810][T15687]  ? __pfx___mutex_lock+0x10/0x10
[  721.753824][T15687]  ? __pfx_vfs_read+0x10/0x10
[  721.753842][T15687]  ? __fget_files+0x2a/0x420
[  721.753857][T15687]  ? __fget_files+0x3a0/0x420
[  721.753869][T15687]  ? __fget_files+0x2a/0x420
[  721.753886][T15687]  ksys_read+0x150/0x270
[  721.753904][T15687]  ? __pfx_ksys_read+0x10/0x10
[  721.753927][T15687]  ? asm_int80_emulation+0x1a/0x20
[  721.753941][T15687]  ? asm_int80_emulation+0x1a/0x20
[  721.753952][T15687]  do_int80_emulation+0x111/0x400
[  721.753966][T15687]  ? clear_bhb_loop+0x60/0xb0
[  721.753978][T15687]  ? clear_bhb_loop+0x60/0xb0
[  721.753991][T15687]  asm_int80_emulation+0x1a/0x20
[  721.754002][T15687] RIP: 0023:0xf712572b
[  721.754014][T15687] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  721.754024][T15687] RSP: 002b:00000000f53e64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  721.754038][T15687] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f53e65d0
[  721.754050][T15687] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  721.754057][T15687] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  721.754064][T15687] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  721.754071][T15687] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  721.754088][T15687]  </TASK>
[  721.846552][ T5907] usb usb2-port1: unable to enumerate USB device
[  722.006164][T11535] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  722.120625][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  722.120659][   T30] audit: type=1326 audit(1770143975.634:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.120717][   T30] audit: type=1326 audit(1770143975.634:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=264 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.120779][   T30] audit: type=1326 audit(1770143975.634:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.120820][   T30] audit: type=1326 audit(1770143975.634:1466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.120878][   T30] audit: type=1326 audit(1770143975.634:1467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.120916][   T30] audit: type=1326 audit(1770143975.634:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.120943][   T30] audit: type=1326 audit(1770143975.634:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.120966][   T30] audit: type=1326 audit(1770143975.634:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.120991][   T30] audit: type=1326 audit(1770143975.634:1471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.121018][   T30] audit: type=1326 audit(1770143975.634:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15694 comm="syz.3.3063" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  722.199067][T11535] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  722.199106][T11535] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  722.199147][T11535] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  722.199162][T11535] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.202564][T11535] usb 3-1: config 0 descriptor??
[  722.982306][T15700] netlink: 'syz.0.3066': attribute type 2 has an invalid length.
[  723.236157][    T9] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  723.306620][ T5914] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[  723.451888][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  723.456288][    T9] usb 1-1: not running at top speed; connect to a high speed hub
[  723.460293][    T9] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  723.460315][    T9] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  723.473625][ T5914] usb 2-1: config 0 has no interfaces?
[  723.473692][ T5914] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  723.473719][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.491283][    T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  723.491307][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.491320][    T9] usb 1-1: Product: syz
[  723.491350][    T9] usb 1-1: Manufacturer: syz
[  723.491360][    T9] usb 1-1: SerialNumber: syz
[  723.589622][ T5914] usb 2-1: config 0 descriptor??
[  723.918700][    T9] usb 1-1: Audio class v2/v3 interfaces need an interface association
[  724.051560][    T9] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  724.056967][ T5914] usb 2-1: USB disconnect, device number 91
[  724.139002][T11535] usbhid 3-1:0.0: can't add hid device: -71
[  724.139084][T11535] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  724.140660][T11535] usb 3-1: USB disconnect, device number 75
[  724.180734][    T9] usb 1-1: USB disconnect, device number 9
[  724.320663][T11560] udevd[11560]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  724.474298][T15712] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3068'.
[  724.716178][ T5914] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  724.838302][ T5898] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  724.946076][ T5914] usb 2-1: Using ep0 maxpacket: 32
[  724.956565][ T5914] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  724.956590][ T5914] usb 2-1: config 0 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  724.956606][ T5914] usb 2-1: config 0 interface 0 has no altsetting 0
[  724.956627][ T5914] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  724.956641][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  724.964065][ T5914] usb 2-1: config 0 descriptor??
[  725.012227][ T5898] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  725.012252][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.012265][ T5898] usb 1-1: Product: syz
[  725.012274][ T5898] usb 1-1: Manufacturer: syz
[  725.012284][ T5898] usb 1-1: SerialNumber: syz
[  725.018758][ T5898] usb 1-1: config 0 descriptor??
[  725.097449][ T5898] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  725.174578][T15702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.174866][T15702] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.386106][ T5914] usbhid 2-1:0.0: can't add hid device: -71
[  725.386202][ T5914] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  725.421172][ T5914] usb 2-1: USB disconnect, device number 92
[  726.063256][ T5914] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  726.222536][ T5914] usb 2-1: Using ep0 maxpacket: 32
[  726.225170][ T5914] usb 2-1: config 0 interface 0 altsetting 1 endpoint 0x2 has an invalid bInterval 129, changing to 11
[  726.225194][ T5914] usb 2-1: config 0 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  726.225214][ T5914] usb 2-1: config 0 interface 0 has no altsetting 0
[  726.225257][ T5914] usb 2-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00
[  726.225272][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.231013][ T5914] usb 2-1: config 0 descriptor??
[  726.611197][T15720] IPVS: set_ctl: invalid protocol: 92 224.0.0.2:20001
[  726.790650][ T5898] gspca_stk1135: reg_w 0x7 err -71
[  726.791701][ T5898] gspca_stk1135: serial bus timeout: status=0x00
[  726.791717][ T5898] gspca_stk1135: Sensor write failed
[  726.791745][ T5898] gspca_stk1135: serial bus timeout: status=0x00
[  726.791758][ T5898] gspca_stk1135: Sensor write failed
[  726.791789][ T5898] gspca_stk1135: serial bus timeout: status=0x00
[  726.791800][ T5898] gspca_stk1135: Sensor read failed
[  726.791828][ T5898] gspca_stk1135: serial bus timeout: status=0x00
[  726.791839][ T5898] gspca_stk1135: Sensor read failed
[  726.791849][ T5898] gspca_stk1135: Detected sensor type unknown (0x0)
[  726.791884][ T5898] gspca_stk1135: serial bus timeout: status=0x00
[  726.791895][ T5898] gspca_stk1135: Sensor read failed
[  726.791923][ T5898] gspca_stk1135: serial bus timeout: status=0x00
[  726.791936][ T5898] gspca_stk1135: Sensor read failed
[  726.791975][ T5898] gspca_stk1135: serial bus timeout: status=0x00
[  726.791987][ T5898] gspca_stk1135: Sensor write failed
[  726.792012][ T5898] gspca_stk1135: serial bus timeout: status=0x00
[  726.792024][ T5898] gspca_stk1135: Sensor write failed
[  726.792110][ T5898] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71
[  726.795628][ T5898] usb 1-1: USB disconnect, device number 10
[  726.926328][ T5914] input: HID 054c:03d5 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:054C:03D5.0022/input/input79
[  727.205571][ T5914] sony 0003:054C:03D5.0022: input,hidraw0: USB HID v0.00 Joystick [HID 054c:03d5] on usb-dummy_hcd.1-1/input0
[  728.103865][    T9] usb 2-1: USB disconnect, device number 93
[  728.766170][    T9] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  728.927157][    T9] usb 2-1: device descriptor read/64, error -71
[  729.109065][ T5914] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  729.179396][    T9] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[  729.258770][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  729.283518][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  729.315802][ T5914] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  729.326351][    T9] usb 2-1: device descriptor read/64, error -71
[  729.344166][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.377715][ T5914] usb 3-1: config 0 descriptor??
[  729.447380][    T9] usb usb2-port1: attempt power cycle
[  729.575130][T15768] netlink: 'syz.3.3082': attribute type 13 has an invalid length.
[  729.736741][T15770] geneve2: entered allmulticast mode
[  729.939033][    T9] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  730.209539][    T9] usb 2-1: device descriptor read/8, error -71
[  730.227896][ T9832] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  730.516118][    T9] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[  730.548737][    T9] usb 2-1: device descriptor read/8, error -71
[  730.661196][    T9] usb usb2-port1: unable to enumerate USB device
[  730.936087][    T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  731.096082][    T9] usb 1-1: Using ep0 maxpacket: 16
[  731.112106][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  731.298562][    T9] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  731.308436][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.337286][    T9] usb 1-1: config 0 descriptor??
[  731.349302][ T5914] usbhid 3-1:0.0: can't add hid device: -71
[  731.355446][ T5914] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  731.396626][ T5914] usb 3-1: USB disconnect, device number 76
[  731.771796][    T9] mcp2221 0003:04D8:00DD.0023: unknown main item tag 0x0
[  731.783831][    T9] mcp2221 0003:04D8:00DD.0023: unknown main item tag 0x0
[  731.792240][    T9] mcp2221 0003:04D8:00DD.0023: unknown main item tag 0x0
[  731.801230][    T9] mcp2221 0003:04D8:00DD.0023: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  731.993278][ T5914] usb 1-1: USB disconnect, device number 11
[  732.377461][T15784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  732.864219][T15810] futex_wake_op: syz.4.3093 tries to shift op by -1; fix this program
[  733.632735][T15825] loop2: detected capacity change from 0 to 7
[  733.667144][T15825] Dev loop2: unable to read RDB block 7
[  733.728531][T15830] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3098'.
[  733.816781][T15832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3096'.
[  733.825806][T15825]  loop2: unable to read partition table
[  733.832124][T15825] loop2: partition table beyond EOD, truncated
[  733.838742][T15825] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑàŒöqŠÐ–) failed (rc=-5)
[  734.020511][T15836] geneve2: entered allmulticast mode
[  734.276157][ T5914] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  734.452759][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  734.464097][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  734.486302][ T5914] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  734.496283][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  734.564681][ T5914] usb 4-1: config 0 descriptor??
[  734.657026][T10848] usb 1-1: new full-speed USB device number 12 using dummy_hcd
[  734.901364][T10848] usb 1-1: too many configurations: 218, using maximum allowed: 8
[  734.940143][T10848] usb 1-1: invalid descriptor for config index 0: type = 0x2, length = 183
[  735.594863][T10848] usb 1-1: can't read configurations, error -22
[  735.898426][T15856] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3103'.
[  735.916708][T10848] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  736.158592][T10848] usb 1-1: too many configurations: 218, using maximum allowed: 8
[  736.169164][T10848] usb 1-1: invalid descriptor for config index 0: type = 0x2, length = 183
[  736.180905][T10848] usb 1-1: can't read configurations, error -22
[  736.194515][T10848] usb usb1-port1: attempt power cycle
[  736.557291][T10848] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  736.597608][T10848] usb 1-1: too many configurations: 218, using maximum allowed: 8
[  736.611819][T10848] usb 1-1: invalid descriptor for config index 0: type = 0x2, length = 183
[  736.621195][T10848] usb 1-1: can't read configurations, error -22
[  736.969307][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  736.969327][   T30] audit: type=1326 audit(1770143990.494:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  737.017300][T10848] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  737.076912][T15862] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3106'.
[  737.166643][T10848] usb 1-1: device descriptor read/8, error -71
[  737.236040][   T30] audit: type=1326 audit(1770143990.524:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  737.315300][T10848] usb usb1-port1: unable to enumerate USB device
[  737.344510][   T30] audit: type=1326 audit(1770143990.554:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  737.385540][   T30] audit: type=1326 audit(1770143990.554:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  737.410106][   T30] audit: type=1326 audit(1770143990.564:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  737.492510][T15869] futex_wake_op: syz.2.3108 tries to shift op by -1; fix this program
[  737.536168][ T5906] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  737.706054][ T5906] usb 5-1: Using ep0 maxpacket: 8
[  737.714244][ T5906] usb 5-1: too many configurations: 30, using maximum allowed: 8
[  737.733156][   T30] audit: type=1326 audit(1770143990.564:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=118 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  737.764434][ T5906] usb 5-1: unable to read config index 0 descriptor/start: -61
[  737.779780][ T5906] usb 5-1: can't read configurations, error -61
[  737.807920][   T30] audit: type=1326 audit(1770143990.564:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  737.857787][ T5914] usbhid 4-1:0.0: can't add hid device: -71
[  737.864496][ T5914] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  737.886026][   T30] audit: type=1326 audit(1770143990.574:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  737.926172][ T5906] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  738.043365][ T5914] usb 4-1: USB disconnect, device number 98
[  738.050924][T15872] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3109'.
[  738.060148][   T30] audit: type=1326 audit(1770143990.574:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  738.145309][   T30] audit: type=1326 audit(1770143990.664:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15861 comm="syz.2.3106" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  738.170948][ T5906] usb 5-1: Using ep0 maxpacket: 8
[  738.191083][ T5906] usb 5-1: too many configurations: 30, using maximum allowed: 8
[  738.200279][T15876] syzkaller0: entered promiscuous mode
[  738.430504][T15876] syzkaller0: entered allmulticast mode
[  738.466547][ T5906] usb 5-1: unable to read config index 0 descriptor/start: -61
[  738.474171][ T5906] usb 5-1: can't read configurations, error -61
[  738.540422][ T5906] usb usb5-port1: attempt power cycle
[  738.906104][ T5906] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  738.937734][ T5906] usb 5-1: Using ep0 maxpacket: 8
[  738.943498][ T5906] usb 5-1: too many configurations: 30, using maximum allowed: 8
[  738.953460][ T5906] usb 5-1: unable to read config index 0 descriptor/start: -61
[  738.961198][ T5906] usb 5-1: can't read configurations, error -61
[  739.034109][T15888] fuse: Unknown parameter ''
[  739.176080][ T5906] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  739.214620][ T5906] usb 5-1: Using ep0 maxpacket: 8
[  739.234160][ T5906] usb 5-1: too many configurations: 30, using maximum allowed: 8
[  739.244710][ T5906] usb 5-1: unable to read config index 0 descriptor/start: -61
[  739.252827][ T5906] usb 5-1: can't read configurations, error -61
[  739.260324][ T5906] usb usb5-port1: unable to enumerate USB device
[  740.285918][T15908] futex_wake_op: syz.4.3118 tries to shift op by -1; fix this program
[  740.986543][T15915] geneve2: entered allmulticast mode
[  741.376204][    T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  741.550363][ T5907] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  741.576187][    T9] usb 1-1: Using ep0 maxpacket: 16
[  741.588410][    T9] usb 1-1: config 0 has an invalid interface number: 165 but max is 0
[  741.596962][    T9] usb 1-1: config 0 has no interface number 0
[  741.606644][    T9] usb 1-1: New USB device found, idVendor=0781, idProduct=0100, bcdDevice= 1.00
[  741.728951][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  741.741049][    T9] usb 1-1: Product: syz
[  741.745357][    T9] usb 1-1: Manufacturer: syz
[  741.766326][    T9] usb 1-1: SerialNumber: syz
[  741.772797][    T9] usb 1-1: config 0 descriptor??
[  741.818222][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  741.846171][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  741.876196][ T5907] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  741.885624][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  741.935820][ T5907] usb 5-1: config 0 descriptor??
[  742.151243][    T9] usb-storage 1-1:0.165: USB Mass Storage device detected
[  742.305539][    T9] usb-storage 1-1:0.165: Quirks match for vid 0781 pid 0100: 1
[  742.416206][    T9] usb 1-1: USB disconnect, device number 16
[  742.777944][   T30] audit: type=1326 audit(1770143996.294:1485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15932 comm="syz.3.3123" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  742.887163][   T30] audit: type=1326 audit(1770143996.334:1486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15932 comm="syz.3.3123" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  742.910173][   T30] audit: type=1326 audit(1770143996.344:1487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15932 comm="syz.3.3123" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  742.966538][   T30] audit: type=1326 audit(1770143996.344:1488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15932 comm="syz.3.3123" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  743.198001][   T30] audit: type=1326 audit(1770143996.494:1489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15932 comm="syz.3.3123" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  743.316139][   T30] audit: type=1326 audit(1770143996.494:1490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15932 comm="syz.3.3123" exe="/root/syz-executor" sig=0 arch=40000003 syscall=263 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  743.351472][   T30] audit: type=1326 audit(1770143996.494:1491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15932 comm="syz.3.3123" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  743.421210][   T30] audit: type=1326 audit(1770143996.494:1492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15932 comm="syz.3.3123" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x7ffc0000
[  744.509818][ T5907] usbhid 5-1:0.0: can't add hid device: -71
[  744.547782][ T5907] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  744.707147][ T5907] usb 5-1: USB disconnect, device number 107
[  744.873501][T15955] bridge2: entered promiscuous mode
[  744.881059][T15955] bridge2: entered allmulticast mode
[  744.891882][T15955] team0: Port device bridge2 added
[  745.011968][T15958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3128'.
[  745.075798][T15956] bridge0: port 3(team0) entered blocking state
[  745.087630][T15959] netlink: 'syz.0.3128': attribute type 16 has an invalid length.
[  745.095703][T15959] netlink: 'syz.0.3128': attribute type 17 has an invalid length.
[  745.114703][T15956] bridge0: port 3(team0) entered disabled state
[  745.155843][T15956] team0: entered allmulticast mode
[  745.181103][T15956] team_slave_0: entered allmulticast mode
[  745.197818][T15956] team_slave_1: entered allmulticast mode
[  745.299058][T15956] team0: entered promiscuous mode
[  745.304173][T15956] team_slave_0: entered promiscuous mode
[  745.406270][T15956] team_slave_1: entered promiscuous mode
[  745.414599][T15956] bridge0: port 3(team0) entered blocking state
[  745.421530][T15956] bridge0: port 3(team0) entered forwarding state
[  745.448151][T15959] batman_adv: batadv0: Interface deactivated: dummy0
[  745.482526][T15959] xfrm0: left promiscuous mode
[  745.507073][T15965] futex_wake_op: syz.4.3131 tries to shift op by -1; fix this program
[  745.552245][T15959] xfrm0: left allmulticast mode
[  745.595664][T15959] bridge2: left promiscuous mode
[  745.969822][T15969] netlink: 'syz.3.3132': attribute type 10 has an invalid length.
[  746.256681][T15969] bond0: (slave netdevsim0): Releasing backup interface
[  746.527687][T15969] team0: Port device netdevsim0 added
[  747.616376][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  747.622896][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  748.276158][ T5907] usb 4-1: new full-speed USB device number 99 using dummy_hcd
[  748.443065][T16006] FAULT_INJECTION: forcing a failure.
[  748.443065][T16006] name failslab, interval 1, probability 0, space 0, times 0
[  748.466847][T16006] CPU: 0 UID: 0 PID: 16006 Comm: syz.2.3141 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  748.466881][T16006] Tainted: [L]=SOFTLOCKUP
[  748.466888][T16006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  748.466901][T16006] Call Trace:
[  748.466910][T16006]  <TASK>
[  748.466919][T16006]  dump_stack_lvl+0xe8/0x150
[  748.466952][T16006]  should_fail_ex+0x412/0x560
[  748.466982][T16006]  should_failslab+0xa8/0x100
[  748.467007][T16006]  __kmalloc_cache_noprof+0x83/0x6e0
[  748.467027][T16006]  ? __kmalloc_cache_noprof+0x3d1/0x6e0
[  748.467044][T16006]  ? sctp_transport_new+0x7e/0x620
[  748.467078][T16006]  sctp_transport_new+0x7e/0x620
[  748.467108][T16006]  sctp_assoc_add_peer+0x259/0x13b0
[  748.467136][T16006]  ? sctp_bind_addr_copy+0x380/0x3c0
[  748.467164][T16006]  sctp_connect_new_asoc+0x329/0x6b0
[  748.467192][T16006]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  748.467219][T16006]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  748.467244][T16006]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  748.467265][T16006]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  748.467290][T16006]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  748.467313][T16006]  ? security_sctp_bind_connect+0x7e/0x2c0
[  748.467337][T16006]  sctp_sendmsg+0x1528/0x2c10
[  748.467376][T16006]  ? __pfx_sctp_sendmsg+0x10/0x10
[  748.467396][T16006]  ? aa_sk_perm+0x15a/0x960
[  748.467426][T16006]  ? aa_sk_perm+0x82d/0x960
[  748.467446][T16006]  ? __might_fault+0xaf/0x130
[  748.467481][T16006]  ? __pfx_aa_sk_perm+0x10/0x10
[  748.467507][T16006]  ? sock_rps_record_flow+0x19/0x400
[  748.467536][T16006]  ? inet_sendmsg+0x2f4/0x370
[  748.467560][T16006]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  748.467584][T16006]  __sys_sendto+0x627/0x7a0
[  748.467611][T16006]  ? __pfx___sys_sendto+0x10/0x10
[  748.467658][T16006]  ? fput+0xa0/0xd0
[  748.467681][T16006]  ? ksys_write+0x242/0x270
[  748.467711][T16006]  ? __pfx_ksys_write+0x10/0x10
[  748.467741][T16006]  __ia32_sys_sendto+0xdd/0x100
[  748.467769][T16006]  __do_fast_syscall_32+0x1d2/0x540
[  748.467833][T16006]  ? lockdep_hardirqs_on+0x7a/0x110
[  748.467852][T16006]  ? do_fast_syscall_32+0x33/0x70
[  748.467873][T16006]  ? asm_int80_emulation+0x1a/0x20
[  748.467891][T16006]  ? do_int80_emulation+0x20e/0x400
[  748.467916][T16006]  do_fast_syscall_32+0x33/0x70
[  748.467939][T16006]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  748.467962][T16006] RIP: 0023:0xf7fb2539
[  748.467981][T16006] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  748.467998][T16006] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  748.468020][T16006] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  748.468035][T16006] RDX: 0000000000020a00 RSI: 0000000000044004 RDI: 0000000080000100
[  748.468049][T16006] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  748.468061][T16006] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  748.468074][T16006] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  748.468106][T16006]  </TASK>
[  748.471301][ T5907] usb 4-1: unable to get BOS descriptor or descriptor too short
[  748.823716][ T5907] usb 4-1: not running at top speed; connect to a high speed hub
[  748.834066][ T5907] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  748.844664][ T5907] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  748.857909][ T5907] usb 4-1: string descriptor 0 read error: -22
[  748.864270][ T5907] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  748.866085][T10846] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  748.873921][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  748.931750][ T5907] usb 4-1: 0:2 : does not exist
[  749.086360][T10846] usb 5-1: Using ep0 maxpacket: 32
[  749.093117][T10846] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  749.102099][T10846] usb 5-1: config 0 has no interface number 0
[  749.109791][T10846] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  749.123723][T10846] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  749.156532][T10846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  749.164744][T10846] usb 5-1: Product: syz
[  749.169402][T10846] usb 5-1: Manufacturer: syz
[  749.174114][T10846] usb 5-1: SerialNumber: syz
[  749.187270][T16018] futex_wake_op: syz.1.3146 tries to shift op by -1; fix this program
[  749.223727][T10846] usb 5-1: config 0 descriptor??
[  749.230185][T16003] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  749.433284][ T9811] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  749.499665][T16003] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  750.148225][ T5907] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[  750.198459][ T5907] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[  750.239212][ T5907] usb 4-1: 5:0: failed to get current value for ch 1 (-22)
[  750.320157][ T5907] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[  750.376463][ T5907] usb 4-1: USB disconnect, device number 99
[  751.166043][T11536] usb 2-1: new high-speed USB device number 98 using dummy_hcd
[  751.331667][   T30] audit: type=1326 audit(1770144004.854:1493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d539 code=0x7ffc0000
[  751.375866][   T30] audit: type=1326 audit(1770144004.854:1494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d539 code=0x7ffc0000
[  751.429294][T11536] usb 2-1: Using ep0 maxpacket: 8
[  751.443477][T11536] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  751.457073][   T30] audit: type=1326 audit(1770144004.854:1495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d539 code=0x7ffc0000
[  751.518615][T11536] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  751.521294][   T30] audit: type=1326 audit(1770144004.854:1496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=460 compat=1 ip=0xf740d539 code=0x7ffc0000
[  751.545196][T11536] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  751.696781][   T30] audit: type=1326 audit(1770144004.854:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d539 code=0x7ffc0000
[  751.931822][T11536] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  751.936436][   T30] audit: type=1326 audit(1770144004.854:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf717572b code=0x7ffc0000
[  751.982463][T11536] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  751.984074][   T30] audit: type=1326 audit(1770144004.854:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740d539 code=0x7ffc0000
[  752.027243][   T30] audit: type=1326 audit(1770144004.884:1500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf717572b code=0x7ffc0000
[  752.059702][   T30] audit: type=1326 audit(1770144004.894:1501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf717572b code=0x7ffc0000
[  752.061366][T11536] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  752.061398][T11536] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.084982][   T30] audit: type=1326 audit(1770144004.894:1502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15997 comm="syz.4.3139" exe="/root/syz-executor" sig=0 arch=40000003 syscall=267 compat=1 ip=0xf717572b code=0x7ffc0000
[  752.397161][T11536] usb 2-1: GET_CAPABILITIES returned 0
[  752.402754][T11536] usbtmc 2-1:16.0: can't read capabilities
[  752.473536][T10846] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  752.517820][T10846] asix 5-1:0.188: probe with driver asix failed with error -71
[  752.565020][T10846] usb 5-1: USB disconnect, device number 108
[  752.826850][T16040] usbtmc 2-1:16.0: stb usb_control_msg returned -71
[  752.827972][    T9] usb 2-1: USB disconnect, device number 98
[  753.019132][T16072] futex_wake_op: syz.4.3163 tries to shift op by -1; fix this program
[  754.739511][T16096] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3170'.
[  755.464464][T16103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3173'.
[  755.496361][T16103] openvswitch: netlink: Flow actions attr not present in new flow.
[  755.559545][T16107] netlink: 140 bytes leftover after parsing attributes in process `syz.4.3175'.
[  755.770566][T16113] fuse: Bad value for 'fd'
[  756.056085][T10846] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  756.249191][T10846] usb 1-1: config 0 has an invalid interface number: 148 but max is 0
[  756.259499][T10846] usb 1-1: config 0 has no interface number 0
[  756.275359][T10846] usb 1-1: config 0 interface 148 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 10
[  756.315207][T10846] usb 1-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.ec
[  756.341679][T10846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.355133][T10846] usb 1-1: Product: syz
[  756.368126][T10846] usb 1-1: Manufacturer: syz
[  756.372870][T10846] usb 1-1: SerialNumber: syz
[  756.387174][T10846] usb 1-1: config 0 descriptor??
[  756.399023][T10846] kobil_sct 1-1:0.148: KOBIL USB smart card terminal converter detected
[  756.417754][T10846] usb 1-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  756.574140][   T30] kauditd_printk_skb: 100 callbacks suppressed
[  756.574162][   T30] audit: type=1326 audit(1770144010.094:1603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16141 comm="syz.1.3186" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ad539 code=0x0
[  756.619484][T16115] input: syz1 as /devices/virtual/input/input80
[  756.632123][T16115] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3177'.
[  756.660062][T16144] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3187'.
[  756.684680][T16144] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3187'.
[  756.721667][T10846] usb 1-1: USB disconnect, device number 17
[  756.730894][T10846] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  756.779143][T10846] kobil_sct 1-1:0.148: device disconnected
[  757.224157][T10846] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  757.376760][T10846] usb 5-1: device descriptor read/64, error -71
[  757.386750][T16156] IPv6: NLM_F_CREATE should be specified when creating new route
[  757.600424][T16165] mac80211_hwsim hwsim10 syzkaller0: entered promiscuous mode
[  757.608903][T16165] mac80211_hwsim hwsim10 syzkaller0: entered allmulticast mode
[  757.636104][T10846] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  757.659989][T16165] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  757.776050][T10846] usb 5-1: device descriptor read/64, error -71
[  757.790253][T16165] tipc: Resetting bearer <eth:syzkaller0>
[  757.886337][T10846] usb usb5-port1: attempt power cycle
[  758.386233][T10846] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  758.406739][T10846] usb 5-1: device descriptor read/8, error -71
[  758.551891][T16183] raw_sendmsg: syz.1.3199 forgot to set AF_INET. Fix it!
[  758.646100][T10846] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[  758.678914][T10846] usb 5-1: device descriptor read/8, error -71
[  758.798556][T10846] usb usb5-port1: unable to enumerate USB device
[  759.058204][T16191] xt_bpf: check failed: parse error
[  759.279092][T16204] fuse: Bad value for 'fd'
[  760.356386][T10848] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[  760.456949][T16232] fuse: Bad value for 'fd'
[  760.507934][T16232] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  760.596052][T10848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  760.612502][T10848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  760.629937][T10848] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  760.645997][T10848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.672684][T10848] usb 5-1: config 0 descriptor??
[  760.867169][T16237] FAULT_INJECTION: forcing a failure.
[  760.867169][T16237] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  760.885512][T16237] CPU: 0 UID: 0 PID: 16237 Comm: syz.1.3215 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  760.885551][T16237] Tainted: [L]=SOFTLOCKUP
[  760.885560][T16237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  760.885573][T16237] Call Trace:
[  760.885583][T16237]  <TASK>
[  760.885592][T16237]  dump_stack_lvl+0xe8/0x150
[  760.885625][T16237]  should_fail_ex+0x412/0x560
[  760.885655][T16237]  prepare_alloc_pages+0x22a/0x650
[  760.885687][T16237]  __alloc_frozen_pages_noprof+0x12f/0x380
[  760.885715][T16237]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  760.885740][T16237]  ? __pfx_policy_nodemask+0x10/0x10
[  760.885761][T16237]  ? __lock_acquire+0x6b5/0x2cf0
[  760.885796][T16237]  alloc_pages_mpol+0x232/0x4a0
[  760.885825][T16237]  alloc_pages_noprof+0xa8/0x190
[  760.885851][T16237]  pte_alloc_one+0x23/0x370
[  760.885869][T16237]  ? __pte_alloc+0x1d/0x430
[  760.885892][T16237]  __pte_alloc+0x25/0x430
[  760.885918][T16237]  do_pte_missing+0x2edb/0x37a0
[  760.885947][T16237]  ? do_raw_spin_unlock+0xf5/0x210
[  760.885981][T16237]  handle_mm_fault+0x1b8c/0x32a0
[  760.886022][T16237]  ? handle_mm_fault+0xee/0x32a0
[  760.886055][T16237]  ? __pfx_handle_mm_fault+0x10/0x10
[  760.886095][T16237]  ? __lock_acquire+0x6b5/0x2cf0
[  760.886124][T16237]  ? lock_mm_and_find_vma+0xa7/0x340
[  760.886147][T16237]  do_user_addr_fault+0x75b/0x1360
[  760.886194][T16237]  exc_page_fault+0x6a/0xc0
[  760.886218][T16237]  asm_exc_page_fault+0x26/0x30
[  760.886237][T16237] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  760.886264][T16237] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  760.886281][T16237] RSP: 0018:ffffc90004a0fa98 EFLAGS: 00050202
[  760.886302][T16237] RAX: 00007ffffffff001 RBX: 000000000000005c RCX: 000000000000005c
[  760.886316][T16237] RDX: 0000000000000001 RSI: 0000000080000000 RDI: ffffc90004a0fc10
[  760.886329][T16237] RBP: ffffc90004a0fcf8 R08: 0000000000000003 R09: 0000000000000004
[  760.886342][T16237] R10: dffffc0000000000 R11: fffff52000941f8d R12: dffffc0000000000
[  760.886357][T16237] R13: 0000000080000000 R14: ffffc90004a0fc10 R15: 0000000080000000
[  760.886390][T16237]  _copy_from_user+0x7a/0xb0
[  760.886420][T16237]  do_ipt_set_ctl+0x6ee/0xe00
[  760.886446][T16237]  ? rcu_is_watching+0x15/0xb0
[  760.886467][T16237]  ? trace_contention_end+0x39/0x100
[  760.886488][T16237]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  760.886523][T16237]  ? nf_setsockopt+0x221/0x290
[  760.886554][T16237]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  760.886588][T16237]  ? __pfx___mutex_lock+0x10/0x10
[  760.886622][T16237]  nf_setsockopt+0x26f/0x290
[  760.886650][T16237]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  760.886674][T16237]  smc_setsockopt+0x249/0xac0
[  760.886703][T16237]  ? __pfx_smc_setsockopt+0x10/0x10
[  760.886720][T16237]  ? aa_sock_opt_perm+0xff/0x1a0
[  760.886747][T16237]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  760.886767][T16237]  ? __pfx_smc_setsockopt+0x10/0x10
[  760.886790][T16237]  do_sock_setsockopt+0x17c/0x1b0
[  760.886820][T16237]  __ia32_sys_setsockopt+0x13d/0x1b0
[  760.886852][T16237]  __do_fast_syscall_32+0x1d2/0x540
[  760.886872][T16237]  ? lockdep_hardirqs_on+0x7a/0x110
[  760.886890][T16237]  ? do_fast_syscall_32+0x33/0x70
[  760.886910][T16237]  ? asm_int80_emulation+0x1a/0x20
[  760.886928][T16237]  ? do_int80_emulation+0x20e/0x400
[  760.886954][T16237]  do_fast_syscall_32+0x33/0x70
[  760.886976][T16237]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  760.886998][T16237] RIP: 0023:0xf73ad539
[  760.887014][T16237] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  760.887029][T16237] RSP: 002b:00000000f53d650c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  760.887049][T16237] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000000
[  760.887063][T16237] RDX: 0000000000000040 RSI: 0000000080000000 RDI: 0000000000000268
[  760.887075][T16237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  760.887087][T16237] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  760.887099][T16237] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  760.887129][T16237]  </TASK>
[  761.520904][T10848] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0
[  761.560429][T10848] cp2112 0003:10C4:EA90.0024: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0
[  761.736099][T10848] cp2112 0003:10C4:EA90.0024: Part Number: 0x82 Device Version: 0xFE
[  761.886068][T10846] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  761.918583][T10848] cp2112 0003:10C4:EA90.0024: error requesting SMBus config
[  761.935199][T10848] cp2112 0003:10C4:EA90.0024: probe with driver cp2112 failed with error -5
[  762.004466][T16250] bond0: Caught tx_queue_len zero misconfig
[  762.017884][T16250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3219'.
[  762.040030][T10846] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 39, changing to 4
[  762.052003][T10846] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023
[  762.078283][T10846] usb 1-1: config 0 interface 0 has no altsetting 0
[  762.098885][T10846] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  762.108484][T10846] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  762.133201][T10846] usb 1-1: Product: syz
[  762.148825][T10846] usb 1-1: Manufacturer: syz
[  762.170947][T10846] usb 1-1: SerialNumber: syz
[  762.213429][T10846] usb 1-1: config 0 descriptor??
[  762.233781][T10846] usb 1-1: selecting invalid altsetting 0
[  762.830565][T16255] geneve2: entered allmulticast mode
[  762.954416][T10846] usb 1-1: USB disconnect, device number 18
[  763.383787][T16275] fuse: Bad value for 'fd'
[  763.496755][T10846] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[  764.048636][T11536] usb 5-1: USB disconnect, device number 113
[  764.200111][T10846] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  764.224160][T10846] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  764.244576][T10846] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  764.266482][T10846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.324063][T10846] usb 2-1: config 0 descriptor??
[  764.631713][T10846] usbhid 2-1:0.0: can't add hid device: -71
[  764.660760][T10846] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  764.696532][T10846] usb 2-1: USB disconnect, device number 99
[  764.746117][T11536] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[  764.932248][T11536] usb 5-1: unable to get BOS descriptor or descriptor too short
[  764.947230][T11536] usb 5-1: config 63 has an invalid interface number: 66 but max is 0
[  764.960707][T11536] usb 5-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config
[  764.971810][T11536] usb 5-1: config 63 has no interface number 0
[  765.033140][T11536] usb 5-1: config 63 interface 66 has no altsetting 0
[  765.059586][T11536] usb 5-1: New USB device found, idVendor=174f, idProduct=8a31, bcdDevice=39.f4
[  765.069036][T11536] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  765.077230][T11536] usb 5-1: Product: syz
[  765.081593][T11536] usb 5-1: Manufacturer: syz
[  765.086343][T11536] usb 5-1: SerialNumber: syz
[  765.153535][T16298] FAULT_INJECTION: forcing a failure.
[  765.153535][T16298] name failslab, interval 1, probability 0, space 0, times 0
[  765.186511][T16298] CPU: 0 UID: 0 PID: 16298 Comm: syz.2.3234 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  765.186544][T16298] Tainted: [L]=SOFTLOCKUP
[  765.186551][T16298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  765.186562][T16298] Call Trace:
[  765.186571][T16298]  <TASK>
[  765.186585][T16298]  dump_stack_lvl+0xe8/0x150
[  765.186623][T16298]  should_fail_ex+0x412/0x560
[  765.186652][T16298]  should_failslab+0xa8/0x100
[  765.186676][T16298]  __kmalloc_cache_noprof+0x83/0x6e0
[  765.186697][T16298]  ? trace_kmalloc+0x1f/0xb0
[  765.186714][T16298]  ? call_usermodehelper_setup+0x8e/0x270
[  765.186740][T16298]  ? __kasan_kmalloc+0x93/0xb0
[  765.186765][T16298]  call_usermodehelper_setup+0x8e/0x270
[  765.186790][T16298]  ? __pfx_free_modprobe_argv+0x10/0x10
[  765.186814][T16298]  __request_module+0x3ba/0x610
[  765.186837][T16298]  ? rtnl_link_ops_get+0x23/0x250
[  765.186863][T16298]  ? __pfx___request_module+0x10/0x10
[  765.186895][T16298]  ? rtnl_link_ops_get+0x23/0x250
[  765.186916][T16298]  ? rtnl_link_ops_get+0x23/0x250
[  765.186941][T16298]  ? rtnl_link_ops_get+0x215/0x250
[  765.186969][T16298]  rtnl_newlink+0x620/0x1be0
[  765.186993][T16298]  ? kasan_save_track+0x4f/0x80
[  765.187010][T16298]  ? kasan_save_track+0x3e/0x80
[  765.187026][T16298]  ? kasan_save_free_info+0x46/0x50
[  765.187050][T16298]  ? __kasan_slab_free+0x5c/0x80
[  765.187070][T16298]  ? __netlink_deliver_tap+0x5ad/0x850
[  765.187091][T16298]  ? netlink_deliver_tap+0x19c/0x1b0
[  765.187109][T16298]  ? netlink_unicast+0x7e3/0x9b0
[  765.187135][T16298]  ? netlink_sendmsg+0x813/0xb40
[  765.187156][T16298]  ? __pfx_rtnl_newlink+0x10/0x10
[  765.187175][T16298]  ? do_fast_syscall_32+0x33/0x70
[  765.187197][T16298]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  765.187257][T16298]  ? kasan_quarantine_put+0xbb/0x1f0
[  765.187285][T16298]  ? lockdep_hardirqs_on+0x7a/0x110
[  765.187311][T16298]  ? kmem_cache_free+0x195/0x610
[  765.187330][T16298]  ? nlmon_xmit+0xb0/0x100
[  765.187361][T16298]  ? __lock_acquire+0x6b5/0x2cf0
[  765.187396][T16298]  ? __local_bh_enable_ip+0xd0/0x130
[  765.187414][T16298]  ? lockdep_hardirqs_on+0x7a/0x110
[  765.187432][T16298]  ? __dev_queue_xmit+0x274/0x3850
[  765.187456][T16298]  ? __local_bh_enable_ip+0xd0/0x130
[  765.187472][T16298]  ? __dev_queue_xmit+0x274/0x3850
[  765.187507][T16298]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  765.187553][T16298]  ? __pfx_rtnl_newlink+0x10/0x10
[  765.187575][T16298]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  765.187602][T16298]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  765.187642][T16298]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  765.187663][T16298]  ? ref_tracker_free+0x693/0x840
[  765.187686][T16298]  ? __copy_skb_header+0xa3/0x4a0
[  765.187714][T16298]  ? __pfx_ref_tracker_free+0x10/0x10
[  765.187736][T16298]  ? __skb_clone+0x63/0x7a0
[  765.187771][T16298]  netlink_rcv_skb+0x232/0x4b0
[  765.187793][T16298]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  765.187818][T16298]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  765.187849][T16298]  ? netlink_deliver_tap+0x2e/0x1b0
[  765.187879][T16298]  netlink_unicast+0x80f/0x9b0
[  765.187917][T16298]  ? __pfx_netlink_unicast+0x10/0x10
[  765.187946][T16298]  ? __alloc_skb+0x193/0x390
[  765.187968][T16298]  ? netlink_sendmsg+0x650/0xb40
[  765.187987][T16298]  ? skb_put+0x11b/0x210
[  765.188015][T16298]  netlink_sendmsg+0x813/0xb40
[  765.188046][T16298]  ? __pfx_netlink_sendmsg+0x10/0x10
[  765.188071][T16298]  ? aa_sock_msg_perm+0xf1/0x1b0
[  765.188097][T16298]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  765.188121][T16298]  ? __pfx_netlink_sendmsg+0x10/0x10
[  765.188141][T16298]  ____sys_sendmsg+0xa68/0xad0
[  765.188176][T16298]  ? __pfx_____sys_sendmsg+0x10/0x10
[  765.188207][T16298]  ? kstrtoull+0x12f/0x1d0
[  765.188239][T16298]  ___sys_sendmsg+0x2a5/0x360
[  765.188263][T16298]  ? __lock_acquire+0x6b5/0x2cf0
[  765.188294][T16298]  ? __pfx____sys_sendmsg+0x10/0x10
[  765.188322][T16298]  ? get_pid_task+0x20/0x1f0
[  765.188343][T16298]  ? get_pid_task+0x20/0x1f0
[  765.188362][T16298]  ? get_pid_task+0x20/0x1f0
[  765.188409][T16298]  ? __fget_files+0x2a/0x420
[  765.188432][T16298]  ? __fget_files+0x3a0/0x420
[  765.188464][T16298]  __sys_sendmsg+0x183/0x260
[  765.188492][T16298]  ? __pfx___sys_sendmsg+0x10/0x10
[  765.188530][T16298]  ? __pfx_ksys_write+0x10/0x10
[  765.188567][T16298]  __do_fast_syscall_32+0x1d2/0x540
[  765.188589][T16298]  ? lockdep_hardirqs_on+0x7a/0x110
[  765.188606][T16298]  ? do_fast_syscall_32+0x33/0x70
[  765.188635][T16298]  ? asm_int80_emulation+0x1a/0x20
[  765.188653][T16298]  ? do_int80_emulation+0x20e/0x400
[  765.188679][T16298]  do_fast_syscall_32+0x33/0x70
[  765.188701][T16298]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  765.188725][T16298] RIP: 0023:0xf7fb2539
[  765.188744][T16298] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  765.188762][T16298] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  765.188785][T16298] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  765.188800][T16298] RDX: 0000000000008002 RSI: 0000000000000000 RDI: 0000000000000000
[  765.188812][T16298] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  765.188824][T16298] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  765.188836][T16298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  765.188867][T16298]  </TASK>
[  765.793351][T11536] uvcvideo 5-1:63.66: Found UVC 0.07 device syz (174f:8a31)
[  765.847974][T11536] uvcvideo 5-1:63.66: No valid video chain found.
[  765.865367][T11536] usb 5-1: USB disconnect, device number 114
[  766.212656][T16305] geneve2: entered allmulticast mode
[  766.303570][T16311] fuse: Bad value for 'fd'
[  766.459285][T16318] futex_wake_op: syz.2.3240 tries to shift op by -1; fix this program
[  766.520251][ T5898] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  766.578084][T10846] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  766.751489][ T5898] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  766.764041][ T5898] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  766.775464][T10846] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  766.787241][T10846] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  766.799007][ T5898] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  766.808400][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.818893][T10846] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  766.828333][T10846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  766.867920][ T5898] usb 1-1: Product: syz
[  766.873890][ T5898] usb 1-1: Manufacturer: syz
[  766.879185][T10846] usb 4-1: SerialNumber: syz
[  766.885223][ T5898] usb 1-1: SerialNumber: syz
[  766.942926][ T5898] cdc_mbim 1-1:1.0: skipping garbage
[  767.131095][T10846] usb 4-1: 0:2 : does not exist
[  767.143079][T16308] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  767.408650][T16308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  767.426813][T16308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  767.453910][T10846] usb 4-1: USB disconnect, device number 100
[  767.658724][ T5898] cdc_mbim 1-1:1.0: failed GET_NTB_PARAMETERS
[  767.669871][ T5898] cdc_mbim 1-1:1.0: bind() failure
[  767.681551][ T5898] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  767.695801][ T5898] cdc_ncm 1-1:1.1: bind() failure
[  767.713653][ T5898] usb 1-1: USB disconnect, device number 19
[  768.007205][T16339] syz.2.3245: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  768.022734][T16339] CPU: 1 UID: 0 PID: 16339 Comm: syz.2.3245 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  768.022771][T16339] Tainted: [L]=SOFTLOCKUP
[  768.022779][T16339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  768.022793][T16339] Call Trace:
[  768.022803][T16339]  <TASK>
[  768.022812][T16339]  dump_stack_lvl+0xe8/0x150
[  768.022845][T16339]  warn_alloc+0x249/0x340
[  768.022869][T16339]  ? stack_trace_save+0xa9/0x100
[  768.022899][T16339]  ? __pfx_warn_alloc+0x10/0x10
[  768.022928][T16339]  ? kasan_save_track+0x4f/0x80
[  768.022947][T16339]  ? kasan_save_track+0x3e/0x80
[  768.022965][T16339]  ? __kasan_kmalloc+0x93/0xb0
[  768.022983][T16339]  ? __kmalloc_cache_noprof+0x3d1/0x6e0
[  768.023002][T16339]  ? xskq_create+0x56/0x170
[  768.023021][T16339]  ? xsk_setsockopt+0x54c/0x990
[  768.023048][T16339]  ? do_sock_setsockopt+0x17c/0x1b0
[  768.023073][T16339]  ? __ia32_sys_setsockopt+0x13d/0x1b0
[  768.023097][T16339]  ? __do_fast_syscall_32+0x1d2/0x540
[  768.023126][T16339]  __vmalloc_node_range_noprof+0x132/0x1730
[  768.023181][T16339]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  768.023209][T16339]  ? __kasan_kmalloc+0x93/0xb0
[  768.023237][T16339]  vmalloc_user_noprof+0xad/0xe0
[  768.023257][T16339]  ? xskq_create+0xbf/0x170
[  768.023279][T16339]  xskq_create+0xbf/0x170
[  768.023302][T16339]  xsk_init_queue+0xad/0x110
[  768.023333][T16339]  xsk_setsockopt+0x54c/0x990
[  768.023373][T16339]  ? __pfx_xsk_setsockopt+0x10/0x10
[  768.023401][T16339]  ? __pfx_aa_sk_perm+0x10/0x10
[  768.023425][T16339]  ? aa_sock_opt_perm+0xff/0x1a0
[  768.023447][T16339]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  768.023465][T16339]  ? __pfx_xsk_setsockopt+0x10/0x10
[  768.023488][T16339]  do_sock_setsockopt+0x17c/0x1b0
[  768.023512][T16339]  __ia32_sys_setsockopt+0x13d/0x1b0
[  768.023537][T16339]  __do_fast_syscall_32+0x1d2/0x540
[  768.023554][T16339]  ? do_fast_syscall_32+0x33/0x70
[  768.023570][T16339]  ? irqentry_exit+0x10e/0x620
[  768.023590][T16339]  do_fast_syscall_32+0x33/0x70
[  768.023608][T16339]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  768.023626][T16339] RIP: 0023:0xf7fb2539
[  768.023641][T16339] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  768.023656][T16339] RSP: 002b:00000000f543450c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[  768.023675][T16339] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000011b
[  768.023685][T16339] RDX: 0000000000000006 RSI: 0000000080000000 RDI: 0000000000000004
[  768.023695][T16339] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  768.023704][T16339] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  768.023713][T16339] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  768.023736][T16339]  </TASK>
[  768.023781][T16339] Mem-Info:
[  768.042646][T16338] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a
[  768.350828][T16339] active_anon:5937 inactive_anon:0 isolated_anon:0
[  768.350828][T16339]  active_file:22895 inactive_file:42230 isolated_file:0
[  768.350828][T16339]  unevictable:768 dirty:95 writeback:0
[  768.350828][T16339]  slab_reclaimable:11111 slab_unreclaimable:122905
[  768.350828][T16339]  mapped:31770 shmem:1354 pagetables:1281
[  768.350828][T16339]  sec_pagetables:0 bounce:0
[  768.350828][T16339]  kernel_misc_reclaimable:0
[  768.350828][T16339]  free:1275438 free_pcp:12804 free_cma:0
[  768.445195][T16339] Node 0 active_anon:23848kB inactive_anon:0kB active_file:91552kB inactive_file:168720kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127052kB dirty:380kB writeback:0kB shmem:3880kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12444kB pagetables:5092kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  768.669106][T16345] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3245'.
[  769.256072][T16339] Node 1 active_anon:0kB inactive_anon:0kB active_file:28kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:28kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  769.686422][T16339] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  769.766118][T16339] lowmem_reserve[]: 0 2494 2495 2495 2495
[  769.781000][T16339] Node 0 DMA32 free:1188624kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27176kB inactive_anon:0kB active_file:91552kB inactive_file:168720kB unevictable:9724kB writepending:480kB zspages:420kB present:3129332kB managed:2554120kB mlocked:8192kB bounce:0kB free_pcp:33960kB local_pcp:12984kB free_cma:0kB
[  769.968875][T16339] lowmem_reserve[]: 0 0 1 1 1
[  770.067672][ T5835] Bluetooth: hci5: command 0x0406 tx timeout
[  770.199475][T16339] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  770.251011][T16364] futex_wake_op: syz.1.3251 tries to shift op by -1; fix this program
[  770.402185][T16365] geneve3: entered allmulticast mode
[  770.551400][T16339] lowmem_reserve[]: 0 0 0 0 0
[  770.557494][ T9813] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20001 - 0
[  770.617267][ T9813] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20001 - 0
[  770.647550][T16339] Node 1 Normal free:3892788kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:28kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:11296kB local_pcp:7872kB free_cma:0kB
[  770.708598][ T9829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20001 - 0
[  770.896117][T16339] lowmem_reserve[]: 0 0 0 0 0
[  770.901936][ T9811] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20001 - 0
[  770.961874][T16339] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  771.108041][T16339] Node 0 DMA32: 3252*4kB (UME) 3193*8kB (UME) 1826*16kB (UME) 646*32kB (UME) 394*64kB (UME) 264*128kB (UME) 178*256kB (UME) 96*512kB (UM) 51*1024kB (UME) 16*2048kB (UME) 211*4096kB (UM) = 1191416kB
[  771.329159][T16339] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  771.369531][T16339] Node 1 Normal: 169*4kB (UE) 50*8kB (UE) 36*16kB (UE) 242*32kB (UME) 92*64kB (UME) 23*128kB (UME) 3*256kB (ME) 2*512kB (M) 2*1024kB (UM) 0*2048kB 945*4096kB (M) = 3892788kB
[  771.497985][T16377] futex_wake_op: syz.3.3254 tries to shift op by -1; fix this program
[  771.561040][T16339] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  771.574378][T16339] Node 0 hugepages_total=4 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB
[  771.836124][ T5906] usb 5-1: new high-speed USB device number 115 using dummy_hcd
[  771.874813][T16339] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  772.062741][ T5906] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  772.073679][ T5906] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  772.091282][ T5906] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  772.355990][ T5906] usb 5-1: config 220 has no interface number 2
[  772.362344][ T5906] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  772.386212][T16339] Node 1 hugepages_total=1 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  772.395824][T16339] 66477 total pagecache pages
[  772.416003][ T5906] usb 5-1: config 220 interface 0 has no altsetting 0
[  772.436253][ T5906] usb 5-1: config 220 interface 76 has no altsetting 0
[  772.453332][ T5906] usb 5-1: config 220 interface 1 has no altsetting 0
[  772.468110][ T5906] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  772.488460][   T30] audit: type=1326 audit(1770144026.004:1604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16379 comm="syz.1.3256" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73ad539 code=0x0
[  772.498605][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  772.530854][T16339] 0 pages in swap cache
[  772.554525][ T5906] usb 5-1: Product: syz
[  772.561221][T16339] Free swap  = 124996kB
[  772.572346][ T5906] usb 5-1: Manufacturer: syz
[  772.581389][ T5906] usb 5-1: SerialNumber: syz
[  772.595031][T16339] Total swap = 124996kB
[  772.621420][T16339] 2097051 pages RAM
[  772.628601][T16339] 0 pages HighMem/MovableOnly
[  772.686598][T16339] 426623 pages reserved
[  772.696894][T16339] 0 pages cma reserved
[  772.845158][ T5906] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  772.866221][ T5906] uvcvideo 5-1:220.0: No valid video chain found.
[  772.872776][ T5906] usb 5-1: selecting invalid altsetting 0
[  772.914444][ T5906] usb 5-1: selecting invalid altsetting 0
[  772.928932][ T5906] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  772.944860][   T30] audit: type=1326 audit(1770144026.464:1605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16385 comm="syz.3.3258" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf73bd539 code=0x0
[  772.953495][ T5906] usb 5-1: USB disconnect, device number 115
[  772.996765][T16387] FAULT_INJECTION: forcing a failure.
[  772.996765][T16387] name failslab, interval 1, probability 0, space 0, times 0
[  773.024512][T16387] CPU: 1 UID: 0 PID: 16387 Comm: syz.3.3258 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  773.024535][T16387] Tainted: [L]=SOFTLOCKUP
[  773.024540][T16387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  773.024548][T16387] Call Trace:
[  773.024554][T16387]  <TASK>
[  773.024560][T16387]  dump_stack_lvl+0xe8/0x150
[  773.024582][T16387]  should_fail_ex+0x412/0x560
[  773.024600][T16387]  should_failslab+0xa8/0x100
[  773.024618][T16387]  kmem_cache_alloc_lru_noprof+0x8c/0x6c0
[  773.024638][T16387]  ? __d_alloc+0x37/0x6f0
[  773.024651][T16387]  ? __lock_acquire+0x6b5/0x2cf0
[  773.024670][T16387]  __d_alloc+0x37/0x6f0
[  773.024688][T16387]  d_alloc_parallel+0xe6/0x1610
[  773.024704][T16387]  ? __d_lookup+0x66/0x780
[  773.024722][T16387]  ? __d_lookup+0x66/0x780
[  773.024740][T16387]  ? __d_lookup+0x66/0x780
[  773.024757][T16387]  ? __pfx_d_alloc_parallel+0x10/0x10
[  773.024776][T16387]  ? seqcount_lockdep_reader_access+0xa9/0x100
[  773.024794][T16387]  path_openat+0xcab/0x3e20
[  773.024828][T16387]  ? getname_flags+0xb7/0x540
[  773.024841][T16387]  ? __pfx_path_openat+0x10/0x10
[  773.024868][T16387]  do_filp_open+0x22d/0x490
[  773.024886][T16387]  ? __pfx_do_filp_open+0x10/0x10
[  773.024908][T16387]  ? __pfx_kfree_link+0x10/0x10
[  773.024926][T16387]  ? _raw_spin_unlock+0x28/0x50
[  773.024944][T16387]  ? alloc_fd+0x64b/0x6c0
[  773.024962][T16387]  do_sys_openat2+0x12f/0x220
[  773.024978][T16387]  ? __pfx_do_sys_openat2+0x10/0x10
[  773.024993][T16387]  ? ksys_write+0x242/0x270
[  773.025015][T16387]  ? __pfx_ksys_write+0x10/0x10
[  773.025043][T16387]  __ia32_compat_sys_openat+0x131/0x160
[  773.025070][T16387]  ? asm_int80_emulation+0x1a/0x20
[  773.025087][T16387]  do_int80_emulation+0x111/0x400
[  773.025110][T16387]  ? clear_bhb_loop+0x60/0xb0
[  773.025127][T16387]  ? clear_bhb_loop+0x60/0xb0
[  773.025142][T16387]  asm_int80_emulation+0x1a/0x20
[  773.025153][T16387] RIP: 0023:0xf712572b
[  773.025165][T16387] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  773.025175][T16387] RSP: 002b:00000000f53c53cc EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  773.025190][T16387] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f53c5490
[  773.025199][T16387] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  773.025207][T16387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  773.025214][T16387] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  773.025221][T16387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  773.025239][T16387]  </TASK>
[  773.511977][T16395] futex_wake_op: syz.0.3259 tries to shift op by -1; fix this program
[  774.097759][T16401] netlink: 712 bytes leftover after parsing attributes in process `syz.2.3263'.
[  774.429559][T16412] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3266'.
[  774.727184][T16423] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  774.733819][T16423] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  774.865555][T16430] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3269'.
[  774.886033][T16423] vhci_hcd vhci_hcd.0: Device attached
[  774.900465][T16424] vhci_hcd: connection closed
[  774.902447][ T9832] vhci_hcd vhci_hcd.0: stop threads
[  774.922762][T16426] geneve2: entered allmulticast mode
[  774.946668][ T9832] vhci_hcd vhci_hcd.0: release socket
[  774.952121][ T9832] vhci_hcd vhci_hcd.0: disconnect device
[  775.003633][T16433] fuse: Bad value for 'fd'
[  776.162180][ T9832] wlan0: Trigger new scan to find an IBSS to join
[  776.275513][T16450] FAULT_INJECTION: forcing a failure.
[  776.275513][T16450] name failslab, interval 1, probability 0, space 0, times 0
[  776.316731][T16450] CPU: 1 UID: 0 PID: 16450 Comm: syz.1.3280 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  776.316768][T16450] Tainted: [L]=SOFTLOCKUP
[  776.316776][T16450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  776.316788][T16450] Call Trace:
[  776.316797][T16450]  <TASK>
[  776.316806][T16450]  dump_stack_lvl+0xe8/0x150
[  776.316839][T16450]  should_fail_ex+0x412/0x560
[  776.316869][T16450]  should_failslab+0xa8/0x100
[  776.316893][T16450]  kmem_cache_alloc_node_noprof+0x8b/0x6f0
[  776.316921][T16450]  ? __alloc_skb+0x193/0x390
[  776.316944][T16450]  ? __alloc_skb+0x1d7/0x390
[  776.316964][T16450]  ? __local_bh_enable_ip+0xd0/0x130
[  776.316984][T16450]  ? __alloc_skb+0x193/0x390
[  776.317008][T16450]  __alloc_skb+0x1d7/0x390
[  776.317036][T16450]  alloc_skb_with_frags+0xca/0x890
[  776.317059][T16450]  ? __might_fault+0xaf/0x130
[  776.317099][T16450]  sock_alloc_send_pskb+0x878/0x990
[  776.317144][T16450]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  776.317183][T16450]  ? iov_iter_advance+0x8b/0x1c0
[  776.317212][T16450]  tun_get_user+0x92d/0x3dd0
[  776.317246][T16450]  ? aa_file_perm+0x12d/0x1630
[  776.317284][T16450]  ? aa_file_perm+0x440/0x1630
[  776.317307][T16450]  ? __pfx_tun_get_user+0x10/0x10
[  776.317330][T16450]  ? __lock_acquire+0x6b5/0x2cf0
[  776.317362][T16450]  ? kstrtoull+0x12f/0x1d0
[  776.317391][T16450]  ? ref_tracker_alloc+0x363/0x4d0
[  776.317416][T16450]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  776.317441][T16450]  ? tun_get+0x1c/0x2f0
[  776.317461][T16450]  ? tun_get+0x1c/0x2f0
[  776.317487][T16450]  ? tun_get+0x1c/0x2f0
[  776.317504][T16450]  ? tun_get+0x1c/0x2f0
[  776.317527][T16450]  tun_chr_write_iter+0x113/0x200
[  776.317550][T16450]  vfs_write+0x61d/0xb90
[  776.317586][T16450]  ? __pfx_vfs_write+0x10/0x10
[  776.317622][T16450]  ? __fget_files+0x2a/0x420
[  776.317651][T16450]  ksys_write+0x150/0x270
[  776.317681][T16450]  ? __pfx_ksys_write+0x10/0x10
[  776.317706][T16450]  ? __pfx_ksys_write+0x10/0x10
[  776.317741][T16450]  __do_fast_syscall_32+0x1d2/0x540
[  776.317763][T16450]  ? lockdep_hardirqs_on+0x7a/0x110
[  776.317782][T16450]  ? do_fast_syscall_32+0x33/0x70
[  776.317802][T16450]  ? asm_int80_emulation+0x1a/0x20
[  776.317821][T16450]  ? do_int80_emulation+0x20e/0x400
[  776.317847][T16450]  do_fast_syscall_32+0x33/0x70
[  776.317870][T16450]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  776.317892][T16450] RIP: 0023:0xf73ad539
[  776.317911][T16450] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  776.317929][T16450] RSP: 002b:00000000f53d650c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  776.317950][T16450] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000300
[  776.317965][T16450] RDX: 000000000000340a RSI: 0000000000000000 RDI: 0000000000000000
[  776.317978][T16450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  776.317989][T16450] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  776.318002][T16450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  776.318033][T16450]  </TASK>
[  776.922994][   T30] audit: type=1326 audit(1770144030.434:1606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16458 comm="syz.3.3281" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73bd539 code=0x0
[  777.066025][T11536] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  777.220696][T11536] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50
[  777.246622][T11536] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.254779][T11536] usb 1-1: Product: syz
[  777.266161][T11536] usb 1-1: Manufacturer: syz
[  777.276274][T11536] usb 1-1: SerialNumber: syz
[  777.302830][T11536] usb 1-1: config 0 descriptor??
[  777.324502][T11536] usb 1-1: Waiting for MOTU Microbook II to boot up...
[  777.346134][T11536] usb 1-1: failed setting the sample rate for Motu MicroBook II: -22
[  777.354530][T11536] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22
[  777.555275][T16457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  777.567747][T16457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  777.672973][T11536] usb 1-1: USB disconnect, device number 20
[  778.427479][T16497] FAULT_INJECTION: forcing a failure.
[  778.427479][T16497] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  778.650612][T16497] CPU: 1 UID: 0 PID: 16497 Comm: syz.2.3294 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  778.650647][T16497] Tainted: [L]=SOFTLOCKUP
[  778.650655][T16497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  778.650666][T16497] Call Trace:
[  778.650675][T16497]  <TASK>
[  778.650684][T16497]  dump_stack_lvl+0xe8/0x150
[  778.650714][T16497]  should_fail_ex+0x412/0x560
[  778.650744][T16497]  _copy_to_user+0x31/0xb0
[  778.650775][T16497]  simple_read_from_buffer+0xe1/0x170
[  778.650802][T16497]  proc_fail_nth_read+0x1bb/0x230
[  778.650833][T16497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  778.650865][T16497]  ? rw_verify_area+0x2a6/0x4d0
[  778.650890][T16497]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  778.650916][T16497]  vfs_read+0x20c/0xa70
[  778.650940][T16497]  ? fdget_pos+0x246/0x320
[  778.650964][T16497]  ? __pfx___mutex_lock+0x10/0x10
[  778.650986][T16497]  ? __pfx_vfs_read+0x10/0x10
[  778.651011][T16497]  ? __fget_files+0x2a/0x420
[  778.651035][T16497]  ? __fget_files+0x3a0/0x420
[  778.651054][T16497]  ? __fget_files+0x2a/0x420
[  778.651083][T16497]  ksys_read+0x150/0x270
[  778.651112][T16497]  ? __pfx_ksys_read+0x10/0x10
[  778.651142][T16497]  ? asm_int80_emulation+0x1a/0x20
[  778.651164][T16497]  ? asm_int80_emulation+0x1a/0x20
[  778.651183][T16497]  do_int80_emulation+0x111/0x400
[  778.651205][T16497]  ? clear_bhb_loop+0x60/0xb0
[  778.651223][T16497]  ? clear_bhb_loop+0x60/0xb0
[  778.651257][T16497]  asm_int80_emulation+0x1a/0x20
[  778.651275][T16497] RIP: 0023:0xf71b572b
[  778.651294][T16497] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  778.651311][T16497] RSP: 002b:00000000f54764bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  778.651334][T16497] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54765d0
[  778.651349][T16497] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  778.651360][T16497] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  778.651372][T16497] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  778.651384][T16497] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  778.651415][T16497]  </TASK>
[  778.885594][T11536] usb 5-1: new high-speed USB device number 116 using dummy_hcd
[  779.316436][T11536] usb 5-1: Using ep0 maxpacket: 8
[  779.324006][T11536] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  779.332493][T11536] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  779.343797][T11536] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  779.380486][T11536] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  779.436952][T11536] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  779.451393][T11536] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  779.460830][T11536] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.700132][T11536] usb 5-1: GET_CAPABILITIES returned 0
[  779.705685][T11536] usbtmc 5-1:16.0: can't read capabilities
[  779.922332][T11536] usb 5-1: USB disconnect, device number 116
[  780.181505][T16521] ip6tnl0: Caught tx_queue_len zero misconfig
[  780.205675][   T50] wlan0: Trigger new scan to find an IBSS to join
[  780.394269][T16525] program syz.1.3302 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  781.185898][ T9824] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  781.426237][   T50] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  781.447759][T11536] usb 5-1: new full-speed USB device number 117 using dummy_hcd
[  781.619394][T11536] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  781.656051][T11536] usb 5-1: config 0 has no interface number 0
[  781.662230][T11536] usb 5-1: config 0 interface 41 has no altsetting 0
[  781.689405][T11536] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  781.729228][T11536] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  781.756094][T11536] usb 5-1: Product: syz
[  781.766887][T11536] usb 5-1: Manufacturer: syz
[  781.771546][T11536] usb 5-1: SerialNumber: syz
[  781.827311][T11536] usb 5-1: config 0 descriptor??
[  782.648282][T16583] FAULT_INJECTION: forcing a failure.
[  782.648282][T16583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  782.685156][T16583] CPU: 1 UID: 0 PID: 16583 Comm: syz.3.3323 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  782.685194][T16583] Tainted: [L]=SOFTLOCKUP
[  782.685203][T16583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  782.685214][T16583] Call Trace:
[  782.685222][T16583]  <TASK>
[  782.685232][T16583]  dump_stack_lvl+0xe8/0x150
[  782.685274][T16583]  should_fail_ex+0x412/0x560
[  782.685306][T16583]  _copy_from_user+0x2d/0xb0
[  782.685338][T16583]  kstrtouint_from_user+0xd6/0x180
[  782.685365][T16583]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  782.685409][T16583]  proc_fail_nth_write+0x8e/0x210
[  782.685439][T16583]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  782.685473][T16583]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  782.685501][T16583]  vfs_write+0x29a/0xb90
[  782.685537][T16583]  ? __pfx_vfs_write+0x10/0x10
[  782.685567][T16583]  ? __fget_files+0x2a/0x420
[  782.685595][T16583]  ? __fget_files+0x3a0/0x420
[  782.685616][T16583]  ? __fget_files+0x2a/0x420
[  782.685646][T16583]  ksys_write+0x150/0x270
[  782.685676][T16583]  ? __pfx_ksys_write+0x10/0x10
[  782.685709][T16583]  ? asm_int80_emulation+0x1a/0x20
[  782.685733][T16583]  ? asm_int80_emulation+0x1a/0x20
[  782.685753][T16583]  do_int80_emulation+0x111/0x400
[  782.685778][T16583]  ? clear_bhb_loop+0x60/0xb0
[  782.685796][T16583]  ? clear_bhb_loop+0x60/0xb0
[  782.685819][T16583]  asm_int80_emulation+0x1a/0x20
[  782.685838][T16583] RIP: 0023:0xf712572b
[  782.685858][T16583] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  782.685875][T16583] RSP: 002b:00000000f53e64bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  782.685898][T16583] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f53e65d0
[  782.685912][T16583] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  782.685929][T16583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  782.685940][T16583] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  782.685952][T16583] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  782.685983][T16583]  </TASK>
[  783.107654][T16590] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105)
[  783.121567][T16590] team0 (unregistering): Port device team_slave_0 removed
[  783.130603][T11536] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  783.176555][T16590] team0 (unregistering): Failed to send options change via netlink (err -105)
[  783.189001][T16590] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[  783.206358][T16590] team0 (unregistering): Port device team_slave_1 removed
[  783.228897][T16590] team0 (unregistering): Failed to send options change via netlink (err -105)
[  783.238905][T16590] team0 (unregistering): Failed to send port change of device netdevsim0 via netlink (err -105)
[  783.271694][T16590] team0 (unregistering): Port device netdevsim0 removed
[  783.726056][ T5907] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  783.750957][T16553] netlink: 294 bytes leftover after parsing attributes in process `syz.4.3312'.
[  783.778577][T16553] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  783.824189][T16553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  783.833814][T16553] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  783.883071][T16602] dvmrp0: entered allmulticast mode
[  783.886023][ T5907] usb 4-1: Using ep0 maxpacket: 32
[  783.892000][T16602] dvmrp0: left allmulticast mode
[  783.895577][ T5907] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  783.908119][ T5907] usb 4-1: config 0 has no interface number 0
[  783.914466][ T5907] usb 4-1: config 0 interface 184 has no altsetting 0
[  783.938077][ T5907] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  783.956043][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.964963][ T5907] usb 4-1: Product: syz
[  783.975341][ T5907] usb 4-1: Manufacturer: syz
[  783.980078][ T5907] usb 4-1: SerialNumber: syz
[  783.988706][ T5907] usb 4-1: config 0 descriptor??
[  784.001398][ T5907] smsc75xx v1.0.0
[  784.086121][ T5906] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[  784.246118][T10848] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  784.257708][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  784.269080][ T5906] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  784.283386][ T5906] usb 2-1: New USB device found, idVendor=eb1a, idProduct=e303, bcdDevice=fc.a0
[  784.293380][ T5906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  784.302318][ T5906] usb 2-1: Product: syz
[  784.306968][ T5906] usb 2-1: Manufacturer: syz
[  784.311659][ T5906] usb 2-1: SerialNumber: syz
[  784.320430][ T5906] usb 2-1: config 0 descriptor??
[  784.340169][ T5906] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (eb1a:e303, interface 0, class 0)
[  784.349778][ T5906] em28xx 2-1:0.0: Video interface 0 found: bulk
[  784.364525][T11536] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  784.386066][T10848] usb 1-1: device descriptor read/64, error -71
[  784.399903][T11536] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71
[  784.416396][T11536] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  784.432108][T11536] usb 5-1: USB disconnect, device number 117
[  784.483958][T16609] bridge0: port 3(team0) entered disabled state
[  784.523584][T16609] team0 (unregistering): left allmulticast mode
[  784.531497][T16609] team_slave_0: left allmulticast mode
[  784.537107][T16609] team_slave_1: left allmulticast mode
[  784.542874][T16609] team0 (unregistering): left promiscuous mode
[  784.549399][T16609] team_slave_0: left promiscuous mode
[  784.555003][T16609] team_slave_1: left promiscuous mode
[  784.561365][T16609] bridge0: port 3(team0) entered disabled state
[  784.586907][T16609] team0 (unregistering): Failed to send options change via netlink (err -105)
[  784.599034][T16609] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105)
[  784.610467][T16609] team0 (unregistering): Port device team_slave_0 removed
[  784.634072][T16609] team0 (unregistering): Failed to send options change via netlink (err -105)
[  784.643526][T16609] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105)
[  784.654372][T10848] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  784.656676][T16609] team0 (unregistering): Port device team_slave_1 removed
[  784.673920][T16609] team0 (unregistering): Failed to send options change via netlink (err -105)
[  784.689122][T16609] team0 (unregistering): Failed to send port change of device bridge2 via netlink (err -105)
[  784.700993][T16609] team0 (unregistering): Port device bridge2 removed
[  784.786241][T10848] usb 1-1: device descriptor read/64, error -71
[  784.880529][T16613] FAULT_INJECTION: forcing a failure.
[  784.880529][T16613] name failslab, interval 1, probability 0, space 0, times 0
[  784.893787][T16613] CPU: 0 UID: 0 PID: 16613 Comm: syz.2.3333 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  784.893820][T16613] Tainted: [L]=SOFTLOCKUP
[  784.893828][T16613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  784.893841][T16613] Call Trace:
[  784.893850][T16613]  <TASK>
[  784.893860][T16613]  dump_stack_lvl+0xe8/0x150
[  784.893898][T16613]  should_fail_ex+0x412/0x560
[  784.893929][T16613]  should_failslab+0xa8/0x100
[  784.893954][T16613]  __kmalloc_cache_noprof+0x83/0x6e0
[  784.893976][T16613]  ? basic_change+0x2f9/0xfc0
[  784.894012][T16613]  basic_change+0x2f9/0xfc0
[  784.894041][T16613]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  784.894076][T16613]  ? __pfx_basic_change+0x10/0x10
[  784.894129][T16613]  tc_new_tfilter+0xe1c/0x1630
[  784.894183][T16613]  ? __pfx_tc_new_tfilter+0x10/0x10
[  784.894224][T16613]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  784.894265][T16613]  ? __pfx_tc_new_tfilter+0x10/0x10
[  784.894304][T16613]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  784.894330][T16613]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  784.894351][T16613]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  784.894372][T16613]  ? ref_tracker_free+0x693/0x840
[  784.894395][T16613]  ? __copy_skb_header+0xa3/0x4a0
[  784.894434][T16613]  ? __pfx_ref_tracker_free+0x10/0x10
[  784.894456][T16613]  ? __skb_clone+0x63/0x7a0
[  784.894492][T16613]  netlink_rcv_skb+0x232/0x4b0
[  784.894514][T16613]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  784.894537][T16613]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  784.894569][T16613]  ? netlink_deliver_tap+0x2e/0x1b0
[  784.894597][T16613]  netlink_unicast+0x80f/0x9b0
[  784.894634][T16613]  ? __pfx_netlink_unicast+0x10/0x10
[  784.894662][T16613]  ? __alloc_skb+0x193/0x390
[  784.894684][T16613]  ? netlink_sendmsg+0x650/0xb40
[  784.894703][T16613]  ? skb_put+0x11b/0x210
[  784.894731][T16613]  netlink_sendmsg+0x813/0xb40
[  784.894762][T16613]  ? __pfx_netlink_sendmsg+0x10/0x10
[  784.894787][T16613]  ? aa_sock_msg_perm+0xf1/0x1b0
[  784.894814][T16613]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  784.894837][T16613]  ? __pfx_netlink_sendmsg+0x10/0x10
[  784.894858][T16613]  ____sys_sendmsg+0xa68/0xad0
[  784.894894][T16613]  ? __pfx_____sys_sendmsg+0x10/0x10
[  784.894926][T16613]  ? kstrtoull+0x12f/0x1d0
[  784.894959][T16613]  ___sys_sendmsg+0x2a5/0x360
[  784.894984][T16613]  ? __lock_acquire+0x6b5/0x2cf0
[  784.895016][T16613]  ? __pfx____sys_sendmsg+0x10/0x10
[  784.895047][T16613]  ? __lock_acquire+0x6b5/0x2cf0
[  784.895107][T16613]  ? __fget_files+0x2a/0x420
[  784.895129][T16613]  ? __fget_files+0x3a0/0x420
[  784.895162][T16613]  __sys_sendmsg+0x183/0x260
[  784.895191][T16613]  ? __pfx___sys_sendmsg+0x10/0x10
[  784.895228][T16613]  ? __irq_exit_rcu+0x5f/0x150
[  784.895248][T16613]  ? lockdep_softirqs_on+0x11d/0x180
[  784.895285][T16613]  __do_fast_syscall_32+0x1d2/0x540
[  784.895309][T16613]  ? do_fast_syscall_32+0x33/0x70
[  784.895329][T16613]  ? irqentry_exit+0x10e/0x620
[  784.895355][T16613]  do_fast_syscall_32+0x33/0x70
[  784.895377][T16613]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  784.895400][T16613] RIP: 0023:0xf7fb2539
[  784.895427][T16613] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  784.895444][T16613] RSP: 002b:00000000f547650c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  784.895466][T16613] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  784.895480][T16613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  784.895491][T16613] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  784.895503][T16613] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  784.895516][T16613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  784.895547][T16613]  </TASK>
[  784.896571][T10848] usb usb1-port1: attempt power cycle
[  785.225343][ T5907] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71
[  785.324222][ T5907] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  785.344993][ T5907] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  785.386083][ T5907] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  785.397382][ T5907] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  785.408041][ T5907] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  785.418426][ T5907] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[  785.457978][ T5907] usb 4-1: USB disconnect, device number 101
[  785.483537][T16628] futex_wake_op: syz.2.3336 tries to shift op by -1; fix this program
[  785.493930][ T5906] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  785.509381][T16629] futex_wake_op: syz.4.3337 tries to shift op by -1; fix this program
[  785.628640][T10848] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  785.634626][ T5906] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  785.647018][ T5906] em28xx 2-1:0.0: board has no eeprom
[  785.693701][T10848] usb 1-1: device descriptor read/8, error -71
[  785.706006][ T5906] em28xx 2-1:0.0: Identified as Kaiomy TVnPC U2 (card=63)
[  785.723224][ T5906] em28xx 2-1:0.0: analog set to bulk mode.
[  785.735490][ T5907] em28xx 2-1:0.0: Registering V4L2 extension
[  785.885238][ T5907] em28xx 2-1:0.0: reading from i2c device at 0xb8 failed (error=-5)
[  785.901093][ T5907] em28xx 2-1:0.0: reading from i2c device at 0xba failed (error=-5)
[  785.977582][T10848] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  786.008339][T10848] usb 1-1: device descriptor read/8, error -71
[  786.012338][ T5907] i2c i2c-1: Invalid 7-bit I2C address 0x00
[  786.131832][T10848] usb usb1-port1: unable to enumerate USB device
[  786.202571][ T5907] tuner: 1-0061: Tuner -1 found with type(s) Radio TV.
[  786.502435][ T5906] usb 2-1: USB disconnect, device number 100
[  786.514513][ T5906] em28xx 2-1:0.0: Disconnecting em28xx
[  786.630448][ T5907] DVB: Unable to find symbol xc2028_attach()
[  786.636578][ T5907] tuner: 1-0061: Tuner has no way to set tv freq
[  786.663444][ T5907] em28xx 2-1:0.0: Config register raw data: 0xffffffed
[  786.698800][ T5907] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  786.738130][ T5907] em28xx 2-1:0.0: No AC97 audio processor
[  786.900643][ T5907] tuner: 1-0061: Tuner has no way to set tv freq
[  786.914148][ T5907] videodev: could not get a free minor
[  786.920505][ T5907] em28xx 2-1:0.0: can't register radio device
[  787.230178][T16649] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  787.262736][T16643] geneve2: entered allmulticast mode
[  787.272900][ T5907] em28xx 2-1:0.0: V4L2 device video103 deregistered
[  787.322379][T16649] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  787.322498][T16645] ==================================================================
[  787.339654][T16645] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420
[  787.347100][T16645] Read of size 8 at addr ffff888079b5c740 by task v4l_id/16645
[  787.354650][T16645] 
[  787.356982][T16645] CPU: 0 UID: 0 PID: 16645 Comm: v4l_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  787.357002][T16645] Tainted: [L]=SOFTLOCKUP
[  787.357007][T16645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  787.357015][T16645] Call Trace:
[  787.357021][T16645]  <TASK>
[  787.357027][T16645]  dump_stack_lvl+0xe8/0x150
[  787.357048][T16645]  print_report+0xba/0x230
[  787.357061][T16645]  ? v4l2_fh_open+0xac/0x420
[  787.357074][T16645]  kasan_report+0x117/0x150
[  787.357088][T16645]  ? v4l2_fh_open+0xac/0x420
[  787.357103][T16645]  v4l2_fh_open+0xac/0x420
[  787.357116][T16645]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  787.357132][T16645]  em28xx_v4l2_open+0x157/0x9a0
[  787.357150][T16645]  ? do_raw_spin_lock+0x12b/0x2f0
[  787.357169][T16645]  v4l2_open+0x1bf/0x3a0
[  787.357185][T16645]  chrdev_open+0x4cd/0x5e0
[  787.357198][T16645]  ? __pfx_chrdev_open+0x10/0x10
[  787.357209][T16645]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[  787.357225][T16645]  ? __pfx_chrdev_open+0x10/0x10
[  787.357236][T16645]  do_dentry_open+0x7ce/0x1420
[  787.357252][T16645]  vfs_open+0x3b/0x340
[  787.357263][T16645]  ? path_openat+0x346e/0x3e20
[  787.357280][T16645]  path_openat+0x3486/0x3e20
[  787.357302][T16645]  ? kmem_cache_alloc_noprof+0x370/0x6e0
[  787.357319][T16645]  ? getname_flags+0xb7/0x540
[  787.357331][T16645]  ? __pfx_path_openat+0x10/0x10
[  787.357347][T16645]  ? __lock_acquire+0x6b5/0x2cf0
[  787.357366][T16645]  do_filp_open+0x22d/0x490
[  787.357383][T16645]  ? __pfx_do_filp_open+0x10/0x10
[  787.357409][T16645]  ? _raw_spin_unlock+0x28/0x50
[  787.357426][T16645]  ? alloc_fd+0x64b/0x6c0
[  787.357440][T16645]  do_sys_openat2+0x12f/0x220
[  787.357455][T16645]  ? __pfx_do_sys_openat2+0x10/0x10
[  787.357469][T16645]  ? exc_page_fault+0x6a/0xc0
[  787.357481][T16645]  ? do_user_addr_fault+0xc7c/0x1360
[  787.357499][T16645]  __x64_sys_openat+0x138/0x170
[  787.357514][T16645]  do_syscall_64+0xe2/0xf80
[  787.357527][T16645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  787.357538][T16645]  ? trace_irq_disable+0x37/0x100
[  787.357550][T16645]  ? clear_bhb_loop+0x60/0xb0
[  787.357562][T16645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  787.357574][T16645] RIP: 0033:0x7fbe6cea7407
[  787.357587][T16645] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  787.357599][T16645] RSP: 002b:00007ffd397bc260 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  787.357613][T16645] RAX: ffffffffffffffda RBX: 00007fbe6d5d6880 RCX: 00007fbe6cea7407
[  787.357623][T16645] RDX: 0000000000000000 RSI: 00007ffd397bcf1d RDI: ffffffffffffff9c
[  787.357631][T16645] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  787.357639][T16645] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  787.357646][T16645] R13: 00007ffd397bc4b0 R14: 00007fbe6d73d000 R15: 000056367fdb54d8
[  787.357659][T16645]  </TASK>
[  787.357664][T16645] 
[  787.643483][T16645] Allocated by task 5907:
[  787.647816][T16645]  kasan_save_track+0x3e/0x80
[  787.652500][T16645]  __kasan_kmalloc+0x93/0xb0
[  787.657093][T16645]  __kmalloc_cache_noprof+0x3d1/0x6e0
[  787.662467][T16645]  em28xx_v4l2_init+0x10b/0x2e70
[  787.667416][T16645]  em28xx_init_extension+0x120/0x1c0
[  787.672706][T16645]  process_scheduled_works+0xaec/0x17a0
[  787.678258][T16645]  worker_thread+0xda6/0x1360
[  787.682943][T16645]  kthread+0x726/0x8b0
[  787.687015][T16645]  ret_from_fork+0x51b/0xa40
[  787.691613][T16645]  ret_from_fork_asm+0x1a/0x30
[  787.696474][T16645] 
[  787.698806][T16645] Freed by task 5907:
[  787.702872][T16645]  kasan_save_track+0x3e/0x80
[  787.707641][T16645]  kasan_save_free_info+0x46/0x50
[  787.712676][T16645]  __kasan_slab_free+0x5c/0x80
[  787.717447][T16645]  kfree+0x1be/0x650
[  787.721347][T16645]  em28xx_v4l2_init+0x1683/0x2e70
[  787.726467][T16645]  em28xx_init_extension+0x120/0x1c0
[  787.731760][T16645]  process_scheduled_works+0xaec/0x17a0
[  787.737317][T16645]  worker_thread+0xda6/0x1360
[  787.742015][T16645]  kthread+0x726/0x8b0
[  787.746090][T16645]  ret_from_fork+0x51b/0xa40
[  787.750692][T16645]  ret_from_fork_asm+0x1a/0x30
[  787.755461][T16645] 
[  787.757796][T16645] The buggy address belongs to the object at ffff888079b5c000
[  787.757796][T16645]  which belongs to the cache kmalloc-8k of size 8192
[  787.771851][T16645] The buggy address is located 1856 bytes inside of
[  787.771851][T16645]  freed 8192-byte region [ffff888079b5c000, ffff888079b5e000)
[  787.785911][T16645] 
[  787.788242][T16645] The buggy address belongs to the physical page:
[  787.794652][T16645] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79b58
[  787.803418][T16645] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  787.811918][T16645] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  787.819986][T16645] page_type: f5(slab)
[  787.823973][T16645] raw: 00fff00000000040 ffff88813fe27280 0000000000000000 dead000000000001
[  787.832576][T16645] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  787.841169][T16645] head: 00fff00000000040 ffff88813fe27280 0000000000000000 dead000000000001
[  787.849942][T16645] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  787.858629][T16645] head: 00fff00000000003 ffffea0001e6d601 00000000ffffffff 00000000ffffffff
[  787.867337][T16645] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  787.876005][T16645] page dumped because: kasan: bad access detected
[  787.882421][T16645] page_owner tracks the page as allocated
[  787.888131][T16645] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5493, tgid 5493 (dhcpcd), ts 53998464369, free_ts 53865742577
[  787.908196][T16645]  post_alloc_hook+0x228/0x280
[  787.913068][T16645]  get_page_from_freelist+0x24dc/0x2580
[  787.918614][T16645]  __alloc_frozen_pages_noprof+0x18d/0x380
[  787.924428][T16645]  alloc_pages_mpol+0x232/0x4a0
[  787.929281][T16645]  allocate_slab+0x86/0x3a0
[  787.933791][T16645]  ___slab_alloc+0xd82/0x1760
[  787.938484][T16645]  __slab_alloc+0x65/0x100
[  787.943105][T16645]  __kmalloc_cache_noprof+0x40d/0x6e0
[  787.948494][T16645]  tomoyo_init_log+0x112e/0x1fb0
[  787.953511][T16645]  tomoyo_supervisor+0x353/0x1570
[  787.958568][T16645]  tomoyo_env_perm+0x151/0x1f0
[  787.963346][T16645]  tomoyo_find_next_domain+0x15cb/0x1aa0
[  787.968985][T16645]  tomoyo_bprm_check_security+0x11b/0x180
[  787.974713][T16645]  security_bprm_check+0x85/0x240
[  787.979739][T16645]  bprm_execve+0x896/0x1410
[  787.984257][T16645]  do_execveat_common+0x50f/0x690
[  787.989297][T16645] page last free pid 5490 tgid 5490 stack trace:
[  787.995714][T16645]  __free_frozen_pages+0xbf8/0xd70
[  788.000831][T16645]  __put_partials+0x146/0x170
[  788.005513][T16645]  __slab_free+0x294/0x320
[  788.009941][T16645]  qlist_free_all+0x97/0x100
[  788.014647][T16645]  kasan_quarantine_reduce+0x148/0x160
[  788.020117][T16645]  __kasan_slab_alloc+0x22/0x80
[  788.025104][T16645]  __kmalloc_noprof+0x3c2/0x7e0
[  788.029959][T16645]  tomoyo_realpath_from_path+0xe3/0x5d0
[  788.035513][T16645]  tomoyo_path_perm+0x283/0x560
[  788.040374][T16645]  security_inode_getattr+0x12b/0x310
[  788.045929][T16645]  __x64_sys_newfstat+0x13b/0x270
[  788.050978][T16645]  do_syscall_64+0xe2/0xf80
[  788.055577][T16645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.061822][T16645] 
[  788.064153][T16645] Memory state around the buggy address:
[  788.069873][T16645]  ffff888079b5c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  788.078027][T16645]  ffff888079b5c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  788.086174][T16645] >ffff888079b5c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  788.094238][T16645]                                            ^
[  788.100387][T16645]  ffff888079b5c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  788.108463][T16645]  ffff888079b5c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  788.116530][T16645] ==================================================================
[  788.134905][ T5907] em28xx 2-1:0.0: Registering input extension
[  788.216186][ T5906] em28xx 2-1:0.0: Closing input extension
[  788.546332][T16645] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  788.553611][T16645] CPU: 0 UID: 0 PID: 16645 Comm: v4l_id Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  788.564364][T16645] Tainted: [L]=SOFTLOCKUP
[  788.568701][T16645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  788.578764][T16645] Call Trace:
[  788.582079][T16645]  <TASK>
[  788.585106][T16645]  vpanic+0x1e0/0x670
[  788.589108][T16645]  panic+0xc5/0xd0
[  788.592849][T16645]  ? __pfx_panic+0x10/0x10
[  788.597361][T16645]  ? preempt_schedule_common+0x82/0xd0
[  788.602830][T16645]  ? v4l2_fh_open+0xac/0x420
[  788.607424][T16645]  check_panic_on_warn+0x89/0xb0
[  788.612368][T16645]  ? v4l2_fh_open+0xac/0x420
[  788.616967][T16645]  end_report+0x6f/0x140
[  788.621213][T16645]  kasan_report+0x128/0x150
[  788.625721][T16645]  ? v4l2_fh_open+0xac/0x420
[  788.630324][T16645]  v4l2_fh_open+0xac/0x420
[  788.634767][T16645]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  788.640846][T16645]  em28xx_v4l2_open+0x157/0x9a0
[  788.645716][T16645]  ? do_raw_spin_lock+0x12b/0x2f0
[  788.650748][T16645]  v4l2_open+0x1bf/0x3a0
[  788.655002][T16645]  chrdev_open+0x4cd/0x5e0
[  788.659424][T16645]  ? __pfx_chrdev_open+0x10/0x10
[  788.664383][T16645]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[  788.670722][T16645]  ? __pfx_chrdev_open+0x10/0x10
[  788.675666][T16645]  do_dentry_open+0x7ce/0x1420
[  788.680440][T16645]  vfs_open+0x3b/0x340
[  788.684517][T16645]  ? path_openat+0x346e/0x3e20
[  788.689394][T16645]  path_openat+0x3486/0x3e20
[  788.694014][T16645]  ? kmem_cache_alloc_noprof+0x370/0x6e0
[  788.699657][T16645]  ? getname_flags+0xb7/0x540
[  788.704338][T16645]  ? __pfx_path_openat+0x10/0x10
[  788.709290][T16645]  ? __lock_acquire+0x6b5/0x2cf0
[  788.714270][T16645]  do_filp_open+0x22d/0x490
[  788.718813][T16645]  ? __pfx_do_filp_open+0x10/0x10
[  788.723854][T16645]  ? _raw_spin_unlock+0x28/0x50
[  788.728847][T16645]  ? alloc_fd+0x64b/0x6c0
[  788.733182][T16645]  do_sys_openat2+0x12f/0x220
[  788.737873][T16645]  ? __pfx_do_sys_openat2+0x10/0x10
[  788.743079][T16645]  ? exc_page_fault+0x6a/0xc0
[  788.747759][T16645]  ? do_user_addr_fault+0xc7c/0x1360
[  788.753057][T16645]  __x64_sys_openat+0x138/0x170
[  788.757915][T16645]  do_syscall_64+0xe2/0xf80
[  788.762775][T16645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.768846][T16645]  ? trace_irq_disable+0x37/0x100
[  788.773876][T16645]  ? clear_bhb_loop+0x60/0xb0
[  788.778649][T16645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  788.784552][T16645] RIP: 0033:0x7fbe6cea7407
[  788.788972][T16645] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  788.808849][T16645] RSP: 002b:00007ffd397bc260 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  788.817298][T16645] RAX: ffffffffffffffda RBX: 00007fbe6d5d6880 RCX: 00007fbe6cea7407
[  788.825274][T16645] RDX: 0000000000000000 RSI: 00007ffd397bcf1d RDI: ffffffffffffff9c
[  788.833280][T16645] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  788.841253][T16645] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  788.849240][T16645] R13: 00007ffd397bc4b0 R14: 00007fbe6d73d000 R15: 000056367fdb54d8
[  788.857230][T16645]  </TASK>
[  788.860942][T16645] Kernel Offset: disabled
[  788.865275][T16645] Rebooting in 86400 seconds..