last executing test programs:

6m21.156947178s ago: executing program 1 (id=1485):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb005}, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
r2 = syz_open_dev$video(&(0x7f0000000180), 0x10001, 0x0)
ioctl$VIDIOC_ENUMINPUT(r2, 0xc050561a, &(0x7f00000005c0)={0x1, "1898efe126022600000000000000000000000000000000000000000000000500", 0x0, 0x2, 0x3, 0xb700, 0x410, 0x2})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'xfrm0\x00', <r3=>0x0})
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, 0x0, 0x0)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1f}}, 0x10)
socket(0xa, 0x3, 0x3a)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{0x303, 0x3a}, "03c0000000000500", "9e8ecc7bb535277672a2eff75b24866882519a85ef828f711330ff2bb17b5508", "dc5db43f", "a1034200000102a0"}, 0x38)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = dup(r6)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(r5, &(0x7f0000000140)=ANY=[@ANYBLOB="001c86dd0700100000002800000060ec97000fc83a00fe8000000000000000000000000000aaff0200"/51], 0xffe)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r8 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10)
r9 = socket(0x1e, 0x4, 0x0)
sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r8, &(0x7f0000003240), 0x4000000000000e4, 0x0)
sendto$packet(r1, &(0x7f00000000c0)="4701000000000000ff3383400000000020000000", 0x14, 0x8881, &(0x7f0000000340)={0x11, 0x0, r3, 0x1, 0x9, 0x6, @random="645bcc77540e"}, 0x14)

6m19.80400826s ago: executing program 1 (id=1493):
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0x2000, 0x80, 0x3231564e, 0x3, [0x2], [0x80ffff], [], [0x400000000000001]})
bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0xc0684608, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r2, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000100000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)

6m19.591861686s ago: executing program 1 (id=1495):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
close(r0)
r1 = syz_open_dev$dri(&(0x7f0000000300), 0x40100001, 0x189002)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000680)={&(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640), 0x5})

6m19.491230145s ago: executing program 1 (id=1497):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8924, &(0x7f0000000140)={'bridge0\x00', 0x1})
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x2c, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x7ff, @rand_addr=' \x01\x00', 0xeb2}, @in={0x2, 0x4e23, @loopback}]}, &(0x7f0000000180)=0x10)
r2 = socket$netlink(0x10, 0x3, 0x4)
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mount$9p_unix(&(0x7f00000000c0)='./file0/file0/..\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x12d7498, 0x0)
lgetxattr(0x0, 0x0, 0x0, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)
writev(r2, &(0x7f00000001c0), 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x1e9000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x1000000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, &(0x7f0000000000)=0xa, 0x8, 0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r4, &(0x7f0000000540)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000240)=""/17, 0x11, 0x6, 0x4, 0x9, 0x4, 0xc08}}, 0x120)
read$FUSE(r4, &(0x7f0000006b40)={0x2020}, 0x2020)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
r5 = syz_open_dev$sg(&(0x7f00000002c0), 0x6, 0x5412c2)
ioctl$SG_GET_NUM_WAITING(r5, 0x227d, &(0x7f0000000300))
sendmsg$NFNL_MSG_CTHELPER_NEW(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x60, 0x0, 0x9, 0x3, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0xc}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x30}}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0xc000}, 0x800)
timer_create(0x7, &(0x7f0000000040)={0x0, 0x3d, 0x4, @tid=0xffffffffffffffff}, &(0x7f00000000c0)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000100)={{0x77359400}}, 0x0)

6m18.255793143s ago: executing program 1 (id=1502):
r0 = socket$alg(0x26, 0x5, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000080)={0x4, "44706743aa6e2f4a991de5ab9da47bfa049617634962a083a6b27c6541378020"})
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e005", 0x26}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a0", 0xca}], 0x2, &(0x7f0000000380)}], 0x1, 0x40488d0)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000340)=""/81, 0x51}, {&(0x7f0000000600)=""/4083, 0xff3}], 0x2}, 0x147)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
r3 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e20, 0x8000005, @local, 0x8}, 0x1c)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd, 0x0, 0xfffff05b})
sendmmsg$sock(r0, &(0x7f0000001c40), 0x2, 0x0)
sendmsg$AUDIT_USER(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="a4000000ed0316"], 0xa4}, 0x1, 0x0, 0x0, 0x851}, 0x4008000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=ANY=[@ANYBLOB="3800000003140000000000000900020073799432000000000800410072786500140033006970766c616e3100"/56], 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x100)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x30, 0x0, 0x0, 0xffeff024}, {0x6, 0x0, 0x83}]}, 0xfffffffffffffde0)
sendmmsg(r5, &(0x7f0000001c00), 0x400000000000159, 0x40840)
r7 = inotify_init()
r8 = mmap$KVM_VCPU(&(0x7f00000b0000/0x1000)=nil, 0x0, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x8880)
r9 = userfaultfd(0x80001)
mknod$loop(&(0x7f0000000200)='./file0\x00', 0x20, 0x0)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r9, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_MMIO(r8, 0x20, &(0x7f0000000100)="64be365de974de72b149b9476b9000", 0x0, 0x18)
close_range(r7, 0xffffffffffffffff, 0x0)
syz_usb_connect$midi(0x3, 0x31, &(0x7f0000000740)=ANY=[@ANYBLOB="11f2000200000040392ad43f40000102030109021f00010107800109040000010103300a09050001e70303850304250100"], 0x0)

6m17.611958955s ago: executing program 1 (id=1503):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x2, 0x0, {{@in6=@private2, @in=@multicast2, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0xc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, [@tmpl={0x84, 0x5, [{{@in6=@empty, 0x0, 0x32}, 0x0, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x81}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, 0x2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3}]}]}, 0x13c}}, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000075f8001071042703a46100000001090256000100060000090025484beb4e5a99319601ced737d78258714fe4b21151fc18e36a8fc493f2f18608fac70abdd649f5ddb42cbedac98bb7285fd44b5b422765553fee689f751a5616e6830a3ee1238d7056ab9434e246d87f0cacc80c9f572032920563e49c82fa1cb9266eccbd1f1fb40dd7454bef53edffdbd2d7970735c735b0790202ff8eff7464523ad29c9f9794faa00c57a972fb87d890da57db4f87bd5c4c0449cb9bad373a3b651198430edb1243ea1bd1060cd31de0afafe800647d5c27dafb53c5e0e609584da08dec820b1e512b8b6a90a0b5893d37ba62b8972250690ee7033cd959b71d85668d33fcc422f5545635faf3308ee0a148c17566fb9b58f334351eaa5fe46361b319c04b60eb30ac114da718e3456b67eb5e569e36687686d43565e6c2f18d8c4b2f6411f84aaa87d59b954b0728b581d6d607c6b7278e8c5ee38c9970b4dd133a42eb452308c0e557cb"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000000240)={0x14, &(0x7f0000000000)={0x20, 0x22, 0x24, {0x24, 0x1, "ee99581777780fafa32616985630e489e16359f7720f75cb4398c0778fd34a77a3aa"}}, &(0x7f0000000580)={0x0, 0x3, 0x4c, @lang_id={0x0, 0x3, 0x40e}}}, &(0x7f0000000540)={0x34, &(0x7f00000005c0)={0x0, 0x18, 0x90, "73f96da7fba0c7ac8b873437364dbdabb7bd5812d5409d9c2c7d0d8efe669a0283d0b4c439cc88d954522d9058d2c82d46a209e53b6b160da1907e12ba72bd6050ad331a89428e30c9cf0c0d57a95196adea0d1c3bc125986d5bb2e50eaa92b5b412b59511c8a624fddf62054baa49486844fa043298f20096a41061089056dc4827a1eb09d99df2e223b389bce9abf6d3035b33d78a706fa5d6fe44207051efb5573ff766392b4f6b45972d4c2730750c656b98e2ac35106ebf478b2e486495b6e0193163aa6ac6ab223d3a7a5be5281182a5d19a56595e085b5ab12bee13b3ce69384b12bfe008ec5a27d2"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000380)={0x0, 0x8, 0xfff5, 0x3}, &(0x7f0000000400)=ANY=[@ANYBLOB="200088000000000129602c181182320662201dde6d1468b46f120d4971a55ede47d3026c185182d1110eade3f031ca100000002f3e67937851617986b2c4420400000000000000c04fc21cfb3981f684574bc5e091f4a6a0f966999d562fa9564c688f368dcb6282a403a4162269d621458daa73bfc428705e326b2bf3f990216d280f16fee851592ed9b65bb3cb"], &(0x7f00000004c0)={0x20, 0x1, 0x1, 0x4}, &(0x7f0000000500)={0x20, 0x0, 0x1, 0x9}})
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0})

6m17.210491011s ago: executing program 32 (id=1503):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x13c, 0x19, 0x1, 0x2, 0x0, {{@in6=@private2, @in=@multicast2, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0xc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, [@tmpl={0x84, 0x5, [{{@in6=@empty, 0x0, 0x32}, 0x0, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x81}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, 0x2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3}]}]}, 0x13c}}, 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000075f8001071042703a46100000001090256000100060000090025484beb4e5a99319601ced737d78258714fe4b21151fc18e36a8fc493f2f18608fac70abdd649f5ddb42cbedac98bb7285fd44b5b422765553fee689f751a5616e6830a3ee1238d7056ab9434e246d87f0cacc80c9f572032920563e49c82fa1cb9266eccbd1f1fb40dd7454bef53edffdbd2d7970735c735b0790202ff8eff7464523ad29c9f9794faa00c57a972fb87d890da57db4f87bd5c4c0449cb9bad373a3b651198430edb1243ea1bd1060cd31de0afafe800647d5c27dafb53c5e0e609584da08dec820b1e512b8b6a90a0b5893d37ba62b8972250690ee7033cd959b71d85668d33fcc422f5545635faf3308ee0a148c17566fb9b58f334351eaa5fe46361b319c04b60eb30ac114da718e3456b67eb5e569e36687686d43565e6c2f18d8c4b2f6411f84aaa87d59b954b0728b581d6d607c6b7278e8c5ee38c9970b4dd133a42eb452308c0e557cb"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000000240)={0x14, &(0x7f0000000000)={0x20, 0x22, 0x24, {0x24, 0x1, "ee99581777780fafa32616985630e489e16359f7720f75cb4398c0778fd34a77a3aa"}}, &(0x7f0000000580)={0x0, 0x3, 0x4c, @lang_id={0x0, 0x3, 0x40e}}}, &(0x7f0000000540)={0x34, &(0x7f00000005c0)={0x0, 0x18, 0x90, "73f96da7fba0c7ac8b873437364dbdabb7bd5812d5409d9c2c7d0d8efe669a0283d0b4c439cc88d954522d9058d2c82d46a209e53b6b160da1907e12ba72bd6050ad331a89428e30c9cf0c0d57a95196adea0d1c3bc125986d5bb2e50eaa92b5b412b59511c8a624fddf62054baa49486844fa043298f20096a41061089056dc4827a1eb09d99df2e223b389bce9abf6d3035b33d78a706fa5d6fe44207051efb5573ff766392b4f6b45972d4c2730750c656b98e2ac35106ebf478b2e486495b6e0193163aa6ac6ab223d3a7a5be5281182a5d19a56595e085b5ab12bee13b3ce69384b12bfe008ec5a27d2"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000380)={0x0, 0x8, 0xfff5, 0x3}, &(0x7f0000000400)=ANY=[@ANYBLOB="200088000000000129602c181182320662201dde6d1468b46f120d4971a55ede47d3026c185182d1110eade3f031ca100000002f3e67937851617986b2c4420400000000000000c04fc21cfb3981f684574bc5e091f4a6a0f966999d562fa9564c688f368dcb6282a403a4162269d621458daa73bfc428705e326b2bf3f990216d280f16fee851592ed9b65bb3cb"], &(0x7f00000004c0)={0x20, 0x1, 0x1, 0x4}, &(0x7f0000000500)={0x20, 0x0, 0x1, 0x9}})
syz_usb_control_io$hid(r1, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0})

10.602457253s ago: executing program 2 (id=3578):
r0 = socket$netlink(0x10, 0x3, 0x15)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000280)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r3=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e24, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, 0xa}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000080)={r3, 0x2, 0x20, 0x2fb7, 0xd}, &(0x7f0000000100)=0x18)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000080)="390000ff3f08000000480100100000000019002b000a0001000500fe8000000072080003000500"/57, 0x39}, {&(0x7f0000000000)="f0fd3cac2d559e90ccb3d57a55c3499162b333e1131229ae03d9bb7028ea90624ea2a2015eda72d123e2aef30d35", 0x2e}], 0x2)

10.171660824s ago: executing program 2 (id=3583):
r0 = syz_usb_connect$lan78xx(0x3, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000680)={0x1c, &(0x7f0000000700)={0x40, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000580)={0x40, 0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000002380)={0x34, &(0x7f0000002180)={0x20, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000002040)={0x84, &(0x7f0000001c40)={0x20, 0x30, 0x1, "ad"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000000080)={0x14, &(0x7f0000000040)={0x0, 0x24, 0x13, {0x13, 0x21, "5f748ecfe3d84119ec827eb0ded91900f6"}}, 0xffffffffffffffff}, &(0x7f0000000300)={0x34, &(0x7f00000000c0)={0x20, 0x7, 0xe8, "16255ab8ea258f62181c1a307b3ce3b816cfbe295967491fdc7c49195526c51d51c1660a97c31963b1133ba4f3edcd108bf965e2a66bd904e58490745744132f2e939ef939db721af0c68df2a0753589b9c54fec5a733af87cdfcb4ab93fb5d6aac771ec56deeaf7a53759baed86604e9901e901924506404474815f951ea4e72a99ad33eb7038d4e52eaccd61b78eac1a3a182c77c45406806efe04dc3fa99a2847cac326ab5870433cf01201a7c5ed7625e1cc50f43c6a3a8df12ed595185098f39474e0224a3f7eb40c4d25606f62a29457f22f2ed1bdf2cf431385c6662c8434a17da45f9765"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000240)={0xc0, 0xa1, 0x4, 0x5}, &(0x7f0000000280)={0x40, 0xa0, 0x4, 0x10}, &(0x7f00000002c0)={0xc0, 0xa2, 0x2f, "c4391167632476cc6e7187d074f3334a1a24707b31ae2092df889f4450bb1086504a1b6ed916781eecf8ab16bbd464"}})

7.052011738s ago: executing program 2 (id=3607):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x7fff, 0x0, 0x0, 0x9, 0xc1, 0x16c0, 0x9, 0x97d8, 0x1, 0x9, 'syz1\x00'})
r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000010c0), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000001100)={[{0x2d, 'pids'}, {0x2b, 'perf_event'}, {0x2b, 'memory'}, {0x2d, 'blkio'}]}, 0x21)
r3 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$link(0x8, 0x0, r3)
syz_usb_connect$uac1(0x5, 0x7d, &(0x7f0000000280)=ANY=[@ANYBLOB="120110030000001082057d0040000102030109026b000301f140020904000000010100000aadfcedcd9e538dc0020904010000010200000904010101010200000b2402de0b0402012b601e09050109400003810407250104fe0000090800000000000000090402"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})
r4 = syz_usb_connect$cdc_ecm(0x3, 0x7f, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109026d0001010300bb090400020202236c0753d511260ddef7d547440524000ce7a67cc703000d240f01c70500000400ffffb805240102d40524010381052c0102c007240a030501040e2407cbff030708000507de09058202ff0109050302"], &(0x7f0000000340)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x5, 0xfe, 0x8}, 0x23, &(0x7f0000000100)={0x5, 0xf, 0x23, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x4, 0x2, 0x3ff, 0xf00, 0x1, [0xff0030, 0x0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0xb, 0xd379}]}, 0x6, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0xc0a}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x415}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x816}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x416}}, {0x2e, &(0x7f0000001140)=ANY=[@ANYBLOB="2e030bd344379f99c7e6476f22e68a3a4fe22f51b96136f7b19b1730f9819ecbf32cfe3949f7d123010eb38e34ade584091b580200008c82f202aedd9f8a8753f772349b5257959f3a686a0854fa9b177bbd302d6bab070d9613a4e60ddfdd93cb410d8d1cb4c616a23aae64763ec87c1d"]}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xc01}}]})
keyctl$set_timeout(0xf, r3, 0x0)
syz_usb_connect$printer(0x1, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x80, 0xf7, "", [{{0x9, 0x4, 0x0, 0x8, 0x2, 0x7, 0x1, 0x3, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x9, 0x3, 0x7}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0x8, 0x4, 0x7a}}]}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000400)={0xa, 0x6, 0x210, 0x1, 0x80, 0xa, 0x40, 0x6}, 0x28, &(0x7f0000000440)={0x5, 0xf, 0x28, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "592c85c98a86c5d230d86b3bfec5a9f2"}, @ptm_cap={0x3}, @ssp_cap={0xc, 0x10, 0xa, 0xa1, 0x0, 0x9, 0x1100, 0x6}]}, 0x1, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x430}}]})
keyctl$link(0x8, r3, 0xfffffffffffffff8)
socket$rds(0x15, 0x5, 0x0)
syz_usb_connect(0x6, 0x63e, &(0x7f0000000500)={{0x12, 0x1, 0x201, 0x5b, 0xa2, 0xb6, 0x8, 0x12d1, 0x141f, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62c, 0x2, 0x5, 0x7, 0x50, 0x9, "", [{{0x9, 0x4, 0x74, 0x9, 0xf, 0x27, 0x33, 0x49, 0x4, [@hid_hid={0x9, 0x21, 0xd2a, 0xfd, 0x1, {0x22, 0xab8}}, @hid_hid={0x9, 0x21, 0x8000, 0x9, 0x1, {0x22, 0xff3}}], [{{0x9, 0x5, 0x0, 0x1a, 0x400, 0x7, 0x2, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0xa3, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0xda, 0xc39}]}}, {{0x9, 0x5, 0x4, 0xc, 0x40, 0x5, 0x99}}, {{0x9, 0x5, 0xe, 0x4, 0x10, 0x2, 0x8, 0x2}}, {{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x6, 0x0, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x8001}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0xfe}]}}, {{0x9, 0x5, 0xa, 0x1, 0x400, 0x3, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x1, 0xfff}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0x14, 0x3}]}}, {{0x9, 0x5, 0xa, 0x4, 0x200, 0xd, 0x1, 0x9}}, {{0x9, 0x5, 0x4, 0x0, 0x1bf, 0x1, 0xff, 0x1, [@generic={0x6c, 0x22, "39c6b7c7d9a71cb0be376b93bfcc4c6a985935c4b4c5d39323ff8cb09b56430f0277e91e0066486aab4b7c9a71e2c032f65fdf65d0df0a9667d2f96178d0c3d2033887821322658de250350b2ca80059976b4cc9fcefca92f226968aac55a96c867919098043b150c4e7"}, @generic={0xed, 0x9, "0602546fdf730b1eb278bb89c05715d536eff46425e7ab7af07bb42d629aea042badd16755433ab9becfd6467cf1226ef851f508fe5cf11b1fa9ea77940a922b59b3c2e105f017e96d6650c47fe190e8526c94b2fe185a3f12f758bd0915c67163d0aa673f9e8447742a5b63d3628857b301ca61741d3f7bc229b2d56d2a4dcf86669336a6eb051703648c1acce61cff2b8eaf110e2470ed326efd2c083eda10cbff361c02c1d1919931444fd08663e7754f8da92d53715fa43eebf87d306ef9c0768d5f1fc068902f05616e10e89b1d054f4da7722f99ba84a742dc01349b6dd8a63e6f892b1c35116528"}]}}, {{0x9, 0x5, 0x3, 0xc, 0x400, 0x8, 0x0, 0x4}}, {{0x9, 0x5, 0xc, 0x0, 0x40, 0xff, 0x2, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0xbb, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x81, 0x6}]}}, {{0x9, 0x5, 0x4, 0x0, 0x40, 0x6, 0x8, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x81, 0x9}]}}, {{0x9, 0x5, 0x3, 0x1, 0x8, 0x2, 0x7, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x1, 0x4, [@generic={0xf7, 0x21, "b10826dd51be9cd9b077ff73a33555fe61ae0d323f0a4195927ef0aea00d51ae83127010e39c77b8341335e9fc8ea36d0043c8cbd34fa801cc0eb302786caf3afb5335b24e5b20476388c8d1327501b6de8b72a96f8d833d82fe385c5d1afa8fb30e218a5082d7692e7d8f81381741ae986824772b2c61701c3e84797a836a0f9d9f49c71f13b44b1b4cfb2f4dc6ed0283fa5e8f7c4ab89619f121daa32473290a97b98391e718c0ba64be320950af79d052c4a460066ef87cac1674bad7c5e58c636211b997da57b77dc58b07bb9c4d7101a5f43b664feb137192d639fe5d12b17febaa4149dfbfbc49f98890648339c43fb481f3"}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0x7, 0xe6}]}}, {{0x9, 0x5, 0xe, 0x0, 0x40, 0x7, 0x5, 0xf2, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xb6, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x3, 0x62, 0x0, [@generic={0xb4, 0x30, "2454db4b69897384aee96f423ff95e82f1ef4800dccc9db8721f9e5bfa2ba0e5c7557bb8067d75468836a83ed0812db224c66a4c44b078a3187e96cc291edaf8f8c63060982c9481f2f050ca19b5caba1640c1893838779ee56f694fb31c7d56d70cc53bddad40600f382362f248ba218b1e72d34ae2048f241bdf5aab8141bf0ddddc8fdcc1b3cd22723e1b5da636c733f04353cffb1430db7de1f7e52c0a0f45db961ad1664cc5a92d6471845c1b3e8449"}]}}, {{0x9, 0x5, 0xf, 0x1, 0x0, 0x6, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x80, 0x8}, @generic={0x9f, 0x1b, "defa2d1a21435c9271a4a3296a2bcd68d9705c4277025c12ac871a0a943274728dd5dc31a689ce7cfa84684b612876522f487f7f92b6002095698cc2c79f2709dea35e3304b6b459b22794e456f0a1584affe59ac7212ad0222212a601d44f2856375613c1c014a64d1fd174c7b9f996454bf32d817022a05deec911d0da6bf2a0f6d05a77d5d87df6077f22ec6f7e3e44ea6e520c74564440940b6ed3"}]}}]}}, {{0x9, 0x4, 0x2d, 0x40, 0x6, 0xcd, 0x35, 0x58, 0x3f, [], [{{0x9, 0x5, 0x6, 0x0, 0x10, 0x94, 0x9, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x4, 0x1000}, @generic={0x47, 0x24, "63b690433a21109cc938fddb9e656b5d54be10a6eb4b43d8735bfebd2a5b3f00c24feb3d50a62c287925b3e699db77716a42e834858c4cf20a3447d3d9555872c2841bce32"}]}}, {{0x9, 0x5, 0x5, 0x10, 0x400, 0x10, 0x2, 0x4, [@generic={0x28, 0x11, "125721e8952cbf7eab2375af87f67075647a8b315e2a49882bfc0941b707b35719363a3c2d5e"}, @generic={0xb9, 0xe, "050cd7674b4c137e534ec47f3e2861bdf0abf168b0d99e5024cfe85813a23bfd934e969be29293e9322ef46c27afd4a3b4a07c7ba9920dd9f59ac1a428f9319ff7f1e81a8c8f597e28e795d795a2a3fa04e323adc5b813304b9de57b6703aad8613f4084d62db001991e6b8528ce5f97c84763fd29402e6d60808d303bf19ed1784ee7b93794d8fcc18bc56c7c50afd5024866fe6fcf0def8ccf5a541fdd1e94706e092efb0d8df7cd64c0bddf7d2384e5f336914b8591"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x40, 0x5, 0x0, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x5, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x3f, 0x3}]}}, {{0x9, 0x5, 0xb, 0x0, 0x20, 0x2, 0xf4, 0xe9}}, {{0x9, 0x5, 0x3, 0x8, 0x400, 0x10, 0x6, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xae, 0x400}]}}, {{0x9, 0x5, 0x80, 0x3, 0x400, 0x5, 0x8, 0x5}}]}}]}}]}}, &(0x7f0000000fc0)={0xa, &(0x7f0000000b80)={0xa, 0x6, 0x310, 0x8, 0x1, 0x0, 0x20, 0x7f}, 0xbd, &(0x7f0000000bc0)={0x5, 0xf, 0xbd, 0x3, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0xa5, 0x10, 0x8, 0x5, 0xd}, @generic={0xaa, 0x10, 0x4, "4a38b6828223a893d39b44ce99ac8bb70983cded5ec0bad6564372ed436401ef2195601e25c4832ea52b1676c2059b42d8851b4a62dc25d5ede0aa20175a70de7053c9b697ba5d7381157ade064484246b3f64dce1a22891ccbf98a4bb47cb6a67aa860be7008a65111e0dce9c2fba7c570899f51c25542f26abd7893eefd32396f223c5d9a969ff33058982b880c09f2d3d5c3f01cd2ab17e6c9d22523a5de4449426390c6c0c"}]}, 0x7, [{0x53, &(0x7f0000000c80)=@string={0x53, 0x3, "7769807d7a635781d5d5a959c88fa3f2ec50c4621742c6c3044bd65a3f2f573967c6617ee7517f11bbfad1b465528585432b5e83814e241f5c556a3e8800227f1701b6432060b0667b84ac56749a564b7c"}}, {0x4, &(0x7f0000000d00)=@lang_id={0x4, 0x3, 0x44a}}, {0x4, &(0x7f0000000d40)=@lang_id={0x4, 0x3, 0x5000}}, {0x9a, &(0x7f0000000d80)=@string={0x9a, 0x3, "89a603a3a9335b6806dfd6e6a2625dcccae9d263d06abba825bfcf9eb8e50319fa14792bbc9e5c06f99d40616ae86e48c34c4ca1382fff50b96b444ca9c4e505db121d7437b5ff7a64d46bcc50328c84b1982a64aa8ae3274e9198708b8174e54bcb1143da3a75e03c4ec4c372c74f00c6ede5f49e05071019b8b66cfab89abd589f9b8309515bbef51903c25560553c7800b4f66766429a"}}, {0x9d, &(0x7f0000001280)=@string={0x9d, 0x3, "a213263d1bd72dfb466d199537b9e3bffe62d6eb7f24b0d812bb2057fecba112d6b55b160a873075572cdadfea2d2490084c7ee1aa4f12ab74949e85e1496f2bfe21b9fb1cfb70198b7280c11303eb4cf42ef4d97307c1e7c7003de2e6d2c5d0d86983ac5b4dcee8fc85b7a23893458dbd15099fcdec887badb7e7048d4d598052ab2a5bddfe946967484aeafcb1a819f42fa60edebeeded2bf8b9"}}, {0x4, &(0x7f0000000e80)=@lang_id={0x4, 0x3, 0x402}}, {0xec, &(0x7f0000000ec0)=@string={0xec, 0x3, "585beb044b5ea461535956da5c00f973b859898dd18692bdfa11741d48bffa6c9a23b7f82165bc4a96926dcc45f6ee9609942bba2e2072ece66bb6917b65c2591e09443d28508a3ccf5b0b91bb8aa8bf63a9b936e558dd4f783f84848322a3bf7844342438f349c800ecc276c0e83dec06b2462e816216b9849508fe462a36928e0689a830eeb1cfb6a0d804a3fbce2ce88e98aeae6143d1618a316d5739b9aef2475a07db9d52eeeee5176f26f88fb146f814f1f728ba9c40112315d4df0dd4a475d5b3ce8f15b65f78ee890c7f239272f730d9b415610f95dfe26158679e37027ecd44bf4c9a23ae0e"}}]})
syz_usb_ep_write(r4, 0x3d, 0x58, &(0x7f0000001040)="620157e6aae7f1290d09aff0690cce9e20c488c15a1e0ad5e15ce114f88418b940fb40e20b07fa6fa8e5f757f5b9b16ff806d9a7c3f52d6a7623c10013eb47a94d6f6cdf3d8482bec364d9363018a8be2c865d6adf9f7d58")

6.860484894s ago: executing program 4 (id=3609):
r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x40000)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x0, 0x32315559, 0x280, 0xf0, 0x3, @discrete={0x0, 0x8}})

6.81833853s ago: executing program 4 (id=3611):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x39a89c161602ba45, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, &(0x7f0000000440)={0xa0, 0xa0, 0x300, 0x320, 0x5c81, 0xff, 0x2, 0x1, {0x1, 0x1000}, {0x8000, 0x3, 0x1}, {0x31a1, 0x5, 0x1}, {0x101, 0x4, 0x1}, 0x1, 0x10, 0x1, 0x3, 0x0, 0xffffff7b, 0xb, 0x0, 0x83, 0xa, 0x2, 0x9, 0x4, 0x4, 0x2, 0x3})
linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c00000015000100000000000000000005000000040001"], 0x1c}}, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
r6 = semget$private(0x0, 0x2, 0x61)
semctl$IPC_SET(r6, 0x0, 0x1, &(0x7f0000000100)={{0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x90, 0xfffd}, 0x0, 0xf, 0x0, 0x0, 0x2, 0x0, 0x53})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045014, 0x0)

6.687283074s ago: executing program 4 (id=3614):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="1201100154e108101e041840b4ed010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000440)={0x0, 0x17}, 0x0, 0x0, 0x0, 0x0})
r1 = syz_ublk_setup_io_uring(0x478e, &(0x7f0000000040)={0x0, 0x70b5, 0x1000, 0x0, 0xdd}, &(0x7f0000000140), &(0x7f0000000200), &(0x7f00000002c0))
r2 = syz_io_uring_setup(0x239, &(0x7f00000000c0)={0x0, 0xb1a1, 0x800, 0x0, 0x4, 0x0, r1}, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000000))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)
syz_io_uring_setup(0x4613, &(0x7f0000000640)={0x0, 0xd17f, 0x20, 0x2, 0x37d, 0x0, r2}, &(0x7f0000000dc0), &(0x7f0000000280), &(0x7f0000000000))
listen(0xffffffffffffffff, 0xc)

4.651661708s ago: executing program 3 (id=3637):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000280)={0x50, 0xa, 0x1, "3258c546dacccfb101000000800000000000002000000000000000000000ef00", 0x34324142})

4.387110004s ago: executing program 4 (id=3640):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffffc, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0x100, 0x1f461e2c, 0x5, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c76, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x5f5b, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x80, 0x8000, 0x0, 0x8, 0x129432e2, 0xcb, 0xf6, 0xb, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x87, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x315, 0x78, 0x62, 0x73b, 0xfffffe00, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7f, 0x5f31, 0x4, 0x0, 0x4, 0x2, 0x9, 0x20000004, 0x0, 0x8, 0x9, 0x6, 0x9, 0x0, 0x0, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x10003, 0x4, 0x41, 0x7, 0x400000b, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8ce, 0x9, 0x1, 0x1, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x6, 0x5, 0x5, 0x86, 0x7, 0x1000000c, 0x3e7, 0xb, 0x6, 0x2, 0x2, 0xf, 0x6, 0x4, 0x6d01, 0x5, 0x3b, 0x1, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0x1004ccd, 0x7, 0x53cf697b, 0x7, 0x6, 0x54fe12d3, 0xc2, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x800003, 0xfffffffb, 0x120000, 0x3, 0x14d, 0x9, 0x0, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x8ad, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x7, 0xa620, 0x2, 0x5, 0x6, 0x2, 0x14c, 0x60a7, 0x6, 0x1, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x10000009, 0xfe, 0x9602, 0xa, 0x97f, 0x1, 0x6, 0x1, 0x10000, 0x2, 0x8, 0x2b91, 0x4, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0x8001, 0xfff]}, 0x45c)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x50, 0x3, 0xa, 0x201, 0x0, 0x0, {0x3}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x3}]}]}], {0x14}}, 0x98}}, 0x0)
fanotify_init(0xf00, 0x1)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

4.380111891s ago: executing program 3 (id=3641):
r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/image_size', 0x101001, 0x2c4)
write$binfmt_format(r1, &(0x7f0000000100)='1\x00', 0x2)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
close(r0)
getpid()
mount_setattr(0xffffffffffffff9c, 0x0, 0x1800, &(0x7f0000000040)={0x100082, 0x78, 0x2c0000}, 0x20)
r2 = syz_pidfd_open(0xffffffffffffffff, 0x0)
close(r2)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24)

4.209914922s ago: executing program 4 (id=3644):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x195d, 0xec4d2770249a3ef5)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82803, 0x8e)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1d, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5d69098c8b534464c516bdd8a0f350000e35abdb80e38f5eb010001", "32d8cc263d9e234b30c50997d3bef4cd4a5d83cdd3dfe7800b2d7b6aa54cc5001fcaed1e831fa79a0000000200", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x8, 0x5]}})
syz_usb_connect$midi(0x3, 0x31, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000000083512100040000102030109021f00010118100409040001010103200609058e0bdd"], &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0})
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)

3.702147522s ago: executing program 2 (id=3647):
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
getsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, &(0x7f00000003c0)=0x3e)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00001d9000/0x2000)=nil, 0x2000, 0x15)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000080), 0x2)
futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0)
io_setup(0x6, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0xfff0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x1000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@weak_binder={0x77622a85, 0x1, 0x2}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)

2.500501228s ago: executing program 4 (id=3655):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x7fff, 0x0, 0x0, 0x9, 0xc1, 0x16c0, 0x9, 0x97d8, 0x1, 0x9, 'syz1\x00'})
r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f00000010c0), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000001100)={[{0x2d, 'pids'}, {0x2b, 'perf_event'}, {0x2b, 'memory'}, {0x2d, 'blkio'}]}, 0x21)
r3 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$link(0x8, 0x0, r3)
syz_usb_connect$uac1(0x5, 0x7d, &(0x7f0000000280)=ANY=[@ANYBLOB="120110030000001082057d0040000102030109026b000301f140020904000000010100000aadfcedcd9e538dc0020904010000010200000904010101010200000b2402de0b0402012b601e09050109400003810407250104fe0000090800000000000000090402"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0})
r4 = syz_usb_connect$cdc_ecm(0x3, 0x7f, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109026d0001010300bb090400020202236c0753d511260ddef7d547440524000ce7a67cc703000d240f01c70500000400ffffb805240102d40524010381052c0102c007240a030501040e2407cbff030708000507de09058202ff0109050302"], &(0x7f0000000340)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x5, 0xfe, 0x8}, 0x23, &(0x7f0000000100)={0x5, 0xf, 0x23, 0x2, [@ssp_cap={0x14, 0x10, 0xa, 0x4, 0x2, 0x3ff, 0xf00, 0x1, [0xff0030, 0x0]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x1, 0xb, 0xd379}]}, 0x6, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0xc0a}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x415}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x816}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x416}}, {0x2e, &(0x7f0000001140)=ANY=[@ANYBLOB="2e030bd344379f99c7e6476f22e68a3a4fe22f51b96136f7b19b1730f9819ecbf32cfe3949f7d123010eb38e34ade584091b580200008c82f202aedd9f8a8753f772349b5257959f3a686a0854fa9b177bbd302d6bab070d9613a4e60ddfdd93cb410d8d1cb4c616a23aae64763ec87c1d"]}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0xc01}}]})
keyctl$set_timeout(0xf, r3, 0x0)
syz_usb_connect$printer(0x1, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x80, 0xf7, "", [{{0x9, 0x4, 0x0, 0x8, 0x2, 0x7, 0x1, 0x3, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x400, 0x9, 0x3, 0x7}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0x8, 0x4, 0x7a}}]}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000400)={0xa, 0x6, 0x210, 0x1, 0x80, 0xa, 0x40, 0x6}, 0x28, &(0x7f0000000440)={0x5, 0xf, 0x28, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x0, "592c85c98a86c5d230d86b3bfec5a9f2"}, @ptm_cap={0x3}, @ssp_cap={0xc, 0x10, 0xa, 0xa1, 0x0, 0x9, 0x1100, 0x6}]}, 0x1, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x430}}]})
keyctl$link(0x8, r3, 0xfffffffffffffff8)
socket$rds(0x15, 0x5, 0x0)
syz_usb_connect(0x6, 0x63e, &(0x7f0000000500)={{0x12, 0x1, 0x201, 0x5b, 0xa2, 0xb6, 0x8, 0x12d1, 0x141f, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62c, 0x2, 0x5, 0x7, 0x50, 0x9, "", [{{0x9, 0x4, 0x74, 0x9, 0xf, 0x27, 0x33, 0x49, 0x4, [@hid_hid={0x9, 0x21, 0xd2a, 0xfd, 0x1, {0x22, 0xab8}}, @hid_hid={0x9, 0x21, 0x8000, 0x9, 0x1, {0x22, 0xff3}}], [{{0x9, 0x5, 0x0, 0x1a, 0x400, 0x7, 0x2, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0xa3, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0xda, 0xc39}]}}, {{0x9, 0x5, 0x4, 0xc, 0x40, 0x5, 0x99}}, {{0x9, 0x5, 0xe, 0x4, 0x10, 0x2, 0x8, 0x2}}, {{0x9, 0x5, 0x8, 0x8, 0x3ff, 0x6, 0x0, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x8001}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0xfe}]}}, {{0x9, 0x5, 0xa, 0x1, 0x400, 0x3, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x1, 0xfff}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0x14, 0x3}]}}, {{0x9, 0x5, 0xa, 0x4, 0x200, 0xd, 0x1, 0x9}}, {{0x9, 0x5, 0x4, 0x0, 0x1bf, 0x1, 0xff, 0x1, [@generic={0x6c, 0x22, "39c6b7c7d9a71cb0be376b93bfcc4c6a985935c4b4c5d39323ff8cb09b56430f0277e91e0066486aab4b7c9a71e2c032f65fdf65d0df0a9667d2f96178d0c3d2033887821322658de250350b2ca80059976b4cc9fcefca92f226968aac55a96c867919098043b150c4e7"}, @generic={0xed, 0x9, "0602546fdf730b1eb278bb89c05715d536eff46425e7ab7af07bb42d629aea042badd16755433ab9becfd6467cf1226ef851f508fe5cf11b1fa9ea77940a922b59b3c2e105f017e96d6650c47fe190e8526c94b2fe185a3f12f758bd0915c67163d0aa673f9e8447742a5b63d3628857b301ca61741d3f7bc229b2d56d2a4dcf86669336a6eb051703648c1acce61cff2b8eaf110e2470ed326efd2c083eda10cbff361c02c1d1919931444fd08663e7754f8da92d53715fa43eebf87d306ef9c0768d5f1fc068902f05616e10e89b1d054f4da7722f99ba84a742dc01349b6dd8a63e6f892b1c35116528"}]}}, {{0x9, 0x5, 0x3, 0xc, 0x400, 0x8, 0x0, 0x4}}, {{0x9, 0x5, 0xc, 0x0, 0x40, 0xff, 0x2, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0xbb, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x81, 0x6}]}}, {{0x9, 0x5, 0x4, 0x0, 0x40, 0x6, 0x8, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x81, 0x9}]}}, {{0x9, 0x5, 0x3, 0x1, 0x8, 0x2, 0x7, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x6, 0x1, 0x4, [@generic={0xf7, 0x21, "b10826dd51be9cd9b077ff73a33555fe61ae0d323f0a4195927ef0aea00d51ae83127010e39c77b8341335e9fc8ea36d0043c8cbd34fa801cc0eb302786caf3afb5335b24e5b20476388c8d1327501b6de8b72a96f8d833d82fe385c5d1afa8fb30e218a5082d7692e7d8f81381741ae986824772b2c61701c3e84797a836a0f9d9f49c71f13b44b1b4cfb2f4dc6ed0283fa5e8f7c4ab89619f121daa32473290a97b98391e718c0ba64be320950af79d052c4a460066ef87cac1674bad7c5e58c636211b997da57b77dc58b07bb9c4d7101a5f43b664feb137192d639fe5d12b17febaa4149dfbfbc49f98890648339c43fb481f3"}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0x7, 0xe6}]}}, {{0x9, 0x5, 0xe, 0x0, 0x40, 0x7, 0x5, 0xf2, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xb6, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x80}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x3, 0x62, 0x0, [@generic={0xb4, 0x30, "2454db4b69897384aee96f423ff95e82f1ef4800dccc9db8721f9e5bfa2ba0e5c7557bb8067d75468836a83ed0812db224c66a4c44b078a3187e96cc291edaf8f8c63060982c9481f2f050ca19b5caba1640c1893838779ee56f694fb31c7d56d70cc53bddad40600f382362f248ba218b1e72d34ae2048f241bdf5aab8141bf0ddddc8fdcc1b3cd22723e1b5da636c733f04353cffb1430db7de1f7e52c0a0f45db961ad1664cc5a92d6471845c1b3e8449"}]}}, {{0x9, 0x5, 0xf, 0x1, 0x0, 0x6, 0x6, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x80, 0x8}, @generic={0x9f, 0x1b, "defa2d1a21435c9271a4a3296a2bcd68d9705c4277025c12ac871a0a943274728dd5dc31a689ce7cfa84684b612876522f487f7f92b6002095698cc2c79f2709dea35e3304b6b459b22794e456f0a1584affe59ac7212ad0222212a601d44f2856375613c1c014a64d1fd174c7b9f996454bf32d817022a05deec911d0da6bf2a0f6d05a77d5d87df6077f22ec6f7e3e44ea6e520c74564440940b6ed3"}]}}]}}, {{0x9, 0x4, 0x2d, 0x40, 0x6, 0xcd, 0x35, 0x58, 0x3f, [], [{{0x9, 0x5, 0x6, 0x0, 0x10, 0x94, 0x9, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x8, 0x4, 0x1000}, @generic={0x47, 0x24, "63b690433a21109cc938fddb9e656b5d54be10a6eb4b43d8735bfebd2a5b3f00c24feb3d50a62c287925b3e699db77716a42e834858c4cf20a3447d3d9555872c2841bce32"}]}}, {{0x9, 0x5, 0x5, 0x10, 0x400, 0x10, 0x2, 0x4, [@generic={0x28, 0x11, "125721e8952cbf7eab2375af87f67075647a8b315e2a49882bfc0941b707b35719363a3c2d5e"}, @generic={0xb9, 0xe, "050cd7674b4c137e534ec47f3e2861bdf0abf168b0d99e5024cfe85813a23bfd934e969be29293e9322ef46c27afd4a3b4a07c7ba9920dd9f59ac1a428f9319ff7f1e81a8c8f597e28e795d795a2a3fa04e323adc5b813304b9de57b6703aad8613f4084d62db001991e6b8528ce5f97c84763fd29402e6d60808d303bf19ed1784ee7b93794d8fcc18bc56c7c50afd5024866fe6fcf0def8ccf5a541fdd1e94706e092efb0d8df7cd64c0bddf7d2384e5f336914b8591"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x40, 0x5, 0x0, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x5, 0x1ff}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x3f, 0x3}]}}, {{0x9, 0x5, 0xb, 0x0, 0x20, 0x2, 0xf4, 0xe9}}, {{0x9, 0x5, 0x3, 0x8, 0x400, 0x10, 0x6, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xae, 0x400}]}}, {{0x9, 0x5, 0x80, 0x3, 0x400, 0x5, 0x8, 0x5}}]}}]}}]}}, &(0x7f0000000fc0)={0xa, &(0x7f0000000b80)={0xa, 0x6, 0x310, 0x8, 0x1, 0x0, 0x20, 0x7f}, 0xbd, &(0x7f0000000bc0)={0x5, 0xf, 0xbd, 0x3, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0xa5, 0x10, 0x8, 0x5, 0xd}, @generic={0xaa, 0x10, 0x4, "4a38b6828223a893d39b44ce99ac8bb70983cded5ec0bad6564372ed436401ef2195601e25c4832ea52b1676c2059b42d8851b4a62dc25d5ede0aa20175a70de7053c9b697ba5d7381157ade064484246b3f64dce1a22891ccbf98a4bb47cb6a67aa860be7008a65111e0dce9c2fba7c570899f51c25542f26abd7893eefd32396f223c5d9a969ff33058982b880c09f2d3d5c3f01cd2ab17e6c9d22523a5de4449426390c6c0c"}]}, 0x7, [{0x53, &(0x7f0000000c80)=@string={0x53, 0x3, "7769807d7a635781d5d5a959c88fa3f2ec50c4621742c6c3044bd65a3f2f573967c6617ee7517f11bbfad1b465528585432b5e83814e241f5c556a3e8800227f1701b6432060b0667b84ac56749a564b7c"}}, {0x4, &(0x7f0000000d00)=@lang_id={0x4, 0x3, 0x44a}}, {0x4, &(0x7f0000000d40)=@lang_id={0x4, 0x3, 0x5000}}, {0x9a, &(0x7f0000000d80)=@string={0x9a, 0x3, "89a603a3a9335b6806dfd6e6a2625dcccae9d263d06abba825bfcf9eb8e50319fa14792bbc9e5c06f99d40616ae86e48c34c4ca1382fff50b96b444ca9c4e505db121d7437b5ff7a64d46bcc50328c84b1982a64aa8ae3274e9198708b8174e54bcb1143da3a75e03c4ec4c372c74f00c6ede5f49e05071019b8b66cfab89abd589f9b8309515bbef51903c25560553c7800b4f66766429a"}}, {0x9d, &(0x7f0000001280)=@string={0x9d, 0x3, "a213263d1bd72dfb466d199537b9e3bffe62d6eb7f24b0d812bb2057fecba112d6b55b160a873075572cdadfea2d2490084c7ee1aa4f12ab74949e85e1496f2bfe21b9fb1cfb70198b7280c11303eb4cf42ef4d97307c1e7c7003de2e6d2c5d0d86983ac5b4dcee8fc85b7a23893458dbd15099fcdec887badb7e7048d4d598052ab2a5bddfe946967484aeafcb1a819f42fa60edebeeded2bf8b9"}}, {0x4, &(0x7f0000000e80)=@lang_id={0x4, 0x3, 0x402}}, {0xec, &(0x7f0000000ec0)=@string={0xec, 0x3, "585beb044b5ea461535956da5c00f973b859898dd18692bdfa11741d48bffa6c9a23b7f82165bc4a96926dcc45f6ee9609942bba2e2072ece66bb6917b65c2591e09443d28508a3ccf5b0b91bb8aa8bf63a9b936e558dd4f783f84848322a3bf7844342438f349c800ecc276c0e83dec06b2462e816216b9849508fe462a36928e0689a830eeb1cfb6a0d804a3fbce2ce88e98aeae6143d1618a316d5739b9aef2475a07db9d52eeeee5176f26f88fb146f814f1f728ba9c40112315d4df0dd4a475d5b3ce8f15b65f78ee890c7f239272f730d9b415610f95dfe26158679e37027ecd44bf4c9a23ae0e"}}]})
syz_usb_ep_write(r4, 0x3d, 0x58, &(0x7f0000001040)="620157e6aae7f1290d09aff0690cce9e20c488c15a1e0ad5e15ce114f88418b940fb40e20b07fa6fa8e5f757f5b9b16ff806d9a7c3f52d6a7623c10013eb47a94d6f6cdf3d8482bec364d9363018a8be2c865d6adf9f7d58")

2.28005095s ago: executing program 2 (id=3659):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="640000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000000000008001240000000000500050002000000050004000000000016000300"], 0x64}}, 0x4000040)
sendmsg(r0, 0x0, 0x40000)

2.175781723s ago: executing program 3 (id=3662):
r0 = syz_open_dev$video4linux(&(0x7f0000000100), 0x5, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000700)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000c0000000c00018008000100", @ANYRES32=r3, @ANYBLOB="0c000380"], 0x2c}}, 0x4004)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r4=>r0, {<r5=>r0}}, './file0\x00'})
ioctl$KVM_CAP_HYPERV_SYNIC2(r4, 0x4068aea3, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000002, 0x42073, 0xffffffffffffffff, 0xaba00000)
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000ffb000/0x3000)=nil)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff)
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x3c, r8, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8, 0x17, @udp6=r9}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x400003}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4080}, 0x20000018)
sendmsg$L2TP_CMD_NOOP(r6, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r8, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@L2TP_ATTR_RECV_SEQ={0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_MRU={0x6, 0x1d, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
ioctl$VIDIOC_LOG_STATUS(r5, 0x5646, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f0000002240)={{0x12, 0x1, 0x310, 0xe8, 0x20, 0xa1, 0x10, 0xfff0, 0xfff0, 0x1430, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x3, 0x4, 0x80, 0x5, "", [{{0x9, 0x4, 0xc1, 0x4, 0x2, 0x4c, 0x13, 0x25, 0x9, [], [{{0x9, 0x5, 0x8, 0xd, 0x3ff, 0x7, 0xfa, 0x3}}, {{0x9, 0x5, 0x3, 0x1, 0x40, 0x2, 0xd2}}]}}]}}]}}, &(0x7f0000002540)={0x0, 0x0, 0x0, 0x0})

1.991514378s ago: executing program 2 (id=3664):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000040154220a9055015bbe4010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
setresuid(0x0, 0xee01, 0x0)
userfaultfd(0x80801)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000004880), 0x359000, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac2(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000e40)={0x84, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000580)={0x34, &(0x7f0000000180)=ANY=[@ANYBLOB="4005ff0118b1"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000000)={0x0, 0x8, 0x5c, {0x5c, 0x31, "e504b1bd30b8488ed080a48feaf136ca7835685dfb67c9446a7df6be61af4fda69c342e0b8d5b99b33c81b8c149384b9909e8d9c8f695e00f7439820c68deff36ebd6dcc0948d8513a6726293703fa73c98474ee494db68805cf"}}, &(0x7f0000000100)=ANY=[@ANYBLOB="00035e0000005e0303bbbd0bedd33a9f6f579b95a341d0ec62fec85f6e233cd7370f441145900633b0a7afd24c3248c19649f2f6260c8073f9e6b39e56ba4570cdb484259d0e89bc8c8daea9797ea99bfe4bf7f823c63f0133e5d93ea68598e341489bf9"]}, &(0x7f00000004c0)={0x34, &(0x7f0000000280)={0x40, 0x8, 0x3b, "9f6f9c2b7dc03bbc3d3225641c856540c12feedef2b88dfbf305caa0f74183501f54cdccc2d0580f5892a8e5b6d8b2f49f57c3c0df547964ecbbb6"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000380)={0x20, 0x0, 0x8b, {0x89, "3c8b0a5511fa6cc40b66f73e28108fcca1c621ef020f8eb8afbdc5477dbd5025a0d8d54c14b382e39c1d8e22c40cd0718a39e3ad926a1cc9128f16951ee903470c3a9fe6d21d89a769abecfe30b607bd4cc7f7eaf8445fab8508c6fda858e7ceec33bdb35383a2062fa727d6b46391901cb33756bde0002a3ecda943715eb4dd71d84eb4f1847a5d23"}}, &(0x7f0000000440)={0x20, 0x1, 0x1, 0x7f}, &(0x7f0000000480)={0x20, 0x0, 0x1, 0x9}})
syz_usb_control_io(r0, 0x0, &(0x7f0000000640)={0x84, &(0x7f0000000500)={0x0, 0x16, 0x1, "03"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.445009703s ago: executing program 3 (id=3676):
r0 = creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
quotactl_fd$Q_SETINFO(r0, 0xffffffff80000601, 0x0, &(0x7f0000000300)={0x5, 0x2, 0x1, 0xa544f417f5f6bea7})
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000000)={<r1=>0x0, 0x2}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000140)={r1, 0x3}, 0x8)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000440)='.\x00', 0x12000021)
r5 = syz_open_dev$dvb_demux(&(0x7f0000000040), 0x7fffffffffffffff, 0x1)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r5, 0x403c6f2b, &(0x7f0000000200)={0x8, {"ea2b6d0ad3194529bc89bd362c243010", "f7a03c1c15bc8dc8266de27ae804bef3", "754178bfb0f717811950187e54857903"}, 0x5, 0x1})
creat(&(0x7f0000000580)='./file1\x00', 0x0)
creat(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
recvmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/72, 0x48}], 0x1}, 0x0)

1.226501232s ago: executing program 3 (id=3678):
r0 = syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000680)={0x1c, &(0x7f0000000700)={0x40, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000580)={0x40, 0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000002380)={0x34, &(0x7f0000002180)={0x20, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000002040)={0x84, &(0x7f0000001c40)={0x20, 0x30, 0x1, "ad"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000000080)={0x14, &(0x7f0000000040)={0x0, 0x24, 0x13, {0x13, 0x21, "5f748ecfe3d84119ec827eb0ded91900f6"}}, 0xffffffffffffffff}, &(0x7f0000000300)={0x34, &(0x7f00000000c0)={0x20, 0x7, 0xe8, "16255ab8ea258f62181c1a307b3ce3b816cfbe295967491fdc7c49195526c51d51c1660a97c31963b1133ba4f3edcd108bf965e2a66bd904e58490745744132f2e939ef939db721af0c68df2a0753589b9c54fec5a733af87cdfcb4ab93fb5d6aac771ec56deeaf7a53759baed86604e9901e901924506404474815f951ea4e72a99ad33eb7038d4e52eaccd61b78eac1a3a182c77c45406806efe04dc3fa99a2847cac326ab5870433cf01201a7c5ed7625e1cc50f43c6a3a8df12ed595185098f39474e0224a3f7eb40c4d25606f62a29457f22f2ed1bdf2cf431385c6662c8434a17da45f9765"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000240)={0xc0, 0xa1, 0x4, 0x5}, &(0x7f0000000280)={0x40, 0xa0, 0x4, 0x10}, &(0x7f00000002c0)={0xc0, 0xa2, 0x2f, "c4391167632476cc6e7187d074f3334a1a24707b31ae2092df889f4450bb1086504a1b6ed916781eecf8ab16bbd464"}})

547.350749ms ago: executing program 3 (id=3680):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000400)='TIPC\x00', 0x0)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, 0x0, 0x2040)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x8000)
syz_genetlink_get_family_id$smc(0x0, 0xffffffffffffffff)
sendmsg$SMC_PNETID_FLUSH(0xffffffffffffffff, 0x0, 0x20044010)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f00000005c0)='fd', 0x0, r3)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(0xffffffffffffffff, 0x0, 0x2)
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r5, r5)
setpgid(0x0, r5)
fchdir(r4)
mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', 0x0, 0x0, 0x0)
syz_usb_connect$uac1(0x5, 0x84, &(0x7f0000000f00)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x72, 0x3, 0x1, 0x9, 0x40, 0x3, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7, 0x1c}, [@feature_unit={0x9, 0x24, 0x6, 0x2, 0x2, 0x1, [0x3], 0x5}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x301, 0x5, 0x2, 0x1}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0xd, 0x9, 0x5, {0x7, 0x25, 0x1, 0xc, 0x20, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x1, 0x5f, 0xff, {0x7, 0x25, 0x1, 0x8, 0x2, 0xfff8}}}}}}}}]}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000005c0)={0x2, 0x0, @ioapic={0x0, 0x5, 0x5, 0xfffffffe, 0x0, [{0x2, 0x4, 0x9b}, {0x9, 0x8, 0x9, '\x00', 0xf}, {0xff, 0x7f, 0xd3, '\x00', 0xe9}, {0xfd, 0x6, 0xf5, '\x00', 0x13}, {0x7, 0xd, 0xf5, '\x00', 0xb4}, {0xf, 0x4, 0x54, '\x00', 0xff}, {0x75, 0xd5, 0xf1, '\x00', 0x7f}, {0x3, 0x5, 0xc, '\x00', 0x4}, {0x7f, 0x5, 0x4a, '\x00', 0x6}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x84, '\x00', 0xdc}, {0xfb, 0x1, 0xff, '\x00', 0x1}, {0xc, 0x5, 0x26}, {0xcf, 0xf, 0x8, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x1, 0x2, 0x2, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x9}, {0x4, 0xa, 0x2, '\x00', 0xe9}, {0x7, 0x2, 0x1, '\x00', 0xc2}, {0x2, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xe, 0x87, '\x00', 0x7d}, {0x10, 0x9, 0x92, '\x00', 0xc}, {0x1, 0x3, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0xa, '\x00', 0x1}]}})

338.262305ms ago: executing program 0 (id=3683):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000010c0)=ANY=[@ANYBLOB="142a00001000010000000000000000000000000a140000001100010000000000000000000000000a"], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_sfeatures={0x51}})

274.535715ms ago: executing program 0 (id=3684):
modify_ldt$read(0x0, &(0x7f00000001c0)=""/195, 0xc3)
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0)
madvise(&(0x7f0000ff4000/0x9000)=nil, 0x9000, 0x16)
move_pages(0x0, 0x1, &(0x7f00000000c0)=[&(0x7f0000ffc000/0x1000)=nil], 0x0, &(0x7f0000000000), 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000002060102000034e40000000000000008050005000a000000050001800600000005000400000000000900020073797a310000000011000300686173683a69702c706f7274000000000c000780080013"], 0x58}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0xfffffffffffffeda, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000003700000300000000ffdbdf25017c00004a926fe56bca311d81db1fc53ad27530584bca78d14d791d1559c26ae40d04b9ec358411bf27c4ae13abbe79d40f0225ca2bc4f52d25523358db2b35cf53fa5258635e433e61feb9261ce9b08cff4da41787774995d68d05507bf85e91fe855cf6da6c931d3f5e6fdc47845acaef4f51ec3d77d1ff44"], 0x14}, 0x1, 0x0, 0x0, 0xc044}, 0x2404c8d5)
write$vga_arbiter(r0, 0x0, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000c80)={0x2, 0x2, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast2}, 0x10)

167.756782ms ago: executing program 0 (id=3685):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x2140, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1)
sendmsg$NLBL_MGMT_C_ADD(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="00010000", @ANYRES16=r2, @ANYBLOB="cd3e2cbd700000000000010000000800020005000000ce00010043ecf8a077157cd8bc73e1b93314cdcbb6b9bb84e5bcdb7f9af2eacc913a7640e8332d1daa67516c7f094b740c631f175dd5d0f0a8ebd2679204020b006f64e62cd3404917f3be657330adc6bf2f2ab6286f917412935536f4406edcdc8a3779814659bebb63d2c301a5e2568cb3696d7ed256da47bd6246c86e86ac9cfbdae223a5529e47710585ccce74d42622b43a13e9096385b4cb17bf6d8436e77f709e436462ad3ba28f73bf36e8e358673326e220d60a9d3d7e3c932faf89062b965db52beeff385e442adbb8d87480d48f4b3d4530e85283000014000600ff01000000000000000000bab387609d2a"], 0x100}}, 0x4004000)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
prlimit64(0x0, 0x9, &(0x7f0000000000)={0xffffffffffffffdb, 0xfffffffffffffffb}, 0x0)
brk(0x689d80000000)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x20080, 0xb4)
msgrcv(0x0, 0x0, 0x0, 0x1, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r5, 0x80047c05, &(0x7f0000000080)=<r6=>0xffffffffffffffff)
ioctl$VIDIOC_G_EXT_CTRLS(r5, 0xc0205647, &(0x7f0000000100)={0x9f0000, 0xa, 0x6, r6, 0x0, &(0x7f00000000c0)={0x0, 0x5, '\x00', @ptr=0x2}})
msgrcv(0x0, 0x0, 0x0, 0x1, 0x2000)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10)
sendmsg$inet_sctp(r7, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c844}, 0x881)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r7, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x2dd, 0x3ff}, &(0x7f0000000200)=0x8)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x9, 0x420000)

149.653704ms ago: executing program 0 (id=3686):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3213000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x64, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0xffffff99, 0xb, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xe}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e23}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@empty}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x400c884}, 0x20000800)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0)
sendmsg$IPSET_CMD_DEL(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="2400000006000000000000000500010007000000b9751e551b7db95fe70f38ed39a175297686ef9f191680534706333e5037a782ee62b947fc1b4058a2770593572af565cd8d5156a8e9633d7e549794d00add215cf9406fcab854517e97eb0857d7d4c0a9651846e05228ac9f6d4d467c05786c353c6feab2339949c31db9089dacd109af0a4628fa"], 0x24}, 0x1, 0x0, 0x0, 0x4008894}, 0xd4)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r4, 0x4048aecb, &(0x7f0000000340)=@arm64_ccsidr={0x6020000000110009, 0x0})
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
r6 = eventfd(0x4)
ioctl$VHOST_SET_VRING_BASE(r5, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000300)=r6)
ioctl$VHOST_SET_VRING_KICK(r5, 0x4008af20, &(0x7f0000000040)={0x1, r6})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000100)={0x1, 0x1, &(0x7f0000000380)=""/239, &(0x7f0000000880)=""/99, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000340)=0xfffffffe)
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000004c0)={0x0, &(0x7f0000000200)=[@nested_intel_vmwrite_mask={0x154, 0x38, {0x3, @guest_nat=0x6822, 0x81, 0x2, 0x6}}, @nested_amd_clgi={0x17f, 0x10}, @rdmsr={0x66, 0x18}, @nested_amd_stgi={0x17e, 0x10}, @nested_amd_vmload={0x182, 0x18, 0x1}, @wrmsr={0x65, 0x20, {0xad2, 0x9}}, @code={0xa, 0x64, {"c4c2dd0393bdc3370366430f0666baf80cb88c43a089ef66bafc0cb003ee420fddca67440f79714fc483897f5d225866440f73ffdf66baf80cb84436fa88ef66bafc0cb800000000ef2e480fc72ff3440fa7e0"}}, @nested_amd_inject_event={0x180, 0x38, {0x1, 0x89, 0x5, 0x3, 0x3}}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x3, @save_area=0x64e, 0x2, 0x1, 0xaa}}, @nested_load_syzos={0x136, 0x20, {0x1, 0x2}}, @nested_amd_stgi={0x17e, 0x10}], 0x1ac})
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070000000900010073797a300000000084000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000838001180090001006c61737400000000280002800c00024000000000000000090800014000000ba308000140000010000800014000003f5e980000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000006c0003806800008008000340000000025c0002800c00028008000340000000024c000280080003400000000408000180fffffffd0800f1d7fffffffd0800034000000003090002"], 0x164}, 0x1, 0x0, 0x0, 0x400480d}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000140)=[<r9=>0x0], &(0x7f0000000340)=[<r10=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f0000000180)={0x0})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000240)=[r10, r9], 0x2, 0x800})
listen(r1, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x5, 0x8, 0x7, 0x8, 0xb, 0x5, 0x103, 0x9f, 0x3, 0x0, 0x8, 0xbcf, 0xfffffffffffffbff, 0x2, 0x80000000, 0x46], 0x33331000, 0x28184})
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}, 0x1c)

94.185089ms ago: executing program 0 (id=3687):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000100)=@ethtool_drvinfo={0x3, "87f824ddfb091e3922ba3b10ff3174505f1e3befee028a65a72b34dac9f1bfef", "0b5f57a8bfaaf1a650589b6e518470734ff0ab151c6c76068144ab7a52f3b1c0", "191708af475d4b9b07fa69af8e784fed91c0929043aab4abc7cccd8c8342c7dd", "f5666f74246fedea5c50a62e58e749e73b49b0070be75967c7ba6bd1ce539197", "85b68d82818f51982d5c739ed70130e117f82cca46ceb6521b4a12fb663b66a6", "d5491d19e74dab3c2d4d5d6d", 0x3, 0x3, 0x99c8, 0x40, 0x52}})
sendfile(r1, r0, &(0x7f00000000c0)=0x8b, 0x100000500)

0s ago: executing program 0 (id=3688):
r0 = syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000680)={0x1c, &(0x7f0000000700)={0x40, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000580)={0x40, 0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000002380)={0x34, &(0x7f0000002180)={0x20, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000002040)={0x84, &(0x7f0000001c40)={0x20, 0x30, 0x1, "ad"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, &(0x7f0000000080)={0x14, &(0x7f0000000040)={0x0, 0x24, 0x13, {0x13, 0x21, "5f748ecfe3d84119ec827eb0ded91900f6"}}, 0xffffffffffffffff}, &(0x7f0000000300)={0x34, &(0x7f00000000c0)={0x20, 0x7, 0xe8, "16255ab8ea258f62181c1a307b3ce3b816cfbe295967491fdc7c49195526c51d51c1660a97c31963b1133ba4f3edcd108bf965e2a66bd904e58490745744132f2e939ef939db721af0c68df2a0753589b9c54fec5a733af87cdfcb4ab93fb5d6aac771ec56deeaf7a53759baed86604e9901e901924506404474815f951ea4e72a99ad33eb7038d4e52eaccd61b78eac1a3a182c77c45406806efe04dc3fa99a2847cac326ab5870433cf01201a7c5ed7625e1cc50f43c6a3a8df12ed595185098f39474e0224a3f7eb40c4d25606f62a29457f22f2ed1bdf2cf431385c6662c8434a17da45f9765"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000240)={0xc0, 0xa1, 0x4, 0x5}, &(0x7f0000000280)={0x40, 0xa0, 0x4, 0x10}, &(0x7f00000002c0)={0xc0, 0xa2, 0x2f, "c4391167632476cc6e7187d074f3334a1a24707b31ae2092df889f4450bb1086504a1b6ed916781eecf8ab16bbd464"}})

kernel console output (not intermixed with test programs):

device number 40
[  633.092726][ T5831] udevd[5831]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  633.256673][ T5702] koneplus 0003:1E7D:2D51.0017: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.4-1/input0
[  633.426876][T14873] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3051'.
[  633.426911][T14873] netlink: 'syz.4.3051': attribute type 2 has an invalid length.
[  633.426926][T14873] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3051'.
[  634.121831][ T5702] koneplus 0003:1E7D:2D51.0017: couldn't init struct koneplus_device
[  634.121887][ T5702] koneplus 0003:1E7D:2D51.0017: couldn't install mouse
[  634.133676][ T5702] koneplus 0003:1E7D:2D51.0017: probe with driver koneplus failed with error -71
[  634.161732][    T9] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  634.205016][ T5702] usb 5-1: USB disconnect, device number 97
[  634.215066][  T823] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  634.250520][   T38] audit: type=1326 audit(1779215912.600:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14899 comm="syz.2.3058" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbfd4ace59 code=0x0
[  634.352838][T14901] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3058'.
[  634.352860][T14901] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3058'.
[  634.375130][  T823] usb 4-1: device descriptor read/64, error -71
[  634.375797][T14901] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3058'.
[  634.625142][  T823] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  634.765081][  T823] usb 4-1: device descriptor read/64, error -71
[  634.875315][  T823] usb usb4-port1: attempt power cycle
[  634.994979][ T5702] usb 5-1: new full-speed USB device number 98 using dummy_hcd
[  635.147410][ T5702] usb 5-1: config 2 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  635.147436][ T5702] usb 5-1: config 2 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  635.147452][ T5702] usb 5-1: config 2 interface 0 has no altsetting 0
[  635.147474][ T5702] usb 5-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00
[  635.147490][ T5702] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.255157][  T823] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  635.288394][  T823] usb 4-1: device descriptor read/8, error -71
[  635.317255][  T822] usb 1-1: USB disconnect, device number 90
[  635.545032][  T823] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  635.602893][  T823] usb 4-1: device descriptor read/8, error -71
[  635.659533][ T5702] usbhid 5-1:2.0: can't add hid device: -71
[  635.659747][ T5702] usbhid 5-1:2.0: probe with driver usbhid failed with error -71
[  635.695168][ T5702] usb 5-1: USB disconnect, device number 98
[  635.716144][  T823] usb usb4-port1: unable to enumerate USB device
[  635.901409][T14919] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3064'.
[  635.954207][T14921] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3065'.
[  636.010540][T14921] __vm_enough_memory: pid: 14921, comm: syz.0.3065, bytes: 21200202944512 not enough memory for the allocation
[  636.429255][T14935] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  636.476260][T14938] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3070'.
[  637.206167][T14967] netlink: 84 bytes leftover after parsing attributes in process `syz.4.3080'.
[  637.341244][T14969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3082'.
[  637.355085][    T9] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  637.425096][  T822] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  637.442191][T14973] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3084'.
[  637.505656][T14973] __vm_enough_memory: pid: 14973, comm: syz.2.3084, bytes: 21200456445952 not enough memory for the allocation
[  637.533508][    T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  637.533546][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.533570][    T9] usb 4-1: Product: syz
[  637.533587][    T9] usb 4-1: Manufacturer: syz
[  637.533604][    T9] usb 4-1: SerialNumber: syz
[  637.555022][  T822] usb 1-1: device descriptor read/64, error -71
[  637.795023][  T822] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  637.925159][  T822] usb 1-1: device descriptor read/64, error -71
[  637.935608][   T10] usb 5-1: new full-speed USB device number 99 using dummy_hcd
[  637.990562][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  637.990642][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  638.035559][  T822] usb usb1-port1: attempt power cycle
[  638.288530][   T10] usb 5-1: unable to read config index 0 descriptor/start: -71
[  638.288678][   T10] usb 5-1: can't read configurations, error -71
[  638.375089][  T822] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  638.401424][  T822] usb 1-1: device descriptor read/8, error -71
[  638.645140][  T822] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  638.665926][  T822] usb 1-1: device descriptor read/8, error -71
[  638.775757][  T822] usb usb1-port1: unable to enumerate USB device
[  638.880167][T14981] netlink: 'syz.4.3086': attribute type 8 has an invalid length.
[  638.974858][T14981] pim6reg: entered allmulticast mode
[  639.395009][   T10] usb 5-1: new full-speed USB device number 100 using dummy_hcd
[  639.558760][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  639.558786][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  639.559140][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  639.559169][   T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  639.559185][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.582973][   T10] usb 5-1: config 0 descriptor??
[  639.840777][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000080. ret = -EPROTO
[  639.840916][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  639.901044][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  639.938994][    T9] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[  639.961817][    T9] usb 4-1: USB disconnect, device number 20
[  640.026149][ T5766] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  640.094109][   T10] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  640.182101][ T5766] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  640.182138][ T5766] usb 3-1: config 0 interface 0 has no altsetting 0
[  640.202790][ T5766] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  640.202825][ T5766] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  640.202848][ T5766] usb 3-1: Product: syz
[  640.202865][ T5766] usb 3-1: Manufacturer: syz
[  640.202882][ T5766] usb 3-1: SerialNumber: syz
[  640.232627][ T5766] usb 3-1: config 0 descriptor??
[  640.262510][ T5766] usb 3-1: selecting invalid altsetting 0
[  640.598708][T15009] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3093'.
[  640.641637][ T5766] usb 3-1: USB disconnect, device number 41
[  640.705156][T15012] __vm_enough_memory: pid: 15012, comm: syz.3.3093, bytes: 21200008491008 not enough memory for the allocation
[  641.061621][ T6429] udevd[6429]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  641.159589][T15023] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3099'.
[  641.495590][ T5723] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  641.650463][ T5723] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  641.650498][ T5723] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.650520][ T5723] usb 3-1: Product: syz
[  641.650535][ T5723] usb 3-1: Manufacturer: syz
[  641.650551][ T5723] usb 3-1: SerialNumber: syz
[  642.037906][T15054] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3110'.
[  642.119203][ T5723] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  642.119277][ T5723] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  642.234059][T15062] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3113'.
[  642.326352][T15062] __vm_enough_memory: pid: 15062, comm: syz.4.3113, bytes: 21200075079680 not enough memory for the allocation
[  643.461614][T15100] netlink: 'syz.4.3129': attribute type 1 has an invalid length.
[  643.753955][ T5723] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000080. ret = -EPROTO
[  643.754023][ T5723] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  643.804280][ T5723] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  643.831403][ T5723] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  643.836717][T15105] FAULT_INJECTION: forcing a failure.
[  643.836717][T15105] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  643.836860][T15105] CPU: 0 UID: 0 PID: 15105 Comm: syz.4.3131 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  643.836891][T15105] Tainted: [L]=SOFTLOCKUP
[  643.836899][T15105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  643.836911][T15105] Call Trace:
[  643.836919][T15105]  <TASK>
[  643.836928][T15105]  dump_stack_lvl+0xe8/0x150
[  643.836958][T15105]  should_fail_ex+0x46b/0x600
[  643.836989][T15105]  _copy_to_user+0x31/0xb0
[  643.837021][T15105]  simple_read_from_buffer+0xe1/0x170
[  643.837050][T15105]  proc_fail_nth_read+0x1be/0x230
[  643.837080][T15105]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  643.837110][T15105]  ? rw_verify_area+0x2ac/0x4e0
[  643.837137][T15105]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  643.837163][T15105]  vfs_read+0x212/0xa80
[  643.837197][T15105]  ? __pfx_vfs_read+0x10/0x10
[  643.837227][T15105]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  643.837258][T15105]  ? lockdep_hardirqs_on+0x7a/0x110
[  643.837288][T15105]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  643.837327][T15105]  ? mutex_lock_nested+0x152/0x1d0
[  643.837351][T15105]  ? fdget_pos+0x252/0x320
[  643.837383][T15105]  ksys_read+0x156/0x270
[  643.837413][T15105]  ? __pfx_ksys_read+0x10/0x10
[  643.837448][T15105]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.837471][T15105]  do_syscall_64+0x15f/0xf80
[  643.837489][T15105]  ? trace_irq_disable+0x3b/0x140
[  643.837518][T15105]  ? clear_bhb_loop+0x40/0x90
[  643.837543][T15105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.837564][T15105] RIP: 0033:0x7fa8e098d68e
[  643.837584][T15105] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  643.837602][T15105] RSP: 002b:00007fa8dec1dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  643.837625][T15105] RAX: ffffffffffffffda RBX: 00007fa8dec1e6c0 RCX: 00007fa8e098d68e
[  643.837639][T15105] RDX: 000000000000000f RSI: 00007fa8dec1e0a0 RDI: 0000000000000005
[  643.837652][T15105] RBP: 00007fa8dec1e090 R08: 0000000000000000 R09: 0000000000000000
[  643.837665][T15105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  643.837678][T15105] R13: 00007fa8e0c46038 R14: 00007fa8e0c45fa0 R15: 00007ffd8f013b28
[  643.837710][T15105]  </TASK>
[  644.134321][ T5723] usb 3-1: USB disconnect, device number 42
[  644.449343][T15119] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3137'.
[  644.525663][T15119] __vm_enough_memory: pid: 15119, comm: syz.3.3137, bytes: 21200008491008 not enough memory for the allocation
[  644.805037][ T5723] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  644.923504][T15134] netlink: 292 bytes leftover after parsing attributes in process `syz.4.3143'.
[  644.973178][ T5723] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  644.973216][ T5723] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.973240][ T5723] usb 1-1: Product: syz
[  644.973255][ T5723] usb 1-1: Manufacturer: syz
[  644.973272][ T5723] usb 1-1: SerialNumber: syz
[  645.018618][ T5723] usb 1-1: config 0 descriptor??
[  645.032763][ T5723] ch341 1-1:0.0: ch341-uart converter detected
[  645.107921][T15136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  645.108567][T15136] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  645.479702][T15139] netlink: 100 bytes leftover after parsing attributes in process `syz.3.3145'.
[  645.479730][T15139] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  645.994999][T13825] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  646.041164][T15157] netlink: 'syz.4.3148': attribute type 21 has an invalid length.
[  646.041244][T15157] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3148'.
[  646.175143][T13825] usb 4-1: Using ep0 maxpacket: 32
[  646.193959][T13825] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  646.193994][T13825] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.194144][T13825] usb 4-1: Product: syz
[  646.194160][T13825] usb 4-1: Manufacturer: syz
[  646.194262][T13825] usb 4-1: SerialNumber: syz
[  646.249852][T13825] usb 4-1: config 0 descriptor??
[  646.282735][T13825] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  646.310803][ T5723] usb 1-1: failed to send control message: -71
[  646.310940][ T5723] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  646.347081][ T5723] usb 1-1: USB disconnect, device number 95
[  646.369142][ T5723] ch341 1-1:0.0: device disconnected
[  646.581510][T15167] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3153'.
[  646.645539][T15167] __vm_enough_memory: pid: 15167, comm: syz.4.3153, bytes: 21200075079680 not enough memory for the allocation
[  646.875061][ T5766] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  647.036277][ T5766] usb 3-1: Using ep0 maxpacket: 32
[  647.038625][ T5766] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  647.038662][ T5766] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  647.038711][ T5766] usb 3-1: New USB device found, idVendor=8380, idProduct=1850, bcdDevice= 0.00
[  647.038736][ T5766] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.055994][ T5766] usb 3-1: config 0 descriptor??
[  647.514295][T15166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  647.520703][T15166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  647.598381][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598425][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598456][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598485][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598513][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598540][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598569][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598598][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598627][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.598655][ T5766] betop 0003:8380:1850.0019: unknown main item tag 0x0
[  647.609118][ T5766] betop 0003:8380:1850.0019: unexpected long global item
[  647.613205][ T5766] betop 0003:8380:1850.0019: parse failed
[  647.613282][ T5766] betop 0003:8380:1850.0019: probe with driver betop failed with error -22
[  647.800959][ T5723] usb 3-1: USB disconnect, device number 43
[  647.958927][T15211] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  647.958942][T15211] overlayfs: missing 'lowerdir'
[  647.983969][T15206] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  647.985065][T15206] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  648.406056][T15226] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3176'.
[  648.485731][T15226] __vm_enough_memory: pid: 15226, comm: syz.4.3176, bytes: 21200075079680 not enough memory for the allocation
[  648.567360][T13825] gspca_ov534_9: reg_r err -71
[  648.831308][T13825] gspca_ov534_9: Unknown sensor 0000
[  648.831477][T13825] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  648.855422][T13825] usb 4-1: USB disconnect, device number 21
[  648.893817][ T5723] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  648.986086][ T5766] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  649.048022][ T5723] usb 3-1: Using ep0 maxpacket: 32
[  649.050085][ T5723] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[  649.050116][ T5723] usb 3-1: config 0 has no interface number 0
[  649.050166][ T5723] usb 3-1: config 0 interface 184 has no altsetting 0
[  649.052693][ T5723] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  649.052724][ T5723] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.052738][ T5723] usb 3-1: Product: syz
[  649.052748][ T5723] usb 3-1: Manufacturer: syz
[  649.052757][ T5723] usb 3-1: SerialNumber: syz
[  649.056916][ T5723] usb 3-1: config 0 descriptor??
[  649.151328][ T5766] usb 1-1: Using ep0 maxpacket: 16
[  649.154174][ T5766] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  649.154204][ T5766] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  649.154228][ T5766] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  649.158820][ T5766] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  649.158853][ T5766] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.158876][ T5766] usb 1-1: Product: syz
[  649.158893][ T5766] usb 1-1: Manufacturer: syz
[  649.158910][ T5766] usb 1-1: SerialNumber: syz
[  649.191143][ T5766] usb 1-1: 0:2 : does not exist
[  649.583385][ T5723] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  649.583421][ T5723] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  649.583443][ T5723] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  649.583783][ T5723] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[  649.651780][ T5723] usb 3-1: USB disconnect, device number 44
[  649.786451][T15252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  649.787155][T15252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  649.820096][T15245] sg_write: data in/out 451548/226 bytes for SCSI command 0x0-- guessing data in;
[  649.820096][T15245]    program syz.3.3184 not setting count and/or reply_len properly
[  649.857334][T15245] comedi comedi3: dt2814: I/O base address or length out of range
[  650.067654][ T5766] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1)
[  650.135254][   T67] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  650.244982][ T5766] usb 1-1: USB disconnect, device number 96
[  650.355389][ T5831] udevd[5831]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  650.509038][T15271] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3193'.
[  650.564595][ T5723] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  650.566326][T15271] __vm_enough_memory: pid: 15271, comm: syz.2.3193, bytes: 21200456445952 not enough memory for the allocation
[  650.719083][ T5723] usb 4-1: Using ep0 maxpacket: 32
[  650.737069][ T5723] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  650.737119][ T5723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.737143][ T5723] usb 4-1: Product: syz
[  650.737161][ T5723] usb 4-1: Manufacturer: syz
[  650.737178][ T5723] usb 4-1: SerialNumber: syz
[  650.781271][ T5723] usb 4-1: config 0 descriptor??
[  650.805900][ T5723] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  651.321916][T15302] FAULT_INJECTION: forcing a failure.
[  651.321916][T15302] name fail_iommufd, interval 1, probability 0, space 0, times 1
[  651.321959][T15302] CPU: 1 UID: 0 PID: 15302 Comm: syz.4.3206 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  651.321991][T15302] Tainted: [L]=SOFTLOCKUP
[  651.322000][T15302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  651.322015][T15302] Call Trace:
[  651.322024][T15302]  <TASK>
[  651.322035][T15302]  dump_stack_lvl+0xe8/0x150
[  651.322070][T15302]  should_fail_ex+0x46b/0x600
[  651.322106][T15302]  iommufd_get_object+0x78/0x4b0
[  651.322151][T15302]  ? __pfx_iommufd_get_object+0x10/0x10
[  651.322183][T15302]  ? lockdep_hardirqs_on+0x7a/0x110
[  651.322219][T15302]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  651.322254][T15302]  ? mutex_lock_nested+0x152/0x1d0
[  651.322282][T15302]  ? iommufd_access_attach+0x31/0x1c0
[  651.322322][T15302]  iommufd_access_attach+0x82/0x1c0
[  651.322363][T15302]  iommufd_test+0x37c6/0x6160
[  651.322402][T15302]  ? __lock_acquire+0x6b5/0x2d10
[  651.322427][T15302]  ? __pfx_iommufd_test+0x10/0x10
[  651.322466][T15302]  ? tomoyo_path_number_perm+0x219/0x630
[  651.322508][T15302]  ? tomoyo_path_number_perm+0x219/0x630
[  651.322545][T15302]  ? __might_fault+0xaf/0x130
[  651.322580][T15302]  ? __might_fault+0xaf/0x130
[  651.322636][T15302]  iommufd_fops_ioctl+0x4b8/0x5d0
[  651.322674][T15302]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  651.322713][T15302]  ? __fget_files+0x2a/0x420
[  651.322749][T15302]  ? __fget_files+0x2a/0x420
[  651.322781][T15302]  ? bpf_lsm_file_ioctl+0x9/0x20
[  651.322807][T15302]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  651.322840][T15302]  __se_sys_ioctl+0xff/0x170
[  651.322873][T15302]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.322898][T15302]  do_syscall_64+0x15f/0xf80
[  651.322918][T15302]  ? trace_irq_disable+0x3b/0x140
[  651.322949][T15302]  ? clear_bhb_loop+0x40/0x90
[  651.322979][T15302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.323002][T15302] RIP: 0033:0x7fa8e09cce59
[  651.323025][T15302] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  651.323046][T15302] RSP: 002b:00007fa8dec1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  651.323071][T15302] RAX: ffffffffffffffda RBX: 00007fa8e0c45fa0 RCX: 00007fa8e09cce59
[  651.323088][T15302] RDX: 0000200000000200 RSI: 0000000000003ba0 RDI: 0000000000000003
[  651.323103][T15302] RBP: 00007fa8dec1e090 R08: 0000000000000000 R09: 0000000000000000
[  651.323118][T15302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  651.323133][T15302] R13: 00007fa8e0c46038 R14: 00007fa8e0c45fa0 R15: 00007ffd8f013b28
[  651.323170][T15302]  </TASK>
[  651.624434][T15306] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3210'.
[  651.724617][T15309] __vm_enough_memory: pid: 15309, comm: syz.4.3210, bytes: 21200075079680 not enough memory for the allocation
[  652.207447][T15320] FAULT_INJECTION: forcing a failure.
[  652.207447][T15320] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  652.207502][T15320] CPU: 0 UID: 0 PID: 15320 Comm: syz.0.3215 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  652.207535][T15320] Tainted: [L]=SOFTLOCKUP
[  652.207551][T15320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  652.207565][T15320] Call Trace:
[  652.207572][T15320]  <TASK>
[  652.207579][T15320]  dump_stack_lvl+0xe8/0x150
[  652.207610][T15320]  should_fail_ex+0x46b/0x600
[  652.207654][T15320]  prepare_alloc_pages+0x22a/0x6b0
[  652.207705][T15320]  __alloc_frozen_pages_noprof+0x12f/0x380
[  652.207743][T15320]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  652.207767][T15320]  ? __pfx_policy_nodemask+0x10/0x10
[  652.207793][T15320]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  652.207827][T15320]  ? lockdep_hardirqs_on+0x7a/0x110
[  652.207867][T15320]  alloc_pages_mpol+0xd1/0x380
[  652.207904][T15320]  alloc_pages_noprof+0xd2/0x2f0
[  652.207934][T15320]  get_free_pages_noprof+0xf/0x80
[  652.207955][T15320]  __kasan_populate_vmalloc+0x38/0x1d0
[  652.207975][T15320]  ? rt_spin_unlock+0x160/0x200
[  652.208013][T15320]  alloc_vmap_area+0xd47/0x1480
[  652.208061][T15320]  ? __pfx_alloc_vmap_area+0x10/0x10
[  652.208091][T15320]  ? __kmalloc_cache_node_noprof+0x27d/0x6c0
[  652.208117][T15320]  ? __get_vm_area_node+0x171/0x350
[  652.208132][T15320]  ? vidtv_mux_init+0x204/0x19b0
[  652.208154][T15320]  __get_vm_area_node+0x226/0x350
[  652.208191][T15320]  __vmalloc_node_range_noprof+0x36a/0x1750
[  652.208220][T15320]  ? vidtv_mux_init+0x204/0x19b0
[  652.208276][T15320]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  652.208315][T15320]  ? __kasan_kmalloc+0x93/0xb0
[  652.208419][T15320]  ? vidtv_mux_init+0x204/0x19b0
[  652.208453][T15320]  vzalloc_noprof+0xb2/0xe0
[  652.208485][T15320]  ? vidtv_mux_init+0x204/0x19b0
[  652.208514][T15320]  vidtv_mux_init+0x204/0x19b0
[  652.208553][T15320]  vidtv_start_feed+0x36b/0x5a0
[  652.208592][T15320]  ? __pfx_vidtv_start_feed+0x10/0x10
[  652.208624][T15320]  ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10
[  652.208665][T15320]  ? lockdep_hardirqs_on+0x7a/0x110
[  652.208700][T15320]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  652.208731][T15320]  ? mutex_lock_interruptible_nested+0x152/0x1d0
[  652.208760][T15320]  ? dmx_ts_feed_start_filtering+0x52/0x240
[  652.208788][T15320]  dmx_ts_feed_start_filtering+0x135/0x240
[  652.208816][T15320]  dvb_dmxdev_filter_start+0x447/0x10e0
[  652.208863][T15320]  dvb_demux_do_ioctl+0x48e/0x540
[  652.208899][T15320]  dvb_usercopy+0x199/0x2e0
[  652.208928][T15320]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[  652.208959][T15320]  ? __pfx_dvb_usercopy+0x10/0x10
[  652.209002][T15320]  ? __fget_files+0x3a6/0x420
[  652.209028][T15320]  ? __fget_files+0x2a/0x420
[  652.209057][T15320]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[  652.209103][T15320]  dvb_demux_ioctl+0x29/0x40
[  652.209132][T15320]  __se_sys_ioctl+0xff/0x170
[  652.209164][T15320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.209190][T15320]  do_syscall_64+0x15f/0xf80
[  652.209224][T15320]  ? trace_irq_disable+0x3b/0x140
[  652.209255][T15320]  ? clear_bhb_loop+0x40/0x90
[  652.209283][T15320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.209304][T15320] RIP: 0033:0x7f2d5f4fce59
[  652.209327][T15320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  652.209347][T15320] RSP: 002b:00007f2d5d74e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  652.209374][T15320] RAX: ffffffffffffffda RBX: 00007f2d5f775fa0 RCX: 00007f2d5f4fce59
[  652.209391][T15320] RDX: 0000200000000180 RSI: 0000000040146f2c RDI: 0000000000000003
[  652.209406][T15320] RBP: 00007f2d5d74e090 R08: 0000000000000000 R09: 0000000000000000
[  652.209419][T15320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  652.209432][T15320] R13: 00007f2d5f776038 R14: 00007f2d5f775fa0 R15: 00007ffd1fb71188
[  652.209460][T15320]  </TASK>
[  652.218286][T15320] syz.0.3215: vmalloc error: size 90164, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  652.218670][T15320] CPU: 0 UID: 0 PID: 15320 Comm: syz.0.3215 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  652.218700][T15320] Tainted: [L]=SOFTLOCKUP
[  652.218708][T15320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  652.218722][T15320] Call Trace:
[  652.218731][T15320]  <TASK>
[  652.218741][T15320]  dump_stack_lvl+0xe8/0x150
[  652.218775][T15320]  warn_alloc+0x24c/0x270
[  652.218804][T15320]  ? kasan_quarantine_put+0xbb/0x1f0
[  652.218834][T15320]  ? __pfx_warn_alloc+0x10/0x10
[  652.218868][T15320]  ? __get_vm_area_node+0x23f/0x350
[  652.218894][T15320]  ? __get_vm_area_node+0x171/0x350
[  652.218924][T15320]  ? vidtv_mux_init+0x204/0x19b0
[  652.218954][T15320]  ? __get_vm_area_node+0x23f/0x350
[  652.218988][T15320]  __vmalloc_node_range_noprof+0x38f/0x1750
[  652.219049][T15320]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  652.219089][T15320]  ? __kasan_kmalloc+0x93/0xb0
[  652.219118][T15320]  ? vidtv_mux_init+0x204/0x19b0
[  652.219144][T15320]  vzalloc_noprof+0xb2/0xe0
[  652.219171][T15320]  ? vidtv_mux_init+0x204/0x19b0
[  652.219198][T15320]  vidtv_mux_init+0x204/0x19b0
[  652.219235][T15320]  vidtv_start_feed+0x36b/0x5a0
[  652.219276][T15320]  ? __pfx_vidtv_start_feed+0x10/0x10
[  652.219307][T15320]  ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10
[  652.219345][T15320]  ? lockdep_hardirqs_on+0x7a/0x110
[  652.219376][T15320]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  652.219411][T15320]  ? mutex_lock_interruptible_nested+0x152/0x1d0
[  652.219440][T15320]  ? dmx_ts_feed_start_filtering+0x52/0x240
[  652.219467][T15320]  dmx_ts_feed_start_filtering+0x135/0x240
[  652.219494][T15320]  dvb_dmxdev_filter_start+0x447/0x10e0
[  652.219546][T15320]  dvb_demux_do_ioctl+0x48e/0x540
[  652.219582][T15320]  dvb_usercopy+0x199/0x2e0
[  652.219612][T15320]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[  652.219641][T15320]  ? __pfx_dvb_usercopy+0x10/0x10
[  652.219679][T15320]  ? __fget_files+0x3a6/0x420
[  652.219703][T15320]  ? __fget_files+0x2a/0x420
[  652.219730][T15320]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[  652.219763][T15320]  dvb_demux_ioctl+0x29/0x40
[  652.219793][T15320]  __se_sys_ioctl+0xff/0x170
[  652.219822][T15320]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.219844][T15320]  do_syscall_64+0x15f/0xf80
[  652.219863][T15320]  ? trace_irq_disable+0x3b/0x140
[  652.219893][T15320]  ? clear_bhb_loop+0x40/0x90
[  652.219922][T15320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.219944][T15320] RIP: 0033:0x7f2d5f4fce59
[  652.219966][T15320] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  652.219984][T15320] RSP: 002b:00007f2d5d74e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  652.220005][T15320] RAX: ffffffffffffffda RBX: 00007f2d5f775fa0 RCX: 00007f2d5f4fce59
[  652.220019][T15320] RDX: 0000200000000180 RSI: 0000000040146f2c RDI: 0000000000000003
[  652.220033][T15320] RBP: 00007f2d5d74e090 R08: 0000000000000000 R09: 0000000000000000
[  652.220046][T15320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  652.220059][T15320] R13: 00007f2d5f776038 R14: 00007f2d5f775fa0 R15: 00007ffd1fb71188
[  652.220095][T15320]  </TASK>
[  652.224170][T15320] Mem-Info:
[  652.224184][T15320] active_anon:30451 inactive_anon:0 isolated_anon:0
[  652.224184][T15320]  active_file:0 inactive_file:54700 isolated_file:0
[  652.224184][T15320]  unevictable:768 dirty:145 writeback:0
[  652.224184][T15320]  slab_reclaimable:12269 slab_unreclaimable:96535
[  652.224184][T15320]  mapped:31092 shmem:22904 pagetables:1491
[  652.224184][T15320]  sec_pagetables:0 bounce:0
[  652.224184][T15320]  kernel_misc_reclaimable:0
[  652.224184][T15320]  free:1301556 free_pcp:1539 free_cma:0
[  652.224244][T15320] Node 0 active_anon:121804kB inactive_anon:0kB active_file:0kB inactive_file:218596kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124368kB dirty:576kB writeback:0kB shmem:90080kB kernel_stack:12912kB pagetables:5792kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  652.224295][T15320] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB kernel_stack:32kB pagetables:172kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB
[  652.224344][T15320] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  652.224407][T15320] lowmem_reserve[]: 0 2492 2493 2493 2493
[  652.224444][T15320] Node 0 DMA32 free:1254164kB boost:0kB min:3912kB low:6436kB high:8960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:121804kB inactive_anon:0kB active_file:0kB inactive_file:218596kB unevictable:1536kB writepending:576kB zspages:0kB present:3129332kB managed:2552752kB mlocked:0kB bounce:0kB free_pcp:6144kB local_pcp:3320kB free_cma:0kB
[  652.224506][T15320] lowmem_reserve[]: 0 0 0 0 0
[  652.224550][T15320] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:896kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB
[  652.224609][T15320] lowmem_reserve[]: 0 0 0 0 0
[  652.224643][T15320] Node 1 Normal free:3936700kB boost:0kB min:6372kB low:10480kB high:14588kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  652.224704][T15320] lowmem_reserve[]: 0 0 0 0 0
[  652.224742][T15320] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  652.224862][T15320] Node 0 DMA32: 1*4kB (M) 492*8kB (U) 47*16kB (U) 135*32kB (UME) 42*64kB (UME) 22*128kB (UME) 8*256kB (UME) 9*512kB (UME) 12*1024kB (UME) 14*2048kB (UM) 291*4096kB (UM) = 1254068kB
[  652.225026][T15320] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  652.225133][T15320] Node 1 Normal: 3*4kB (UM) 4*8kB (UM) 7*16kB (UM) 5*32kB (UM) 10*64kB (UM) 4*128kB (UM) 2*256kB (UM) 3*512kB (UM) 1*1024kB (M) 2*2048kB (M) 959*4096kB (UM) = 3936700kB
[  652.225331][T15320] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  652.225349][T15320] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  652.225365][T15320] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  652.225383][T15320] Node 1 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  652.225401][T15320] 77600 total pagecache pages
[  652.225411][T15320] 0 pages in swap cache
[  652.225419][T15320] Free swap  = 124996kB
[  652.225427][T15320] Total swap = 124996kB
[  652.225436][T15320] 2097051 pages RAM
[  652.225444][T15320] 0 pages HighMem/MovableOnly
[  652.225451][T15320] 427025 pages reserved
[  652.225459][T15320] 0 pages cma reserved
[  652.357796][T15322] FAULT_INJECTION: forcing a failure.
[  652.357796][T15322] name failslab, interval 1, probability 0, space 0, times 0
[  652.357834][T15322] CPU: 0 UID: 0 PID: 15322 Comm: syz.0.3216 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  652.357864][T15322] Tainted: [L]=SOFTLOCKUP
[  652.357871][T15322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  652.357883][T15322] Call Trace:
[  652.357892][T15322]  <TASK>
[  652.357900][T15322]  dump_stack_lvl+0xe8/0x150
[  652.357938][T15322]  should_fail_ex+0x46b/0x600
[  652.357972][T15322]  should_failslab+0xa8/0x100
[  652.358003][T15322]  kmem_cache_alloc_noprof+0x87/0x680
[  652.358031][T15322]  ? skb_clone+0x212/0x3a0
[  652.358065][T15322]  skb_clone+0x212/0x3a0
[  652.358103][T15322]  __netlink_deliver_tap+0x424/0x8b0
[  652.358145][T15322]  ? netlink_deliver_tap+0x2e/0x1b0
[  652.358174][T15322]  netlink_deliver_tap+0x19c/0x1b0
[  652.358203][T15322]  netlink_unicast+0x754/0x920
[  652.358240][T15322]  netlink_sendmsg+0x813/0xb40
[  652.358281][T15322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  652.358313][T15322]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  652.358349][T15322]  ? aa_sock_msg_perm+0x122/0x200
[  652.358379][T15322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  652.358408][T15322]  sock_sendmsg_nosec+0x112/0x150
[  652.358437][T15322]  sock_write_iter+0x308/0x410
[  652.358461][T15322]  ? __pfx_sock_write_iter+0x10/0x10
[  652.358505][T15322]  do_iter_readv_writev+0x62b/0x8d0
[  652.358545][T15322]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  652.358589][T15322]  ? rw_verify_area+0x25b/0x4e0
[  652.358623][T15322]  vfs_writev+0x345/0x9a0
[  652.358654][T15322]  ? __pfx_vfs_writev+0x10/0x10
[  652.358690][T15322]  ? __fget_files+0x2a/0x420
[  652.358719][T15322]  ? __fget_files+0x3a6/0x420
[  652.358744][T15322]  ? __fget_files+0x2a/0x420
[  652.358779][T15322]  do_writev+0x15a/0x2e0
[  652.358803][T15322]  ? __pfx_do_writev+0x10/0x10
[  652.358834][T15322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.358856][T15322]  do_syscall_64+0x15f/0xf80
[  652.358875][T15322]  ? trace_irq_disable+0x3b/0x140
[  652.358908][T15322]  ? clear_bhb_loop+0x40/0x90
[  652.358935][T15322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.358955][T15322] RIP: 0033:0x7f2d5f4fce59
[  652.358975][T15322] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  652.358993][T15322] RSP: 002b:00007f2d5d74e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  652.359016][T15322] RAX: ffffffffffffffda RBX: 00007f2d5f775fa0 RCX: 00007f2d5f4fce59
[  652.359031][T15322] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000003
[  652.359045][T15322] RBP: 00007f2d5d74e090 R08: 0000000000000000 R09: 0000000000000000
[  652.359060][T15322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  652.359074][T15322] R13: 00007f2d5f776038 R14: 00007f2d5f775fa0 R15: 00007ffd1fb71188
[  652.359108][T15322]  </TASK>
[  652.930767][ T5622] Bluetooth: hci2: command 0x0406 tx timeout
[  653.127469][ T5622] Bluetooth: hci2: SCO packet for unknown connection handle 201
[  653.129600][ T5723] gspca_ov534_9: reg_r err -71
[  653.430890][ T5723] gspca_ov534_9: Unknown sensor 0000
[  653.430992][ T5723] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  653.717702][ T5723] usb 4-1: USB disconnect, device number 22
[  653.857830][T15351] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3228'.
[  653.928291][T15351] __vm_enough_memory: pid: 15351, comm: syz.4.3228, bytes: 21200075079680 not enough memory for the allocation
[  654.475681][ T5724] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  654.629382][ T5724] usb 4-1: Using ep0 maxpacket: 16
[  654.633108][ T5724] usb 4-1: unable to get BOS descriptor or descriptor too short
[  654.635120][ T5724] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  654.673953][ T5724] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  654.673991][ T5724] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.674013][ T5724] usb 4-1: Product: syz
[  654.674030][ T5724] usb 4-1: Manufacturer: syz
[  654.674046][ T5724] usb 4-1: SerialNumber: syz
[  654.940932][T15367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.944802][T15367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.965866][T15367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.970037][T15367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.007763][ T5766] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  655.011856][T15390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  655.014511][T15390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.181582][ T5766] usb 3-1: Using ep0 maxpacket: 32
[  655.204725][ T5766] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  655.204764][ T5766] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.204787][ T5766] usb 3-1: Product: syz
[  655.204804][ T5766] usb 3-1: Manufacturer: syz
[  655.204821][ T5766] usb 3-1: SerialNumber: syz
[  655.221789][ T5766] usb 3-1: config 0 descriptor??
[  655.258421][ T5766] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  655.580179][ T5723] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  655.633876][T15402] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3249'.
[  655.733463][ T5723] usb 1-1: Using ep0 maxpacket: 32
[  655.741128][ T5723] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  655.741240][ T5723] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.741265][ T5723] usb 1-1: Product: syz
[  655.741281][ T5723] usb 1-1: Manufacturer: syz
[  655.741298][ T5723] usb 1-1: SerialNumber: syz
[  655.800469][ T5723] usb 1-1: config 0 descriptor??
[  656.039153][ T5723] peak_usb 1-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  656.039191][ T5723] peak_usb 1-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[  656.246265][T15413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.262986][T15413] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.295092][ T5622] Bluetooth: hci2: command 0x0406 tx timeout
[  656.414736][ T5723] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71
[  656.444357][ T5723] usb 1-1: USB disconnect, device number 97
[  657.298559][T15429] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  657.299966][T15429] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  657.322884][ T5724] snd-ua101 4-1:1.1: invalid format type
[  657.322907][ T5724] snd-ua101 4-1:1.0: invalid num_altsetting
[  657.435286][ T5724] usb 4-1: USB disconnect, device number 23
[  657.600345][ T5766] gspca_ov534_9: reg_r err -71
[  657.865833][ T5766] gspca_ov534_9: Unknown sensor 0000
[  657.865917][ T5766] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  657.887538][ T5766] usb 3-1: USB disconnect, device number 45
[  658.009198][ T5724] usb 1-1: new full-speed USB device number 98 using dummy_hcd
[  658.101645][T15449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  658.102315][T15449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.106650][T15449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  658.110745][T15449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.115570][T15449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  658.121135][T15449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.175780][ T5724] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  658.175811][ T5724] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  658.175867][ T5724] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  658.175895][ T5724] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.189688][ T5724] usb 1-1: config 0 descriptor??
[  658.203409][ T5724] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  658.203462][ T5724] dvb-usb: bulk message failed: -22 (3/0)
[  658.215751][ T5724] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  658.218760][ T5724] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  658.218819][ T5724] usb 1-1: media controller created
[  658.224739][ T5724] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  658.240962][ T5724] dvb-usb: bulk message failed: -22 (6/0)
[  658.241059][ T5724] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  658.260836][ T5724] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input111
[  658.269045][ T5724] dvb-usb: schedule remote query interval to 150 msecs.
[  658.269072][ T5724] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  658.399435][ T5724] usb 1-1: USB disconnect, device number 98
[  658.439787][ T5831] udevd[5831]: symlink '../event4' '/dev/input/by-path/platform-dummy_hcd.0-usb-0:1-event-ir.tmp-c13:68' failed: Read-only file system
[  658.515192][ T5724] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  658.639737][ T5766] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  658.772073][ T5766] usb 3-1: device descriptor read/64, error -71
[  659.016380][ T5766] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  659.151561][ T5766] usb 3-1: device descriptor read/64, error -71
[  659.271693][ T5766] usb usb3-port1: attempt power cycle
[  659.637351][ T5766] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  659.660749][ T5766] usb 3-1: device descriptor read/8, error -71
[  659.891710][T15495] FAULT_INJECTION: forcing a failure.
[  659.891710][T15495] name failslab, interval 1, probability 0, space 0, times 0
[  659.891753][T15495] CPU: 0 UID: 0 PID: 15495 Comm: syz.3.3288 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  659.891786][T15495] Tainted: [L]=SOFTLOCKUP
[  659.891794][T15495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  659.891809][T15495] Call Trace:
[  659.891819][T15495]  <TASK>
[  659.891829][T15495]  dump_stack_lvl+0xe8/0x150
[  659.891863][T15495]  should_fail_ex+0x46b/0x600
[  659.891898][T15495]  should_failslab+0xa8/0x100
[  659.891934][T15495]  __kmalloc_noprof+0xdf/0x7b0
[  659.891964][T15495]  ? kfree+0x4d/0x6c0
[  659.891990][T15495]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  659.892031][T15495]  tomoyo_realpath_from_path+0xe3/0x5d0
[  659.892068][T15495]  ? tomoyo_domain+0xd7/0x130
[  659.892097][T15495]  ? tomoyo_path_number_perm+0x219/0x630
[  659.892127][T15495]  tomoyo_path_number_perm+0x246/0x630
[  659.892161][T15495]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  659.892191][T15495]  ? __lock_acquire+0x6b5/0x2d10
[  659.892228][T15495]  ? do_raw_spin_lock+0x12b/0x2f0
[  659.892293][T15495]  ? __fget_files+0x2a/0x420
[  659.892322][T15495]  ? __fget_files+0x2a/0x420
[  659.892348][T15495]  ? __fget_files+0x3a6/0x420
[  659.892372][T15495]  ? __fget_files+0x2a/0x420
[  659.892403][T15495]  security_file_ioctl+0xc3/0x2a0
[  659.892435][T15495]  __se_sys_ioctl+0x47/0x170
[  659.892468][T15495]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.892493][T15495]  do_syscall_64+0x15f/0xf80
[  659.892515][T15495]  ? trace_irq_disable+0x3b/0x140
[  659.892547][T15495]  ? clear_bhb_loop+0x40/0x90
[  659.892576][T15495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  659.892599][T15495] RIP: 0033:0x7f574f5bce59
[  659.892622][T15495] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  659.892642][T15495] RSP: 002b:00007f574d7f5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  659.892667][T15495] RAX: ffffffffffffffda RBX: 00007f574f836090 RCX: 00007f574f5bce59
[  659.892684][T15495] RDX: 0000200000000340 RSI: 000000004068aea3 RDI: 0000000000000004
[  659.892699][T15495] RBP: 00007f574d7f5090 R08: 0000000000000000 R09: 0000000000000000
[  659.892714][T15495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  659.892728][T15495] R13: 00007f574f836128 R14: 00007f574f836090 R15: 00007fff98ffded8
[  659.892763][T15495]  </TASK>
[  659.892774][T15495] ERROR: Out of memory at tomoyo_realpath_from_path.
[  659.937483][ T5766] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  659.972564][ T5724] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  660.003735][ T5766] usb 3-1: device descriptor read/8, error -71
[  660.114766][ T5622] Bluetooth: hci2: command 0x0406 tx timeout
[  660.115276][ T5766] usb usb3-port1: unable to enumerate USB device
[  660.124859][ T5724] usb 1-1: Using ep0 maxpacket: 8
[  660.132913][ T5724] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  660.132946][ T5724] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.132966][ T5724] usb 1-1: Product: syz
[  660.132982][ T5724] usb 1-1: Manufacturer: syz
[  660.132996][ T5724] usb 1-1: SerialNumber: syz
[  660.163360][ T5724] usb 1-1: config 0 descriptor??
[  660.184504][ T5724] gspca_main: se401-2.14.0 probing 047d:5003
[  660.506261][T15504] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3290'.
[  660.678654][T15506] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3291'.
[  660.772605][T15507] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3291'.
[  661.243259][T15515] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined
[  661.262378][T15515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.273032][ T5724] gspca_se401: read req failed req 0x06 error -19
[  661.291096][T15515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.330968][ T5724] usb 1-1: USB disconnect, device number 99
[  661.375656][T15517] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3295'.
[  662.527219][ T5723] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  662.607603][    T9] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  662.746384][ T5723] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  662.746455][ T5723] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  662.746484][ T5723] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  662.746499][ T5723] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.759329][ T5723] usbtmc 4-1:16.0: bulk endpoints not found
[  662.835338][    T9] usb 3-1: Using ep0 maxpacket: 16
[  662.842938][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  662.846491][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  662.849350][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  662.849385][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.849409][    T9] usb 3-1: Product: syz
[  662.849426][    T9] usb 3-1: Manufacturer: syz
[  662.849443][    T9] usb 3-1: SerialNumber: syz
[  662.963056][T15542] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3304'.
[  663.119288][T15543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  663.119968][T15543] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.122011][T15543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  663.133285][T15543] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.254956][ T4930] Bluetooth: hci2: command 0x0406 tx timeout
[  664.320860][T15599] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3327'.
[  664.413574][T15603] FAULT_INJECTION: forcing a failure.
[  664.413574][T15603] name failslab, interval 1, probability 0, space 0, times 0
[  664.413615][T15603] CPU: 1 UID: 0 PID: 15603 Comm: syz.4.3330 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  664.413647][T15603] Tainted: [L]=SOFTLOCKUP
[  664.413656][T15603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  664.413681][T15603] Call Trace:
[  664.413691][T15603]  <TASK>
[  664.413702][T15603]  dump_stack_lvl+0xe8/0x150
[  664.413738][T15603]  should_fail_ex+0x46b/0x600
[  664.413773][T15603]  should_failslab+0xa8/0x100
[  664.413809][T15603]  __kmalloc_cache_noprof+0x84/0x690
[  664.413842][T15603]  ? mutex_lock_nested+0x152/0x1d0
[  664.413870][T15603]  ? snd_mixer_oss_proc_write+0x4d0/0x790
[  664.413898][T15603]  ? snd_mixer_oss_proc_write+0x2c0/0x790
[  664.413929][T15603]  snd_mixer_oss_proc_write+0x4d0/0x790
[  664.413963][T15603]  ? __pfx_snd_mixer_oss_proc_write+0x10/0x10
[  664.414003][T15603]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  664.414040][T15603]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  664.414077][T15603]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  664.414108][T15603]  ? rt_spin_unlock+0x14f/0x200
[  664.414136][T15603]  ? __pfx_snd_mixer_oss_proc_write+0x10/0x10
[  664.414166][T15603]  snd_info_text_entry_release+0xe8/0x1d0
[  664.414210][T15603]  ? __pfx_snd_info_text_entry_release+0x10/0x10
[  664.414242][T15603]  close_pdeo+0x21b/0x400
[  664.414275][T15603]  ? __pfx_close_pdeo+0x10/0x10
[  664.414308][T15603]  ? preempt_count_add+0x91/0x190
[  664.414340][T15603]  ? rt_spin_lock+0x2ce/0x400
[  664.414371][T15603]  ? __pfx_rt_spin_lock+0x10/0x10
[  664.414413][T15603]  proc_reg_release+0x151/0x190
[  664.414444][T15603]  ? __pfx_proc_reg_release+0x10/0x10
[  664.414475][T15603]  __fput+0x461/0xa70
[  664.414516][T15603]  task_work_run+0x1d9/0x270
[  664.414547][T15603]  ? __pfx_task_work_run+0x10/0x10
[  664.414583][T15603]  exit_to_user_mode_loop+0xf3/0x4d0
[  664.414616][T15603]  ? rcu_is_watching+0x15/0xb0
[  664.414644][T15603]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.414669][T15603]  do_syscall_64+0x33e/0xf80
[  664.414691][T15603]  ? trace_irq_disable+0x3b/0x140
[  664.414724][T15603]  ? clear_bhb_loop+0x40/0x90
[  664.414754][T15603]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.414777][T15603] RIP: 0033:0x7fa8e09cce59
[  664.414799][T15603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  664.414821][T15603] RSP: 002b:00007fa8dec1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000124
[  664.414846][T15603] RAX: 0000000000000003 RBX: 00007fa8e0c45fa0 RCX: 00007fa8e09cce59
[  664.414863][T15603] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[  664.414877][T15603] RBP: 00007fa8dec1e090 R08: 0000000000000000 R09: 0000000000000000
[  664.414891][T15603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  664.414905][T15603] R13: 00007fa8e0c46038 R14: 00007fa8e0c45fa0 R15: 00007ffd8f013b28
[  664.414941][T15603]  </TASK>
[  664.568546][T15606] sg_write: process 1091 (syz.4.3331) changed security contexts after opening file descriptor, this is not allowed.
[  665.182934][    T9] snd-ua101 3-1:1.1: invalid format type
[  665.182950][    T9] snd-ua101 3-1:1.0: invalid num_altsetting
[  665.261124][    T9] usb 3-1: USB disconnect, device number 50
[  665.453761][  T823] usb 4-1: USB disconnect, device number 24
[  665.620240][    T9] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  665.719513][T15643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.720153][T15643] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.730136][T15643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.730785][T15643] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.734933][T15643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.766211][T15643] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.782168][    T9] usb 3-1: Using ep0 maxpacket: 32
[  665.790335][    T9] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  665.790370][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.790393][    T9] usb 3-1: Product: syz
[  665.790409][    T9] usb 3-1: Manufacturer: syz
[  665.790424][    T9] usb 3-1: SerialNumber: syz
[  665.833968][    T9] usb 3-1: config 0 descriptor??
[  665.851095][    T9] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  666.348511][  T823] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  666.512618][  T823] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  666.512696][  T823] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  666.512712][  T823] usb 1-1: config 0 interface 0 has no altsetting 0
[  666.512736][  T823] usb 1-1: New USB device found, idVendor=04f2, idProduct=1236, bcdDevice= 0.00
[  666.512751][  T823] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.519739][  T823] usb 1-1: config 0 descriptor??
[  666.591106][ T5723] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  666.741551][  T823] hid_parser_main: 91 callbacks suppressed
[  666.741571][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741599][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741616][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741638][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741697][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741714][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741731][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741748][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741764][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.741780][  T823] chicony 0003:04F2:1236.001A: unknown main item tag 0x0
[  666.742971][ T5723] usb 4-1: Using ep0 maxpacket: 16
[  666.747210][ T5723] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  666.747237][ T5723] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  666.756076][ T5723] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  666.756108][ T5723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.756131][ T5723] usb 4-1: Product: syz
[  666.756148][ T5723] usb 4-1: Manufacturer: syz
[  666.756163][ T5723] usb 4-1: SerialNumber: syz
[  666.802186][ T5723] usb 4-1: 0:2 : does not exist
[  666.890018][  T823] chicony 0003:04F2:1236.001A: hidraw1: USB HID vff.fc Device [HID 04f2:1236] on usb-dummy_hcd.0-1/input0
[  667.743317][ T4930] Bluetooth: hci2: command 0x0406 tx timeout
[  668.144342][    T9] gspca_ov534_9: reg_r err -71
[  668.399664][    T9] gspca_ov534_9: Unknown sensor 0000
[  668.399857][    T9] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  668.427196][    T9] usb 3-1: USB disconnect, device number 51
[  668.928074][T15670] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[  669.109728][T15677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.110431][T15677] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.247894][    T9] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  669.248982][ T5724] usb 1-1: USB disconnect, device number 100
[  669.433131][    T9] usb 3-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0x3B, changing to 0xB
[  669.433181][    T9] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0xB has an invalid bInterval 69, changing to 10
[  669.433210][    T9] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0xB has invalid maxpacket 26310, setting to 1024
[  669.433236][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  669.462729][ T5723] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  669.489286][    T9] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  669.489322][    T9] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  669.489344][    T9] usb 3-1: Product: syz
[  669.489362][    T9] usb 3-1: Manufacturer: syz
[  669.489378][    T9] usb 3-1: SerialNumber: syz
[  669.584587][    T9] usb 3-1: config 0 descriptor??
[  669.602403][T15674] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  669.621579][    T9] usb 3-1: selecting invalid altsetting 0
[  669.640940][ T5723] usb 4-1: USB disconnect, device number 25
[  669.908541][    T9] usb 3-1: USB disconnect, device number 52
[  670.033812][ T5831] udevd[5831]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  670.366743][ T5723] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  670.529279][ T5723] usb 4-1: Using ep0 maxpacket: 16
[  670.532278][ T5723] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  670.532309][ T5723] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  670.532332][ T5723] usb 4-1: config 0 has no interface number 0
[  670.532383][ T5723] usb 4-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  670.535853][ T5723] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  670.535885][ T5723] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  670.535910][ T5723] usb 4-1: Product: syz
[  670.535927][ T5723] usb 4-1: SerialNumber: syz
[  670.546383][ T5723] usb 4-1: config 0 descriptor??
[  670.625572][ T5723] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[  670.671607][   T38] audit: type=1326 audit(1779740236.627:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15712 comm="syz.2.3379" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdbfd4ace59 code=0x0
[  670.764707][T15717] FAULT_INJECTION: forcing a failure.
[  670.764707][T15717] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  670.764749][T15717] CPU: 1 UID: 0 PID: 15717 Comm: syz.4.3380 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  670.764780][T15717] Tainted: [L]=SOFTLOCKUP
[  670.764788][T15717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  670.764802][T15717] Call Trace:
[  670.764811][T15717]  <TASK>
[  670.764820][T15717]  dump_stack_lvl+0xe8/0x150
[  670.764852][T15717]  should_fail_ex+0x46b/0x600
[  670.764883][T15717]  _copy_to_iter+0x589/0x17d0
[  670.764924][T15717]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  670.764954][T15717]  ? __pfx__copy_to_iter+0x10/0x10
[  670.764981][T15717]  ? rt_spin_lock+0x1e0/0x400
[  670.765008][T15717]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  670.765073][T15717]  __skb_datagram_iter+0xf8/0x980
[  670.765109][T15717]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  670.765169][T15717]  skb_copy_datagram_iter+0xb5/0x240
[  670.765208][T15717]  netlink_recvmsg+0x2c3/0xa50
[  670.765249][T15717]  ? __pfx_netlink_recvmsg+0x10/0x10
[  670.765285][T15717]  ? __pfx_aa_sk_perm+0x10/0x10
[  670.765326][T15717]  ? aa_sock_msg_perm+0x122/0x200
[  670.765359][T15717]  ? __pfx_netlink_recvmsg+0x10/0x10
[  670.765389][T15717]  sock_recvmsg_nosec+0x10c/0x140
[  670.765418][T15717]  ____sys_recvmsg+0x23d/0x4f0
[  670.765459][T15717]  ? __pfx_____sys_recvmsg+0x10/0x10
[  670.765508][T15717]  ? import_iovec+0x73/0xa0
[  670.765541][T15717]  ___sys_recvmsg+0x215/0x590
[  670.765580][T15717]  ? __pfx____sys_recvmsg+0x10/0x10
[  670.765617][T15717]  ? __fget_files+0x2a/0x420
[  670.765661][T15717]  ? __fget_files+0x3a6/0x420
[  670.765699][T15717]  do_recvmmsg+0x33a/0x800
[  670.765741][T15717]  ? __pfx_do_recvmmsg+0x10/0x10
[  670.765787][T15717]  ? _copy_from_user+0x94/0xb0
[  670.765835][T15717]  __x64_sys_recvmmsg+0x1b7/0x250
[  670.765871][T15717]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  670.765913][T15717]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.765938][T15717]  do_syscall_64+0x15f/0xf80
[  670.765959][T15717]  ? trace_irq_disable+0x3b/0x140
[  670.765990][T15717]  ? clear_bhb_loop+0x40/0x90
[  670.766019][T15717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.766041][T15717] RIP: 0033:0x7fa8e09cce59
[  670.766063][T15717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  670.766083][T15717] RSP: 002b:00007fa8dec1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  670.766109][T15717] RAX: ffffffffffffffda RBX: 00007fa8e0c45fa0 RCX: 00007fa8e09cce59
[  670.766126][T15717] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  670.766142][T15717] RBP: 00007fa8dec1e090 R08: 0000200000003700 R09: 0000000000000000
[  670.766164][T15717] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000002
[  670.766178][T15717] R13: 00007fa8e0c46038 R14: 00007fa8e0c45fa0 R15: 00007ffd8f013b28
[  670.766210][T15717]  </TASK>
[  671.294316][T15684] omfs: Invalid superblock (0)
[  671.300669][ T5723] usb 4-1: USB disconnect, device number 26
[  671.517501][ T5724] usb 1-1: new full-speed USB device number 101 using dummy_hcd
[  671.678751][    T9] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  671.698865][ T5724] usb 1-1: device descriptor read/64, error -71
[  671.840013][    T9] usb 3-1: Using ep0 maxpacket: 16
[  671.844198][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  671.847003][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  671.849777][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  671.849812][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.849837][    T9] usb 3-1: Product: syz
[  671.849854][    T9] usb 3-1: Manufacturer: syz
[  671.849871][    T9] usb 3-1: SerialNumber: syz
[  671.940831][ T5724] usb 1-1: new full-speed USB device number 102 using dummy_hcd
[  672.093088][ T5724] usb 1-1: device descriptor read/64, error -71
[  672.134497][T15732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  672.135200][T15732] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  672.141532][T15732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  672.149024][T15732] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  672.205409][ T5724] usb usb1-port1: attempt power cycle
[  672.293806][T15741] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3388'.
[  672.492980][T15750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  672.493748][T15750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  672.548108][ T5724] usb 1-1: new full-speed USB device number 103 using dummy_hcd
[  672.568467][ T5724] usb 1-1: device descriptor read/8, error -71
[  672.747348][  T823] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  672.807759][ T5724] usb 1-1: new full-speed USB device number 104 using dummy_hcd
[  672.829505][ T5724] usb 1-1: device descriptor read/8, error -71
[  672.878105][  T823] usb 4-1: device descriptor read/64, error -71
[  672.941747][ T5724] usb usb1-port1: unable to enumerate USB device
[  673.150009][  T823] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  673.280973][  T823] usb 4-1: device descriptor read/64, error -71
[  673.392439][  T823] usb usb4-port1: attempt power cycle
[  673.462394][ T4930] Bluetooth: hci2: command 0x0406 tx timeout
[  673.734306][  T823] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  673.760974][  T823] usb 4-1: device descriptor read/8, error -71
[  673.996119][  T823] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  674.017044][  T823] usb 4-1: device descriptor read/8, error -71
[  674.128021][  T823] usb usb4-port1: unable to enumerate USB device
[  674.510334][    T9] snd-ua101 3-1:1.1: invalid format type
[  674.510359][    T9] snd-ua101 3-1:1.0: invalid num_altsetting
[  674.534803][    T9] usb 3-1: USB disconnect, device number 53
[  674.623457][T15761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3397'.
[  675.340172][T15776] FAULT_INJECTION: forcing a failure.
[  675.340172][T15776] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.340336][T15776] CPU: 0 UID: 0 PID: 15776 Comm: syz.0.3402 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  675.340358][T15776] Tainted: [L]=SOFTLOCKUP
[  675.340363][T15776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  675.340371][T15776] Call Trace:
[  675.340377][T15776]  <TASK>
[  675.340383][T15776]  dump_stack_lvl+0xe8/0x150
[  675.340406][T15776]  should_fail_ex+0x46b/0x600
[  675.340426][T15776]  _copy_from_user+0x2d/0xb0
[  675.340447][T15776]  binder_alloc_copy_user_to_buffer+0x387/0x420
[  675.340471][T15776]  binder_transaction+0x2ccd/0x6fa0
[  675.340510][T15776]  ? __pfx_binder_transaction+0x10/0x10
[  675.340535][T15776]  ? __lock_acquire+0x6b5/0x2d10
[  675.340553][T15776]  ? __lock_acquire+0x6b5/0x2d10
[  675.340571][T15776]  ? __lock_acquire+0x6b5/0x2d10
[  675.340585][T15776]  ? __lock_acquire+0x6b5/0x2d10
[  675.340600][T15776]  ? __might_fault+0xaf/0x130
[  675.340618][T15776]  ? __might_fault+0xaf/0x130
[  675.340647][T15776]  binder_ioctl_write_read+0xb37/0xa490
[  675.340666][T15776]  ? is_bpf_text_address+0x26/0x2b0
[  675.340687][T15776]  ? __kernel_text_address+0xd/0x30
[  675.340712][T15776]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  675.340731][T15776]  ? stack_depot_save_flags+0x33/0x810
[  675.340753][T15776]  ? do_raw_spin_lock+0x12b/0x2f0
[  675.340781][T15776]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  675.340799][T15776]  ? reacquire_held_locks+0x104/0x190
[  675.340813][T15776]  ? rt_spin_lock+0x1e0/0x400
[  675.340830][T15776]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  675.340848][T15776]  ? rt_spin_unlock+0x14f/0x200
[  675.340875][T15776]  ? binder_get_thread+0x177/0x6d0
[  675.340895][T15776]  binder_ioctl+0x426/0x1b10
[  675.340913][T15776]  ? tomoyo_path_number_perm+0x219/0x630
[  675.340932][T15776]  ? tomoyo_path_number_perm+0x219/0x630
[  675.340950][T15776]  ? do_vfs_ioctl+0x117b/0x1540
[  675.340969][T15776]  ? __pfx_binder_ioctl+0x10/0x10
[  675.340987][T15776]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  675.341026][T15776]  ? __fget_files+0x2a/0x420
[  675.341043][T15776]  ? __fget_files+0x2a/0x420
[  675.341061][T15776]  ? __fget_files+0x3a6/0x420
[  675.341076][T15776]  ? __fget_files+0x2a/0x420
[  675.341092][T15776]  ? bpf_lsm_file_ioctl+0x9/0x20
[  675.341107][T15776]  ? __pfx_binder_ioctl+0x10/0x10
[  675.341123][T15776]  __se_sys_ioctl+0xff/0x170
[  675.341142][T15776]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.341156][T15776]  do_syscall_64+0x15f/0xf80
[  675.341170][T15776]  ? clear_bhb_loop+0x40/0x90
[  675.341186][T15776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.341199][T15776] RIP: 0033:0x7f2d5f4fce59
[  675.341212][T15776] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  675.341225][T15776] RSP: 002b:00007f2d5d72d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  675.341241][T15776] RAX: ffffffffffffffda RBX: 00007f2d5f776090 RCX: 00007f2d5f4fce59
[  675.341251][T15776] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  675.341260][T15776] RBP: 00007f2d5d72d090 R08: 0000000000000000 R09: 0000000000000000
[  675.341268][T15776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  675.341275][T15776] R13: 00007f2d5f776128 R14: 00007f2d5f776090 R15: 00007ffd1fb71188
[  675.341295][T15776]  </TASK>
[  675.519412][T15778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.520202][T15778] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  675.643394][T15778] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3403'.
[  676.079777][    T9] usb 4-1: new low-speed USB device number 31 using dummy_hcd
[  676.213058][    T9] usb 4-1: device descriptor read/64, error -71
[  676.452200][    T9] usb 4-1: new low-speed USB device number 32 using dummy_hcd
[  676.582789][    T9] usb 4-1: device descriptor read/64, error -71
[  676.650064][T15811] sg_write: data in/out 237535/136 bytes for SCSI command 0x0-- guessing data in;
[  676.650064][T15811]    program syz.0.3418 not setting count and/or reply_len properly
[  676.696065][    T9] usb usb4-port1: attempt power cycle
[  676.704917][T15814] FAULT_INJECTION: forcing a failure.
[  676.704917][T15814] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  676.704961][T15814] CPU: 1 UID: 0 PID: 15814 Comm: syz.4.3419 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  676.704994][T15814] Tainted: [L]=SOFTLOCKUP
[  676.705034][T15814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  676.705049][T15814] Call Trace:
[  676.705058][T15814]  <TASK>
[  676.705069][T15814]  dump_stack_lvl+0xe8/0x150
[  676.705104][T15814]  should_fail_ex+0x46b/0x600
[  676.705139][T15814]  _copy_from_iter+0x1d3/0x1670
[  676.705180][T15814]  ? trace_kmem_cache_alloc+0x29/0xe0
[  676.705210][T15814]  ? __alloc_skb+0x27d/0x7d0
[  676.705240][T15814]  ? __pfx__copy_from_iter+0x10/0x10
[  676.705270][T15814]  ? kmem_cache_alloc_node_noprof+0x27c/0x6e0
[  676.705299][T15814]  ? __alloc_skb+0x27d/0x7d0
[  676.705339][T15814]  ? netlink_sendmsg+0x650/0xb40
[  676.705369][T15814]  ? skb_put+0x11b/0x210
[  676.705412][T15814]  netlink_sendmsg+0x6c0/0xb40
[  676.705452][T15814]  ? __pfx_netlink_sendmsg+0x10/0x10
[  676.705486][T15814]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  676.705527][T15814]  ? aa_sock_msg_perm+0x122/0x200
[  676.705562][T15814]  ? __pfx_netlink_sendmsg+0x10/0x10
[  676.705600][T15814]  sock_sendmsg_nosec+0x112/0x150
[  676.705629][T15814]  ____sys_sendmsg+0x55c/0x870
[  676.705669][T15814]  ? __pfx_____sys_sendmsg+0x10/0x10
[  676.705712][T15814]  ? import_iovec+0x73/0xa0
[  676.705749][T15814]  ___sys_sendmsg+0x2a5/0x360
[  676.705779][T15814]  ? __lock_acquire+0x6b5/0x2d10
[  676.705807][T15814]  ? __pfx____sys_sendmsg+0x10/0x10
[  676.705876][T15814]  ? __fget_files+0x2a/0x420
[  676.705902][T15814]  ? __fget_files+0x3a6/0x420
[  676.705939][T15814]  __x64_sys_sendmsg+0x1c3/0x2a0
[  676.705976][T15814]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  676.706021][T15814]  ? __pfx_ksys_write+0x10/0x10
[  676.706074][T15814]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.706097][T15814]  do_syscall_64+0x15f/0xf80
[  676.706119][T15814]  ? trace_irq_disable+0x3b/0x140
[  676.706150][T15814]  ? clear_bhb_loop+0x40/0x90
[  676.706178][T15814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  676.706202][T15814] RIP: 0033:0x7fa8e09cce59
[  676.706224][T15814] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  676.706244][T15814] RSP: 002b:00007fa8dec1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  676.706268][T15814] RAX: ffffffffffffffda RBX: 00007fa8e0c45fa0 RCX: 00007fa8e09cce59
[  676.706285][T15814] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  676.706299][T15814] RBP: 00007fa8dec1e090 R08: 0000000000000000 R09: 0000000000000000
[  676.706313][T15814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  676.706326][T15814] R13: 00007fa8e0c46038 R14: 00007fa8e0c45fa0 R15: 00007ffd8f013b28
[  676.706362][T15814]  </TASK>
[  676.904587][   T10] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[  677.035633][    T9] usb 4-1: new low-speed USB device number 33 using dummy_hcd
[  677.056364][   T10] usb 1-1: Using ep0 maxpacket: 16
[  677.058041][    T9] usb 4-1: device descriptor read/8, error -71
[  677.079456][   T10] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[  677.079491][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.079513][   T10] usb 1-1: Product: syz
[  677.079528][   T10] usb 1-1: Manufacturer: syz
[  677.079542][   T10] usb 1-1: SerialNumber: syz
[  677.101232][   T10] usb 1-1: config 0 descriptor??
[  677.112432][   T10] hub 1-1:0.0: bad descriptor, ignoring hub
[  677.112471][   T10] hub 1-1:0.0: probe with driver hub failed with error -5
[  677.166773][T15818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  677.174725][T15818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  677.296970][    T9] usb 4-1: new low-speed USB device number 34 using dummy_hcd
[  677.317848][    T9] usb 4-1: device descriptor read/8, error -71
[  677.417914][   T10] usb 1-1: USB disconnect, device number 105
[  677.428173][    T9] usb usb4-port1: unable to enumerate USB device
[  677.789708][    T9] usb 3-1: new full-speed USB device number 54 using dummy_hcd
[  677.963552][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  677.963592][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  677.966216][    T9] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  677.966249][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.966262][    T9] usb 3-1: Product: syz
[  677.966272][    T9] usb 3-1: Manufacturer: syz
[  677.966282][    T9] usb 3-1: SerialNumber: syz
[  677.977726][    T9] usb 3-1: config 0 descriptor??
[  678.037140][    T9] streamzap 3-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200
[  678.238622][T15825] binder: 15824:15825 ioctl c06864ce 0 returned -22
[  678.240327][T15825] binder: 15824:15825 ioctl 80089419 200000000180 returned -22
[  678.280486][ T5723] usb 3-1: USB disconnect, device number 54
[  678.446150][T15848] FAULT_INJECTION: forcing a failure.
[  678.446150][T15848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  678.446194][T15848] CPU: 0 UID: 0 PID: 15848 Comm: syz.0.3432 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  678.446225][T15848] Tainted: [L]=SOFTLOCKUP
[  678.446235][T15848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  678.446248][T15848] Call Trace:
[  678.446257][T15848]  <TASK>
[  678.446267][T15848]  dump_stack_lvl+0xe8/0x150
[  678.446301][T15848]  should_fail_ex+0x46b/0x600
[  678.446334][T15848]  _copy_from_user+0x2d/0xb0
[  678.446367][T15848]  ___sys_sendmsg+0x1c6/0x360
[  678.446400][T15848]  ? __lock_acquire+0x6b5/0x2d10
[  678.446429][T15848]  ? __pfx____sys_sendmsg+0x10/0x10
[  678.446500][T15848]  ? __fget_files+0x2a/0x420
[  678.446527][T15848]  ? __fget_files+0x3a6/0x420
[  678.446562][T15848]  __x64_sys_sendmsg+0x1c3/0x2a0
[  678.446590][T15848]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  678.446615][T15848]  ? __pfx_ksys_write+0x10/0x10
[  678.446638][T15848]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.446652][T15848]  do_syscall_64+0x15f/0xf80
[  678.446665][T15848]  ? trace_irq_disable+0x3b/0x140
[  678.446684][T15848]  ? clear_bhb_loop+0x40/0x90
[  678.446700][T15848]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.446713][T15848] RIP: 0033:0x7f2d5f4fce59
[  678.446727][T15848] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  678.446738][T15848] RSP: 002b:00007f2d5d74e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  678.446754][T15848] RAX: ffffffffffffffda RBX: 00007f2d5f775fa0 RCX: 00007f2d5f4fce59
[  678.446764][T15848] RDX: 0000000020000000 RSI: 0000200000000040 RDI: 0000000000000003
[  678.446773][T15848] RBP: 00007f2d5d74e090 R08: 0000000000000000 R09: 0000000000000000
[  678.446781][T15848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  678.446794][T15848] R13: 00007f2d5f776038 R14: 00007f2d5f775fa0 R15: 00007ffd1fb71188
[  678.446813][T15848]  </TASK>
[  678.882057][ T5622] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[  678.889043][ T5622] Bluetooth: hci2: Ignoring connect complete event for invalid link type
[  678.996946][T15866] FAULT_INJECTION: forcing a failure.
[  678.996946][T15866] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  678.996973][T15866] CPU: 0 UID: 0 PID: 15866 Comm: syz.3.3439 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  678.996993][T15866] Tainted: [L]=SOFTLOCKUP
[  678.996998][T15866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  678.997007][T15866] Call Trace:
[  678.997012][T15866]  <TASK>
[  678.997018][T15866]  dump_stack_lvl+0xe8/0x150
[  678.997038][T15866]  should_fail_ex+0x46b/0x600
[  678.997058][T15866]  _copy_to_iter+0x589/0x17d0
[  678.997082][T15866]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  678.997123][T15866]  ? __pfx__copy_to_iter+0x10/0x10
[  678.997139][T15866]  ? rt_spin_lock+0x1e0/0x400
[  678.997156][T15866]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  678.997178][T15866]  __skb_datagram_iter+0xf8/0x980
[  678.997199][T15866]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  678.997224][T15866]  skb_copy_datagram_iter+0xb5/0x240
[  678.997246][T15866]  netlink_recvmsg+0x2c3/0xa50
[  678.997269][T15866]  ? __pfx_netlink_recvmsg+0x10/0x10
[  678.997290][T15866]  ? __pfx_aa_sk_perm+0x10/0x10
[  678.997310][T15866]  ? aa_sock_msg_perm+0x122/0x200
[  678.997328][T15866]  ? __pfx_netlink_recvmsg+0x10/0x10
[  678.997350][T15866]  sock_recvmsg_nosec+0x10c/0x140
[  678.997370][T15866]  ____sys_recvmsg+0x23d/0x4f0
[  678.997395][T15866]  ? __pfx_____sys_recvmsg+0x10/0x10
[  678.997422][T15866]  ? import_iovec+0x73/0xa0
[  678.997443][T15866]  ___sys_recvmsg+0x215/0x590
[  678.997466][T15866]  ? __pfx____sys_recvmsg+0x10/0x10
[  678.997488][T15866]  ? __fget_files+0x2a/0x420
[  678.997513][T15866]  ? __fget_files+0x3a6/0x420
[  678.997534][T15866]  do_recvmmsg+0x33a/0x800
[  678.997558][T15866]  ? __pfx_do_recvmmsg+0x10/0x10
[  678.997589][T15866]  ? _copy_from_user+0x94/0xb0
[  678.997633][T15866]  __x64_sys_recvmmsg+0x1b7/0x250
[  678.997655][T15866]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  678.997680][T15866]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.997694][T15866]  do_syscall_64+0x15f/0xf80
[  678.997706][T15866]  ? trace_irq_disable+0x3b/0x140
[  678.997725][T15866]  ? clear_bhb_loop+0x40/0x90
[  678.997740][T15866]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  678.997753][T15866] RIP: 0033:0x7f574f5bce59
[  678.997767][T15866] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  678.997778][T15866] RSP: 002b:00007f574d816028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  678.997794][T15866] RAX: ffffffffffffffda RBX: 00007f574f835fa0 RCX: 00007f574f5bce59
[  678.997804][T15866] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003
[  678.997813][T15866] RBP: 00007f574d816090 R08: 0000200000003700 R09: 0000000000000000
[  678.997826][T15866] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000002
[  678.997840][T15866] R13: 00007f574f836038 R14: 00007f574f835fa0 R15: 00007fff98ffded8
[  678.997859][T15866]  </TASK>
[  679.532483][T15878] FAULT_INJECTION: forcing a failure.
[  679.532483][T15878] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.532522][T15878] CPU: 0 UID: 0 PID: 15878 Comm: syz.0.3445 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  679.532543][T15878] Tainted: [L]=SOFTLOCKUP
[  679.532548][T15878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  679.532557][T15878] Call Trace:
[  679.532562][T15878]  <TASK>
[  679.532569][T15878]  dump_stack_lvl+0xe8/0x150
[  679.532591][T15878]  should_fail_ex+0x46b/0x600
[  679.532612][T15878]  _copy_from_user+0x2d/0xb0
[  679.532633][T15878]  __ia32_sys_rt_sigreturn+0x379/0x8e0
[  679.532653][T15878]  ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10
[  679.532682][T15878]  ? rcu_is_watching+0x15/0xb0
[  679.532702][T15878]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.532716][T15878]  do_syscall_64+0x15f/0xf80
[  679.532729][T15878]  ? trace_irq_disable+0x3b/0x140
[  679.532748][T15878]  ? clear_bhb_loop+0x40/0x90
[  679.532764][T15878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.532777][T15878] RIP: 0033:0x7f2d5f49e1d9
[  679.532790][T15878] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25
[  679.532802][T15878] RSP: 002b:00007f2d5d74da80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f
[  679.532817][T15878] RAX: ffffffffffffffda RBX: 00007f2d5f775fa0 RCX: 00007f2d5f49e1d9
[  679.532827][T15878] RDX: 00007f2d5d74da80 RSI: 00007f2d5d74dbb0 RDI: 0000000000000011
[  679.532836][T15878] RBP: 00007f2d5d74e090 R08: 0000000000000000 R09: 0000000000000000
[  679.532844][T15878] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000001
[  679.532852][T15878] R13: 00007f2d5f776038 R14: 00007f2d5f775fa0 R15: 00007ffd1fb71188
[  679.532870][T15878]  </TASK>
[  679.609350][  T823] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  679.659542][    T9] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  679.761262][  T823] usb 4-1: Using ep0 maxpacket: 16
[  679.765770][  T823] usb 4-1: unable to get BOS descriptor or descriptor too short
[  679.767854][  T823] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  679.772051][  T823] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  679.772082][  T823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.772111][  T823] usb 4-1: Product: syz
[  679.772126][  T823] usb 4-1: Manufacturer: syz
[  679.772141][  T823] usb 4-1: SerialNumber: syz
[  679.817431][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  679.817475][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  679.817499][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.857240][    T9] usb 3-1: config 0 descriptor??
[  679.900775][T11289] Bluetooth: hci1: command 0x1003 tx timeout
[  679.900802][ T4930] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  680.052887][T15880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.053571][T15880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.078958][T15880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.084470][T15880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.288428][T15892] FAULT_INJECTION: forcing a failure.
[  680.288428][T15892] name failslab, interval 1, probability 0, space 0, times 0
[  680.288469][T15892] CPU: 0 UID: 0 PID: 15892 Comm: syz.4.3450 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  680.288506][T15892] Tainted: [L]=SOFTLOCKUP
[  680.288515][T15892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  680.288529][T15892] Call Trace:
[  680.288538][T15892]  <TASK>
[  680.288547][T15892]  dump_stack_lvl+0xe8/0x150
[  680.288570][T15892]  should_fail_ex+0x46b/0x600
[  680.288591][T15892]  should_failslab+0xa8/0x100
[  680.288612][T15892]  __kmalloc_cache_noprof+0x84/0x690
[  680.288631][T15892]  ? sctp_add_bind_addr+0x8c/0x370
[  680.288654][T15892]  sctp_add_bind_addr+0x8c/0x370
[  680.288676][T15892]  sctp_bind_addr_copy+0xb3/0x3c0
[  680.288696][T15892]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  680.288717][T15892]  sctp_connect_new_asoc+0x2ff/0x6b0
[  680.288735][T15892]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  680.288751][T15892]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  680.288766][T15892]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  680.288780][T15892]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  680.288796][T15892]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  680.288809][T15892]  ? security_sctp_bind_connect+0x7e/0x2c0
[  680.288827][T15892]  sctp_sendmsg+0x14c0/0x2990
[  680.288851][T15892]  ? __pfx_sctp_sendmsg+0x10/0x10
[  680.288871][T15892]  ? aa_sk_perm+0x703/0x950
[  680.288894][T15892]  ? __pfx_aa_sk_perm+0x10/0x10
[  680.288910][T15892]  ? sock_rps_record_flow+0x19/0x350
[  680.288925][T15892]  ? inet_sendmsg+0x2f4/0x370
[  680.288937][T15892]  ? aa_sock_msg_perm+0x122/0x200
[  680.288957][T15892]  ? __pfx_inet_sendmsg+0x10/0x10
[  680.288969][T15892]  sock_sendmsg_nosec+0xf9/0x150
[  680.288986][T15892]  __sys_sendto+0x402/0x590
[  680.289007][T15892]  ? __pfx___sys_sendto+0x10/0x10
[  680.289039][T15892]  ? ksys_write+0x248/0x270
[  680.289059][T15892]  ? __pfx_ksys_write+0x10/0x10
[  680.289079][T15892]  __x64_sys_sendto+0xde/0x100
[  680.289100][T15892]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.289115][T15892]  do_syscall_64+0x15f/0xf80
[  680.289127][T15892]  ? trace_irq_disable+0x3b/0x140
[  680.289146][T15892]  ? clear_bhb_loop+0x40/0x90
[  680.289162][T15892]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.289175][T15892] RIP: 0033:0x7fa8e09cce59
[  680.289188][T15892] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  680.289200][T15892] RSP: 002b:00007fa8dec1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  680.289215][T15892] RAX: ffffffffffffffda RBX: 00007fa8e0c45fa0 RCX: 00007fa8e09cce59
[  680.289225][T15892] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[  680.289234][T15892] RBP: 00007fa8dec1e090 R08: 000020000005ffe4 R09: 000000000000001c
[  680.289242][T15892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.289250][T15892] R13: 00007fa8e0c46038 R14: 00007fa8e0c45fa0 R15: 00007ffd8f013b28
[  680.289270][T15892]  </TASK>
[  680.595413][    T9]  (null): keene_cmd_main failed (-110)
[  681.009332][    T9] video4linux radio48: keene_cmd_main failed (-32)
[  681.009367][    T9] radio-keene 3-1:0.0: V4L2 device registered as radio48
[  681.102096][ T4930] Bluetooth: hci0: ACL packet for unknown connection handle 1481
[  681.357841][ T4930] Bluetooth: hci2: command 0x0406 tx timeout
[  681.587783][    T9] usb 3-1: USB disconnect, device number 55
[  682.090369][T15934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.094348][T15933] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3466'.
[  682.112809][T15934] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.310998][T15939] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3468'.
[  682.387912][  T823] snd-ua101 4-1:1.1: invalid format type
[  682.387939][  T823] snd-ua101 4-1:1.0: invalid num_altsetting
[  682.555841][ T1485] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  682.600506][  T823] usb 4-1: USB disconnect, device number 35
[  683.265838][ T5724] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  683.305979][  T823] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  683.417366][ T5724] usb 4-1: Using ep0 maxpacket: 16
[  683.429047][ T5724] usb 4-1: unable to get BOS descriptor or descriptor too short
[  683.447003][ T5724] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  683.486030][ T5724] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  683.486075][ T5724] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.486112][ T5724] usb 4-1: Product: syz
[  683.486129][ T5724] usb 4-1: Manufacturer: syz
[  683.486147][ T5724] usb 4-1: SerialNumber: syz
[  683.506175][T15987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  683.507400][  T823] usb 3-1: Using ep0 maxpacket: 32
[  683.511089][T15987] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  683.520811][  T823] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  683.520842][  T823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.520862][  T823] usb 3-1: Product: syz
[  683.520877][  T823] usb 3-1: Manufacturer: syz
[  683.520892][  T823] usb 3-1: SerialNumber: syz
[  683.534594][  T823] usb 3-1: config 0 descriptor??
[  683.614700][  T823] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  683.793904][T15967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  683.802327][T15967] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  683.825153][T15967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  683.835727][T15967] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.541312][T16009] syz_tun: entered allmulticast mode
[  684.913372][T16017] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3503'.
[  684.972850][T16017] __vm_enough_memory: pid: 16017, comm: syz.4.3503, bytes: 21200075079680 not enough memory for the allocation
[  685.043163][ T5622] Bluetooth: hci2: command 0x0406 tx timeout
[  685.905935][  T823] gspca_ov534_9: reg_r err -71
[  686.089849][ T5724] snd-ua101 4-1:1.1: invalid format type
[  686.089873][ T5724] snd-ua101 4-1:1.0: invalid num_altsetting
[  686.151598][ T5724] usb 4-1: USB disconnect, device number 36
[  686.176695][  T823] gspca_ov534_9: Unknown sensor 0000
[  686.176809][  T823] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  686.217129][  T823] usb 3-1: USB disconnect, device number 56
[  686.405287][T16053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  686.405946][T16053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  686.541991][ T5724] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  686.688518][ T5724] usb 4-1: Using ep0 maxpacket: 16
[  686.693227][ T5724] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  686.707697][ T5724] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  686.707731][ T5724] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.707752][ T5724] usb 4-1: Product: syz
[  686.707768][ T5724] usb 4-1: Manufacturer: syz
[  686.707785][ T5724] usb 4-1: SerialNumber: syz
[  686.761087][ T5724] usb 4-1: config 0 descriptor??
[  686.774867][ T5724] hub 4-1:0.0: bad descriptor, ignoring hub
[  686.774910][ T5724] hub 4-1:0.0: probe with driver hub failed with error -5
[  686.797194][ T5724] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  687.016432][T16074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  687.033317][T16074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  687.073943][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  687.074064][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  687.158542][  T823] usb 4-1: USB disconnect, device number 37
[  687.428028][ T5777] udevd[5777]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  688.002757][ T5723] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  688.028724][T16102] FAULT_INJECTION: forcing a failure.
[  688.028724][T16102] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  688.028769][T16102] CPU: 1 UID: 0 PID: 16102 Comm: syz.0.3538 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  688.028801][T16102] Tainted: [L]=SOFTLOCKUP
[  688.028810][T16102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  688.028824][T16102] Call Trace:
[  688.028834][T16102]  <TASK>
[  688.028844][T16102]  dump_stack_lvl+0xe8/0x150
[  688.028880][T16102]  should_fail_ex+0x46b/0x600
[  688.028916][T16102]  __kvm_read_guest_page+0x18d/0x240
[  688.028962][T16102]  kvm_fetch_guest_virt+0x12b/0x170
[  688.028996][T16102]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[  688.029026][T16102]  __do_insn_fetch_bytes+0x31c/0x700
[  688.029069][T16102]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  688.029106][T16102]  ? __lock_acquire+0x6b5/0x2d10
[  688.029136][T16102]  ? __lock_acquire+0x6b5/0x2d10
[  688.029162][T16102]  x86_decode_insn+0x38e/0x5df0
[  688.029199][T16102]  ? rcu_is_watching+0x15/0xb0
[  688.029233][T16102]  ? handle_changed_spte+0x4db/0x1340
[  688.029273][T16102]  ? kvm_tdp_mmu_map+0x3bf/0x1e70
[  688.029311][T16102]  ? __pfx_x86_decode_insn+0x10/0x10
[  688.029358][T16102]  ? vmx_read_guest_seg_ar+0x3e9/0x640
[  688.029397][T16102]  ? __asan_memset+0x22/0x50
[  688.029426][T16102]  ? init_decode_cache+0xea/0x160
[  688.029450][T16102]  ? init_emulate_ctxt+0x514/0x6c0
[  688.029485][T16102]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  688.029523][T16102]  ? rt_read_unlock+0x14f/0x220
[  688.029560][T16102]  x86_emulate_instruction+0x64a/0x21c0
[  688.029607][T16102]  ? kvm_mmu_do_page_fault+0x522/0x690
[  688.029644][T16102]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  688.029687][T16102]  ? __lock_acquire+0x6b5/0x2d10
[  688.029718][T16102]  ? clear_bhb_loop+0x40/0x90
[  688.029748][T16102]  kvm_mmu_page_fault+0x90e/0xb90
[  688.029787][T16102]  ? __pfx_handle_ept_violation+0x10/0x10
[  688.029821][T16102]  vmx_handle_exit+0xff8/0x16f0
[  688.029850][T16102]  ? vcpu_run+0x4982/0x7860
[  688.029889][T16102]  vcpu_run+0x5c77/0x7860
[  688.029912][T16102]  ? segmented_read+0x2d0/0x3f0
[  688.029952][T16102]  ? vcpu_run+0x4982/0x7860
[  688.030036][T16102]  ? __pfx_vcpu_run+0x10/0x10
[  688.030061][T16102]  ? __asan_memcpy+0x40/0x70
[  688.030089][T16102]  ? complete_emulated_mmio+0x53e/0x900
[  688.030138][T16102]  kvm_arch_vcpu_ioctl_run+0x11e6/0x20d0
[  688.030179][T16102]  ? kvm_arch_vcpu_ioctl_run+0x2e8/0x20d0
[  688.030204][T16102]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  688.030270][T16102]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  688.030316][T16102]  ? lockdep_hardirqs_on+0x7a/0x110
[  688.030353][T16102]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  688.030389][T16102]  ? _mutex_lock_killable+0x152/0x1d0
[  688.030418][T16102]  ? kvm_vcpu_ioctl+0x283/0xfe0
[  688.030455][T16102]  kvm_vcpu_ioctl+0xa65/0xfe0
[  688.030495][T16102]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  688.030553][T16102]  ? __fget_files+0x2a/0x420
[  688.030584][T16102]  ? __fget_files+0x2a/0x420
[  688.030610][T16102]  ? __fget_files+0x3a6/0x420
[  688.030636][T16102]  ? __fget_files+0x2a/0x420
[  688.030667][T16102]  ? bpf_lsm_file_ioctl+0x9/0x20
[  688.030693][T16102]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  688.030727][T16102]  __se_sys_ioctl+0xff/0x170
[  688.030761][T16102]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.030787][T16102]  do_syscall_64+0x15f/0xf80
[  688.030809][T16102]  ? trace_irq_disable+0x3b/0x140
[  688.030842][T16102]  ? clear_bhb_loop+0x40/0x90
[  688.030890][T16102]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.030914][T16102] RIP: 0033:0x7f2d5f4fce59
[  688.030938][T16102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  688.030959][T16102] RSP: 002b:00007f2d5d74e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  688.030997][T16102] RAX: ffffffffffffffda RBX: 00007f2d5f775fa0 RCX: 00007f2d5f4fce59
[  688.031014][T16102] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  688.031029][T16102] RBP: 00007f2d5d74e090 R08: 0000000000000000 R09: 0000000000000000
[  688.031043][T16102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  688.031057][T16102] R13: 00007f2d5f776038 R14: 00007f2d5f775fa0 R15: 00007ffd1fb71188
[  688.031095][T16102]  </TASK>
[  688.200783][ T5724] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  688.223375][ T5723] usb 4-1: Using ep0 maxpacket: 16
[  688.350329][T16105] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3539'.
[  688.352124][T16105] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3539'.
[  688.402749][ T5723] usb 4-1: unable to get BOS descriptor or descriptor too short
[  688.428432][ T5723] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  688.490358][ T5723] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  688.490395][ T5723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.490416][ T5723] usb 4-1: Product: syz
[  688.490433][ T5723] usb 4-1: Manufacturer: syz
[  688.490450][ T5723] usb 4-1: SerialNumber: syz
[  688.663674][T16107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  688.665302][T16107] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  688.741500][ T5724] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  688.741610][ T5724] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.741633][ T5724] usb 3-1: Product: syz
[  688.741648][ T5724] usb 3-1: Manufacturer: syz
[  688.741665][ T5724] usb 3-1: SerialNumber: syz
[  688.808843][T16093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  688.809524][T16093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  688.811433][T16093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  688.812033][T16093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.217272][ T5724] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  689.217458][ T5724] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  689.245381][ T5724] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  689.245838][ T5724] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  689.284636][ T5724] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  689.325841][ T5724] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -32
[  689.656969][T16127] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3548'.
[  689.660013][T16127] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3548'.
[  689.777968][ T5622] Bluetooth: hci2: command 0x0406 tx timeout
[  689.919599][T16134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.944367][T16134] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.421391][  T823] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[  690.570427][  T823] usb 1-1: Using ep0 maxpacket: 8
[  690.574208][  T823] usb 1-1: config 133 has an invalid interface number: 54 but max is 0
[  690.574241][  T823] usb 1-1: config 133 has no interface number 0
[  690.574284][  T823] usb 1-1: config 133 interface 54 has no altsetting 0
[  690.578890][  T823] usb 1-1: New USB device found, idVendor=0930, idProduct=0227, bcdDevice=46.61
[  690.578924][  T823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.578948][  T823] usb 1-1: Product: syz
[  690.578965][  T823] usb 1-1: Manufacturer: syz
[  690.578981][  T823] usb 1-1: SerialNumber: syz
[  690.658925][T16145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  690.659962][T16145] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.889500][  T823] usb 1-1: USB disconnect, device number 106
[  690.961329][ T5723] snd-ua101 4-1:1.1: invalid format type
[  690.961353][ T5723] snd-ua101 4-1:1.0: invalid num_altsetting
[  691.003578][ T5723] usb 4-1: USB disconnect, device number 38
[  691.020512][ T5766] usb 3-1: USB disconnect, device number 57
[  691.263283][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3558'.
[  691.267305][T16152] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3558'.
[  691.593283][ T5723] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  691.653168][ T5766] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  691.753583][ T5723] usb 4-1: Using ep0 maxpacket: 16
[  691.759387][ T5723] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  691.759424][ T5723] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  691.801057][ T5723] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  691.801095][ T5723] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  691.801118][ T5723] usb 4-1: Product: syz
[  691.801134][ T5723] usb 4-1: Manufacturer: syz
[  691.801151][ T5723] usb 4-1: SerialNumber: syz
[  691.845081][ T5723] usb 4-1: config 0 descriptor??
[  691.864375][ T5723] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  691.864414][ T5723] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  692.456489][ T5723] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  692.457377][ T5723] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  693.070274][ T5723] em28xx 4-1:0.0: Unknown AC97 audio processor detected!
[  693.135136][T16189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  693.135792][T16189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.158644][T16189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  693.159346][T16189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.166038][T16189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  693.177580][T16189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.599809][ T5723] em28xx 4-1:0.0: couldn't setup AC97 register 2
[  693.600283][ T5723] em28xx 4-1:0.0: couldn't setup AC97 register 4
[  693.602204][ T5723] em28xx 4-1:0.0: couldn't setup AC97 register 6
[  693.602829][ T5723] em28xx 4-1:0.0: couldn't setup AC97 register 54
[  693.614205][ T5723] em28xx 4-1:0.0: couldn't setup AC97 register 56
[  693.629970][ T5723] usb 4-1: USB disconnect, device number 39
[  694.008949][T13825] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  694.081721][T16226] tmpfs: Unknown parameter '/dev/dvb/adapter#/demux#'
[  694.148050][T16229] binder: 16228:16229 ioctl c0306201 200000000080 returned -14
[  694.152220][T16229] binder: 16228:16229 ioctl c0306201 2000000003c0 returned -14
[  694.156359][T16229] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3592'.
[  694.177787][T13825] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  694.177818][T13825] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.177837][T13825] usb 3-1: Product: syz
[  694.177846][T13825] usb 3-1: Manufacturer: syz
[  694.177856][T13825] usb 3-1: SerialNumber: syz
[  694.465404][ T5723] kernel read not supported for file 378/task/379/smaps (pid: 5723 comm: kworker/1:5)
[  694.483924][T16232] No source specified
[  694.820756][T13825] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  694.820807][T13825] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  694.821496][T13825] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  694.861409][T13825] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -32
[  695.151615][ T5622] Bluetooth: hci2: command 0x0406 tx timeout
[  695.212284][T13825] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[  695.341815][ T5723] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  695.362111][T13825] usb 1-1: Using ep0 maxpacket: 8
[  695.366312][T13825] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  695.366335][T13825] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  695.366351][T13825] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  695.368521][T13825] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  695.368577][T13825] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  695.368674][T13825] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.615324][T13825] usb 1-1: GET_CAPABILITIES returned 0
[  695.615431][T13825] usbtmc 1-1:16.0: can't read capabilities
[  696.028987][  T823] usb 1-1: USB disconnect, device number 107
[  696.134557][T16256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.135264][T16256] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.260342][T16256] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3599'.
[  696.580849][T16274] FAULT_INJECTION: forcing a failure.
[  696.580849][T16274] name failslab, interval 1, probability 0, space 0, times 0
[  696.580877][T16274] CPU: 0 UID: 0 PID: 16274 Comm: syz.0.3605 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  696.580897][T16274] Tainted: [L]=SOFTLOCKUP
[  696.580902][T16274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  696.580910][T16274] Call Trace:
[  696.580916][T16274]  <TASK>
[  696.580922][T16274]  dump_stack_lvl+0xe8/0x150
[  696.580943][T16274]  should_fail_ex+0x46b/0x600
[  696.580964][T16274]  should_failslab+0xa8/0x100
[  696.580992][T16274]  __kmalloc_noprof+0xdf/0x7b0
[  696.581010][T16274]  ? kfree+0x4d/0x6c0
[  696.581025][T16274]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  696.581048][T16274]  tomoyo_realpath_from_path+0xe3/0x5d0
[  696.581069][T16274]  ? tomoyo_domain+0xd7/0x130
[  696.581084][T16274]  ? tomoyo_path_number_perm+0x219/0x630
[  696.581102][T16274]  tomoyo_path_number_perm+0x246/0x630
[  696.581121][T16274]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  696.581138][T16274]  ? __lock_acquire+0x6b5/0x2d10
[  696.581154][T16274]  ? handle_mm_fault+0x13dd/0x14c0
[  696.581188][T16274]  ? __fget_files+0x2a/0x420
[  696.581205][T16274]  ? __fget_files+0x2a/0x420
[  696.581220][T16274]  ? __fget_files+0x3a6/0x420
[  696.581238][T16274]  ? __fget_files+0x2a/0x420
[  696.581255][T16274]  security_file_ioctl+0xc3/0x2a0
[  696.581273][T16274]  __se_sys_ioctl+0x47/0x170
[  696.581292][T16274]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.581307][T16274]  do_syscall_64+0x15f/0xf80
[  696.581319][T16274]  ? trace_irq_disable+0x3b/0x140
[  696.581339][T16274]  ? clear_bhb_loop+0x40/0x90
[  696.581355][T16274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.581367][T16274] RIP: 0033:0x7f2d5f4fcaeb
[  696.581380][T16274] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  696.581392][T16274] RSP: 002b:00007f2d5d72b450 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  696.581406][T16274] RAX: ffffffffffffffda RBX: 0000200000fe6000 RCX: 00007f2d5f4fcaeb
[  696.581416][T16274] RDX: 00007f2d5d72ba90 RSI: 000000008138ae83 RDI: 0000000000000005
[  696.581425][T16274] RBP: ffffffffffffffff R08: 0000000000000001 R09: 0000000000000004
[  696.581433][T16274] R10: ffffffffffffffff R11: 0000000000000246 R12: 00000000fec00000
[  696.581442][T16274] R13: 00007f2d5d72bbd0 R14: 0000200000ffe000 R15: 0000000000000018
[  696.581461][T16274]  </TASK>
[  696.581467][T16274] ERROR: Out of memory at tomoyo_realpath_from_path.
[  696.880775][  T823] usb 3-1: USB disconnect, device number 59
[  697.301776][T16295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.304109][T16295] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.351028][  T823] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  697.508451][  T823] usb 3-1: Using ep0 maxpacket: 16
[  697.511722][  T823] usb 3-1: unable to get BOS descriptor or descriptor too short
[  697.513056][  T823] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  697.515697][  T823] usb 3-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  697.515728][  T823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.515751][  T823] usb 3-1: Product: syz
[  697.515768][  T823] usb 3-1: Manufacturer: syz
[  697.515786][  T823] usb 3-1: SerialNumber: syz
[  697.792518][T16283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.793206][T16283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.810085][T16283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.810732][T16283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  698.190880][T16307] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3619'.
[  698.271778][T16310] __vm_enough_memory: pid: 16310, comm: syz.3.3619, bytes: 21200008491008 not enough memory for the allocation
[  698.999011][ T5622] Bluetooth: hci2: command 0x0406 tx timeout
[  699.738247][T16362] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3641'.
[  699.738510][T16363] FAULT_INJECTION: forcing a failure.
[  699.738510][T16363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  699.738548][T16363] CPU: 1 UID: 0 PID: 16363 Comm: syz.0.3643 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  699.738581][T16363] Tainted: [L]=SOFTLOCKUP
[  699.738589][T16363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  699.738604][T16363] Call Trace:
[  699.738613][T16363]  <TASK>
[  699.738623][T16363]  dump_stack_lvl+0xe8/0x150
[  699.738656][T16363]  should_fail_ex+0x46b/0x600
[  699.738691][T16363]  _copy_from_user+0x2d/0xb0
[  699.738728][T16363]  video_usercopy+0x36f/0x1450
[  699.738772][T16363]  ? __pfx___video_do_ioctl+0x10/0x10
[  699.738809][T16363]  ? __pfx_video_usercopy+0x10/0x10
[  699.738855][T16363]  ? __fget_files+0x2a/0x420
[  699.738886][T16363]  ? __fget_files+0x2a/0x420
[  699.738911][T16363]  ? __fget_files+0x3a6/0x420
[  699.738942][T16363]  v4l2_ioctl+0x190/0x1e0
[  699.738973][T16363]  ? __pfx_v4l2_ioctl+0x10/0x10
[  699.739002][T16363]  __se_sys_ioctl+0xff/0x170
[  699.739034][T16363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.739059][T16363]  do_syscall_64+0x15f/0xf80
[  699.739082][T16363]  ? trace_irq_disable+0x3b/0x140
[  699.739114][T16363]  ? clear_bhb_loop+0x40/0x90
[  699.739143][T16363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.739166][T16363] RIP: 0033:0x7f2d5f4fce59
[  699.739188][T16363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  699.739208][T16363] RSP: 002b:00007f2d5d74e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  699.739242][T16363] RAX: ffffffffffffffda RBX: 00007f2d5f775fa0 RCX: 00007f2d5f4fce59
[  699.739259][T16363] RDX: 0000200000000280 RSI: 00000000c0405602 RDI: 0000000000000003
[  699.739274][T16363] RBP: 00007f2d5d74e090 R08: 0000000000000000 R09: 0000000000000000
[  699.739288][T16363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  699.739301][T16363] R13: 00007f2d5f776038 R14: 00007f2d5f775fa0 R15: 00007ffd1fb71188
[  699.739340][T16363]  </TASK>
[  699.739360][T16362] bridge_slave_1: left allmulticast mode
[  699.759019][T16362] bridge_slave_1: left promiscuous mode
[  699.837680][T16362] bridge0: port 2(bridge_slave_1) entered disabled state
[  700.094335][T16365] loop3: detected capacity change from 0 to 7
[  700.153917][T16368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  700.155560][T16368] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  700.220722][  T823] snd-ua101 3-1:1.1: invalid format type
[  700.220745][  T823] snd-ua101 3-1:1.0: invalid num_altsetting
[  700.246278][  T823] usb 3-1: USB disconnect, device number 60
[  700.265133][ T3339] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.325326][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.325410][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.585043][ T3339] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.585123][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.585154][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.601328][T16362] bridge_slave_0: left allmulticast mode
[  700.601369][T16362] bridge_slave_0: left promiscuous mode
[  700.626401][T16362] bridge0: port 1(bridge_slave_0) entered disabled state
[  700.678246][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.678320][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.678348][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.821564][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.821651][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.821683][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.823167][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.823317][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.823346][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.823581][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.823679][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.823704][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.823901][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.823952][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.823975][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.825642][T16365] ldm_validate_partition_table(): Disk read failed.
[  700.825784][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.826035][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.826061][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.826266][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.826499][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.826523][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.828268][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.828481][    C0] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  700.828507][    C0] Buffer I/O error on dev loop3, logical block 0, async page read
[  700.829216][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.829355][T16365] Dev loop3: unable to read RDB block 0
[  700.829472][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.829791][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.830013][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.830317][ T1193] lo_rw_aio(loop3) starting read with raw_refcnt=0x1, refcnt=2
[  700.830439][T16365]  loop3: unable to read partition table
[  700.830682][T16365] loop3: partition table beyond EOD, truncated
[  700.830722][T16365] loop_reread_partitions: partition scan of loop3 (���������C�j̖�P=ý?�}X���	���%�֐�ȵ4FLQk݊5) failed (rc=-5)
[  700.917365][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  701.097459][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  701.108314][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  701.109170][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  701.110033][   T67] lo_rw_aio(loop3) starting read with raw_refcnt=0x0, refcnt=1
[  701.115910][ T5993] udevd[5993]: symlink '../../loop3' '/dev/disk/by-diskseq/93.tmp-b7:3' failed: Read-only file system
[  701.121318][ T5993] __loop_clr_fd(loop3) clearing lo_backing_file with raw_refcnt=0x0, refcnt=1
[  701.142024][ T5831] udevd[5831]: symlink '../../loop3' '/dev/disk/by-diskseq/93.tmp-b7:3' failed: Read-only file system
[  701.184971][ T5831] udevd[5831]: symlink '../../loop3' '/dev/disk/by-diskseq/93.tmp-b7:3' failed: Read-only file system
[  701.226815][ T5831] udevd[5831]: symlink '../../loop3' '/dev/disk/by-diskseq/93.tmp-b7:3' failed: Read-only file system
[  701.640557][T16396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  701.641290][T16396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  701.646797][T16396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  701.650298][T16396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  701.676766][T16396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  701.684631][T16396] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  701.830753][T16405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3662'.
[  701.883374][ T5831] udevd[5831]: symlink '../../loop3' '/dev/disk/by-diskseq/94.tmp-b7:3' failed: Read-only file system
[  702.229422][  T823] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  702.375497][  T823] usb 3-1: Using ep0 maxpacket: 32
[  702.389788][  T823] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  702.389813][  T823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.389830][  T823] usb 3-1: Product: syz
[  702.389845][  T823] usb 3-1: Manufacturer: syz
[  702.389860][  T823] usb 3-1: SerialNumber: syz
[  702.436245][  T823] usb 3-1: config 0 descriptor??
[  702.469620][  T823] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  702.614304][ T5993] udevd[5993]: symlink '../../loop3' '/dev/disk/by-diskseq/94.tmp-b7:3' failed: Read-only file system
[  702.755991][T16439] FAULT_INJECTION: forcing a failure.
[  702.755991][T16439] name failslab, interval 1, probability 0, space 0, times 0
[  702.756035][T16439] CPU: 1 UID: 0 PID: 16439 Comm: syz.0.3677 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  702.756066][T16439] Tainted: [L]=SOFTLOCKUP
[  702.756075][T16439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  702.756088][T16439] Call Trace:
[  702.756098][T16439]  <TASK>
[  702.756108][T16439]  dump_stack_lvl+0xe8/0x150
[  702.756140][T16439]  should_fail_ex+0x46b/0x600
[  702.756175][T16439]  should_failslab+0xa8/0x100
[  702.756208][T16439]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[  702.756241][T16439]  ? __alloc_skb+0x1d0/0x7d0
[  702.756269][T16439]  ? lockdep_hardirqs_on+0x7a/0x110
[  702.756308][T16439]  __alloc_skb+0x1d0/0x7d0
[  702.756336][T16439]  ? netlink_ack_tlv_len+0x6c/0x210
[  702.756371][T16439]  netlink_ack+0x146/0xa50
[  702.756409][T16439]  ? __lock_acquire+0x6b5/0x2d10
[  702.756431][T16439]  ? sock_sendmsg_nosec+0x112/0x150
[  702.756463][T16439]  netlink_rcv_skb+0x2b6/0x4b0
[  702.756496][T16439]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  702.756530][T16439]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  702.756574][T16439]  ? bpf_lsm_capable+0x9/0x20
[  702.756599][T16439]  ? security_capable+0x7e/0x2c0
[  702.756643][T16439]  nfnetlink_rcv+0x2c0/0x27b0
[  702.756677][T16439]  ? sock_sendmsg_nosec+0x112/0x150
[  702.756704][T16439]  ? __pfx_snprintf+0x10/0x10
[  702.756736][T16439]  ? unwind_get_return_address+0x4d/0x90
[  702.756765][T16439]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  702.756807][T16439]  ? trim_netdev_trace+0x7ac/0x840
[  702.756835][T16439]  ? __pfx_trim_netdev_trace+0x10/0x10
[  702.756858][T16439]  ? stack_trace_save+0xa9/0x100
[  702.756894][T16439]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  702.756924][T16439]  ? save_netdev_trace_buffer+0x18f/0x5f0
[  702.756960][T16439]  ? save_netdev_trace_buffer+0x4cf/0x5f0
[  702.756992][T16439]  ? __pfx_save_netdev_trace_buffer+0x10/0x10
[  702.757015][T16439]  ? ref_tracker_free+0x673/0x820
[  702.757043][T16439]  ? __netlink_deliver_tap+0x636/0x8b0
[  702.757073][T16439]  ? netlink_deliver_tap+0x19c/0x1b0
[  702.757101][T16439]  ? netlink_unicast+0x754/0x920
[  702.757127][T16439]  ? netlink_sendmsg+0x813/0xb40
[  702.757158][T16439]  ? sock_sendmsg_nosec+0x112/0x150
[  702.757181][T16439]  ? ____sys_sendmsg+0x55c/0x870
[  702.757211][T16439]  ? ___sys_sendmsg+0x2a5/0x360
[  702.757240][T16439]  ? __x64_sys_sendmsg+0x1c3/0x2a0
[  702.757271][T16439]  ? do_syscall_64+0x15f/0xf80
[  702.757291][T16439]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.757331][T16439]  ? skb_clone+0x246/0x3a0
[  702.757369][T16439]  ? __netlink_deliver_tap+0x866/0x8b0
[  702.757400][T16439]  ? netlink_deliver_tap+0x2e/0x1b0
[  702.757438][T16439]  ? netlink_deliver_tap+0x2e/0x1b0
[  702.757470][T16439]  ? netlink_deliver_tap+0x2e/0x1b0
[  702.757508][T16439]  netlink_unicast+0x780/0x920
[  702.757548][T16439]  netlink_sendmsg+0x813/0xb40
[  702.757588][T16439]  ? __pfx_netlink_sendmsg+0x10/0x10
[  702.757623][T16439]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[  702.757666][T16439]  ? aa_sock_msg_perm+0x122/0x200
[  702.757700][T16439]  ? __pfx_netlink_sendmsg+0x10/0x10
[  702.757730][T16439]  sock_sendmsg_nosec+0x112/0x150
[  702.757759][T16439]  ____sys_sendmsg+0x55c/0x870
[  702.757798][T16439]  ? __pfx_____sys_sendmsg+0x10/0x10
[  702.757847][T16439]  ? import_iovec+0x73/0xa0
[  702.757884][T16439]  ___sys_sendmsg+0x2a5/0x360
[  702.757916][T16439]  ? __lock_acquire+0x6b5/0x2d10
[  702.757951][T16439]  ? __pfx____sys_sendmsg+0x10/0x10
[  702.758021][T16439]  ? __fget_files+0x2a/0x420
[  702.758047][T16439]  ? __fget_files+0x3a6/0x420
[  702.758084][T16439]  __x64_sys_sendmsg+0x1c3/0x2a0
[  702.758121][T16439]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  702.758164][T16439]  ? __pfx_ksys_write+0x10/0x10
[  702.758203][T16439]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.758229][T16439]  do_syscall_64+0x15f/0xf80
[  702.758250][T16439]  ? trace_irq_disable+0x3b/0x140
[  702.758283][T16439]  ? clear_bhb_loop+0x40/0x90
[  702.758312][T16439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.758335][T16439] RIP: 0033:0x7f2d5f4fce59
[  702.758357][T16439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  702.758377][T16439] RSP: 002b:00007f2d5d74e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  702.758402][T16439] RAX: ffffffffffffffda RBX: 00007f2d5f775fa0 RCX: 00007f2d5f4fce59
[  702.758419][T16439] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000004
[  702.758435][T16439] RBP: 00007f2d5d74e090 R08: 0000000000000000 R09: 0000000000000000
[  702.758450][T16439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  702.758464][T16439] R13: 00007f2d5f776038 R14: 00007f2d5f775fa0 R15: 00007ffd1fb71188
[  702.758499][T16439]  </TASK>
[  702.819360][ T5993] udevd[5993]: symlink '../../loop3' '/dev/disk/by-diskseq/94.tmp-b7:3' failed: Read-only file system
[  703.488923][ T5993] udevd[5993]: symlink '../../loop3' '/dev/disk/by-diskseq/94.tmp-b7:3' failed: Read-only file system
[  703.651710][ T5622] Bluetooth: hci2: command 0x0406 tx timeout
[  703.949253][ T5347] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  704.665793][T16393] ------------[ cut here ]------------
[  704.665810][T16393] workqueue: cannot queue hci_conn_timeout on wq hci2
[  704.665901][T16393] WARNING: kernel/workqueue.c:2298 at __queue_work+0xd67/0x1010, CPU#1: syz.4.3655/16393
[  704.665940][T16393] Modules linked in:
[  704.665959][T16393] CPU: 1 UID: 0 PID: 16393 Comm: syz.4.3655 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  704.665985][T16393] Tainted: [L]=SOFTLOCKUP
[  704.665991][T16393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  704.666001][T16393] RIP: 0010:__queue_work+0xd87/0x1010
[  704.666027][T16393] Code: 01 00 00 4c 8d 35 19 1a 22 0e 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 43 23 a1 00 49 8b 75 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  704.666043][T16393] RSP: 0018:ffffc9000dc2f588 EFLAGS: 00010046
[  704.666057][T16393] RAX: 1ffff1100759b95b RBX: 0000000000000008 RCX: ffff888020f7dc40
[  704.666071][T16393] RDX: ffff888037835968 RSI: ffffffff8a27e390 RDI: ffffffff8faface0
[  704.666084][T16393] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  704.666165][T16393] R10: dffffc0000000000 R11: ffffed100759b959 R12: dffffc0000000000
[  704.666193][T16393] R13: ffff88803acdcad8 R14: ffffffff8faface0 R15: ffff888037835968
[  704.666208][T16393] FS:  0000000000000000(0000) GS:ffff888125dc7000(0000) knlGS:0000000000000000
[  704.666223][T16393] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  704.666237][T16393] CR2: 000055ffccbbf660 CR3: 00000000506dc000 CR4: 00000000003526f0
[  704.666255][T16393] DR0: ffffffffffffffff DR1: 00080000000001f8 DR2: 0000000000000002
[  704.666268][T16393] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  704.666281][T16393] Call Trace:
[  704.666292][T16393]  <TASK>
[  704.666308][T16393]  ? rcu_is_watching+0x15/0xb0
[  704.666335][T16393]  ? __queue_delayed_work+0xd3/0x2b0
[  704.666364][T16393]  queue_delayed_work_on+0x11a/0x1e0
[  704.666398][T16393]  l2cap_chan_del+0x285/0x610
[  704.666431][T16393]  l2cap_chan_close+0x4d7/0x770
[  704.666462][T16393]  ? __pfx_l2cap_chan_close+0x10/0x10
[  704.666486][T16393]  ? lockdep_hardirqs_on+0x7a/0x110
[  704.666514][T16393]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  704.666542][T16393]  ? mutex_lock_nested+0x152/0x1d0
[  704.666563][T16393]  ? l2cap_sock_shutdown+0xa46/0x1170
[  704.666596][T16393]  l2cap_sock_shutdown+0xa50/0x1170
[  704.666633][T16393]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  704.666667][T16393]  ? lockdep_hardirqs_on+0x7a/0x110
[  704.666701][T16393]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  704.666731][T16393]  ? __pfx_l2cap_sock_shutdown+0x10/0x10
[  704.666757][T16393]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  704.666781][T16393]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  704.666808][T16393]  ? lockdep_hardirqs_on+0x7a/0x110
[  704.666846][T16393]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  704.666873][T16393]  ? rt_write_unlock+0x190/0x230
[  704.666900][T16393]  l2cap_sock_release+0x92/0x270
[  704.666928][T16393]  __sock_release+0xb9/0x250
[  704.666949][T16393]  ? __pfx_sock_close+0x10/0x10
[  704.666968][T16393]  sock_close+0x1c/0x30
[  704.666986][T16393]  __fput+0x461/0xa70
[  704.667018][T16393]  task_work_run+0x1d9/0x270
[  704.667042][T16393]  ? __pfx_task_work_run+0x10/0x10
[  704.667062][T16393]  ? do_exit+0x70a/0x22c0
[  704.667081][T16393]  ? kmem_cache_free+0x187/0x6c0
[  704.667107][T16393]  ? put_net+0x191/0x260
[  704.667129][T16393]  ? do_exit+0x70a/0x22c0
[  704.667153][T16393]  do_exit+0x70f/0x22c0
[  704.667181][T16393]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  704.667215][T16393]  ? __pfx_do_exit+0x10/0x10
[  704.667233][T16393]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  704.667256][T16393]  ? reacquire_held_locks+0x104/0x190
[  704.667277][T16393]  ? rt_spin_lock+0x1e0/0x400
[  704.667311][T16393]  do_group_exit+0x21b/0x2d0
[  704.667330][T16393]  ? rt_spin_unlock+0x160/0x200
[  704.667355][T16393]  get_signal+0x1284/0x1330
[  704.667398][T16393]  arch_do_signal_or_restart+0xbc/0x840
[  704.667422][T16393]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  704.667459][T16393]  exit_to_user_mode_loop+0x8c/0x4d0
[  704.667486][T16393]  ? rcu_is_watching+0x15/0xb0
[  704.667507][T16393]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  704.667526][T16393]  do_syscall_64+0x33e/0xf80
[  704.667544][T16393]  ? trace_irq_disable+0x3b/0x140
[  704.667569][T16393]  ? clear_bhb_loop+0x40/0x90
[  704.667591][T16393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  704.667611][T16393] RIP: 0033:0x7fa8e09cce59
[  704.667630][T16393] Code: Unable to access opcode bytes at 0x7fa8e09cce2f.
[  704.667639][T16393] RSP: 002b:00007fa8dec1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  704.667660][T16393] RAX: fffffffffffffffc RBX: 00007fa8e0c45fa0 RCX: 00007fa8e09cce59
[  704.667674][T16393] RDX: 000000000000000e RSI: 0000200000000080 RDI: 0000000000000005
[  704.667685][T16393] RBP: 00007fa8e0a62d6f R08: 0000000000000000 R09: 0000000000000000
[  704.667696][T16393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  704.667707][T16393] R13: 00007fa8e0c46038 R14: 00007fa8e0c45fa0 R15: 00007ffd8f013b28
[  704.667738][T16393]  </TASK>
[  704.667748][T16393] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  704.667768][T16393] CPU: 1 UID: 0 PID: 16393 Comm: syz.4.3655 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[  704.667797][T16393] Tainted: [L]=SOFTLOCKUP
[  704.667805][T16393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  704.667817][T16393] Call Trace:
[  704.667826][T16393]  <TASK>
[  704.667846][T16393]  vpanic+0x56c/0xa60
[  704.667875][T16393]  ? __pfx__printk+0x10/0x10
[  704.667896][T16393]  ? __pfx_vpanic+0x10/0x10
[  704.667919][T16393]  ? is_bpf_text_address+0x292/0x2b0
[  704.667938][T16393]  ? is_bpf_text_address+0x26/0x2b0
[  704.667964][T16393]  panic+0xc5/0xd0
[  704.667989][T16393]  ? __pfx_panic+0x10/0x10
[  704.668030][T16393]  __warn+0x315/0x4c0
[  704.668056][T16393]  ? __queue_work+0xd67/0x1010
[  704.668086][T16393]  ? __queue_work+0xd67/0x1010
[  704.668113][T16393]  __report_bug+0x29a/0x540
[  704.668137][T16393]  ? __queue_work+0xd67/0x1010
[  704.668162][T16393]  ? __pfx___report_bug+0x10/0x10
[  704.668179][T16393]  ? __pfx_hci_conn_timeout+0x10/0x10
[  704.668222][T16393]  report_bug_entry+0x19a/0x290
[  704.668240][T16393]  ? __queue_work+0xd87/0x1010
[  704.668264][T16393]  ? __queue_work+0xd8c/0x1010
[  704.668287][T16393]  handle_bug+0xce/0x200
[  704.668309][T16393]  exc_invalid_op+0x1a/0x50
[  704.668330][T16393]  asm_exc_invalid_op+0x1a/0x20
[  704.668348][T16393] RIP: 0010:__queue_work+0xd87/0x1010
[  704.668373][T16393] Code: 01 00 00 4c 8d 35 19 1a 22 0e 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 43 23 a1 00 49 8b 75 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc
[  704.668389][T16393] RSP: 0018:ffffc9000dc2f588 EFLAGS: 00010046
[  704.668406][T16393] RAX: 1ffff1100759b95b RBX: 0000000000000008 RCX: ffff888020f7dc40
[  704.668420][T16393] RDX: ffff888037835968 RSI: ffffffff8a27e390 RDI: ffffffff8faface0
[  704.668434][T16393] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  704.668446][T16393] R10: dffffc0000000000 R11: ffffed100759b959 R12: dffffc0000000000
[  704.668460][T16393] R13: ffff88803acdcad8 R14: ffffffff8faface0 R15: ffff888037835968
[  704.668485][T16393]  ? __pfx_hci_conn_timeout+0x10/0x10
[  704.668517][T16393]  ? __queue_work+0xd49/0x1010
[  704.668547][T16393]  ? rcu_is_watching+0x15/0xb0
[  704.668569][T16393]  ? __queue_delayed_work+0xd3/0x2b0
[  704.668597][T16393]  queue_delayed_work_on+0x11a/0x1e0
[  704.668630][T16393]  l2cap_chan_del+0x285/0x610
[  704.668662][T16393]  l2cap_chan_close+0x4d7/0x770
[  704.668692][T16393]  ? __pfx_l2cap_chan_close+0x10/0x10
[  704.668718][T16393]  ? lockdep_hardirqs_on+0x7a/0x110
[  704.668745][T16393]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  704.668773][T16393]  ? mutex_lock_nested+0x152/0x1d0
[  704.668795][T16393]  ? l2cap_sock_shutdown+0xa46/0x1170
[  704.668823][T16393]  l2cap_sock_shutdown+0xa50/0x1170
[  704.668865][T16393]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  704.668892][T16393]  ? lockdep_hardirqs_on+0x7a/0x110
[  704.668921][T16393]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  704.668947][T16393]  ? __pfx_l2cap_sock_shutdown+0x10/0x10
[  704.668972][T16393]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  704.668996][T16393]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  704.669023][T16393]  ? lockdep_hardirqs_on+0x7a/0x110
[  704.669050][T16393]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  704.669077][T16393]  ? rt_write_unlock+0x190/0x230
[  704.669106][T16393]  l2cap_sock_release+0x92/0x270
[  704.669136][T16393]  __sock_release+0xb9/0x250
[  704.669158][T16393]  ? __pfx_sock_close+0x10/0x10
[  704.669178][T16393]  sock_close+0x1c/0x30
[  704.669195][T16393]  __fput+0x461/0xa70
[  704.669227][T16393]  task_work_run+0x1d9/0x270
[  704.669250][T16393]  ? __pfx_task_work_run+0x10/0x10
[  704.669271][T16393]  ? do_exit+0x70a/0x22c0
[  704.669287][T16393]  ? kmem_cache_free+0x187/0x6c0
[  704.669312][T16393]  ? put_net+0x191/0x260
[  704.669333][T16393]  ? do_exit+0x70a/0x22c0
[  704.669354][T16393]  do_exit+0x70f/0x22c0
[  704.669377][T16393]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  704.669411][T16393]  ? __pfx_do_exit+0x10/0x10
[  704.669428][T16393]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[  704.669451][T16393]  ? reacquire_held_locks+0x104/0x190
[  704.669471][T16393]  ? rt_spin_lock+0x1e0/0x400
[  704.669505][T16393]  do_group_exit+0x21b/0x2d0
[  704.669524][T16393]  ? rt_spin_unlock+0x160/0x200
[  704.669550][T16393]  get_signal+0x1284/0x1330
[  704.669593][T16393]  arch_do_signal_or_restart+0xbc/0x840
[  704.669616][T16393]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  704.669654][T16393]  exit_to_user_mode_loop+0x8c/0x4d0
[  704.669681][T16393]  ? rcu_is_watching+0x15/0xb0
[  704.669703][T16393]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  704.669723][T16393]  do_syscall_64+0x33e/0xf80
[  704.669741][T16393]  ? trace_irq_disable+0x3b/0x140
[  704.669768][T16393]  ? clear_bhb_loop+0x40/0x90
[  704.669792][T16393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  704.669811][T16393] RIP: 0033:0x7fa8e09cce59
[  704.669829][T16393] Code: Unable to access opcode bytes at 0x7fa8e09cce2f.
[  704.669851][T16393] RSP: 002b:00007fa8dec1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  704.669870][T16393] RAX: fffffffffffffffc RBX: 00007fa8e0c45fa0 RCX: 00007fa8e09cce59
[  704.669884][T16393] RDX: 000000000000000e RSI: 0000200000000080 RDI: 0000000000000005
[  704.669896][T16393] RBP: 00007fa8e0a62d6f R08: 0000000000000000 R09: 0000000000000000
[  704.669907][T16393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  704.669918][T16393] R13: 00007fa8e0c46038 R14: 00007fa8e0c45fa0 R15: 00007ffd8f013b28
[  704.669948][T16393]  </TASK>
[  704.672758][T16393] Kernel Offset: disabled