last executing test programs:

9m51.819840357s ago: executing program 0 (id=2433):
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
pipe(0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r0, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
r1 = fsopen(&(0x7f0000000040)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x8, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x2, 0x2)
ioctl$SNDRV_PCM_IOCTL_START(r2, 0x4142, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB], 0x84}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
socket(0x10, 0x3, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETLED(r4, 0x4b32, 0x3ff)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TIOCSIG(r4, 0x40045436, 0x22)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="04050400c900"], 0x7)

9m51.09030708s ago: executing program 0 (id=2434):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0xc)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

9m51.040554411s ago: executing program 0 (id=2435):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0)
mkdir(&(0x7f0000000140)='./file0/../file0\x00', 0x190)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x8b7848, 0x0)
umount2(&(0x7f0000000040)='.\x00', 0x2)

9m50.939295459s ago: executing program 0 (id=2436):
mkdir(&(0x7f0000001a80)='./file0\x00', 0x1cb)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0)
mkdir(&(0x7f0000000140)='./file0/../file0\x00', 0x190)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x8b7848, 0x0)
umount2(&(0x7f0000000040)='.\x00', 0x2) (fail_nth: 1)

9m50.76399158s ago: executing program 0 (id=2437):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x60000, 0xf000, 0x0, 0x7, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x1, 0xddccb000, 0xd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xdddd8000, 0x18, 0xe, 0x0, 0x4, 0x7f, 0x0, 0x80, 0xe, 0x2a, 0x6}, {0x10b002, 0x2000, 0xc, 0xfd, 0x80, 0x0, 0x3}, {0x1000, 0x0, 0xd, 0x0, 0x70, 0x80, 0x0, 0x0, 0xfd, 0x1c, 0x7, 0xa8}, {0x100026fff, 0x3000, 0xd, 0x4, 0x0, 0x8, 0x0, 0x0, 0x6, 0xfc, 0x86, 0x1}, {0xeeee8000, 0x3000, 0x0, 0x0, 0x5, 0x0, 0x0, 0x80, 0x0, 0x4}, {0xd000, 0x41000, 0x3, 0x82, 0xfe, 0x10, 0x4, 0xe}, {0x0, 0xfffe}, {0x1, 0xfffe}, 0x50011, 0x0, 0x0, 0x1, 0x1000000000000001, 0x0, 0x900, [0x0, 0x800000000, 0x2, 0x5]})
ioctl$DRM_IOCTL_GET_CAP(0xffffffffffffffff, 0xc010640c, 0x0)
connect$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000)={0x23, 0x9, 0x1, 0x80}, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x0, 0x5, 0x0, 0x25dfdbfe, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0xfff}, 0x10)
write(r1, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'hsr0\x00', <r3=>0x0})
sendto$packet(r0, &(0x7f00000001c0)="090000007bfaa41a3f85223dd7e54870f078bcb0ad15d2477ef3e021b12fed3382ae465ddbf4a340480b1dd584f2", 0x2e, 0x24000801, &(0x7f0000000300)={0x11, 0x8100, r3, 0x1, 0x8, 0x6, @remote}, 0x14)

9m50.511596458s ago: executing program 0 (id=2438):
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
pipe(0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r0, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
r1 = fsopen(&(0x7f0000000040)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x8, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0b040000000000000000020000000900020873797a3200000000300004802c0001800b00010074617267657400001c0002800400030009000100444e41540000000008000240000000000900010073797a30000000001400000011000100"/129], 0x84}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TIOCSIG(r3, 0x40045436, 0x22)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="04050400c900", @ANYRES16=r4], 0x7)

9m50.272950572s ago: executing program 32 (id=2438):
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
pipe(0x0)
r0 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r0, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
epoll_create1(0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
r1 = fsopen(&(0x7f0000000040)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x8, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0b040000000000000000020000000900020873797a3200000000300004802c0001800b00010074617267657400001c0002800400030009000100444e41540000000008000240000000000900010073797a30000000001400000011000100"/129], 0x84}, 0x1, 0x0, 0x0, 0x20040000}, 0x0)
socket(0x10, 0x3, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TIOCSIG(r3, 0x40045436, 0x22)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_vhci(&(0x7f0000000840)=ANY=[@ANYBLOB="04050400c900", @ANYRES16=r4], 0x7)

5m30.749483704s ago: executing program 4 (id=4155):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000f2303920422c021240850102030109022400010000100009040c0202c17f0c00090502020002020000090582020002"], 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000001c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000001c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000340)={0x0, 0x30, 0x1, 'D'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, 0x0)
unlinkat(0xffffffffffffff9c, 0x0, 0x200)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x8, 0x32, 0xffffffffffffffff, 0x6931b000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66)
syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0) (async)
syz_clone(0x1022000, 0x0, 0xfffffffffffffc76, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r2)
add_key(&(0x7f0000000040)='cifs.spnego\x00', 0x0, &(0x7f0000000200)="6da80f7042fecac9b915825140ce75b056e85e2232da4bf1eceb4573881b7b90156daf361c9cbc339b6093494da2e41cdda44cabb79ea4d7e73867a5da68908323ceaf149355fb084b09000000000000003d564959d9d2f637573db89308a2a9dcee4a663b72eb7166016dc5da1958d54dbe4a8654e8d63d36a903b9cb6574", 0x7f, r1)
keyctl$assume_authority(0x10, r1)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0) (async)
socket(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r3=>0xffffffffffffffff})
pipe2$9p(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="2c76657273030000000000000030302c00"])
write$P9_RVERSION(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r4, @ANYRESHEX=r5], 0x15) (async)
write$P9_RVERSION(r5, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r4, @ANYRESHEX=r5], 0x15)

5m29.48980298s ago: executing program 4 (id=4158):
r0 = syz_usb_connect$uac1(0x2, 0xb8, &(0x7f0000000100)=ANY=[@ANYBLOB="12010103000000106b1d01014000010203010902a600030156c0020904000000010100000a24010101bb02010211240601040507000a0008000300020005052405060f0f2406020504020002200a000a00040c24020203020250800009010d2406050203078887000a00000924030101010505"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x2000000000000046})
syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000380)={0x20, 0xe, 0x1, '6'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000240)={0x0, 0xe, 0x2, "c5d0"}, 0x0, 0x0})
syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f00000006c0)=ANY=[@ANYBLOB="421202"], 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000440)={0x0, 0x12, 0x5, "433d092dda"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x1}})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

5m28.518503044s ago: executing program 4 (id=4163):
r0 = eventfd2(0x4c74abc7, 0x801)
ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x2d)
r1 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000180)={&(0x7f0000000080)=[<r2=>0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0, 0x0, <r5=>0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], 0x2, 0xa, 0x4, 0x4})
ioctl$DRM_IOCTL_MODE_RMFB(r1, 0xc00464af, &(0x7f00000001c0)=r2)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000200)={<r6=>0x0, 0x0, r1})
r7 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000240), 0x30000, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r7, 0xc03064b7, &(0x7f0000000280)={r2, r5, r2, 0x9bb, 0x0, 0x101, 0x2f83a5e9, 0x2, 0xffff, 0x8, 0x9, 0xaea})
r8 = socket$inet(0x2, 0x80002, 0xf55)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r8, 0x8982, &(0x7f00000002c0)={0x1, 'ip_vti0\x00'})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r9=>r0, {0x899}}, './file0\x00'})
ioctl$DRM_IOCTL_MODE_GETGAMMA(r9, 0xc02064a4, &(0x7f0000000400)={r3, 0x2, &(0x7f0000000340)=[0x95e1, 0x5], &(0x7f0000000380)=[0x401, 0x3, 0xfffe, 0xab], &(0x7f00000003c0)=[0xfffe, 0x6, 0xfff, 0xfc00]})
ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000440)={r6})
ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(r9, 0xc0106441, &(0x7f0000000480)={0x0, <r10=>0x0, 0xa})
ioctl$DRM_IOCTL_PANTHOR_VM_DESTROY(r7, 0xc0086442, &(0x7f00000004c0)={r10})
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000540)={0x5, 0x0, &(0x7f0000000500)=[0x0, <r11=>0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_SETPLANE(r7, 0xc03064b7, &(0x7f0000000580)={r11, r4, r2, 0x7, 0x5, 0x8, 0x4, 0x1, 0x1, 0x73, 0x2, 0x9})
ioctl$sock_inet_tcp_SIOCOUTQNSD(r9, 0x894b, &(0x7f00000005c0))
ioctl$DRM_IOCTL_AGP_ACQUIRE(r9, 0x6430)
quotactl_fd$Q_SYNC(r1, 0x0, 0x0, 0x0)
ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r9, 0x8008ae9d, &(0x7f0000000600))
ioctl$KVM_GET_MSR_INDEX_LIST(r9, 0xc004ae02, &(0x7f0000000640)={0x4, [0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000680)={0x5})
write$P9_RMKNOD(r9, &(0x7f00000006c0)={0x14, 0x13, 0x1, {0x1, 0x2, 0x4}}, 0x14)
ioctl$FICLONE(r0, 0x40049409, r1)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r9, 0xc01864c2, &(0x7f0000000700)={<r12=>0x0, 0x0, r9})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r1, 0xc01864c1, &(0x7f0000000740)={r12})
r13 = userfaultfd(0x801)
ioctl$UFFDIO_UNREGISTER(r13, 0x8010aa01, &(0x7f0000000780)={&(0x7f0000ffb000/0x3000)=nil, 0x3000})
write$eventfd(r9, &(0x7f00000007c0)=0x2, 0x8)

5m28.22997932s ago: executing program 4 (id=4168):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000340)={0x0, 0xfffffffc, 0x100, 0x2, 0x1e5}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000980)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f00000004c0)=@IORING_OP_WRITEV={0x2, 0x3, 0x4007, @fd=r0, 0x7fffffff, &(0x7f00000019c0)=[{&(0x7f0000001a00)="00937e6fc9ed32b288f89f344016b232f2e3c0cf3ed85c0f5bf5e39182bbe780eae24e7d27c760ae72c465dd6311c4a21f465bd0a9b151dd71b20b886bda7f4fd57d646c9bcbbd4092e1c44ed701aa1f734e6814540e990c113d3868746415980742c105e12c35e018956fd9679a82764b5099ce69dc934b5dd4db4c69f87d2076c78cebc12e1021782b212fe6997b78af631672fec14a555d497349352f52f46cf121548bbd2bd963114c67e729c48cc8a62c1ad331d2c37d03244e5e05908c802591cfd0f9363d49cc97d2f8f2481cabccfed1d49cdeae833746420331fdac7ddf86261a164a51b7c36b2e6f6fd86f2e77fe0aa1aa74dc9088dc4908000000000000f93c54ba48d2684816e616b5efcba03380c78e264a25f76222f4dd95f5514641ae14dca850f7ebffed24f98968d2cabc5012d889d7b3e7a32872ff204854f34b7dc881021c2fd83764fb39901c92f90940424e0783d785ded2c1f6aa790bcb40776d1e30f83a6c6b2c24a41f1e9cb1f2cc5bad455e9c994a54960de08fff1b64f575e03dfc791e21bf76b957f035a594fb677e46097b43418ddc31e75e86ded8b5fdf2f25fa024fb923830f93dc5a31422bb277b3b5a306c7cc4c7a26e6564abeb66b699d3c9aa3822ce44d723768ee661b728bad8a96ef97211deecb9be367defa44510fb4a14ff264e3dde8cc00bcc7e48b03de791c79e9426be1ed6cb917e317e3fb2adea798a5b6649c56ecefce47e67dcdad9980f3595277b09b7831da9126fc996d6ad2b8d4874704ba676bc1ce4aacd6079787f6db36e60a0f31cafcc993e11eb4134108ded34011b2c508237825484b6da4af5962efa9fd990af1068d32d74018f7b77b91ee973289c5ccc9a7f50ca2e8bee1efdeee80c240900eb2f1a93bb5bb7230277ae655aafffd55bec0da6c6beaeaf84a68c99f6092c6e99122fc624bed8ea4092188e87505badeef22cc497fe039cd98c70f64dc9008087a8f54ef00793d1ca0ad416473eeebfff3215c7f901f7a8a4f7a21a4c654eea027aa790c8493203cb9edf0c8c579c1cd5a97bb1ee9b6d44be5d3455a1314a7ee260583b7489a0f8de2f86beeb4ae67df8ac516251032fb10ec8e960f6d6459360cbb5789e1923a52fe22e887098b58481ef7eae4e77190df46e9179721cc986fde236faf51f183de3aedd2347d0ce6b1bb96d43b3ee7cc9114f2ae828c07e67597c74d70fcc8842930b7c45b08ea531e391306154be2687de99aefc7e697ae29e7aae5bf81a2577ed0c22e77274f7d4bc3b41f21c930f9fc62aeaad86a304f220d8b58fa9e3ee87e6e9a2c62a129b2677d9547ecea8965dc912530f39005c26ee665f4bf48f39700806b115166b66b2725303a2944fa42d1c1fa0e1f6d63d0a23f4a8f505f67b16c9646d5b723c9af47ffee226d6d1c57645587b11f3ebdd7af58aa66ea44e3c92405095644edef7ee92051b7fb6b0e4d1655af34e615ab04b28e31208fc25ccd9ea31972d381a4cd47ac183dd3276c3929fa2f30d752957eb027194c3bf49c22d0c1abdce58ffddd5537b2be638ddb0e0dc78d49c411e9b60e94c38adf560d8f5546cb574ad968e7a4cd7e350b1e86598782832f84f6812c3daf501f9f72a6c5214270e1e4824df37ff83257bbc7292a5e5a17a82886691a6a1557953de5ec71f2cb45febc9b3f4872aa32d3945832de31d15e4419fbbc2ac8f4a07c97f5e230d17e8fcc738d55c29c06db62979807d576ef7efbd391f6c51e28de7bffe4b73a6a4ca84fb91f6ab99f6309b6fb4b3a500bc56fd63649eaa3306aec507e4aebc05085de702624f98cb6d214f3e6da8eb151fb047e32e4f5f7e9687530c874a81afdb3a703a8c4f19af7e3eab0c09f4cd71d08c4ce39286054f4f21514b26647a8f307fae7f6411462c957e23835f2c8e808b40705e00a37dc035abb79f70d9d68e0f6336c0e7289b940c3baf89b02511e7bd3dccac4af32aee46014f826ad48e947aa7b1a39104ed94b258a45071113861c0a6a0803b12aadc19357e1b9bd4af7653c2c5c25356d1ac600f982d415a28d96e579c88ab471b4d039f7a3c06cec5c1ee9a5a94d044eca53ec0ac5c88a6e502a7c5e47a30b3b7fba46ec9af449ef76b6390df613230f4298d238004530deb39d18f780b9e95e9cc71acbf4453a23b8cea5f1c287600c5220d5a2c94af7a0c85185b6d2102be758632cd6c44cda618f41bd0c65d4e9402d1d29a2ae85b2c789ece7c1b6711ca593ca32634b103850a96d53ee8be202c7a844e3148281debdabfe8ac90a26b418c3bb73cecc7d29cbfced120a5bf3df79110c5512b6e5055ab3be903b1971a9874c4781f43acae7dfefb19556b05c696c7a4b0cadf81f92e662d376eb426cce9f0ef06471c639a333f447b7e75f98019e7fd58451cb6f94bb48cee285f07e0eeb7bbf998bc8e8d1a507d4524cb4a1f3ac26724e7f02b256b663eea2193a9fce207c69a3fb9a486f4f9fa29b5e42d9e0feab67ecaea8621d744dd0dde1367c8c4d7957e06775e631b2d18ee317a42be921c146f9fe605c7818558a1cea0bce338ad556d1424acf3d388236d1423a5f65fe835f4e8f6e6c44afe86ec0a8eff7dbbe5e45fb95a2834ced31c695377ad5ebc63506d3f96e865a885c7edd3a14d5dca60803213382cd7d9f1e31dd0aef2f1030cf95c077a5a6fbeb1de7f1904d40e9c762898195db3b8d20586755a3e3de73447f302232c4da07befcf886538fd8bcbe617c6021505e673bd97ace5ed18381315856d29ca7b8f28b3ca85ecdc759cfed91ca90fe58d90cfdac4ef24e846307c82c3f6a9226db39f020ebb12d0163d4a29096974695affb400e0e59bc424ade976ba1f3e8f2bb6bf55baa0ca361f3f49ec04ecfce6865ad14d979fd2a166bd997037a41733b9b98cf49c6f8bb9268ad9df20b3e9dcecd38d4273f3fc637101cfddec151a71ac52d8d52fe9528e5358ad5a8da4be983b85bcb66216cb6cc03072e47308e0bead361f08a4abe15f16424789d5fc2d83e98aa0356f260afb184e23ed6ddb5fa8e7a7e35e093f8bf1b1b1668a3fc6c94b470188b2cdae45765268116e48c3c201b9df3170d40391c14f074170eb1a36d52fd2ab12c50e7124582a054f34480e2b32f1c133a5443d885959c44ecdc15af19d174ff785eb2bab1a6d2e0e9e6ed57d35e33b0bc3c7a0bc03dea440fbe33a55d0ebb29b1b63261797ad05efd9d348f6628966e1374e99c2910d9ed97c023ba1295ef504d13815c3b6392747444909b3dfd10f5d3bc0ffda815575546acf61a6c1d4090939c03bd5d8604d410407a314015839cb2c9586a660530996772bcfbff7a14cd3fee5cd802d624264d9578f44b912c999c3412a32348407086279803f21c86437f7d626241da95f5bf874e3324a6a0ff9d73ec7c6df50fc785a82ff0b9bbb3007cc1d6230e710999c7f28bdb00f92ff0e9ed83d45f40d4ef5ce021deb3587b24dd9287a3e200c6b91de2ab01e3ad858720099afbe82238a868248813b020ce3a45175f22f795c66bdabd43cb4615bc92d779eefffbab6e356a7b8cb883607e9c1811e06dea3372698431f0f87f64cda8224819b24a263931cb5dce94edcd646fe8e1d3cb1faa4232347a5cdb7315212bf89be148b60b41244f1542e9743aeacd34c60a9450afed8394b13f1ce5961d617c54b915112228a56aa7971fe14b55919b0c759ab544ac9c4b5b6bbfa75b7f60674c91bedc0774f4650d63d159f8b5f613995e290f0cef53ead7aad39f8adbc00a7828f4daef788800fe250cf05d8ac83ecd3a238c8ae2ee88d74f3ac5e74905ff01facb588946b26413dc0f835cc4862256a45fd7566f1c1fdaec0cb22549056f9bb8791816796408e0bae99a9da0dc7990a95c80ca610f862e1f068e3e66bece3dc66a4e0e0e7a583751f83b5e90e97dcbc154268cb252c1a69b984676777bdc512df56e6e4a811b27af43e59a15f9f9095a6f44ea8b3c864c4071c409e0aec42cba6950bbef2f0e5a1976acf804997aab5692ef88ec3b1b2c6d1647a7eba709bed1cac24af3ed31c8568c2b90cfdf17beb6229fe1811642af36fd4877b9791684a8aebb8f22446c6f157e5586abbc83e8a8cd226e7be93905a891de7aee89b22386f64e565225f0e0e216f0d02b7f6c1e25768aefc398d88b2f652283ea3d8187279028bd144a6135c33eb4daa478f45bd9fd918cbf9447ed082790bff650ca44f9c79827d6e543b7dede193868c872d20dfa53ae0c38eb4713ef804b8d3e40660d17418091e6a7b62ed8c2413ee370a450d4db4797d66cd40252f16b5f8ad6f19020950b7c1f32e3755ee0c19b551e53f51ff635176863c62982e17b1135f393f532818d92f3510e500092823425b6135fb20f2717c9ec42156f8c699adc0369ab524e5dce56a697e4e086b63403b8ea2cbbfe44a4781f22c0c5f0e948e2172170f058c9234c74014414cabce7926afa5fc848fdc156bec93a888376b2a45865315ed86382cb0e7bff1cdcc938135fbcb7e7a62bd9e6e73ffdd7ad1e41a7c4153346a8b3852e406f9b00b07815854a0721dce4d5595fa5ccf57a8a244b1bb5860aa5f5067124a1bbce621046a609ea286df8c4777bb1ccfe9b7e68f5087330abc6d8e9dc361d271054143d1b03cbfb8a8999a2347f1acdf6f0e4c00b572de57b6fb96e21fa0bea38d395afb5f181d17b41678704278bea1ee0377439d70af0c6dd1d267f9920592eafc42092479ac6ace0860ce28d19116014ee3f0930f2538c8d9db01d9160013e3a50ce2d4308a7d4bdc1eef0a08ffd32302b570e321054e6ef8b1a48c5cf9fce66b66006e341eb6180b5ead3f5a998c473081eab5babbf2553b074382ccfb0d83fe78088102d5faf0820e7b49eade76b9236c4c86041d221778a329a191bbf4dcc29786ced59567a47d33839c9c7dd776ce38869f12c19f2b5ed6c0719b5cebb3b4af135d0df045e533d1470ffaa3a4a4d9cdcfed0583d711ebc5f26ad7ca2af059c5e84646491662241b8ad650e985685769827489553232ab256b68ed0509135b5bf64844b79cf7901361dc641e8f25074459606bbc6cb42e99f5de97b43c8fd096fecf249dd0ec120bb32b884777d0e300fadc087f0d3c422169ed934cf3048d73f6decb1a6b45168d557e3fe3413812bbc1da82a0a380542dd5b0fd363729110fcf253407459f6e5b031a13995c9515821814cd6d5e0a412337dc756b7f8c5159a42d111cf1ed752d78c021901c637cc511b642396fb01468ea61b4545cc4c28fd08dc192bfedd75ced712383e7003bd02b14f048ac77aa0ac5b764dc9119c3790600c6c1679bb0eeb2d6dd87f0943ceb1b3da293435bd2ba0973bfe2629672a5615122014e568c4e8391d94ac9086b2aa902c3889d4acdaf53ddbb57e235735febdbc92ac85000f87b016249d460bcfd9fa8039d184757e17a74267fda75460cafbaff0d424c407610b1fa679df4755fe785032e593d7aafce14fdf94cb814b4b1379cc128a7d665685b9a72bb01508e2869bd23d166dbf9adf53de3717a930e1adaf79955baf8c46f4d6f9f253aa155ac3fd541741672d555951fa58358d71ea691c1383b666b104c086e8c6ccd7041ecb4534ae5cac976068fc03474c1705e994240c0844cce0472f26188775f7a3273f1930f00b79f7ce84a6a1f6a52673b3e6033a761b8d557491f50f124c29bae2fc1bcb816a2a2f3717fd1ea0bef0c446d1e139d84c6694e03f452369c8602be2b656e4519c6f9b6ef144ccd", 0x1000}], 0x1, 0x18, 0x1, {0x1}})
syz_ublk_add_dev(r0, r1, r2, r3, &(0x7f00000000c0)={0x2e, 0x9, 0x0, r0, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000080)=@any_dev={0x1, 0xe8d, 0x0, 0x0, 0x1000, 0x5}}}, &(0x7f0000000180))
r4 = fanotify_init(0x4, 0x0)
fanotify_mark(r4, 0x1, 0x5000002b, 0xffffffffffffffff, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c230001)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r5, 0x107, 0x13, &(0x7f00000001c0)=0x80000000, 0x4)
r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
get_mempolicy(&(0x7f0000000000), 0x0, 0x3a, &(0x7f00000cd000/0x3000)=nil, 0x3)
ioctl$TUNSETOFFLOAD(r6, 0x40047440, 0x4)
ioctl$TUNSETOFFLOAD(r6, 0x400454d0, 0x4)

5m27.632982905s ago: executing program 1 (id=4175):
r0 = syz_open_dev$rtc(&(0x7f00000000c0), 0x0, 0x80000)
ioctl$RTC_PIE_OFF(r0, 0x7006)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r1, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}], 0x1, 0x48000)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r2=>0x0}, &(0x7f0000000000)=0x8)
sendmmsg$inet(r1, &(0x7f0000000540)=[{{&(0x7f00000000c0)={0x2, 0x4e22, @private=0xa010102}, 0x10, &(0x7f0000000480)=[{&(0x7f00000001c0)="204ad29b94", 0x5}], 0x1}}], 0x1, 0x20004000)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000002680)={r2, 0x2}, 0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={r2, 0x3000}, &(0x7f0000000100)=0x8)
r3 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48640)
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x1, 0xffff, 0xfff, 0x8, {0x7, 0x101, 0x2, 0x0, 0x45, 0x6, 0x0, 0x1, 0x7, 0x9, 0x5, 0x8, 0x3, 0x74, "f936bc0c52ba637bb9e2a9692c3cb3a95617edc45a5ff478a53737ac2159eb84"}})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000000)=0x2, 0xfffffffffffffd61)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x59)
sendto$inet(r4, &(0x7f00000004c0)="3ce2de4d8d", 0x5, 0x805, 0x0, 0x0)
r5 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r5)
prctl$PR_SET_PTRACER(0x59616d61, r5)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='io.stat\x00', 0x0, 0x0)
sendto$inet6(r7, &(0x7f0000000580)="9b52e139b9c7f05d5fc091df7f80189faed7e7c8071d777f91960a538b8b575fc876e1d9579731ce21429ca499480f5ffd15ce6926dc888bf82bf7ff8927e3920422366e130763fe3fead7482a5fa8ca423a4a2f2b3ff396b61b0738dce751d8ce484cd5c8539eb89a4bf49fba4707c654c4af49acf81162c015c48a89f0903c5a4c3001482fb24e9d3147371dbf83b6d39197a053132df9f04322cc027f47e2740c6713dd54c6fa8c39a195409223a85495cbde218fa5cce6893f6677", 0xbd, 0x4000, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r9=>0x0})
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="210025bd7200000000003900000008000300", @ANYRES32=r9, @ANYBLOB="14005a80100000800500c1290b000000040001"], 0x30}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x9a2f9a692ac25a7d}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xa0, r6, 0x400, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x2, 0x3f}}}}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x4a}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x5}, @NL80211_ATTR_PMK={0x14, 0xfe, "d575293f3bc0f5e5cff163b8daa341cd"}, @NL80211_ATTR_FILS_CACHE_ID={0x6}, @NL80211_ATTR_SSID={0x1e, 0x34, @random="46c83c0c6b1538f4a3e2d0fc4e8aff6d5add1d62c6b37aa7eeb2"}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x8000}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0xa0}, 0x1, 0x0, 0x0, 0x80}, 0x2000c810)
recvmmsg(r4, &(0x7f00000031c0), 0x0, 0x22, 0x0)

5m27.532320511s ago: executing program 4 (id=4176):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8})
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
clock_settime(0xfffffff4, &(0x7f00000001c0)={0x0, 0x3938700})
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201100100000008bd280319000000000001090224000100000033090401810903000100092104000c012228000905810340"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000040)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000006abf6fc93f0808251f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r3, &(0x7f0000000940)={0x2c, &(0x7f0000000600)={0x20, 0x2, 0xe2, {0xe2, 0x5, "16b7d3f9bb2f3b038cc293e9af76d3abe2cfdb5d7dadb6deda0048f4ae27199c07920cafc0639617dd3fd1d5c7d45dda5f8e55e7e7814a9dece35a34903516722b8da1133746096425fafb2d96be2af0b8c40ecdc9ae1c84adf5f1e65bb1e251fd19844d9f598dd63aa6906ea4cb8e176214e5a6295bbff00739544be0b4c00c777b0e5a806371a3825de988b90a72308e8989ae5d3836a42ef215816fa9812a78a233365818647eff68765d42872ee5b067b63a52627646e67962c314c3a64ebc9ec35f4af71330c45b71e93c49f2f087772b393b953329d898de1b0e45380c"}}, &(0x7f0000000700)={0x0, 0x3, 0xe5, @string={0xe5, 0x3, "067696b2044fd337f3c43b0e9ba4aae7d52236afc00feb48d6b3bd6aa0ce69e4da844d1ef5ac25ed8ec1cb7032295c9020e0a4a0477ef92acf0717bec32524387a88f4658c2e8c24e1e37ff9f0359a7834f0067aa7c295163951975703f5fa6059a7a81eb4633474847ef573cacc1ad30999a6d9eba15f4ac076fba0043670a1376ce9a32246f6675330e44a2db2a2eeb729a0fca4a06215790c0aa775c8eab5fd97570e8cbae0c3b1b98cb5c0914591536d6f1fe9eaaa1b91c49294d20a6ad571f2f32c13f0c97d87710c32b97cb8d7a1b74dce056d3ac027f97eb7c0167363a49db5"}}, &(0x7f0000000800)={0x0, 0xf, 0x49, {0x5, 0xf, 0x49, 0x6, [@wireless={0xb, 0x10, 0x1, 0x2, 0xa, 0x7, 0x6, 0x5, 0x7}, @ext_cap={0x7, 0x10, 0x2, 0xdd5f89c0a97292db, 0x9, 0x3, 0xfff}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "ad961dc7414cf93c2a25351a35c9be54"}, @ssp_cap={0xc, 0x10, 0xa, 0x2, 0x0, 0x10, 0x0, 0x5}, @wireless={0xb, 0x10, 0x1, 0x8, 0x95, 0x9, 0x6a, 0x8, 0x81}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x2, 0xa, 0x8}]}}, &(0x7f0000000880)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x0, 0x1, 0x1, "eb17f41d", "7656dd72"}}, &(0x7f0000000900)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x9, 0x4, 0x6, 0x0, 0xa, 0x8, 0x3}}}, &(0x7f0000000e40)={0x84, &(0x7f0000000980)={0x40, 0x6, 0xdc, "56a3a0d419f2f6a0e81df94b7a60d96e25b6071b116477f2f35f7312064f3e5b939d6740ce2294a4ef2c242b475eb59073dac4dba9586ce5d3a119ad1cfb893e83a37172610ad5569f9e29f99d42312d93618fd961da8d0dafb26c0cb0e4a081f84d695e470d811127f8e1dc04f248f9c8e995652cddee19cf2a870f10b70e279e17d6dd8a6be8d91722939cd51d32ab630107c418d210e31cb4cc2b221a1db9841a6f8df013490b5090070f32c26900daf2308dd231771f1a8bcb21b6eb4c0ec7d6a354a82ab3ad6de7660020dd352a1cf0a09a2ea64d7bd318773b"}, &(0x7f0000000a80)={0x0, 0xa, 0x1, 0x80}, &(0x7f0000000ac0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000b00)={0x20, 0x0, 0x4, {0x3, 0x3}}, &(0x7f0000000b40)={0x20, 0x0, 0x8, {0x260, 0x4, [0xf0ff]}}, &(0x7f0000000b80)={0x40, 0x7, 0x2, 0x1ee}, &(0x7f0000000bc0)={0x40, 0x9, 0x1, 0xf7}, &(0x7f0000000c00)={0x40, 0xb, 0x2, "e7dd"}, &(0x7f0000000c40)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000000c80)={0x40, 0x13, 0x6, @multicast}, &(0x7f0000000cc0)={0x40, 0x17, 0x6}, &(0x7f0000000d00)={0x40, 0x19, 0x2, "3ee0"}, &(0x7f0000000d40)={0x40, 0x1a, 0x2, 0x10}, &(0x7f0000000d80)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000000dc0)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000000e00)={0x40, 0x21, 0x1, 0x7f}})
ioctl$XFS_IOC_START_COMMIT(r0, 0x80585882, &(0x7f0000000f00)={<r4=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000f80)={0xc, 0x7, {0xffffffffffffffff}, {<r5=>0xffffffffffffffff}, 0x9, 0x400})
r6 = geteuid()
mount$fuse(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380), 0x112000, &(0x7f0000000fc0)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, r5}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@default_permissions}, {@default_permissions}, {@default_permissions}, {}, {@max_read={'max_read', 0x3d, 0x4}}], [{@fsuuid={'fsuuid', 0x3d, {[0x65, 0x63, 0x32, 0x64, 0x37, 0x36, 0x39, 0x55], 0x2d, [0x31, 0x63, 0x32, 0x33], 0x2d, [0x66, 0x34, 0x38, 0x32], 0x2d, [0x64, 0x62, 0x31], 0x2d, [0x63, 0x31, 0x35, 0x33, 0x37, 0x35, 0x37, 0x62]}}}, {@euid_gt={'euid>', r6}}, {@pcr={'pcr', 0x3d, 0x3e}}]}})
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="80000000", @ANYRES16=r7, @ANYBLOB="01000000000200000000410000003400088030000080080009800400008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c35000300b08073e8d44e91e3da922c22438244bb885c69e269c8e9d835b114293a4ddc6e140002007767300000000000000000000000000003f01c8cd2b9f912571e778875b42a31814e317cf0b63ad1f0334531512a38ea99f2afcf362a4545d387ccc7d3905436579fb02bccc4e99dd0d40b5a672d1a515a14c4e8982f5cd5ec8635045defb5609af113a11815995105dd7b48bbb52f48695398d343cd47228a0fe4eca57bae44c9ff02dc40933695ca097fe0340a7545e65f73afbed895c6c9323383b8fdd0fbd0035444f501ffe6d56ceb9e1c99d90b38c32b589277dfb38e2aa408bdff2fb853539c94594d2a5e89573f7abd8be699c0f8b77698fd2f09578c81ebc32ef7dd35cd8f8c4c3656470ae56e1f2fc2ab4f5fd96ae22b7ce570515e7e5a3000bb00892521c98ad6cda02c2bb1addfcdb8cf52afa891f87b63"], 0x80}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r8, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd87, 0x0, 0x100000}, &(0x7f0000000240)=0x40)
socket$nl_generic(0x10, 0x3, 0x10)
r9 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0xa, r9, &(0x7f0000000300)='asymmetric\x00', &(0x7f00000002c0)='id\x03\x00\x00\xcc\xd0x\x00\x9e\x00\x00\x00\x00\x00')
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
munmap(&(0x7f0000000000/0x4000)=nil, 0x4000)
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r10, 0x11c, 0x1, &(0x7f00000017c0)=""/218, &(0x7f00000018c0)=0xda)
ioctl$XFS_IOC_SWAPEXT(r10, 0xc0c0586d, &(0x7f0000001140)={0x0, r0, r4, 0x2, 0x4, '\x00', {0x4, 0x8f, 0xfff2, 0x0, 0x966, 0x0, 0x5, 0x2, {0xea, 0x1}, {0x80000001, 0x7}, {0x7fffffff, 0x92}, 0x8, 0x1, 0x3, 0x5, 0x4, 0xa, 0x101, 0x1000, 0x9, 0x200, '\x00', 0x1, 0x8, 0x54, 0x5}})
r11 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r11, 0x114, 0x3f, &(0x7f00000008c0), 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x2e, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES64=r1, @ANYBLOB="010040000000000002034400000008000300", @ANYBLOB="648616b9524670e389c86019bd968e0427d30d3a57c44f59fc4518aaeee3744ce4dd4d42679d90ac44579ef07df11ef30881a247b7a5e4dec826d05282979b28022fa94b09db26df93900cfa22aa5e504c672c6f136a36a4b52ecfb52ebe7a3588208b04ce2e91bef82ed4e3511791306ced0d42e96641b8", @ANYBLOB="0000000400"/15], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

5m27.531922789s ago: executing program 1 (id=4177):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmsg$NFT_BATCH(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELFLOWTABLE={0x27c, 0x18, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0xa0, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x54, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_vlan\x00'}, {0x14, 0x1, 'veth1_virt_wifi\x00'}, {0x14, 0x1, 'bond_slave_1\x00'}, {0x14, 0x1, 'ipvlan1\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x40, 0x3, 0x0, 0x1, [{0x14, 0x1, 'pimreg0\x00'}, {0x14, 0x1, 'wlan1\x00'}, {0x14, 0x1, 'geneve0\x00'}]}]}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3800000}]}, @NFTA_FLOWTABLE_HOOK={0x120, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vcan0\x00'}, {0x14, 0x1, 'bridge_slave_1\x00'}]}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x355}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0xcc, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_team\x00'}, {0x14, 0x1, 'veth0_virt_wifi\x00'}, {0x14, 0x1, 'veth0_vlan\x00'}, {0x14, 0x1, 'ip6erspan0\x00'}, {0x14, 0x1, 'syz_tun\x00'}, {0x14, 0x1, 'team_slave_1\x00'}, {0x14, 0x1, 'veth0_to_batadv\x00'}, {0x14, 0x1, 'wg2\x00'}, {0x14, 0x1, 'wlan0\x00'}, {0x14, 0x1, 'gretap0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_HOOK={0x78, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'bridge0\x00'}]}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x11d}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'gretap0\x00'}, {0x14, 0x1, 'syzkaller0\x00'}]}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0_to_batadv\x00'}]}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}]}], {0x14}}, 0x2a4}, 0x1, 0x0, 0x0, 0x84}, 0x80) (fail_nth: 2)

5m27.10024042s ago: executing program 1 (id=4180):
socket$alg(0x26, 0x5, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x4)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r1)
ppoll(0x0, 0x0, &(0x7f0000000140), &(0x7f0000000180)={[0x903]}, 0x8)
recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)

5m27.003337497s ago: executing program 1 (id=4181):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$KDGKBDIACR(r0, 0x4b4a, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x100)
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00')
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="f00000001a0007002abd7000000000007f000001000000000000000000000000e0000001000100000000000000000000ffff00004e2200000000000002000000fdc7538ba5507662af866327ef19973b7971d14cb6272a5da7964480646d395ad9fddaa89490ebd922d90a574958", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000000000000000001000000002b000000fc0000000000000000000000000000015a0000000000000000b40000000000000200000000000000010000007ffffffe0000000000000000000006000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000fdffffffffffffff0000040000000000e80a000000000000000000000a0002007000000000000000"], 0xf0}}, 0x0)
setresuid(0xee01, r1, r1)
setresuid(r1, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002f40)=ANY=[@ANYRESDEC=r4], 0x624}], 0x1, 0x0, 0x0, 0x24024440}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1) (async)
ioctl$KDGKBDIACR(r0, 0x4b4a, 0x0) (async)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x100) (async)
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='./file0\x00') (async)
socket$nl_xfrm(0x10, 0x3, 0x6) (async)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) (async)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) (async)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="f00000001a0007002abd7000000000007f000001000000000000000000000000e0000001000100000000000000000000ffff00004e2200000000000002000000fdc7538ba5507662af866327ef19973b7971d14cb6272a5da7964480646d395ad9fddaa89490ebd922d90a574958", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000000000000000001000000002b000000fc0000000000000000000000000000015a0000000000000000b40000000000000200000000000000010000007ffffffe0000000000000000000006000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000fdffffffffffffff0000040000000000e80a000000000000000000000a0002007000000000000000"], 0xf0}}, 0x0) (async)
setresuid(0xee01, r1, r1) (async)
setresuid(r1, 0x0, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002f40)=ANY=[@ANYRESDEC=r4], 0x624}], 0x1, 0x0, 0x0, 0x24024440}, 0x0) (async)

5m25.860251551s ago: executing program 4 (id=4183):
r0 = openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_DISALLOCATE(r1, 0x5608)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)

5m23.844246212s ago: executing program 1 (id=4190):
syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
syz_open_procfs(0x0, &(0x7f0000000300)='net/icmp\x00')
socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f0000000540), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20000)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x73, 0x2, 0x2, 0x4002804c4, 0x9, 0x8000000000000000, 0xc595, 0x0, 0x4, 0xefffffffffffffff, 0x2000000000000000, 0x5, 0x8d], 0xeeee8000, 0x2002d3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5m23.647918998s ago: executing program 1 (id=4192):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$l2tp6(0xa, 0x2, 0x73) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff}) (async)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}}) (async)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r2, @ANYRESHEX=r3], 0x15) (async)
setsockopt$inet6_tcp_int(r0, 0x6, 0x3, &(0x7f0000000040)=0x80000000, 0x4) (async)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})

5m10.50503524s ago: executing program 33 (id=4183):
r0 = openat$userfaultfd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_DISALLOCATE(r1, 0x5608)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0)

5m8.602856406s ago: executing program 34 (id=4192):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$l2tp6(0xa, 0x2, 0x73) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) (async)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff}) (async)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_9p2000}]}}) (async)
write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="150000006bffff", @ANYRES16=r2, @ANYRESHEX=r3], 0x15) (async)
setsockopt$inet6_tcp_int(r0, 0x6, 0x3, &(0x7f0000000040)=0x80000000, 0x4) (async)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})

2m29.916344115s ago: executing program 2 (id=5067):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a14000000020a050000000000000000000000000514000000140a0300000000000000000003000000140000001100010000000000000000000000000a373af69ea0c9e5a32f83c36fbb5971c80a803fc3da8e95bcc652dc7efa26b948b9ad292f9c22327764e9d7c86b732a1588bf7a13ddf7d7537173fcba78f98aea041f947f644c8217b27418e8b331737f54dac8bc9037c87a9106a2353d4208337b64bd0be37862be03973d635fa0b9967e843f6e8ec4bc056c2fc2d9dd53dd324bc023102ef5a35645aba01081ae556123aff26f3d93ef717ed46b54f1f9ea274277730d726549eadd313685c1cca9e03e417f7f5c7eeccb74ef1eca5ed2b7a5a50b3d"], 0x50}}, 0x0)

2m29.833344514s ago: executing program 2 (id=5068):
ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000000)={0x3, @meta={0x4f31434d, 0x210e6687, 0x82a6, 0xa58, 0x7bded2af}})
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x600180, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000140))
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180), 0x24040, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f00000001c0))
r2 = syz_open_dev$vcsa(&(0x7f0000000200), 0xd, 0x0)
getsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000240), &(0x7f0000000280)=0x4)
connect$llc(r2, &(0x7f00000002c0)={0x1a, 0x336, 0x4, 0x0, 0x4, 0x6, @local}, 0x10)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x100000, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000340)={<r4=>0x0, @in6={{0xa, 0x4e24, 0x302c0c2d, @loopback, 0x9}}}, &(0x7f0000000400)=0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000440)={r4, 0xcb, "2877db585edd103b44edd7bbba04a11c8d09898656be0938db8504d871536684df5eaa2352f4e0f0a7322366761b513d6a8a913ae9641d7a90cc005a0f3ba8fa7366e83ca339077cf24fcf2017528fbc91ad5cec44ddc3c206059e3a8440cee7f854fca6bda5d22c1e9f0f253bf7f61f1e6271a7db749685d9b33f80c7c8dea9010c6b440f3f1a4a57c01dc89970b7d3795760328d08286d97d7bf447178472a27e7424f8936cd183dc0fcef2443893504b9347b992f3c2988a063ec1033b3f2fcbae50463f7534f439d88"}, &(0x7f0000000540)=0xd3)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r2)
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x38, r5, 0x400, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x810)
r6 = syz_open_procfs(0x0, &(0x7f00000006c0)='net/stat\x00')
ioctl$IOMMU_VFIO_IOAS$GET(r6, 0x3b88, &(0x7f0000000700)={0xc, <r7=>0x0})
ioctl$VIDIOC_DECODER_CMD(r2, 0xc0485660, &(0x7f0000000740)={0x2, 0x1, @stop_pts=0x7})
read$FUSE(0xffffffffffffffff, &(0x7f00000007c0)={0x2020}, 0x2020)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r2, 0xf50f, 0x0)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000000)
syz_usb_connect(0x0, 0x348, &(0x7f0000002800)={{0x12, 0x1, 0x110, 0xfb, 0xc3, 0xff, 0x20, 0x12d1, 0x1464, 0xb717, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x336, 0x2, 0x7f, 0x9, 0xd0, 0x5, "", [{{0x9, 0x4, 0xa7, 0xd, 0xc, 0xff, 0xff, 0xff, 0x7, [@uac_as], [{{0x9, 0x5, 0x80, 0x10, 0x400, 0x3, 0x3b, 0x47}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0xfc, 0xe9, 0xc0}}, {{0x9, 0x5, 0x0, 0x3, 0x0, 0x9, 0x8, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xb, 0xe0}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0x6, 0x7f, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x2, 0x4}, @generic={0x93, 0x24, "984bbf4c81d360af5b1a6fdbbe46657cb1dca3398155ed11695a32b429f90b3e1aaaab5e5c9c1ca77742456f8cb69caf996dc6fed512a933f0dace220a3f0287d4995ef2c94b0c6487e46587b962b19aaf6393ce13ba85d269cc6ce583d86da8ff92b9e49be75de0b8d6aa882d80c0c11241f2681ac37a4a5c83e5eda36f25661ab9b2d56ec3bcb4f45b9b269fabeec6ab"}]}}, {{0x9, 0x5, 0x9, 0x26, 0x40, 0x4, 0xf, 0x4}}, {{0x9, 0x5, 0x0, 0x10, 0x8, 0x4, 0xff, 0x77}}, {{0x9, 0x5, 0xa, 0x0, 0x400, 0x7, 0x9, 0xf1}}, {{0x9, 0x5, 0xb, 0x1, 0x400, 0x8, 0x2, 0x1, [@generic={0xdd, 0xd, "36f01e7fb1ad3ae5033715c01cb86e7ce896e9386abbeab230d61104cd8265f9dd60e10328402ce91463ca5b3f2a7e85fdf67acead94796f36e5d7457abdeb22324715a263afbdd035af0a64b64cb38b9e981608469fa123736e4722dddce884d4ebf7d693a230c96a95863811f4a419708419be08eea086bd908fae12b2334e8ac083507b4d167497b77471ccbe59f40240aa86bcd8278ace842675516518952f9d8212d383703c2fe2674f888c007bae73761aca6642df1e4e4f5bc8ccd227c8e7977bf3270850da8ab5fd91b2d973fef71a3e376d6fc820cb1a"}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0x9, 0xfffc}]}}, {{0x9, 0x5, 0xc, 0x4, 0x40, 0x80, 0x4, 0xe}}, {{0x9, 0x5, 0x1, 0x2, 0x200, 0x1, 0x4}}, {{0x9, 0x5, 0x9, 0x2, 0x400, 0x7f, 0x9, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x7, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x2}]}}, {{0x9, 0x5, 0xb, 0x3, 0x3ff, 0x3, 0x8, 0xf1, [@generic={0x57, 0x23, "59f91e16bb32ef473cb22de7c5d82b85872b5290c2c16e252d5f2a81271d8769c15cae45d06bda25b0929344827d214b811203d75cff94611a8aefcc5d98d124be1e8580c783630d3627e1eeb4b89570db72f9161b"}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x7, 0x7}]}}]}}, {{0x9, 0x4, 0x9, 0xf0, 0x9, 0x1c, 0x14, 0x62, 0x7, [@uac_control={{0xa, 0x24, 0x1, 0x1, 0x13}, [@processing_unit={0x9, 0x24, 0x7, 0x2, 0x1, 0x2, "97dd"}]}, @uac_control={{0xa, 0x24, 0x1, 0xfff, 0x11}, [@mixer_unit={0x7, 0x24, 0x4, 0x1, 0x1, '%d'}]}], [{{0x9, 0x5, 0x14, 0x4, 0x400, 0xfc, 0x8, 0x6}}, {{0x9, 0x5, 0xb, 0x4, 0x20, 0xff, 0x8, 0x5}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0x4, 0x1b, 0x7}}, {{0x9, 0x5, 0x4, 0x1, 0x20, 0x7, 0xf8, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x86}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x4, 0x8662}]}}, {{0x9, 0x5, 0x7, 0x0, 0x40, 0xae, 0xd}}, {{0x9, 0x5, 0xe, 0x0, 0x40, 0x8, 0x1, 0x9}}, {{0x9, 0x5, 0x7, 0x8, 0x3ff, 0x7, 0x2, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xfc, 0x49}]}}, {{0x9, 0x5, 0xb, 0xc, 0x20, 0x8c, 0x5, 0x4}}, {{0x9, 0x5, 0x14, 0x0, 0x400, 0x3, 0x0, 0x6a, [@generic={0x34, 0xb, "83e73c32f562626aa81aac2d8efc00cf9a20c1f8270b54b05269308a36a18d4f79d8832c7deb261b7b7417dfaaf55e6f48e1"}]}}]}}]}}]}}, &(0x7f0000003100)={0xa, &(0x7f0000002b80)={0xa, 0x6, 0x200, 0x7f, 0x3, 0xc4, 0x10, 0x9}, 0xcd, &(0x7f0000002bc0)={0x5, 0xf, 0xcd, 0x6, [@generic={0x2b, 0x10, 0x4, "6b032eb1f1b5328f2a8eaf878269e62a4b717daa2a5a1fcf701e0cbf902e4f5e1bb521e854af4095"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x0, 0x4a, 0x3}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0xf, 0x9, 0xc8}, @ext_cap={0x7, 0x10, 0x2, 0xa, 0xc, 0x9, 0x7}, @ptm_cap={0x3}, @generic={0x82, 0x10, 0x3, "31c51cda0528f1c93e4a6b6d49852b0ca1cd65b747104724ad733a0cd9d495d31858a7691a236c902c3864d5fb0cda5286375d88eaad2ec381ae2764d90dfc9c9e2246866c8e63b570027aae92085f1265c3ba4ffd37fc308c338464a1519baaf9020dba956d7fe66f58c4d67d94ddf7c8f028f98c076d985e96d00f4e8c7a"}]}, 0x9, [{0xcd, &(0x7f0000002cc0)=@string={0xcd, 0x3, "402e89116d59e987feee36e7784006e25471f864028ada6e70498112bbcacd2543b025f6b16b3302eaa2daca471721f70874ddd4389b8833f580e05054032e1a29cf082642a6fa43074f74d679c18005087abc26cecf9780e75d7797821353b48256cff2acda1e8ddeff07acf19554a155dff31d99941c66baa9a7060b32e15929346e80badecf92502865d82cbda6a7a94a262a45ca05baebfce1316245217b5066c806424140fb1a38db43ac43910896900bc0dd98c986ecffcd7b708f6cb940ef0c73ba6cfca31c0ce9"}}, {0x4, &(0x7f0000002dc0)=@lang_id={0x4, 0x3, 0x43e}}, {0x4, &(0x7f0000002e00)=@lang_id={0x4, 0x3, 0x801}}, {0x4, &(0x7f0000002e40)=@lang_id={0x4, 0x3, 0x2c09}}, {0x4, &(0x7f0000002e80)=@lang_id={0x4, 0x3, 0x1401}}, {0x101, &(0x7f0000002ec0)=@string={0x101, 0x3, "0cfab557269009bb6407a0a86880d02a2de647285226ca86dc81461c8a14bc366a07ee45b45d7ed7828910bd0c3059919e77ade2a4945468ecbdb01b08fbbef155b032279f4faa7986e8c8c441c1f2bb403a175769ddbd927981ca64e13f9558765b364b5383b420cf5c5f33b5f22e7cadee79bf48f66caa5f274a2c45da8f27ae37bc924da3fba764c3ecf3439572575f7ed194e0c01e920ed844841fc6d614c2cda724c9f85573c88489fc1ec25f1f3ddc4204979902ff398377115747f6975b50da2d7bea9ae6ff4e299f4d190b5d42f0f3b97ea03591eb7a7fc0f21d67569ee4d6723a37d145b03d346c389355e0be723eae17a122cc6c378b2f65e67c"}}, {0x4, &(0x7f0000003000)=@lang_id={0x4, 0x3, 0x426}}, {0x59, &(0x7f0000003040)=@string={0x59, 0x3, "6856a7cc01bb5ce0120dff8faa2d28f534d90c3d7bdd05806c7f85da1178b5a002f443eeedc93207a6118b3bc90c3a37fa1238bac262f0b1dd709df4918b651c49e49f6c9c0f8cffa934345ae418f96c582189173f8699"}}, {0x4, &(0x7f00000030c0)=@lang_id={0x4, 0x3, 0x4c0a}}]})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f00000031c0)={0x28, 0x3, r7, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xfffffffffffffff1})
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000003200), 0x115002, 0x0)
sendmsg$802154_raw(r3, &(0x7f00000033c0)={&(0x7f0000003240)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000003380)={&(0x7f0000003280)="d2e85c40cf9e1d3dcf40d67a6ba6ea5d4a9de44fd3428b70df9818540f83220045eae2a41b90fb791fbeef4b0825a508244a6a6bbe49cb169361d1fa6aa16803f4dd8e67fd892199d39eab98e7c71cf33723bf51909841bd33b51171d6c468dcd2fbdc0ef1945168c214bd6140920ad61b026d2e2fb6375a1f317345baa263eb442833fabfb806464889080c8533a80a4257d0c53e16491f9915c0a15a426d6ce05f542e4ae94747462e6a76f128f82ac1eae54752a3177e5f177afde53018a419c67a8754b8c57dcc74944875109eb0a358e9c807934f27214efb5f5132d7981191b1f5699431a8d2508ebcb5ff7128cbef707fdd", 0xf5}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
connect$unix(r2, &(0x7f0000003400)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000034c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f0000003840)={&(0x7f0000003480)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000003800)={&(0x7f0000003500)={0x300, r5, 0x400, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r8}, @val={0xc, 0x99, {0x401, 0x78}}}}, [@NL80211_ATTR_PBSS={0x4}, @NL80211_ATTR_HE_OBSS_PD={0x40, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x5, 0x1, 0x12}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x5}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0xa}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xc, 0x4, "e42f3fc29fe74a3a"}, @NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET={0x5, 0x1, 0x5}]}, @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x1}, @NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_TX_RATES={0x284, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x6c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xb861, 0x40, 0xb01, 0x3, 0x2, 0x717, 0x0, 0x3]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x9, 0x16, 0x5, 0x30]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1c00, 0x7, 0x10, 0x647, 0x9, 0x4, 0x3, 0x800]}}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x24, 0xc, 0x3d, 0x12, 0x16, 0x36, 0xc, 0x36, 0x6, 0x2, 0x30, 0xc, 0x30, 0xb, 0x60, 0x6, 0x6, 0x6, 0x5, 0x24, 0x48, 0x5]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x2, 0x4000, 0x9, 0x80, 0x3, 0x0, 0x5]}}]}, @NL80211_BAND_6GHZ={0x34, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x7, 0x8, 0xfff, 0x7, 0x1, 0x6, 0x4]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0x84e, 0x1, 0x6, 0x5, 0x3, 0x6d0, 0xb]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_6GHZ={0x6c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x8, 0x7, 0x6, 0xed7, 0x4, 0x8001, 0x439c]}}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x4, 0x6, 0xb, 0x36, 0x3c, 0x48, 0x1, 0x6c, 0xb, 0x2, 0x9, 0x24, 0xc, 0x12]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2800, 0x5, 0x4, 0x401, 0x6f7a, 0x21, 0x3, 0x27a]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x7f, 0x81, 0x3, 0x1ff, 0xca9, 0x60be, 0x5]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_60GHZ={0x38, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x12, 0x1, [0x12, 0x6c, 0x1b, 0x18, 0x24, 0x18, 0x9, 0x48, 0x1, 0x1b, 0x2, 0x12, 0x48, 0x24]}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x3, 0x1}, {}, {0x4, 0x8}, {0x0, 0x6}, {0x5}, {0x6, 0x1}, {0x4, 0xa}, {0x2, 0xa}, {0x5, 0x2}, {0x7}, {0x7, 0xa}, {0x6, 0x7}, {0x5, 0x1}, {0x4, 0x9}, {0x1, 0x8}, {0x0, 0x9}, {0x1}, {0x2, 0x4}, {0x7, 0x2}, {0x4, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}, @NL80211_BAND_6GHZ={0xac, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x5, 0x9, 0x9, 0x7fff, 0x6, 0x5, 0x10]}}, @NL80211_TXRATE_HT={0x34, 0x2, [{0x5, 0xa}, {0x0, 0x4}, {0x1, 0x1}, {0x6, 0x3}, {0x3, 0x7}, {0x3, 0x6}, {0x1, 0x8}, {0x7, 0x5}, {0x5, 0xa}, {0x2, 0x5}, {0x1, 0x7}, {0x5, 0x4}, {0x4, 0x4}, {0x4, 0x5}, {0x2, 0x5}, {0x6, 0x1}, {0x0, 0x7}, {0x2, 0x7}, {0x3, 0x8}, {0x0, 0x6}, {0x7, 0x5}, {0x5, 0x5}, {0x1, 0x8}, {0x4, 0x3}, {0x5, 0x3}, {0x4, 0x3}, {0x5, 0x3}, {0x6, 0x4}, {0x3, 0x9}, {0x6, 0x3}, {0x3, 0x5}, {0x5, 0x2}, {0x7}, {0x3}, {0x2, 0x6}, {0x1, 0x4}, {0x5, 0x4}, {0x5, 0x8}, {0x6, 0x9}, {0x6, 0x9}, {0x0, 0x2}, {0x0, 0x3}, {0x6, 0x2}, {0x5, 0x9}, {0x1, 0x8}, {0x7, 0x4}, {0x7, 0x4}, {0x1, 0x2}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xabe, 0x9a, 0x8001, 0x6, 0x6, 0x6f4, 0xfff, 0x3eca]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x9, 0x3, 0x8, 0x1, 0x5, 0x1, 0xe]}}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x12, 0x18, 0x60, 0x6]}, @NL80211_TXRATE_HT={0x1e, 0x2, [{0x5, 0x6}, {0x1}, {0x4, 0xa}, {0x7, 0x5}, {0x7, 0x5}, {0x2, 0x9}, {0x7, 0x1}, {0x4, 0x9}, {0x6, 0x9}, {0x2, 0xa}, {0x6, 0x9}, {0x0, 0x4}, {0x7, 0x7}, {0x1, 0x3}, {0x4, 0x1}, {0x0, 0x5}, {0x1, 0x7}, {0x5, 0x6}, {0x7, 0x3}, {0x2, 0x5}, {0x7, 0x6}, {0x7, 0x8}, {0x2, 0x5}, {0x2, 0x2}, {0x0, 0x4}, {0x4, 0x7}]}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x1, 0x9, 0x6, 0x0, 0x2, 0x3, 0x7]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x5c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xbe, 0x9, 0x4, 0xb, 0xffff, 0x7, 0x7, 0x2]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x2, 0xdbb, 0x4, 0x778c, 0x81, 0x0, 0x4]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0xfffb, 0x80, 0x5, 0x6, 0x2, 0x6, 0xaf]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xff, 0x1, 0x5, 0x400, 0x9, 0xffff, 0x3, 0x6]}}]}]}]}, 0x300}}, 0x20000000)

2m28.580537767s ago: executing program 2 (id=5071):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./cgroup\x00', &(0x7f0000000100)='gfs2meta\x00', 0x21c051, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000340)={{}, {0x1, 0x6}, [], {0x4, 0x5}, [], {0x10, 0x3}}, 0x24, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d0800fe007c05e8fe55a115000100ff00142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x5}}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
mbind(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4001, 0x0, 0x1, 0x0)
setreuid(0xffffffffffffffff, 0xee01)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r0, 0x80184132, &(0x7f0000000040))
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x800, 0xbbba, 0x0, 0x18, 0x0, {0x1}, {0xfffffffe, 0xfffffffd, 0xfffffffe}, {0x9, 0x3}, {0x1}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x0, 0x400, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x100, 0x2, 0x1})
ioctl$RTC_UIE_ON(r4, 0x7003)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12014101f2c59620d016b8108ede0102030109022400010000100009040002020083ec0009050602000202000a09058202"], 0x0)
r6 = socket$kcm(0x1e, 0x5, 0x0)
sendmsg$kcm(r6, &(0x7f0000000540)={&(0x7f0000000280)=@tipc=@nameseq={0x1e, 0x1, 0x2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)="80", 0x1}], 0x1}, 0x44)
recvmsg(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000005c0)=""/205, 0xcd}], 0x1, &(0x7f0000000140)=""/19, 0x13}, 0x40000010)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
r8 = dup(r7)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r7, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r9 = dup(r7)
setsockopt$SO_BINDTODEVICE(r9, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c)
pipe2$9p(0x0, 0x0)
write$cgroup_pid(r8, 0x0, 0x0)

2m27.699579035s ago: executing program 2 (id=5083):
ioctl$vim2m_VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000000)={0x3, @meta={0x4f31434d, 0x210e6687, 0x82a6, 0xa58, 0x7bded2af}})
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x600180, 0x0)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000140))
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180), 0x24040, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f00000001c0))
r2 = syz_open_dev$vcsa(&(0x7f0000000200), 0xd, 0x0)
getsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000240), &(0x7f0000000280)=0x4)
connect$llc(r2, &(0x7f00000002c0)={0x1a, 0x336, 0x4, 0x0, 0x4, 0x6, @local}, 0x10)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1)
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300), 0x100000, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000340)={<r4=>0x0, @in6={{0xa, 0x4e24, 0x302c0c2d, @loopback, 0x9}}}, &(0x7f0000000400)=0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000440)={r4, 0xcb, "2877db585edd103b44edd7bbba04a11c8d09898656be0938db8504d871536684df5eaa2352f4e0f0a7322366761b513d6a8a913ae9641d7a90cc005a0f3ba8fa7366e83ca339077cf24fcf2017528fbc91ad5cec44ddc3c206059e3a8440cee7f854fca6bda5d22c1e9f0f253bf7f61f1e6271a7db749685d9b33f80c7c8dea9010c6b440f3f1a4a57c01dc89970b7d3795760328d08286d97d7bf447178472a27e7424f8936cd183dc0fcef2443893504b9347b992f3c2988a063ec1033b3f2fcbae50463f7534f439d88"}, &(0x7f0000000540)=0xd3)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r2)
sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x38, r5, 0x400, 0x70bd2a, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x2}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x810)
r6 = syz_open_procfs(0x0, &(0x7f00000006c0)='net/stat\x00')
ioctl$IOMMU_VFIO_IOAS$GET(r6, 0x3b88, &(0x7f0000000700)={0xc, <r7=>0x0})
ioctl$VIDIOC_DECODER_CMD(r2, 0xc0485660, &(0x7f0000000740)={0x2, 0x1, @stop_pts=0x7})
read$FUSE(0xffffffffffffffff, &(0x7f00000007c0)={0x2020}, 0x2020)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r2, 0xf50f, 0x0)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000000)
syz_usb_connect(0x0, 0x348, &(0x7f0000002800)={{0x12, 0x1, 0x110, 0xfb, 0xc3, 0xff, 0x20, 0x12d1, 0x1464, 0xb717, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x336, 0x2, 0x7f, 0x9, 0xd0, 0x5, "", [{{0x9, 0x4, 0xa7, 0xd, 0xc, 0xff, 0xff, 0xff, 0x7, [@uac_as], [{{0x9, 0x5, 0x80, 0x10, 0x400, 0x3, 0x3b, 0x47}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0xfc, 0xe9, 0xc0}}, {{0x9, 0x5, 0x0, 0x3, 0x0, 0x9, 0x8, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xb, 0xe0}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0x6, 0x7f, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x2, 0x4}, @generic={0x93, 0x24, "984bbf4c81d360af5b1a6fdbbe46657cb1dca3398155ed11695a32b429f90b3e1aaaab5e5c9c1ca77742456f8cb69caf996dc6fed512a933f0dace220a3f0287d4995ef2c94b0c6487e46587b962b19aaf6393ce13ba85d269cc6ce583d86da8ff92b9e49be75de0b8d6aa882d80c0c11241f2681ac37a4a5c83e5eda36f25661ab9b2d56ec3bcb4f45b9b269fabeec6ab"}]}}, {{0x9, 0x5, 0x9, 0x26, 0x40, 0x4, 0xf, 0x4}}, {{0x9, 0x5, 0x0, 0x10, 0x8, 0x4, 0xff, 0x77}}, {{0x9, 0x5, 0xa, 0x0, 0x400, 0x7, 0x9, 0xf1}}, {{0x9, 0x5, 0xb, 0x1, 0x400, 0x8, 0x2, 0x1, [@generic={0xdd, 0xd, "36f01e7fb1ad3ae5033715c01cb86e7ce896e9386abbeab230d61104cd8265f9dd60e10328402ce91463ca5b3f2a7e85fdf67acead94796f36e5d7457abdeb22324715a263afbdd035af0a64b64cb38b9e981608469fa123736e4722dddce884d4ebf7d693a230c96a95863811f4a419708419be08eea086bd908fae12b2334e8ac083507b4d167497b77471ccbe59f40240aa86bcd8278ace842675516518952f9d8212d383703c2fe2674f888c007bae73761aca6642df1e4e4f5bc8ccd227c8e7977bf3270850da8ab5fd91b2d973fef71a3e376d6fc820cb1a"}, @uac_iso={0x7, 0x25, 0x1, 0xc, 0x9, 0xfffc}]}}, {{0x9, 0x5, 0xc, 0x4, 0x40, 0x80, 0x4, 0xe}}, {{0x9, 0x5, 0x1, 0x2, 0x200, 0x1, 0x4}}, {{0x9, 0x5, 0x9, 0x2, 0x400, 0x7f, 0x9, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x7, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x2}]}}, {{0x9, 0x5, 0xb, 0x3, 0x3ff, 0x3, 0x8, 0xf1, [@generic={0x57, 0x23, "59f91e16bb32ef473cb22de7c5d82b85872b5290c2c16e252d5f2a81271d8769c15cae45d06bda25b0929344827d214b811203d75cff94611a8aefcc5d98d124be1e8580c783630d3627e1eeb4b89570db72f9161b"}, @uac_iso={0x7, 0x25, 0x1, 0x8, 0x7, 0x7}]}}]}}, {{0x9, 0x4, 0x9, 0xf0, 0x9, 0x1c, 0x14, 0x62, 0x7, [@uac_control={{0xa, 0x24, 0x1, 0x1, 0x13}, [@processing_unit={0x9, 0x24, 0x7, 0x2, 0x1, 0x2, "97dd"}]}, @uac_control={{0xa, 0x24, 0x1, 0xfff, 0x11}, [@mixer_unit={0x7, 0x24, 0x4, 0x1, 0x1, '%d'}]}], [{{0x9, 0x5, 0x14, 0x4, 0x400, 0xfc, 0x8, 0x6}}, {{0x9, 0x5, 0xb, 0x4, 0x20, 0xff, 0x8, 0x5}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0x4, 0x1b, 0x7}}, {{0x9, 0x5, 0x4, 0x1, 0x20, 0x7, 0xf8, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x86}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x4, 0x8662}]}}, {{0x9, 0x5, 0x7, 0x0, 0x40, 0xae, 0xd}}, {{0x9, 0x5, 0xe, 0x0, 0x40, 0x8, 0x1, 0x9}}, {{0x9, 0x5, 0x7, 0x8, 0x3ff, 0x7, 0x2, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0xfc, 0x49}]}}, {{0x9, 0x5, 0xb, 0xc, 0x20, 0x8c, 0x5, 0x4}}, {{0x9, 0x5, 0x14, 0x0, 0x400, 0x3, 0x0, 0x6a, [@generic={0x34, 0xb, "83e73c32f562626aa81aac2d8efc00cf9a20c1f8270b54b05269308a36a18d4f79d8832c7deb261b7b7417dfaaf55e6f48e1"}]}}]}}]}}]}}, &(0x7f0000003100)={0xa, &(0x7f0000002b80)={0xa, 0x6, 0x200, 0x7f, 0x3, 0xc4, 0x10, 0x9}, 0xcd, &(0x7f0000002bc0)={0x5, 0xf, 0xcd, 0x6, [@generic={0x2b, 0x10, 0x4, "6b032eb1f1b5328f2a8eaf878269e62a4b717daa2a5a1fcf701e0cbf902e4f5e1bb521e854af4095"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x0, 0x4a, 0x3}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0xf, 0x9, 0xc8}, @ext_cap={0x7, 0x10, 0x2, 0xa, 0xc, 0x9, 0x7}, @ptm_cap={0x3}, @generic={0x82, 0x10, 0x3, "31c51cda0528f1c93e4a6b6d49852b0ca1cd65b747104724ad733a0cd9d495d31858a7691a236c902c3864d5fb0cda5286375d88eaad2ec381ae2764d90dfc9c9e2246866c8e63b570027aae92085f1265c3ba4ffd37fc308c338464a1519baaf9020dba956d7fe66f58c4d67d94ddf7c8f028f98c076d985e96d00f4e8c7a"}]}, 0x9, [{0xcd, &(0x7f0000002cc0)=@string={0xcd, 0x3, "402e89116d59e987feee36e7784006e25471f864028ada6e70498112bbcacd2543b025f6b16b3302eaa2daca471721f70874ddd4389b8833f580e05054032e1a29cf082642a6fa43074f74d679c18005087abc26cecf9780e75d7797821353b48256cff2acda1e8ddeff07acf19554a155dff31d99941c66baa9a7060b32e15929346e80badecf92502865d82cbda6a7a94a262a45ca05baebfce1316245217b5066c806424140fb1a38db43ac43910896900bc0dd98c986ecffcd7b708f6cb940ef0c73ba6cfca31c0ce9"}}, {0x4, &(0x7f0000002dc0)=@lang_id={0x4, 0x3, 0x43e}}, {0x4, &(0x7f0000002e00)=@lang_id={0x4, 0x3, 0x801}}, {0x4, &(0x7f0000002e40)=@lang_id={0x4, 0x3, 0x2c09}}, {0x4, &(0x7f0000002e80)=@lang_id={0x4, 0x3, 0x1401}}, {0x101, &(0x7f0000002ec0)=@string={0x101, 0x3, "0cfab557269009bb6407a0a86880d02a2de647285226ca86dc81461c8a14bc366a07ee45b45d7ed7828910bd0c3059919e77ade2a4945468ecbdb01b08fbbef155b032279f4faa7986e8c8c441c1f2bb403a175769ddbd927981ca64e13f9558765b364b5383b420cf5c5f33b5f22e7cadee79bf48f66caa5f274a2c45da8f27ae37bc924da3fba764c3ecf3439572575f7ed194e0c01e920ed844841fc6d614c2cda724c9f85573c88489fc1ec25f1f3ddc4204979902ff398377115747f6975b50da2d7bea9ae6ff4e299f4d190b5d42f0f3b97ea03591eb7a7fc0f21d67569ee4d6723a37d145b03d346c389355e0be723eae17a122cc6c378b2f65e67c"}}, {0x4, &(0x7f0000003000)=@lang_id={0x4, 0x3, 0x426}}, {0x59, &(0x7f0000003040)=@string={0x59, 0x3, "6856a7cc01bb5ce0120dff8faa2d28f534d90c3d7bdd05806c7f85da1178b5a002f443eeedc93207a6118b3bc90c3a37fa1238bac262f0b1dd709df4918b651c49e49f6c9c0f8cffa934345ae418f96c582189173f8699"}}, {0x4, &(0x7f00000030c0)=@lang_id={0x4, 0x3, 0x4c0a}}]})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f00000031c0)={0x28, 0x3, r7, 0x0, &(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xfffffffffffffff1})
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000003200), 0x115002, 0x0)
sendmsg$802154_raw(r3, &(0x7f00000033c0)={&(0x7f0000003240)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000003380)={&(0x7f0000003280)="d2e85c40cf9e1d3dcf40d67a6ba6ea5d4a9de44fd3428b70df9818540f83220045eae2a41b90fb791fbeef4b0825a508244a6a6bbe49cb169361d1fa6aa16803f4dd8e67fd892199d39eab98e7c71cf33723bf51909841bd33b51171d6c468dcd2fbdc0ef1945168c214bd6140920ad61b026d2e2fb6375a1f317345baa263eb442833fabfb806464889080c8533a80a4257d0c53e16491f9915c0a15a426d6ce05f542e4ae94747462e6a76f128f82ac1eae54752a3177e5f177afde53018a419c67a8754b8c57dcc74944875109eb0a358e9c807934f27214efb5f5132d7981191b1f5699431a8d2508ebcb5ff7128cbef707fdd", 0xf5}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
connect$unix(r2, &(0x7f0000003400)=@abs={0x1, 0x0, 0x4e23}, 0x6e)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000034c0)={'wlan1\x00'})

2m26.375763316s ago: executing program 2 (id=5088):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000440)={0x2020}, 0x2020)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x1, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000003b80)={0x2020}, 0x2020)

2m25.459682976s ago: executing program 2 (id=5092):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000440)={0x2020}, 0x2020)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
unlinkat(r1, &(0x7f0000000140)='./cgroup/cgroup.procs\x00', 0x0)
r3 = fsmount(r2, 0x1, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000003b80)={0x2020}, 0x2020)

2m13.262857575s ago: executing program 5 (id=5170):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
writev(r2, &(0x7f0000001340)=[{&(0x7f00000000c0)="7f8eb9", 0x3}], 0x1)

2m12.372738373s ago: executing program 5 (id=5174):
writev(0xffffffffffffffff, &(0x7f0000000a00)=[{&(0x7f0000000300)="aaf9cbbebec1c21b2b97fe8378b1a6f9b362b0ce28d64dcae763a477474cd92e109fff8cbeb8da39e130c0e87879555d7d691c5ffa0ac0fa49a8957e4836da102348dff8d9bf765e0ac0d619a539ea3d1bf88e4ed805f6577386bc995636ac2cea14b9677bdfb1914b421322ef4e955bc5147abd6102bd0a10ee2e48b60974cdd83be5c49500f9b91f88934faad163a176b3a9e397069e026a81e8dc2d094d1ccf11663075c478f859ad127e9b4e7a57fb3b687a7028a38d612c45d10ae18ea4e356730bd5f16d03bd49200bb34d64d2a7b86ba5aef9f82143803c2eff377d13191b2201bbdcd953a6f40365c42d1dba0dbd4f199ab5447ff3d4a43c90cb5cebf0b33851e3e7e1d8fc9c23470ed8b99af94d0e2fa928c92ad57b8a411d39e08d6a347154ba5714dae3e3e5f6f2e634006b9bed44a08df2050dd90a4fab00e368fe552ebd1c3ec9884f7ced36521d94cb7462c54e1e6150445d75535d7777cdd4bd21cbebe7aa6c97866613122b8b938fc003f4e9196f75611c7c16e2354554fce9d84c21b7c1adcfdb51a1e3df4d167ca6c934564fef3929531eb1cc3ce256fb03fced3d8838def483c40a0d60b346848e8ce72ca24d3bbd9938ec7ae7be11631bccb7627edd71f7d0d4328d7dd1d264ae863bd7e272976ac6c56d3cce490e8863bfd04e3a100d02a589d2632ab53a3131a5e7770f33cd51ddc49374db0b9b9bb32fd4f5e41ca242a04f54cca872d1bbfe8c791d04ddec5b2974622f5fab7dc51888c804d84f360788a4102fe183976bc88ccf9f6640370aac22aef9c6817376031d9750943d8f71dadf79ee97f922cdf352353f67dc8caaaac0d995fde8723ec54021840fe07d7cdb5cf9cc0e1e70", 0x26f}], 0x1)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000200)=[{&(0x7f0000000140)="4addb4918f6e6c19426dd890c2cc06dae35f26f9fb3f4b6d6ba0e265a47598e446cd4f97945fb66bbd2e6781ed7b1d245d2ade57b35662c19148b55ed7708913d0ab3d8d0510cd84ed693d67880d048120ee37a9a2c5bfc949a53f41d208bb02d48c703ab4f8055bbf706893ad5cfa1ab9075120056936681de6bd0f4d0a27f3a5de40b80ab9cfa8f5766d3414f8a2f23f7f633e582a7df18caf30cd1487e93635b7f0c533d4262b55ef3c9af9ec93d6cbb8", 0xb2}], 0x1, &(0x7f00000002c0)=[@cred={{0x1c}}], 0x20, 0xc00c004}, 0x2863ffc5342fbdb0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$FUSE(r0, 0x0, 0x0)

2m12.268528129s ago: executing program 5 (id=5175):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0)
ioctl$EVIOCRMFF(r1, 0x550c, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x1b1c, 0xa18, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0x40, 0x5, "", [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x1, 0x3, 0x5f, {0x9, 0x21, 0x323, 0xff, 0x1, {0x22, 0xf8}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x8f, 0x5, 0x9}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0xfe, 0x21, 0xd}}]}}}]}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x201, 0x0, 0x6, 0x9, 0x10, 0xb3}, 0x4c, &(0x7f0000000100)={0x5, 0xf, 0x4c, 0x6, [@wireless={0xb, 0x10, 0x1, 0x8, 0x10, 0x7, 0x3, 0x5, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "c64b648f284606c8c0567120b15d2fdd"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x0, 0x9, 0x200}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x6, 0x4, 0x7}, @ssp_cap={0x14, 0x10, 0xa, 0x2, 0x2, 0x7, 0xf00, 0x9, [0xc0f0, 0xffc0cf]}, @ptm_cap={0x3}]}, 0x8, [{0xc5, &(0x7f0000000180)=@string={0xc5, 0x3, "d70e0ebd8fe6fce73889ec47a7668d52d98aa4d42c9bd3b2b2b276cdc8e088b946f2cd10231f8439c1d14040fdfe158fbb427acd2eedcb3015d69c9368787f01aaef186f14295a3732c99639452f30ff7fcea80f643ff6d03d64e36281e8d4ef82fa38e108b69fc07e2f8e17010b5c8820861b8dd5e35b6d81e6451846a75e64fd311c4e62bb10f22b38b779220a7425c66b0f122de33e2b511699d5a292f5d3e5ead3cf29ef4b61064d470f43a35a65da6042ee93de94ef2da33ccd4d5947b4352854"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x827}}, {0x46, &(0x7f00000002c0)=@string={0x46, 0x3, "2194ec1af59ad3dd40bd51a94ad32899fe52238c77e1e28ce6e880d418b7839c18fbe46ed81bdad9594812c32f21d55a660a73bb1af6000c6b55dfdd65146a500708d2f8"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x44d}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x43e}}, {0x2f, &(0x7f00000003c0)=@string={0x2f, 0x3, "5983907ca4f975f58dcde4f258fd1dc5c1f885c08cdb5005f54f6637f40d575710cdda0038fccf1c6b40d6dea4"}}, {0xdb, &(0x7f0000000400)=@string={0xdb, 0x3, "de861bce313ca9be4bf1579927d126ac6307a564a95959616d5dff7c7e0b50335f9beca6a8edcf20c350b9dc2e46af87aae2a525096c5e9ea3230d6439fc2326392281cb04b209002c52eb0b4b4536b9f22deaaf1296b813e6a83b9d04d79ea4d35681009f4c8993e5250f35baaa095c60560cd5a6f4c179fbf557698832dd818ebafde8ab675e74bff08dc950c1b29276a53ccb8b45d7dd6e2ef37c39a58679f8144898d790feafa44c447830a56bd7cdfe2cde9489974874ba1726c2dd67d3c0131637830be5ba8596c2fa3fd4bf9fa2c71f84e46c7f5bd1"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x403}}]})
syz_usb_control_io$hid(r3, &(0x7f0000000780)={0x24, &(0x7f00000005c0)=ANY=[@ANYBLOB="201e5f0000005f0b25ad68ee9129f20313137ec4bf0a90776e28c5cc0eca258f680ec8609b8bb0546dc3596e3eed94d95d183891f7d5de9e418e5f0600eeac7a90452d0c131fd4cd455e930a795169fcc9c7096f505243d92c5c3e42ed5c7254f7378fb47a"], &(0x7f0000000640)={0x0, 0x3, 0x7c, @string={0x7c, 0x3, "24507a763638c1d5fa13518c88504a8b9e1fecab8e26ce8f630956eb491115b42736c507917ce6729aaa894f2ffbe23b70b02f90417fbfd74c4a667851a0f7a706ec5b35d859e2b54ff96e83032f85c7c81ecb9a5a5fe3e717c1c7dc60b5f29354bcd300d0b22e401a72731d867617f7e5731b251c09e8680c75"}}, &(0x7f0000000700)={0x0, 0x22, 0xc, {[@main=@item_012={0x0, 0x0, 0xb}, @main=@item_4={0x3, 0x0, 0xc, "a5214f70"}, @global=@item_4={0x3, 0x1, 0x9, "23401dab"}, @main=@item_012={0x0, 0x0, 0xa}]}}, &(0x7f0000000740)={0x0, 0x21, 0x9, {0x9, 0x21, 0x7ff, 0x2, 0x1, {0x22, 0xb7a}}}}, &(0x7f0000000a00)={0x2c, &(0x7f00000007c0)={0x0, 0x17, 0xf4, "411be12ff4deb3076caac85015e7e2090293a6f086d3faf10678d1eb0a1f8c9039dd444ccfbcc270198a9e51313d29194325584270627865921fdf2696175babedf66d2c89ec5933898f0ff67726da3edd257f536db3fae650c709a9701f0a2912743751d976af99cbf2e26ee64cb173220c7b060928f3520846746dd356c964008bdcff5467a5a38b03f34c231428054391c8e5b2826aab6a23cba0bd6f6eb1e1e487634a5ac186c5274dffc5306027be03e60e33ec197bce818017519cb3d607d01374d4ba2b96f7efb9adce663780d20926429d802c5799215af4f6aeb64ec78dfcb3c74dc88c6124e97fbba6b64520554767"}, &(0x7f00000008c0)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000900)={0x0, 0x8, 0x1, 0xf8}, &(0x7f0000000940)={0x20, 0x1, 0x5a, "2bcfd4247db786194d2fb53e20bdc6ff4dae4fb0acbcde8d63fd1dfb25a0e449495c8ac6302e3e4bd6c3257a6495dd110bffff4ce81e81782f7b23413d2cc1e9184c01dae78dfa2da88705554940c65485651ae42e1128d19d55"}, &(0x7f00000009c0)={0x20, 0x3, 0x1, 0x67}})
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000001080)={0x200000, 0x200004, 0x0, 0x0, 0x0, 0x5})
recvfrom$inet_nvme(0xffffffffffffffff, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_int(r4, 0x29, 0x4a, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFBR(r5, 0x8941, &(0x7f0000000080)=@add_del={0x3, 0x0, 0x2a0ffffffff})
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

2m9.927367266s ago: executing program 35 (id=5092):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read$FUSE(r1, &(0x7f0000000440)={0x2020}, 0x2020)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
unlinkat(r1, &(0x7f0000000140)='./cgroup/cgroup.procs\x00', 0x0)
r3 = fsmount(r2, 0x1, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)
ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000003b80)={0x2020}, 0x2020)

2m9.894306606s ago: executing program 5 (id=5185):
write$tcp_mem(0xffffffffffffffff, &(0x7f000003eec0)={0x7fffffffffffffff, 0x20, 0x1, 0x20, 0x2}, 0x48)

2m9.600183683s ago: executing program 5 (id=5186):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5) (fail_nth: 1)

2m9.351471926s ago: executing program 5 (id=5187):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x2, 0x7f, 0x3)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)

1m54.046649163s ago: executing program 36 (id=5187):
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)
mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0x2, 0x7f, 0x3)
write$cgroup_subtree(r2, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)

4.467904088s ago: executing program 6 (id=5693):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
unshare(0x26020400)
r0 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
ftruncate(r0, 0x80079a3)
lseek(r0, 0x80000, 0x4)
r1 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x3)
write$binfmt_script(r1, &(0x7f0000000180)={'#! ', './file0', [{0x20, '\t\xbb\x9b\x81\xa61\xdd\xd6\xe6\xb3R\xb9\xdb?\xbe\xd3&n\xe2\xb6\xf5%\xb2\xdf\xf5\x83\xba[6=\x01p\xcd\x8ay\x0ez\\U\xae\x9fj@5q\xb2\x89\x00\x17\xe3\x82\x81\xbeS\xd8\x00\x1c\x10\xf8\xf3\xd4\xddI<\x03W\xbd\x9f\xfa\x032-{\x96{\x12\xddy\xb8\x0e\x00\xabx/\x9cb\xfe\xccO\x00\xf0\xf2\x9dZ\x19_\xc7\xf2\vI\x00\x00\x00\x00\x00\x00'}]}, 0x76)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x35, 0x0, 0x9, 0xfffefffe}, {0xc8, 0x0, 0x0, 0x3b03}, {0x6, 0x1}]})

4.182378741s ago: executing program 6 (id=5697):
socket(0x3, 0x1, 0x3a)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x40080, 0x0)
ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(r2, 0xc0186445, &(0x7f0000000240)={0x2, 0x6})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000080)=@x86={0x40, 0x1, 0x10, 0x0, 0x7, 0x6a, 0x10, 0x1, 0x0, 0x80, 0x10, 0x1, 0x0, 0xfffffffc, 0x7ff, 0x0, 0xdf, 0x6, 0x2, '\x00', 0x0, 0x2})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

4.084071327s ago: executing program 8 (id=5698):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x600, 0x1000000}) (fail_nth: 1)

3.960177848s ago: executing program 8 (id=5699):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x4}}}]}]}], {0x14}}, 0x7c}, 0x1, 0x0, 0x0, 0x24000890}, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='attr/sockcreate\x00')
writev(r0, &(0x7f00000006c0)=[{&(0x7f00000004c0)='\n', 0xffffffe6}], 0x1)

3.917040268s ago: executing program 8 (id=5700):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.empty_time\x00', 0x26e1, 0x0)
close(r0)
socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x2400c094)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c096)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000c40)=ANY=[@ANYBLOB="140000002400010026bd7000f3dbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

3.463643764s ago: executing program 6 (id=5701):
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/igmp6\x00') (async)
r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000))
connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
close_range(r1, 0xffffffffffffffff, 0x0) (rerun: 32)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000000)={{<r2=>0x0, 0x0, 0xffff, 0x665e03da, 0x3, 0xc0000000, 0x5, 0xa67, 0x9, 0xff, 0x9, 0x9, 0xb, 0xc30b, 0x8}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f00000000c0)={{r2, 0x5f28a9a4, 0x16, 0x1ff, 0x7207, 0x0, 0xfdf, 0x2, 0x7, 0x200, 0x2, 0x6, 0x80000001, 0x0, 0xffff}, 0x18, [0x0, 0x0, 0x0]})
preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x40000000, 0x0) (async)
timer_create(0x2, &(0x7f0000000400)={0x0, 0xe, 0x1, @thr={&(0x7f00000001c0)="f46d9d16cf350205c5f39a1242acd0a405af7c378b4e0f04dbec942bf73345299907c8b6f4958c667329d6966df4f8d7b8bcfa7a29c60ceb27ef2e30a738b0f9599d0dd584981eb755e4fef808528aeb865be4517f64393297ab98bfd9c53511ddfc70659289bd93656b92e3dacbd0023d4bec82f5032b081b1b8e731d75812fdfdbe8c330eee8546cf993e92d38782db8c79e8f8c5a0b95bf66f9c2ea4ce32daab4b511423b5c9f1b", &(0x7f0000000340)="be1c4f70ac14c23d47320c6793968b8c2759149f399c6aab860d5d0b722841492f432eaca40b4593d85983edfd15b5dbf1a58d0ef4a07263bb8c81dc5177c59df5a538ac5db9f92fbd11d1994b09528007bae75c88086ea74e80a9ade3cb578c4101bc98d4fbbecf78b40d85a30fa316a1cbb075aebcaae77cc2496adb5e32eb2467b9497ff9134a751c8e521c1b23b5db4142f938816fc865b39714e75ebb445b67c7b9cfa558c821fe37e1962975682ffb3d8920"}}, &(0x7f0000000440)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000480)={{0x77359400}, {0x0, 0x989680}}, &(0x7f00000004c0))
ioctl$VHOST_VDPA_GET_IOVA_RANGE(r0, 0x8010af78, &(0x7f0000000180))

3.33184204s ago: executing program 6 (id=5702):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"})

3.28228686s ago: executing program 6 (id=5703):
ioctl$VIDIOC_DECODER_CMD(0xffffffffffffffff, 0xc0485660, 0x0)
syz_usb_connect(0x0, 0x10d, &(0x7f0000002800)={{0x12, 0x1, 0x110, 0xfb, 0xc3, 0xff, 0x20, 0x12d1, 0x1464, 0xb717, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfb, 0x1, 0x7f, 0x9, 0xd0, 0x5, "", [{{0x9, 0x4, 0xa7, 0xd, 0x8, 0xff, 0xff, 0xff, 0x7, [], [{{0x9, 0x5, 0x80, 0x10, 0x400, 0x3, 0x3b, 0x47}}, {{0x9, 0x5, 0xd, 0x0, 0x400, 0xfc, 0xe9, 0xc0}}, {{0x9, 0x5, 0x0, 0x3, 0x0, 0x9, 0x8, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xb, 0xe0}]}}, {{0x9, 0x5, 0x7, 0x0, 0x20, 0x6, 0x7f, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0xc, 0x2, 0x4}, @generic={0x93, 0x24, "984bbf4c81d360af5b1a6fdbbe46657cb1dca3398155ed11695a32b429f90b3e1aaaab5e5c9c1ca77742456f8cb69caf996dc6fed512a933f0dace220a3f0287d4995ef2c94b0c6487e46587b962b19aaf6393ce13ba85d269cc6ce583d86da8ff92b9e49be75de0b8d6aa882d80c0c11241f2681ac37a4a5c83e5eda36f25661ab9b2d56ec3bcb4f45b9b269fabeec6ab"}]}}, {{0x9, 0x5, 0x9, 0x26, 0x40, 0x4, 0xf, 0x4}}, {{0x9, 0x5, 0x0, 0x10, 0x8, 0x4, 0xff, 0x77}}, {{0x9, 0x5, 0xa, 0x0, 0x400, 0x7, 0x9, 0xf1}}, {{0x9, 0x5, 0x1, 0x2, 0x200, 0x1, 0x4}}]}}]}}]}}, &(0x7f0000003100)={0xa, &(0x7f0000002b80)={0xa, 0x6, 0x200, 0x7f, 0x3, 0xc4, 0x10, 0x9}, 0xcd, &(0x7f0000002bc0)={0x5, 0xf, 0xcd, 0x6, [@generic={0x2b, 0x10, 0x4, "6b032eb1f1b5328f2a8eaf878269e62a4b717daa2a5a1fcf701e0cbf902e4f5e1bb521e854af4095"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x0, 0x4a, 0x3}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0xf, 0x9, 0xc8}, @ext_cap={0x7, 0x10, 0x2, 0xa, 0xc, 0x9, 0x7}, @ptm_cap={0x3}, @generic={0x82, 0x10, 0x3, "31c51cda0528f1c93e4a6b6d49852b0ca1cd65b747104724ad733a0cd9d495d31858a7691a236c902c3864d5fb0cda5286375d88eaad2ec381ae2764d90dfc9c9e2246866c8e63b570027aae92085f1265c3ba4ffd37fc308c338464a1519baaf9020dba956d7fe66f58c4d67d94ddf7c8f028f98c076d985e96d00f4e8c7a"}]}, 0x9, [{0xcd, &(0x7f0000002cc0)=@string={0xcd, 0x3, "402e89116d59e987feee36e7784006e25471f864028ada6e70498112bbcacd2543b025f6b16b3302eaa2daca471721f70874ddd4389b8833f580e05054032e1a29cf082642a6fa43074f74d679c18005087abc26cecf9780e75d7797821353b48256cff2acda1e8ddeff07acf19554a155dff31d99941c66baa9a7060b32e15929346e80badecf92502865d82cbda6a7a94a262a45ca05baebfce1316245217b5066c806424140fb1a38db43ac43910896900bc0dd98c986ecffcd7b708f6cb940ef0c73ba6cfca31c0ce9"}}, {0x4, &(0x7f0000002dc0)=@lang_id={0x4, 0x3, 0x43e}}, {0x4, &(0x7f0000002e00)=@lang_id={0x4, 0x3, 0x801}}, {0x4, &(0x7f0000002e40)=@lang_id={0x4, 0x3, 0x2c09}}, {0x4, &(0x7f0000002e80)=@lang_id={0x4, 0x3, 0x1401}}, {0x101, &(0x7f0000002ec0)=@string={0x101, 0x3, "0cfab557269009bb6407a0a86880d02a2de647285226ca86dc81461c8a14bc366a07ee45b45d7ed7828910bd0c3059919e77ade2a4945468ecbdb01b08fbbef155b032279f4faa7986e8c8c441c1f2bb403a175769ddbd927981ca64e13f9558765b364b5383b420cf5c5f33b5f22e7cadee79bf48f66caa5f274a2c45da8f27ae37bc924da3fba764c3ecf3439572575f7ed194e0c01e920ed844841fc6d614c2cda724c9f85573c88489fc1ec25f1f3ddc4204979902ff398377115747f6975b50da2d7bea9ae6ff4e299f4d190b5d42f0f3b97ea03591eb7a7fc0f21d67569ee4d6723a37d145b03d346c389355e0be723eae17a122cc6c378b2f65e67c"}}, {0x4, &(0x7f0000003000)=@lang_id={0x4, 0x3, 0x426}}, {0x59, &(0x7f0000003040)=@string={0x59, 0x3, "6856a7cc01bb5ce0120dff8faa2d28f534d90c3d7bdd05806c7f85da1178b5a002f443eeedc93207a6118b3bc90c3a37fa1238bac262f0b1dd709df4918b651c49e49f6c9c0f8cffa934345ae418f96c582189173f8699"}}, {0x4, &(0x7f00000030c0)=@lang_id={0x4, 0x3, 0x4c0a}}]})

3.029181047s ago: executing program 3 (id=5704):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, {0x14, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}, 0x1, 0x0, 0x0, 0x2000894}, 0x4000800)

2.868285695s ago: executing program 8 (id=5705):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000000)='/sys/kernel/warn_count', 0x0, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)
setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000002b80)='system.posix_acl_access\x00', &(0x7f00000005c0)=ANY=[@ANYBLOB="020000000200070000000000040004000000000010000600005c000020"], 0x24, 0x3)
finit_module(r0, 0x0, 0x6)
r1 = syz_usb_connect$uac3(0x3, 0x80, &(0x7f0000000440)=ANY=[@ANYBLOB="12010003000000408c0d020140000102030109026e000301046008080b00010124301d09040000000101"], &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_usb_control_io$uac3(r1, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r2, 0x84, 0x77, &(0x7f0000000000)="3a916a0000220200", 0x8)
syz_usb_control_io$uac3(r1, &(0x7f00000000c0)={0x14, &(0x7f0000000040)={0x0, 0x8, 0x37, {0x37, 0x24, "b83abf7f10e27d7d5acd651e7f4b93228eae442abdf6f3de72f2c3fc235a9c57ee4ef323521daf18e8b3e386341082291464dde2fa"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44d}}}, &(0x7f0000000380)={0x44, &(0x7f0000000100)={0x40, 0xe, 0x9a, "df2d86ce8a05d0fea8699aae9998fc11f5f935e93b81d87f3f53460c4567c11951dcafb67702db3546db21378f3491de579ee7553df7278ce59e14f40724b86229bdbd03edd5aad548163dba5f88234af5fbd134a4372bb2e79fe80d480e1bbd34b23a0c28529162394f46ecc8f61aa615c34239a21e3485201624cb473a561416927f836157cccd19ee3b04b918c95badad0b3ecfa8cd35eb8c"}, &(0x7f00000001c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000240)={0x20, 0x81, 0x1, "e5"}, &(0x7f0000000280)={0x20, 0x82, 0x1, 'n'}, &(0x7f00000002c0)={0x20, 0x83, 0x1, "ec"}, &(0x7f0000000300)={0x20, 0x84, 0x1, "b7"}, &(0x7f0000000340)={0x20, 0x85, 0x3, "c76f62"}})

2.642702046s ago: executing program 3 (id=5706):
r0 = socket(0xa, 0x5, 0x0)
getsockopt$inet_mreqn(r0, 0x29, 0x4, 0x0, &(0x7f0000000240))
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_dev$dri(&(0x7f0000000340), 0xf8c, 0x8000)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000640)={0x0, 0x4, 0x8})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000500)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x4, 0x2, 0x3, 0x5})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$AUTOFS_IOC_PROTOVER(r3, 0x80049363, &(0x7f0000000000))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
r4 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f00000000c0)=[{0x800000000, 0x2000000}, {0xfffffffffffffffc}], 0x2, 0xbfe, 0x38, 0x8, 0x70, 0x6e})

2.457822334s ago: executing program 3 (id=5707):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000800)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_FLOW_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}}}, {0x14, 0x1, 0x0, 0x1, @hash={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}, 0x1, 0x0, 0x0, 0x2000894}, 0x4000800) (fail_nth: 1)

2.261845496s ago: executing program 7 (id=5708):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x4}}}]}]}], {0x14}}, 0x7c}, 0x1, 0x0, 0x0, 0x24000890}, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='attr/sockcreate\x00')
writev(r0, &(0x7f00000006c0)=[{&(0x7f00000004c0)='\n', 0xffffffe6}], 0x1)

2.214107189s ago: executing program 7 (id=5709):
r0 = syz_open_dev$midi(&(0x7f0000000000), 0xb, 0x331000)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f0000000040))
r1 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f00000001c0)={<r2=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000240)={r2, &(0x7f0000000200)=""/32})
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
getsockopt$MRT(r3, 0x0, 0xcf, &(0x7f00000002c0), &(0x7f0000000300)=0x4)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r1, 0x4048587b, &(0x7f0000000940)={{<r4=>r0, &(0x7f0000000340)=':@\x00', 0x14302, &(0x7f0000000380)={@_ha_fsid={[0xfffff801, 0xa97f]}, {0x80e, 0x8, 0x8001, 0x7}}, 0x0, &(0x7f00000003c0)={@_ha_fsid}, &(0x7f0000000400)=0x7}, 0x6, &(0x7f0000000880)=[{0x1, 0x4, &(0x7f0000000440)='/sys/kernel/debug/binder/stats\x00', &(0x7f0000000480)="76c82ee593ce6e3e3f01fa1f0e123aac558a843e9f495d07c13719d95a369081223aa0705d6ce7ad61", 0x29}, {0x3, 0x3, &(0x7f00000004c0)='/dev/midi#\x00', &(0x7f0000000500)="69c2ba9aa2c3ba5391c48e5adb", 0xd, 0x2}, {0x2, 0x6, &(0x7f0000000540)='/dev/dri/renderD128\x00', &(0x7f0000000580)="f7599ca8334b0a866e6f29e856f1c20678e94a3d88800e7db4669fb1a825010aac5de7497a32f056b20366b61b407e4d0aeba808d299a1838acd290b53b3e604b2534357a97523c142d673a597eee7bf5089de2ad117a1f42aab42a8b99118b32cc7b52a", 0x64, 0x9}, {0x1, 0x1000, &(0x7f0000000600)='/dev/dri/renderD128\x00', &(0x7f0000000640)="1171f703031b1e3774bbae62756b1ee9324f125d900ec273a52613b8052502db8f503d830538c082aef07328b361850cb46454f8462178f3d390855d3e8cf0a4f7d9c8c66699124e7c5146a5a40fd281f3840ba439a0a0812dead018aab0be1758ad275191c30eabbb78dceb3cb7617683", 0x71, 0x32}, {0x3, 0x2, &(0x7f00000006c0)='({}-\x00', &(0x7f0000000700)="47ab66ecb2605288e5f496f210048033d11b63777abb919f05ba8b579a269b20d2038944317c56b09384c2737d7168fc34ae64ef69aa826f2749ad2e9161074a08cbf04cb7ce144f96cef2ee324e6ef91b72fe49917ca8e0304c2919dd420102d17f0c038687a9e7af7de6f4e15aebb9abd90f79aa16736eec85a1dd3a61044dbc1c633aaf1b71f582785e44c27714e968f6939d0bf30849c9dc874f0b79f8a6427e77450a6f505504399461aebc97e57f70087d6f57ab27759de685", 0xbc, 0x28}, {0x2, 0xff, &(0x7f00000007c0)='/sys/kernel/debug/binder/stats\x00', &(0x7f0000000800)="3b8164f0c01da7ae70298f7e74d91a2dff7bc6a0dc7fabfd4452276ed8c1cdc073b41814479b766c2401d783775e37325ec882f4db410290de824bd6491e4800ea2e9c5f53e05cc5c8bfd6a11e1cd09f08c77525fa5e", 0x56, 0x18}]})
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000009c0)={'vxcan1\x00', <r5=>0x0})
connect$can_bcm(r4, &(0x7f0000000a00)={0x1d, r5}, 0x10)
syz_emit_vhci(&(0x7f0000000a40)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x3, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_req={{0x6, 0x8, 0x4}, {0xd, 0x53}}}}, 0x11)
connect$can_bcm(r0, &(0x7f0000000a80)={0x1d, r5}, 0x10)
read$FUSE(r3, &(0x7f0000000ac0)={0x2020}, 0x2020)
r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002b40), r3)
sendmsg$IPVS_CMD_GET_INFO(r3, &(0x7f0000002d40)={&(0x7f0000002b00)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000002d00)={&(0x7f0000002b80)={0x14c, r6, 0x400, 0x70bd2b, 0x2, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv0\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x6c}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x29}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}]}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x87}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DEST={0x78, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@remote}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@empty}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x61ec}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x844}, 0x24004890)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002dc0), r4)
sendmsg$ETHTOOL_MSG_RINGS_SET(r3, &(0x7f0000002f00)={&(0x7f0000002d80)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000002ec0)={&(0x7f0000002e00)={0xa4, r7, 0x508, 0x70bd25, 0x25dfdbfc, {}, [@ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x80}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x8000}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0xc932}, @ETHTOOL_A_RINGS_HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8, 0x7, 0x7}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20000000}, 0xc0d0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002f80), r4)
sendmsg$NL80211_CMD_DEL_PMK(r3, &(0x7f0000003040)={&(0x7f0000002f40)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000003000)={&(0x7f0000002fc0)={0x2c, r8, 0x4, 0x70bd2c, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x800, 0x12}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x24008801)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r4, 0x810c5701, &(0x7f0000003080))
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000031c0)={0xaa, 0x80})
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000003240)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000003600)={&(0x7f0000003200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000035c0)={&(0x7f0000003280)={0x304, r8, 0x2, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x52, 0x7e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e9}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x39f}], @NL80211_ATTR_FRAME={0x41, 0x33, @action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x1}, @broadcast, @broadcast, @random="1193f552c382", {0xc, 0x5}, @value=@ver_80211n={0x0, 0x1, 0x1, 0x3, 0x0, 0x0, 0x1}}, @tdls_chsw_req={0xc, 0x5, {0x38, 0x9, @val={0x3e, 0x1}, {0x65, 0x12, {@initial, @broadcast, @device_b}}, {0x68, 0x4, {0x1, 0x13b7}}}}}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xa}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x7}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xad01}], @NL80211_ATTR_FRAME={0x22c, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0xe4}, @broadcast, @broadcast, @initial, {0x8}}, 0x8, @default, 0x1, @void, @void, @void, @val={0x4, 0x6, {0x3, 0x1, 0x3, 0x5}}, @val={0x6, 0x2, 0x3ff}, @val={0x5, 0x9e, {0x4, 0xe2, 0x1, "e702863244b4c9eaaf74d00927379d37f9d1019eb92535d84309c7fcf966e9882b6a181ee0f7e89f8abbe24346c0b27388fd5da795647d7a846c7948fe2f663d4e4fea1bc1fdfdda5ff7a0bcf7a9dc92e65c3f08e784100a4ffc5b5a8e8a85d90bd774bc31bafd16a7da018f6d611f104d4408fe3d66018cf374ac49f33d6549a5eb7677f0e7bd1010f20a8d87d33067da041057d8cd37f9ab77c1"}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, 0x2, 0x4, 0x1}}, @void, [{0xdd, 0x97, "16afceed44c257efffcd3688777a51979212b94bef4d44a24a968a5fce4846536003c89018d50ffb09190afe2d7b03ba14c8877d5d250f7e1d97cba2d48159a2096c27018784bc59b17ce49e76cf6448ec66febe76480da2d5607812dd0b758e5736f581e821822ded60c5db6fc01e1d2ce66866a9736d1434fc1069b1471b6270a91d424df3686a5c05b9412da6a3610ba6a0d033d44c"}, {0xdd, 0x9f, "d80f1e4fb6fbde3b741756437bacee8727fb31a74b8ef6ec391c3a554864bf25ec1da0dffcabea2e68f57ce220427bf05cfee20bee87de8428a799d62df7db373e21f43d8f728eeff99c7d468894885955486e74c2d473df23ca6653002827f9b87d54c69dca3c24e4fb023e04e24baed73605e2df76919023ba4a55be18bbae2f46a7bed8f2b20d12c89583b29c6f24627c64e4f2f7cc812c6191a65a933d"}, {0xdd, 0x8, "18eed268afe4f071"}]}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x18, 0xcd, [0x2, 0x7, 0x8, 0xcb54, 0x6, 0x80, 0xf102, 0x8, 0xd1d, 0x6]}]}, 0x304}, 0x1, 0x0, 0x0, 0x40040c0}, 0x0)
ioctl$vim2m_VIDIOC_EXPBUF(r3, 0xc0405610, &(0x7f0000003640)={0x3, 0x8, 0x5, 0x84000, <r10=>0xffffffffffffffff})
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000003680)={0x1, r10}, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r3, 0xc00c642d, &(0x7f00000036c0)={0x0, 0x80000, <r11=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000003700)={<r12=>0x0, 0x0, r3})
ioctl$DRM_IOCTL_GEM_CLOSE(r11, 0x40086409, &(0x7f0000003740)={r12})
sendmsg$NL80211_CMD_SET_BSS(r3, &(0x7f0000003840)={&(0x7f0000003780)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000003800)={&(0x7f00000037c0)={0x38, r8, 0x13c, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x7, 0x3b}}}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0xf}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x7}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x62}]}, 0x38}}, 0x40)
pread64$ublk_bdev(0xffffffffffffffff, &(0x7f00000038c0)=""/245, 0xf5, 0x1)

2.061027065s ago: executing program 3 (id=5710):
socket(0x3, 0x1, 0x3a)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x40080, 0x0)
ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(r2, 0xc0186445, &(0x7f0000000240)={0x2, 0x6})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000080)=@x86={0x40, 0x1, 0x10, 0x0, 0x7, 0x6a, 0x10, 0x1, 0x0, 0x80, 0x10, 0x1, 0x0, 0xfffffffc, 0x7ff, 0x0, 0xdf, 0x6, 0x2, '\x00', 0x0, 0x2})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.059648072s ago: executing program 7 (id=5711):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"})

1.866510358s ago: executing program 6 (id=5712):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000240)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000002040)={0x1c, &(0x7f0000000280)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000040)={0x44, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_usb_connect$cdc_ncm(0x3, 0x91, &(0x7f0000000680)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109027f0002010664000904000001020d00000b240600015d9ded6bef0c0524000a2f71000d240f01fcffffff0800b2004f06241a0b000008241c07000b040007240a090903000000000000000007241473a710000905810300005903000904010000020d00000904010102020d00000905820340000f089109050302400007fd08380a94c16faa183096b106bfcff6c8e23806ecc52882ded8645c75621043f91df8c1"], &(0x7f0000000240)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x201, 0x8, 0x7f, 0x4, 0xff, 0x4}, 0x10, &(0x7f00000001c0)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0x94, 0xd, 0x3, 0x6, 0x8}]}, 0x1, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x480a}}]})
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000380)={0x14, &(0x7f0000000280)={0x20, 0x22, 0x7f, {0x7f, 0x3, "2e2dbca81485015f1a60abe65198d267b77f951cd81275fef4217db522fb782b7f58abce8468dde06738c92ec469deca79c158789f71e50d69fa8b4dcbfad2f5ae3a5f38f9b6087cc5307d11fc4bbc2c5681fd41a1f1dff69e3d6aaa702ec719fc7024038e7845684b57f305e1db40e6ce7d82be124638f1311e65a246"}}, &(0x7f0000000340)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000600)={0x44, &(0x7f00000003c0)={0x20, 0x6, 0x6d, "47782a99184adbb5b107f9aa4948b7c2843f6d318e5ee1714e6d4848b31987e4551cba57b17a8f61aa05ae3f6a69a842904f23a48da8d69a2c2d2941253b068b530c1d876c70a74f211492647a921d8885230bed76718151d6dfb37ebb6afb9295c7d50f25819b888cc749ea61"}, &(0x7f0000000440)={0x0, 0xa, 0x1, 0x3}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x6}, &(0x7f00000004c0)={0x20, 0x80, 0x1c, {0x9, 0x2, 0x3, 0x5, 0x101, 0x800, 0x1ff, 0x6f2a, 0xea, 0x3, 0x2}}, &(0x7f0000000500)={0x20, 0x85, 0x4, 0x4}, &(0x7f0000000540)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000580)={0x20, 0x87, 0x2, 0xff}, &(0x7f00000005c0)={0x20, 0x89, 0x2}})

1.784133078s ago: executing program 7 (id=5713):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
close(r1)
socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$kcm(r1, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x2400c094)
sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x3406c096)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000c40)=ANY=[@ANYBLOB="140000002400010026bd7000f3dbdf2504000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

1.731755354s ago: executing program 7 (id=5714):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158", 0x283}, {0x0}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd3555a6cad574af080de74a37f54ee5f10fe3f42b445293ca980200000000000000ecfd6cc1b3", 0x4f}], 0x3, 0x0, 0x0, 0x900}}], 0x1, 0x0)
r0 = socket(0x10, 0x803, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000180)=""/215, 0xd7}], 0x1}, 0xffff}], 0x1, 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)=@newsa={0x154, 0x10, 0x1, 0xbffffffe, 0x100, {{@in=@multicast2, @in6=@loopback, 0x1, 0x394, 0x4e20, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in=@multicast2, 0x4d4, 0x6c}, @in=@remote, {0xfffffffffffffffd, 0x9, 0x6, 0xfffe, 0x8211c, 0x9, 0xfffffffffffffff8}, {0x2000006, 0x4, 0x1f, 0x1ff}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0xa, 0x1, 0xfd, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @encap={0x1c, 0x4, {0x2, 0x4e20, 0x4e21, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x841}, 0x10)
sendmsg$key(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="020100ff080000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x40}}, 0x0)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000002480)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a20000000000a01050000000000930000030000070900010073797a310000000020000000020a05000000000000000000000000090900010073797a310000000020000000030a01010000000000000000030000070900010073797a31"], 0x88}}, 0x4090)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x10, 0x4, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}]}, @NFTA_RULE_COMPAT={0x24, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8809}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x888e}, @NFTA_RULE_COMPAT_FLAGS={0x8}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x7c}, 0x1, 0x0, 0x0, 0x48800}, 0x8800)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000300)={0x0, 0x9}, 0x8)
close(r0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000000)=""/102, 0x365}, {&(0x7f0000000280)=""/76, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/92, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

1.441672945s ago: executing program 7 (id=5715):
socket$inet6(0xa, 0x800000000000002, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f000000b600), 0x0, 0x0)
syz_usb_connect(0x6, 0x81, &(0x7f0000000100)=ANY=[], 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000003c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r2, @ANYBLOB="05", @ANYRES16=r2, @ANYRES64=r2], 0x0)

1.319470331s ago: executing program 3 (id=5716):
syz_usb_connect(0x0, 0x24, &(0x7f0000000a40)=ANY=[@ANYBLOB="12010000e3ddef20501da1604fa1010203010902120001000000000904"], 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000002280)={0x2, &(0x7f0000000b80)=[{0x20, 0x0, 0x8, 0xfffff014}, {0x6, 0xba, 0x2, 0xffff}]}, 0x10)
syz_usb_connect$hid(0xe1074031cfb124b2, 0x1fe07bd7c1deceb8, 0x0, 0x0)

965.209454ms ago: executing program 8 (id=5717):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x4}}}]}]}], {0x14}}, 0x7c}, 0x1, 0x0, 0x0, 0x24000890}, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='attr/sockcreate\x00')
writev(r0, &(0x7f00000006c0)=[{&(0x7f00000004c0)='\n', 0xffffffe6}], 0x1)

913.553348ms ago: executing program 8 (id=5718):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2001, 0x0)
ioctl$KVM_GET_MSR_FEATURE_INDEX_LIST(r0, 0xc004ae0a, &(0x7f0000000000)={0x4000014d})
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip_vti0\x00', <r2=>0x0})
modify_ldt$write2(0x11, &(0x7f0000000400)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10)
modify_ldt$read(0x0, 0x0, 0x0)
socket$inet6(0xa, 0x6, 0xfffffff7)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0x2, &(0x7f00000022c0)=[{0x1c, 0xfc, 0x0, 0x4}, {0x6, 0x2}]})
r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r4)
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x3000002, 0x6031, 0xffffffffffffffff, 0x94384000)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x160004, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r6 = fsopen(&(0x7f00000005c0)='sysv\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r5, 0x1, 0x88)
unlinkat(r7, &(0x7f0000000100)='./bus\x00', 0x200)
syz_open_procfs$namespace(r3, &(0x7f0000000040)='ns/ipc\x00')
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r1, &(0x7f00000000c0)="3f03fe7feee8120006001e0089e9aaa911d7c2290f0086dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_usb_connect(0x5, 0x51, &(0x7f0000000000)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905880f000000000009050300000000000009050cfeffff01060209050f000000000000090507"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0})

0s ago: executing program 3 (id=5719):
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x15243525538eff65)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, 0x0)
ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f00000003c0)=0x2, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0x8000}, 0x1c)
write(r0, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0xfdef)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f0000000000)='.\x00', 0x400017e)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.swap.events\x00', 0x275a, 0x0)
fanotify_mark(0xffffffffffffffff, 0x101, 0x48001051, r3, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

kernel console output (not intermixed with test programs):

AX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1106.625378][T20265] RDX: 0000200000002800 RSI: 0000000000008982 RDI: 0000000000000003
[ 1106.625391][T20265] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1106.625402][T20265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1106.625413][T20265] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1106.625440][T20265]  </TASK>
[ 1106.871375][T20265] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1107.535728][T18131] usb 7-1: new high-speed USB device number 77 using dummy_hcd
[ 1107.760702][T18131] usb 7-1: Using ep0 maxpacket: 8
[ 1107.804579][T18131] usb 7-1: config 0 has an invalid interface number: 3 but max is 0
[ 1107.804606][T18131] usb 7-1: config 0 has no interface number 0
[ 1107.822654][T18131] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[ 1107.822689][T18131] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1107.822711][T18131] usb 7-1: Product: syz
[ 1107.822727][T18131] usb 7-1: Manufacturer: syz
[ 1107.822742][T18131] usb 7-1: SerialNumber: syz
[ 1107.892986][T18131] usb 7-1: config 0 descriptor??
[ 1108.189733][T20286] FAULT_INJECTION: forcing a failure.
[ 1108.189733][T20286] name failslab, interval 1, probability 0, space 0, times 0
[ 1108.189771][T20286] CPU: 0 UID: 0 PID: 20286 Comm: syz.7.5417 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1108.189800][T20286] Tainted: [L]=SOFTLOCKUP
[ 1108.189806][T20286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1108.189818][T20286] Call Trace:
[ 1108.189827][T20286]  <TASK>
[ 1108.189836][T20286]  dump_stack_lvl+0xe8/0x150
[ 1108.189864][T20286]  should_fail_ex+0x46b/0x600
[ 1108.189899][T20286]  should_failslab+0xa8/0x100
[ 1108.189924][T20286]  __kmalloc_noprof+0xdf/0x7b0
[ 1108.189947][T20286]  ? kfree+0x4d/0x6c0
[ 1108.189965][T20286]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1108.189995][T20286]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1108.190020][T20286]  ? tomoyo_domain+0xd7/0x130
[ 1108.190050][T20286]  ? tomoyo_path_number_perm+0x219/0x630
[ 1108.190080][T20286]  tomoyo_path_number_perm+0x246/0x630
[ 1108.190112][T20286]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1108.190141][T20286]  ? __lock_acquire+0x6b5/0x2d10
[ 1108.190167][T20286]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1108.190216][T20286]  ? __fget_files+0x2a/0x420
[ 1108.190241][T20286]  ? __fget_files+0x2a/0x420
[ 1108.190263][T20286]  ? __fget_files+0x3a6/0x420
[ 1108.190285][T20286]  ? __fget_files+0x2a/0x420
[ 1108.190311][T20286]  security_file_ioctl+0xc3/0x2a0
[ 1108.190347][T20286]  __se_sys_ioctl+0x47/0x170
[ 1108.190375][T20286]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.190397][T20286]  do_syscall_64+0x174/0x580
[ 1108.190426][T20286]  ? trace_irq_disable+0x3b/0x140
[ 1108.190448][T20286]  ? clear_bhb_loop+0x40/0x90
[ 1108.190473][T20286]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.190492][T20286] RIP: 0033:0x7f148241ce59
[ 1108.190512][T20286] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1108.190530][T20286] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1108.190560][T20286] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1108.190576][T20286] RDX: 0000200000000040 RSI: 000000008028640c RDI: 0000000000000003
[ 1108.190590][T20286] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1108.190602][T20286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1108.190615][T20286] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1108.190648][T20286]  </TASK>
[ 1108.279862][T20286] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1108.614508][T20294] FAULT_INJECTION: forcing a failure.
[ 1108.614508][T20294] name failslab, interval 1, probability 0, space 0, times 0
[ 1108.614543][T20294] CPU: 1 UID: 0 PID: 20294 Comm: syz.7.5420 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1108.614570][T20294] Tainted: [L]=SOFTLOCKUP
[ 1108.614578][T20294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1108.614589][T20294] Call Trace:
[ 1108.614597][T20294]  <TASK>
[ 1108.614607][T20294]  dump_stack_lvl+0xe8/0x150
[ 1108.614634][T20294]  should_fail_ex+0x46b/0x600
[ 1108.614665][T20294]  should_failslab+0xa8/0x100
[ 1108.614692][T20294]  __kmalloc_noprof+0xdf/0x7b0
[ 1108.614713][T20294]  ? kfree+0x4d/0x6c0
[ 1108.614732][T20294]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1108.614766][T20294]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1108.614788][T20294]  ? tomoyo_domain+0xd7/0x130
[ 1108.614816][T20294]  ? tomoyo_path_number_perm+0x219/0x630
[ 1108.614847][T20294]  tomoyo_path_number_perm+0x246/0x630
[ 1108.614879][T20294]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1108.614907][T20294]  ? __lock_acquire+0x6b5/0x2d10
[ 1108.614933][T20294]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1108.614984][T20294]  ? __fget_files+0x2a/0x420
[ 1108.615010][T20294]  ? __fget_files+0x2a/0x420
[ 1108.615031][T20294]  ? __fget_files+0x3a6/0x420
[ 1108.615052][T20294]  ? __fget_files+0x2a/0x420
[ 1108.615079][T20294]  security_file_ioctl+0xc3/0x2a0
[ 1108.615109][T20294]  __se_sys_ioctl+0x47/0x170
[ 1108.615137][T20294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.615158][T20294]  do_syscall_64+0x174/0x580
[ 1108.615185][T20294]  ? trace_irq_disable+0x3b/0x140
[ 1108.615207][T20294]  ? clear_bhb_loop+0x40/0x90
[ 1108.615231][T20294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.615251][T20294] RIP: 0033:0x7f148241ce59
[ 1108.615269][T20294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1108.615287][T20294] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1108.615307][T20294] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1108.615322][T20294] RDX: 0000200000000080 RSI: 0000000000002284 RDI: 0000000000000003
[ 1108.615336][T20294] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1108.615349][T20294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1108.615361][T20294] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1108.615396][T20294]  </TASK>
[ 1108.625122][T20294] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1109.637245][   T12] hsr_slave_0: left promiscuous mode
[ 1109.688478][   T12] hsr_slave_1: left promiscuous mode
[ 1109.689605][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1109.689638][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1109.722620][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1109.722649][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1109.938630][   T12] veth1_macvtap: left promiscuous mode
[ 1109.938730][   T12] veth0_macvtap: left promiscuous mode
[ 1109.939021][   T12] veth1_vlan: left promiscuous mode
[ 1109.939212][   T12] veth0_vlan: left promiscuous mode
[ 1110.077781][ T5712] usb 7-1: USB disconnect, device number 77
[ 1110.619043][T20334] FAULT_INJECTION: forcing a failure.
[ 1110.619043][T20334] name failslab, interval 1, probability 0, space 0, times 0
[ 1110.619079][T20334] CPU: 1 UID: 0 PID: 20334 Comm: syz.8.5431 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1110.619107][T20334] Tainted: [L]=SOFTLOCKUP
[ 1110.619114][T20334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1110.619126][T20334] Call Trace:
[ 1110.619134][T20334]  <TASK>
[ 1110.619142][T20334]  dump_stack_lvl+0xe8/0x150
[ 1110.619171][T20334]  should_fail_ex+0x46b/0x600
[ 1110.619204][T20334]  should_failslab+0xa8/0x100
[ 1110.619230][T20334]  __kmalloc_noprof+0xdf/0x7b0
[ 1110.619253][T20334]  ? kfree+0x4d/0x6c0
[ 1110.619271][T20334]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1110.619297][T20334]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1110.619322][T20334]  ? tomoyo_domain+0xd7/0x130
[ 1110.619350][T20334]  ? tomoyo_path_number_perm+0x219/0x630
[ 1110.619376][T20334]  tomoyo_path_number_perm+0x246/0x630
[ 1110.619406][T20334]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1110.619434][T20334]  ? __lock_acquire+0x6b5/0x2d10
[ 1110.619464][T20334]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1110.619519][T20334]  ? __fget_files+0x2a/0x420
[ 1110.619543][T20334]  ? __fget_files+0x2a/0x420
[ 1110.619564][T20334]  ? __fget_files+0x3a6/0x420
[ 1110.619585][T20334]  ? __fget_files+0x2a/0x420
[ 1110.619610][T20334]  security_file_ioctl+0xc3/0x2a0
[ 1110.619639][T20334]  __se_sys_ioctl+0x47/0x170
[ 1110.619663][T20334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1110.619684][T20334]  do_syscall_64+0x174/0x580
[ 1110.619711][T20334]  ? trace_irq_disable+0x3b/0x140
[ 1110.619733][T20334]  ? clear_bhb_loop+0x40/0x90
[ 1110.619765][T20334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1110.619785][T20334] RIP: 0033:0x7faa4aa9ce59
[ 1110.619803][T20334] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1110.619819][T20334] RSP: 002b:00007faa48cf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1110.619840][T20334] RAX: ffffffffffffffda RBX: 00007faa4ad15fa0 RCX: 00007faa4aa9ce59
[ 1110.619854][T20334] RDX: 0000000000000000 RSI: 0000000080085665 RDI: 0000000000000003
[ 1110.619867][T20334] RBP: 00007faa48cf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1110.619879][T20334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1110.619891][T20334] R13: 00007faa4ad16038 R14: 00007faa4ad15fa0 R15: 00007ffea00eec48
[ 1110.619919][T20334]  </TASK>
[ 1110.620082][T20334] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1111.644479][T20343] affs: No valid root block on device nullb0
[ 1111.741104][ T5270] 8021q: adding VLAN 0 to HW filter on device eth6
[ 1111.878544][T20349] FAULT_INJECTION: forcing a failure.
[ 1111.878544][T20349] name failslab, interval 1, probability 0, space 0, times 0
[ 1111.878581][T20349] CPU: 0 UID: 0 PID: 20349 Comm: syz.7.5438 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1111.878608][T20349] Tainted: [L]=SOFTLOCKUP
[ 1111.878615][T20349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1111.878628][T20349] Call Trace:
[ 1111.878635][T20349]  <TASK>
[ 1111.878644][T20349]  dump_stack_lvl+0xe8/0x150
[ 1111.878671][T20349]  should_fail_ex+0x46b/0x600
[ 1111.878705][T20349]  should_failslab+0xa8/0x100
[ 1111.878731][T20349]  __kmalloc_noprof+0xdf/0x7b0
[ 1111.878753][T20349]  ? kfree+0x4d/0x6c0
[ 1111.878771][T20349]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1111.878799][T20349]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1111.878824][T20349]  ? tomoyo_domain+0xd7/0x130
[ 1111.878851][T20349]  ? tomoyo_path_number_perm+0x219/0x630
[ 1111.878882][T20349]  tomoyo_path_number_perm+0x246/0x630
[ 1111.878914][T20349]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1111.878943][T20349]  ? __lock_acquire+0x6b5/0x2d10
[ 1111.878968][T20349]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1111.879019][T20349]  ? __fget_files+0x2a/0x420
[ 1111.879045][T20349]  ? __fget_files+0x2a/0x420
[ 1111.879066][T20349]  ? __fget_files+0x3a6/0x420
[ 1111.879087][T20349]  ? __fget_files+0x2a/0x420
[ 1111.879112][T20349]  security_file_ioctl+0xc3/0x2a0
[ 1111.879141][T20349]  __se_sys_ioctl+0x47/0x170
[ 1111.879167][T20349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1111.879187][T20349]  do_syscall_64+0x174/0x580
[ 1111.879213][T20349]  ? trace_irq_disable+0x3b/0x140
[ 1111.879233][T20349]  ? clear_bhb_loop+0x40/0x90
[ 1111.879256][T20349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1111.879274][T20349] RIP: 0033:0x7f148241ce59
[ 1111.879292][T20349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1111.879307][T20349] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1111.879328][T20349] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1111.879342][T20349] RDX: 0000200000000780 RSI: 0000000000004b72 RDI: 0000000000000003
[ 1111.879354][T20349] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1111.879367][T20349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1111.879379][T20349] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1111.879417][T20349]  </TASK>
[ 1111.879426][T20349] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1111.905583][ T5801] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1112.171289][ T5801] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1112.181303][ T5801] usb 9-1: config 11 has an invalid interface number: 104 but max is 0
[ 1112.181329][ T5801] usb 9-1: config 11 has an invalid descriptor of length 1, skipping remainder of the config
[ 1112.181350][ T5801] usb 9-1: config 11 has no interface number 0
[ 1112.181401][ T5801] usb 9-1: config 11 interface 104 altsetting 5 endpoint 0xD has an invalid bInterval 49, changing to 9
[ 1112.181429][ T5801] usb 9-1: config 11 interface 104 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1112.181458][ T5801] usb 9-1: config 11 interface 104 has no altsetting 0
[ 1112.246078][ T5801] usb 9-1: New USB device found, idVendor=0421, idProduct=01d4, bcdDevice=e9.15
[ 1112.246110][ T5801] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1112.246132][ T5801] usb 9-1: Product: syz
[ 1112.246147][ T5801] usb 9-1: Manufacturer: syz
[ 1112.246162][ T5801] usb 9-1: SerialNumber: syz
[ 1112.480446][T20359] FAULT_INJECTION: forcing a failure.
[ 1112.480446][T20359] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1112.480482][T20359] CPU: 0 UID: 0 PID: 20359 Comm: syz.7.5440 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1112.480511][T20359] Tainted: [L]=SOFTLOCKUP
[ 1112.480519][T20359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1112.480531][T20359] Call Trace:
[ 1112.480539][T20359]  <TASK>
[ 1112.480548][T20359]  dump_stack_lvl+0xe8/0x150
[ 1112.480575][T20359]  should_fail_ex+0x46b/0x600
[ 1112.480607][T20359]  _copy_from_user+0x2d/0xb0
[ 1112.480631][T20359]  do_sys_poll+0x2a0/0xf50
[ 1112.480664][T20359]  ? __lock_acquire+0x6b5/0x2d10
[ 1112.480686][T20359]  ? __pfx_do_sys_poll+0x10/0x10
[ 1112.480713][T20359]  ? aa_file_perm+0x192/0x15f0
[ 1112.480821][T20359]  ? set_user_sigmask+0xcd/0x1c0
[ 1112.480850][T20359]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1112.480876][T20359]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1112.480900][T20359]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1112.480931][T20359]  __se_sys_ppoll+0x209/0x2b0
[ 1112.480951][T20359]  ? fput+0xa0/0xd0
[ 1112.480976][T20359]  ? __pfx___se_sys_ppoll+0x10/0x10
[ 1112.480996][T20359]  ? __pfx_ksys_write+0x10/0x10
[ 1112.481028][T20359]  ? __x64_sys_ppoll+0x20/0xc0
[ 1112.481046][T20359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.481067][T20359]  do_syscall_64+0x174/0x580
[ 1112.481094][T20359]  ? trace_irq_disable+0x3b/0x140
[ 1112.481116][T20359]  ? clear_bhb_loop+0x40/0x90
[ 1112.481176][T20359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.481196][T20359] RIP: 0033:0x7f148241ce59
[ 1112.481213][T20359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1112.481230][T20359] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[ 1112.481251][T20359] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1112.481266][T20359] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[ 1112.481279][T20359] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1112.481292][T20359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1112.481304][T20359] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1112.481335][T20359]  </TASK>
[ 1112.794802][ T5801] rndis_host 9-1:11.104: rndis: master #0/0000000000000000 slave #1/0000000000000000
[ 1112.795985][ T5801] cdc_acm 9-1:11.104: Zero length descriptor references
[ 1112.796024][ T5801] cdc_acm 9-1:11.104: probe with driver cdc_acm failed with error -22
[ 1112.809770][ T5801] usb 9-1: USB disconnect, device number 5
[ 1114.280987][T18628] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1114.402049][T18628] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1114.424272][T18628] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1114.453203][T18628] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1114.466123][T18628] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1115.356516][ T5270] 8021q: adding VLAN 0 to HW filter on device eth7
[ 1115.415536][ T5801] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[ 1115.568944][ T5801] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1115.578785][ T5801] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1115.578812][ T5801] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1115.578858][ T5801] usb 8-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30
[ 1115.578895][ T5801] usb 8-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188
[ 1115.578932][ T5801] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1115.578958][ T5801] usb 8-1: config 1 interface 1 has no altsetting 0
[ 1115.646530][ T5801] usb 8-1: string descriptor 0 read error: -22
[ 1115.646641][ T5801] usb 8-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40
[ 1115.646661][ T5801] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1116.020941][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.021089][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.624613][ T9631] Bluetooth: hci7: command tx timeout
[ 1116.964351][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803873f400: rx timeout, send abort
[ 1117.465703][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803873f400: abort rx timeout. Force session deactivation
[ 1117.681664][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.827774][T20392] netlink: 132 bytes leftover after parsing attributes in process `syz.7.5448'.
[ 1117.878887][ T5801] usb 8-1: 2:0: cannot get min/max values for control 2 (id 2)
[ 1118.039115][ T5801] usb 8-1: USB disconnect, device number 13
[ 1118.230078][T20410] ubi: mtd0 is already attached to ubi16
[ 1118.332523][ T5270] 8021q: adding VLAN 0 to HW filter on device eth8
[ 1118.484592][T20431] FAULT_INJECTION: forcing a failure.
[ 1118.484592][T20431] name failslab, interval 1, probability 0, space 0, times 0
[ 1118.484627][T20431] CPU: 1 UID: 0 PID: 20431 Comm: syz.8.5455 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1118.484654][T20431] Tainted: [L]=SOFTLOCKUP
[ 1118.484662][T20431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1118.484673][T20431] Call Trace:
[ 1118.484681][T20431]  <TASK>
[ 1118.484690][T20431]  dump_stack_lvl+0xe8/0x150
[ 1118.484718][T20431]  should_fail_ex+0x46b/0x600
[ 1118.484752][T20431]  should_failslab+0xa8/0x100
[ 1118.484780][T20431]  __kvmalloc_node_noprof+0x170/0x8e0
[ 1118.484808][T20431]  ? seq_read_iter+0x203/0xe20
[ 1118.484835][T20431]  ? mutex_lock_nested+0x152/0x1d0
[ 1118.484858][T20431]  ? seq_read_iter+0xb8/0xe20
[ 1118.484895][T20431]  seq_read_iter+0x203/0xe20
[ 1118.484933][T20431]  ? __asan_memset+0x22/0x50
[ 1118.484959][T20431]  seq_read+0x36a/0x490
[ 1118.484985][T20431]  ? get_pid_task+0x20/0x1f0
[ 1118.485014][T20431]  ? __pfx_seq_read+0x10/0x10
[ 1118.485051][T20431]  ? apparmor_file_permission+0x1f4/0x300
[ 1118.485086][T20431]  ? __pfx_seq_read+0x10/0x10
[ 1118.485112][T20431]  proc_reg_read+0x1f6/0x2f0
[ 1118.485138][T20431]  ? __pfx_proc_reg_read+0x10/0x10
[ 1118.485165][T20431]  vfs_read+0x212/0xa80
[ 1118.485199][T20431]  ? __pfx_vfs_read+0x10/0x10
[ 1118.485228][T20431]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1118.485256][T20431]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1118.485284][T20431]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1118.485311][T20431]  ? mutex_lock_nested+0x152/0x1d0
[ 1118.485333][T20431]  ? fdget_pos+0x252/0x320
[ 1118.485363][T20431]  ksys_read+0x156/0x270
[ 1118.485390][T20431]  ? __pfx_ksys_read+0x10/0x10
[ 1118.485473][T20431]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1118.485492][T20431]  do_syscall_64+0x174/0x580
[ 1118.485516][T20431]  ? trace_irq_disable+0x3b/0x140
[ 1118.485536][T20431]  ? clear_bhb_loop+0x40/0x90
[ 1118.485559][T20431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1118.485578][T20431] RIP: 0033:0x7faa4aa9ce59
[ 1118.485597][T20431] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1118.485613][T20431] RSP: 002b:00007faa48cf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1118.485634][T20431] RAX: ffffffffffffffda RBX: 00007faa4ad15fa0 RCX: 00007faa4aa9ce59
[ 1118.485647][T20431] RDX: 0000000000002020 RSI: 00002000000061c0 RDI: 0000000000000003
[ 1118.485660][T20431] RBP: 00007faa48cf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1118.485671][T20431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1118.485682][T20431] R13: 00007faa4ad16038 R14: 00007faa4ad15fa0 R15: 00007ffea00eec48
[ 1118.485707][T20431]  </TASK>
[ 1118.695579][ T9631] Bluetooth: hci7: command tx timeout
[ 1118.695621][ T5712] usb 7-1: new high-speed USB device number 78 using dummy_hcd
[ 1118.855319][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1118.894643][ T5712] usb 7-1: Using ep0 maxpacket: 32
[ 1118.902711][ T5712] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1118.902737][ T5712] usb 7-1: config 0 has no interface number 0
[ 1118.916081][ T5801] usb 8-1: new full-speed USB device number 14 using dummy_hcd
[ 1118.930611][ T5712] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1118.930643][ T5712] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1118.930670][ T5712] usb 7-1: Product: syz
[ 1118.930683][ T5712] usb 7-1: Manufacturer: syz
[ 1118.930696][ T5712] usb 7-1: SerialNumber: syz
[ 1118.980696][ T5712] usb 7-1: config 0 descriptor??
[ 1119.010103][ T5712] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1119.121952][ T5801] usb 8-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[ 1119.121986][ T5801] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1119.122006][ T5801] usb 8-1: Product: syz
[ 1119.122020][ T5801] usb 8-1: Manufacturer: syz
[ 1119.122035][ T5801] usb 8-1: SerialNumber: syz
[ 1119.129661][ T5801] usb 8-1: config 0 descriptor??
[ 1119.181853][ T5801] gspca_main: stk1135-2.14.0 probing 174f:6a31
[ 1119.315234][ T5712] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1119.414923][ T5712] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1119.502070][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 7
[ 1119.724202][T20433] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5457'.
[ 1119.793824][    C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1119.793977][ T5613] usb 7-1: USB disconnect, device number 78
[ 1119.964899][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1119.993154][ T5613] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1120.027014][ T5801] gspca_stk1135: reg_w 0x0 err -110
[ 1120.028042][ T5801] gspca_stk1135: serial bus timeout: status=0x00
[ 1120.028051][ T5801] gspca_stk1135: Sensor write failed
[ 1120.028065][ T5801] gspca_stk1135: serial bus timeout: status=0x00
[ 1120.028071][ T5801] gspca_stk1135: Sensor write failed
[ 1120.028085][ T5801] gspca_stk1135: serial bus timeout: status=0x00
[ 1120.028091][ T5801] gspca_stk1135: Sensor read failed
[ 1120.028105][ T5801] gspca_stk1135: serial bus timeout: status=0x00
[ 1120.028110][ T5801] gspca_stk1135: Sensor read failed
[ 1120.028113][ T5801] gspca_stk1135: Detected sensor type unknown (0x0)
[ 1120.028131][ T5801] gspca_stk1135: serial bus timeout: status=0x00
[ 1120.028136][ T5801] gspca_stk1135: Sensor read failed
[ 1120.028150][ T5801] gspca_stk1135: serial bus timeout: status=0x00
[ 1120.028156][ T5801] gspca_stk1135: Sensor read failed
[ 1120.028169][ T5801] gspca_stk1135: serial bus timeout: status=0x00
[ 1120.028174][ T5801] gspca_stk1135: Sensor write failed
[ 1120.028189][ T5801] gspca_stk1135: serial bus timeout: status=0x00
[ 1120.028194][ T5801] gspca_stk1135: Sensor write failed
[ 1120.028256][ T5801] stk1135 8-1:0.0: probe with driver stk1135 failed with error -110
[ 1120.041366][ T5613] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1120.049207][ T5613] quatech2 7-1:0.51: device disconnected
[ 1120.425308][ T5801] usb 8-1: USB disconnect, device number 14
[ 1120.619290][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1120.779336][ T9631] Bluetooth: hci7: command tx timeout
[ 1121.450867][T20379] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1121.451275][T20379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1121.470042][T20379] bridge_slave_0: entered allmulticast mode
[ 1121.483944][T20379] bridge_slave_0: entered promiscuous mode
[ 1121.540665][T20379] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1121.541082][T20379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1121.541438][T20379] bridge_slave_1: entered allmulticast mode
[ 1121.546318][T20379] bridge_slave_1: entered promiscuous mode
[ 1121.722470][T20379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1121.780601][T20379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1121.995684][T12126] usb 7-1: new high-speed USB device number 79 using dummy_hcd
[ 1122.149423][T12126] usb 7-1: Using ep0 maxpacket: 32
[ 1122.152787][T12126] usb 7-1: config 0 has an invalid interface number: 196 but max is 0
[ 1122.152813][T12126] usb 7-1: config 0 has no interface number 0
[ 1122.152855][T12126] usb 7-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[ 1122.152880][T12126] usb 7-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1122.152902][T12126] usb 7-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 1122.152939][T12126] usb 7-1: config 0 interface 196 has no altsetting 0
[ 1122.160915][T12126] usb 7-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[ 1122.160944][T12126] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1122.160964][T12126] usb 7-1: Product: syz
[ 1122.160979][T12126] usb 7-1: Manufacturer: syz
[ 1122.160994][T12126] usb 7-1: SerialNumber: syz
[ 1122.187531][T12126] usb 7-1: config 0 descriptor??
[ 1122.188675][T20487] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1122.560020][T20379] team0: Port device team_slave_0 added
[ 1122.747076][T20379] team0: Port device team_slave_1 added
[ 1122.867314][ T9631] Bluetooth: hci7: command tx timeout
[ 1122.881897][T12126] ipheth 7-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[ 1122.978649][T12126] ipheth 7-1:0.196: probe with driver ipheth failed with error -71
[ 1123.009186][T12126] usb 7-1: USB disconnect, device number 79
[ 1123.178189][T20379] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1123.178202][T20379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1123.178218][T20379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1123.182372][T20379] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1123.182386][T20379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1123.182406][T20379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1123.624395][T20379] hsr_slave_0: entered promiscuous mode
[ 1123.632437][T20379] hsr_slave_1: entered promiscuous mode
[ 1123.653838][T20379] debugfs: 'hsr0' already exists in 'hsr'
[ 1123.653857][T20379] Cannot create hsr debugfs directory
[ 1123.674024][T20529] FAULT_INJECTION: forcing a failure.
[ 1123.674024][T20529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1123.674056][T20529] CPU: 1 UID: 0 PID: 20529 Comm: syz.6.5487 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1123.674078][T20529] Tainted: [L]=SOFTLOCKUP
[ 1123.674084][T20529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1123.674094][T20529] Call Trace:
[ 1123.674101][T20529]  <TASK>
[ 1123.674109][T20529]  dump_stack_lvl+0xe8/0x150
[ 1123.674132][T20529]  should_fail_ex+0x46b/0x600
[ 1123.674164][T20529]  _copy_from_user+0x2d/0xb0
[ 1123.674186][T20529]  ___sys_sendmsg+0x1c6/0x360
[ 1123.674213][T20529]  ? __lock_acquire+0x6b5/0x2d10
[ 1123.674237][T20529]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1123.674293][T20529]  ? __fget_files+0x2a/0x420
[ 1123.674314][T20529]  ? __fget_files+0x3a6/0x420
[ 1123.674345][T20529]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1123.674374][T20529]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1123.674411][T20529]  ? __pfx_ksys_write+0x10/0x10
[ 1123.674443][T20529]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1123.674463][T20529]  do_syscall_64+0x174/0x580
[ 1123.674489][T20529]  ? trace_irq_disable+0x3b/0x140
[ 1123.674508][T20529]  ? clear_bhb_loop+0x40/0x90
[ 1123.674530][T20529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1123.674548][T20529] RIP: 0033:0x7f117c3ace59
[ 1123.674565][T20529] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1123.674581][T20529] RSP: 002b:00007f117a5dd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1123.674600][T20529] RAX: ffffffffffffffda RBX: 00007f117c626090 RCX: 00007f117c3ace59
[ 1123.674614][T20529] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1123.674626][T20529] RBP: 00007f117a5dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1123.674638][T20529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1123.674650][T20529] R13: 00007f117c626128 R14: 00007f117c626090 R15: 00007ffcfe91a168
[ 1123.674679][T20529]  </TASK>
[ 1124.476782][   T12] bridge_slave_1: left allmulticast mode
[ 1124.476820][   T12] bridge_slave_1: left promiscuous mode
[ 1124.477143][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1124.648947][   T12] bridge_slave_0: left allmulticast mode
[ 1124.648982][   T12] bridge_slave_0: left promiscuous mode
[ 1124.649267][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1126.672172][T20574] FAULT_INJECTION: forcing a failure.
[ 1126.672172][T20574] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1126.672210][T20574] CPU: 1 UID: 0 PID: 20574 Comm: syz.8.5500 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1126.672238][T20574] Tainted: [L]=SOFTLOCKUP
[ 1126.672246][T20574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1126.672258][T20574] Call Trace:
[ 1126.672266][T20574]  <TASK>
[ 1126.672275][T20574]  dump_stack_lvl+0xe8/0x150
[ 1126.672304][T20574]  should_fail_ex+0x46b/0x600
[ 1126.672338][T20574]  _copy_from_user+0x2d/0xb0
[ 1126.672361][T20574]  ___sys_recvmsg+0x175/0x590
[ 1126.672387][T20574]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1126.672411][T20574]  ? __fget_files+0x2a/0x420
[ 1126.672450][T20574]  ? __fget_files+0x3a6/0x420
[ 1126.672481][T20574]  do_recvmmsg+0x33a/0x800
[ 1126.672508][T20574]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1126.672540][T20574]  ? rt_mutex_slowunlock+0x1cb/0x300
[ 1126.672585][T20574]  __x64_sys_recvmmsg+0x198/0x250
[ 1126.672608][T20574]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1126.672636][T20574]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1126.672657][T20574]  do_syscall_64+0x174/0x580
[ 1126.672684][T20574]  ? trace_irq_disable+0x3b/0x140
[ 1126.672707][T20574]  ? clear_bhb_loop+0x40/0x90
[ 1126.672731][T20574]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1126.672750][T20574] RIP: 0033:0x7faa4aa9ce59
[ 1126.672769][T20574] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1126.672786][T20574] RSP: 002b:00007faa48cd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1126.672807][T20574] RAX: ffffffffffffffda RBX: 00007faa4ad16090 RCX: 00007faa4aa9ce59
[ 1126.672822][T20574] RDX: 0000000000000001 RSI: 0000200000001d40 RDI: 0000000000000003
[ 1126.672835][T20574] RBP: 00007faa48cd5090 R08: 0000000000000000 R09: 0000000000000000
[ 1126.672848][T20574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1126.672860][T20574] R13: 00007faa4ad16128 R14: 00007faa4ad16090 R15: 00007ffea00eec48
[ 1126.672890][T20574]  </TASK>
[ 1127.028255][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1127.051404][ T9631] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1127.098229][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1127.140012][   T12] bond0 (unregistering): Released all slaves
[ 1127.223682][ T5270] 8021q: adding VLAN 0 to HW filter on device eth9
[ 1127.492927][   T12] tipc: Left network mode
[ 1127.541133][T20591] FAULT_INJECTION: forcing a failure.
[ 1127.541133][T20591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1127.541168][T20591] CPU: 0 UID: 0 PID: 20591 Comm: syz.7.5504 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1127.541194][T20591] Tainted: [L]=SOFTLOCKUP
[ 1127.541201][T20591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1127.541213][T20591] Call Trace:
[ 1127.541221][T20591]  <TASK>
[ 1127.541230][T20591]  dump_stack_lvl+0xe8/0x150
[ 1127.541256][T20591]  should_fail_ex+0x46b/0x600
[ 1127.541294][T20591]  _copy_from_user+0x2d/0xb0
[ 1127.541317][T20591]  io_submit_one+0xd3/0x14c0
[ 1127.541348][T20591]  ? irqentry_exit+0x218/0x8b0
[ 1127.541377][T20591]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1127.541405][T20591]  ? irqentry_exit+0x218/0x8b0
[ 1127.541436][T20591]  ? __pfx_io_submit_one+0x10/0x10
[ 1127.541463][T20591]  ? __might_fault+0xaf/0x130
[ 1127.541499][T20591]  ? __might_fault+0xaf/0x130
[ 1127.541525][T20591]  __se_sys_io_submit+0x195/0x340
[ 1127.541553][T20591]  ? __pfx___se_sys_io_submit+0x10/0x10
[ 1127.541577][T20591]  ? ksys_write+0x248/0x270
[ 1127.541616][T20591]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1127.541637][T20591]  do_syscall_64+0x174/0x580
[ 1127.541665][T20591]  ? trace_irq_disable+0x3b/0x140
[ 1127.541692][T20591]  ? clear_bhb_loop+0x40/0x90
[ 1127.541723][T20591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1127.541742][T20591] RIP: 0033:0x7f148241ce59
[ 1127.541760][T20591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1127.541776][T20591] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[ 1127.541798][T20591] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1127.541813][T20591] RDX: 0000200000000000 RSI: 0000000000000001 RDI: 00007f148063e000
[ 1127.541827][T20591] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1127.541839][T20591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1127.541852][T20591] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1127.541883][T20591]  </TASK>
[ 1128.263299][T20601] FAULT_INJECTION: forcing a failure.
[ 1128.263299][T20601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1128.263347][T20601] CPU: 1 UID: 0 PID: 20601 Comm: syz.7.5507 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1128.263391][T20601] Tainted: [L]=SOFTLOCKUP
[ 1128.263399][T20601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1128.263412][T20601] Call Trace:
[ 1128.263420][T20601]  <TASK>
[ 1128.263428][T20601]  dump_stack_lvl+0xe8/0x150
[ 1128.263456][T20601]  should_fail_ex+0x46b/0x600
[ 1128.263490][T20601]  _copy_from_user+0x2d/0xb0
[ 1128.263515][T20601]  ___sys_recvmsg+0x175/0x590
[ 1128.263533][T20601]  ? get_pid_task+0x20/0x1f0
[ 1128.263553][T20601]  ? get_pid_task+0x20/0x1f0
[ 1128.263576][T20601]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1128.263599][T20601]  ? __fget_files+0x2a/0x420
[ 1128.263637][T20601]  ? __fget_files+0x3a6/0x420
[ 1128.263668][T20601]  __x64_sys_recvmsg+0x1c0/0x2a0
[ 1128.263691][T20601]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1128.263719][T20601]  ? __pfx_ksys_write+0x10/0x10
[ 1128.263752][T20601]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.263771][T20601]  do_syscall_64+0x174/0x580
[ 1128.263797][T20601]  ? trace_irq_disable+0x3b/0x140
[ 1128.263818][T20601]  ? clear_bhb_loop+0x40/0x90
[ 1128.263841][T20601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.263860][T20601] RIP: 0033:0x7f148241ce59
[ 1128.263878][T20601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1128.263894][T20601] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1128.263915][T20601] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1128.263929][T20601] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[ 1128.263942][T20601] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1128.263954][T20601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1128.263967][T20601] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1128.263996][T20601]  </TASK>
[ 1128.359273][T20604] FAULT_INJECTION: forcing a failure.
[ 1128.359273][T20604] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1128.359308][T20604] CPU: 0 UID: 0 PID: 20604 Comm: syz.6.5508 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1128.359335][T20604] Tainted: [L]=SOFTLOCKUP
[ 1128.359342][T20604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1128.359354][T20604] Call Trace:
[ 1128.359361][T20604]  <TASK>
[ 1128.359369][T20604]  dump_stack_lvl+0xe8/0x150
[ 1128.359399][T20604]  should_fail_ex+0x46b/0x600
[ 1128.359431][T20604]  _copy_from_user+0x2d/0xb0
[ 1128.359455][T20604]  io_submit_one+0xd3/0x14c0
[ 1128.359485][T20604]  ? irqentry_exit+0x218/0x8b0
[ 1128.359513][T20604]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1128.359539][T20604]  ? irqentry_exit+0x218/0x8b0
[ 1128.359569][T20604]  ? __pfx_io_submit_one+0x10/0x10
[ 1128.359596][T20604]  ? __might_fault+0xaf/0x130
[ 1128.359635][T20604]  ? __might_fault+0xaf/0x130
[ 1128.359660][T20604]  __se_sys_io_submit+0x195/0x340
[ 1128.359687][T20604]  ? __pfx___se_sys_io_submit+0x10/0x10
[ 1128.359709][T20604]  ? ksys_write+0x248/0x270
[ 1128.359746][T20604]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.359767][T20604]  do_syscall_64+0x174/0x580
[ 1128.359794][T20604]  ? trace_irq_disable+0x3b/0x140
[ 1128.359816][T20604]  ? clear_bhb_loop+0x40/0x90
[ 1128.359839][T20604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1128.359857][T20604] RIP: 0033:0x7f117c3ace59
[ 1128.359875][T20604] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1128.359891][T20604] RSP: 002b:00007f117a5dd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[ 1128.359911][T20604] RAX: ffffffffffffffda RBX: 00007f117c626090 RCX: 00007f117c3ace59
[ 1128.359925][T20604] RDX: 0000200000002c00 RSI: 0000000000000001 RDI: 00007f117c5ff000
[ 1128.359938][T20604] RBP: 00007f117a5dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1128.359950][T20604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1128.359961][T20604] R13: 00007f117c626128 R14: 00007f117c626090 R15: 00007ffcfe91a168
[ 1128.359990][T20604]  </TASK>
[ 1128.539390][ T9631] Bluetooth: hci6: Malformed HCI Event: 0x22
[ 1129.508138][ T5270] 8021q: adding VLAN 0 to HW filter on device eth10
[ 1130.217072][T20646] FAULT_INJECTION: forcing a failure.
[ 1130.217072][T20646] name failslab, interval 1, probability 0, space 0, times 0
[ 1130.217108][T20646] CPU: 1 UID: 0 PID: 20646 Comm: syz.6.5517 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1130.217136][T20646] Tainted: [L]=SOFTLOCKUP
[ 1130.217143][T20646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1130.217162][T20646] Call Trace:
[ 1130.217171][T20646]  <TASK>
[ 1130.217179][T20646]  dump_stack_lvl+0xe8/0x150
[ 1130.217208][T20646]  should_fail_ex+0x46b/0x600
[ 1130.217241][T20646]  should_failslab+0xa8/0x100
[ 1130.217268][T20646]  __kmalloc_cache_noprof+0x84/0x690
[ 1130.217294][T20646]  ? alloc_pipe_info+0xe8/0x4d0
[ 1130.217325][T20646]  alloc_pipe_info+0xe8/0x4d0
[ 1130.217356][T20646]  splice_direct_to_actor+0xa19/0xc80
[ 1130.217387][T20646]  ? kstrtouint+0x6e/0xe0
[ 1130.217416][T20646]  ? __pfx_direct_splice_actor+0x10/0x10
[ 1130.217442][T20646]  ? __pfx_aa_file_perm+0x10/0x10
[ 1130.217467][T20646]  ? __lock_acquire+0x6b5/0x2d10
[ 1130.217488][T20646]  ? __pfx_splice_direct_to_actor+0x10/0x10
[ 1130.217520][T20646]  do_splice_direct+0x19b/0x2a0
[ 1130.217547][T20646]  ? __pfx_do_splice_direct+0x10/0x10
[ 1130.217582][T20646]  ? __pfx_direct_file_splice_eof+0x10/0x10
[ 1130.217614][T20646]  ? rw_verify_area+0x25b/0x4e0
[ 1130.217643][T20646]  do_sendfile+0x547/0x7e0
[ 1130.217663][T20646]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1130.217695][T20646]  ? __pfx_do_sendfile+0x10/0x10
[ 1130.217724][T20646]  __se_sys_sendfile64+0x144/0x1a0
[ 1130.217744][T20646]  ? __pfx___se_sys_sendfile64+0x10/0x10
[ 1130.217768][T20646]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1130.217789][T20646]  do_syscall_64+0x174/0x580
[ 1130.217815][T20646]  ? trace_irq_disable+0x3b/0x140
[ 1130.217837][T20646]  ? clear_bhb_loop+0x40/0x90
[ 1130.217862][T20646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1130.217881][T20646] RIP: 0033:0x7f117c3ace59
[ 1130.217899][T20646] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1130.217917][T20646] RSP: 002b:00007f117a5dd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 1130.217939][T20646] RAX: ffffffffffffffda RBX: 00007f117c626090 RCX: 00007f117c3ace59
[ 1130.217954][T20646] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003
[ 1130.217966][T20646] RBP: 00007f117a5dd090 R08: 0000000000000000 R09: 0000000000000000
[ 1130.217979][T20646] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000001
[ 1130.217991][T20646] R13: 00007f117c626128 R14: 00007f117c626090 R15: 00007ffcfe91a168
[ 1130.218021][T20646]  </TASK>
[ 1130.465582][ T5714] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1130.642955][ T5714] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1130.642977][ T5714] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1130.647549][ T5714] usb 9-1: config 0 descriptor??
[ 1130.710544][ T9631] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1130.712467][ T5714] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1131.115171][ T5714] cpia1 9-1:0.0: unexpected state after lo power cmd: 00
[ 1131.539777][T20645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1131.542857][T20645] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1131.861905][ T5714] gspca_cpia1: usb_control_msg 05, error -71
[ 1131.861940][ T5714] cpia1 9-1:0.0: unexpected systemstate: 00
[ 1131.866836][ T5714] usb 9-1: USB disconnect, device number 6
[ 1132.987078][ T9631] Bluetooth: hci0: Malformed HCI Event: 0x22
[ 1133.246206][T20686] FAULT_INJECTION: forcing a failure.
[ 1133.246206][T20686] name failslab, interval 1, probability 0, space 0, times 0
[ 1133.246232][T20686] CPU: 0 UID: 0 PID: 20686 Comm: syz.7.5530 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1133.246248][T20686] Tainted: [L]=SOFTLOCKUP
[ 1133.246252][T20686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1133.246259][T20686] Call Trace:
[ 1133.246264][T20686]  <TASK>
[ 1133.246269][T20686]  dump_stack_lvl+0xe8/0x150
[ 1133.246287][T20686]  should_fail_ex+0x46b/0x600
[ 1133.246305][T20686]  should_failslab+0xa8/0x100
[ 1133.246320][T20686]  __kmalloc_noprof+0xdf/0x7b0
[ 1133.246333][T20686]  ? kfree+0x4d/0x6c0
[ 1133.246343][T20686]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1133.246366][T20686]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1133.246388][T20686]  ? tomoyo_domain+0xd7/0x130
[ 1133.246414][T20686]  ? tomoyo_path_number_perm+0x219/0x630
[ 1133.246442][T20686]  tomoyo_path_number_perm+0x246/0x630
[ 1133.246473][T20686]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1133.246492][T20686]  ? __lock_acquire+0x6b5/0x2d10
[ 1133.246507][T20686]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1133.246533][T20686]  ? __fget_files+0x2a/0x420
[ 1133.246547][T20686]  ? __fget_files+0x2a/0x420
[ 1133.246559][T20686]  ? __fget_files+0x3a6/0x420
[ 1133.246570][T20686]  ? __fget_files+0x2a/0x420
[ 1133.246583][T20686]  security_file_ioctl+0xc3/0x2a0
[ 1133.246600][T20686]  __se_sys_ioctl+0x47/0x170
[ 1133.246616][T20686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1133.246627][T20686]  do_syscall_64+0x174/0x580
[ 1133.246643][T20686]  ? trace_irq_disable+0x3b/0x140
[ 1133.246655][T20686]  ? clear_bhb_loop+0x40/0x90
[ 1133.246668][T20686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1133.246679][T20686] RIP: 0033:0x7f148241ce59
[ 1133.246690][T20686] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1133.246700][T20686] RSP: 002b:00007f148064d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1133.246712][T20686] RAX: ffffffffffffffda RBX: 00007f1482696090 RCX: 00007f148241ce59
[ 1133.246719][T20686] RDX: 00002000000003c0 RSI: 0000000040107446 RDI: 0000000000000004
[ 1133.246726][T20686] RBP: 00007f148064d090 R08: 0000000000000000 R09: 0000000000000000
[ 1133.246733][T20686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1133.246739][T20686] R13: 00007f1482696128 R14: 00007f1482696090 R15: 00007fff69a86078
[ 1133.246755][T20686]  </TASK>
[ 1133.246760][T20686] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1133.425696][   T12] hsr_slave_0: left promiscuous mode
[ 1133.474612][   T12] hsr_slave_1: left promiscuous mode
[ 1133.476039][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1133.476065][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1133.529761][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1133.529789][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1133.629151][   T12] veth1_macvtap: left promiscuous mode
[ 1133.629265][   T12] veth0_macvtap: left promiscuous mode
[ 1133.638727][   T12] veth1_vlan: left promiscuous mode
[ 1133.644240][   T12] veth0_vlan: left promiscuous mode
[ 1134.526239][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1134.566727][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1135.810191][ T9631] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1136.264542][T20717] FAULT_INJECTION: forcing a failure.
[ 1136.264542][T20717] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1136.264584][T20717] CPU: 1 UID: 0 PID: 20717 Comm: syz.7.5538 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1136.264612][T20717] Tainted: [L]=SOFTLOCKUP
[ 1136.264628][T20717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1136.264640][T20717] Call Trace:
[ 1136.264648][T20717]  <TASK>
[ 1136.264658][T20717]  dump_stack_lvl+0xe8/0x150
[ 1136.264690][T20717]  should_fail_ex+0x46b/0x600
[ 1136.264734][T20717]  _copy_from_user+0x2d/0xb0
[ 1136.264759][T20717]  __sys_sendto+0x296/0x590
[ 1136.264794][T20717]  ? __pfx___sys_sendto+0x10/0x10
[ 1136.264843][T20717]  ? ksys_write+0x248/0x270
[ 1136.264873][T20717]  ? __pfx_ksys_write+0x10/0x10
[ 1136.264904][T20717]  __x64_sys_sendto+0xde/0x100
[ 1136.264931][T20717]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1136.264953][T20717]  do_syscall_64+0x174/0x580
[ 1136.264981][T20717]  ? trace_irq_disable+0x3b/0x140
[ 1136.265004][T20717]  ? clear_bhb_loop+0x40/0x90
[ 1136.265028][T20717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1136.265048][T20717] RIP: 0033:0x7f148241ce59
[ 1136.265067][T20717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1136.265085][T20717] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1136.265107][T20717] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1136.265122][T20717] RDX: 000000000001a000 RSI: 0000200000847fff RDI: 0000000000000003
[ 1136.265136][T20717] RBP: 00007f148066e090 R08: 000020000005ffe4 R09: 000000000000001c
[ 1136.265147][T20717] R10: 00000000200040e0 R11: 0000000000000246 R12: 0000000000000001
[ 1136.265159][T20717] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1136.265190][T20717]  </TASK>
[ 1137.448177][T20736] FAULT_INJECTION: forcing a failure.
[ 1137.448177][T20736] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1137.448211][T20736] CPU: 1 UID: 0 PID: 20736 Comm: syz.8.5542 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1137.448232][T20736] Tainted: [L]=SOFTLOCKUP
[ 1137.448238][T20736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1137.448247][T20736] Call Trace:
[ 1137.448253][T20736]  <TASK>
[ 1137.448260][T20736]  dump_stack_lvl+0xe8/0x150
[ 1137.448288][T20736]  should_fail_ex+0x46b/0x600
[ 1137.448319][T20736]  _copy_from_user+0x2d/0xb0
[ 1137.448339][T20736]  quota_setquota+0x153/0x590
[ 1137.448365][T20736]  ? __pfx_quota_setquota+0x10/0x10
[ 1137.448404][T20736]  ? do_quotactl+0x732/0x860
[ 1137.448431][T20736]  __se_sys_quotactl_fd+0x278/0x410
[ 1137.448454][T20736]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1137.448472][T20736]  do_syscall_64+0x174/0x580
[ 1137.448496][T20736]  ? trace_irq_disable+0x3b/0x140
[ 1137.448516][T20736]  ? clear_bhb_loop+0x40/0x90
[ 1137.448539][T20736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1137.448556][T20736] RIP: 0033:0x7faa4aa9ce59
[ 1137.448574][T20736] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1137.448588][T20736] RSP: 002b:00007faa48cf6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001bb
[ 1137.448606][T20736] RAX: ffffffffffffffda RBX: 00007faa4ad15fa0 RCX: 00007faa4aa9ce59
[ 1137.448617][T20736] RDX: 0000000000000000 RSI: ffffffff80000800 RDI: 0000000000000003
[ 1137.448628][T20736] RBP: 00007faa48cf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1137.448642][T20736] R10: 0000200000000340 R11: 0000000000000246 R12: 0000000000000001
[ 1137.448654][T20736] R13: 00007faa4ad16038 R14: 00007faa4ad15fa0 R15: 00007ffea00eec48
[ 1137.448679][T20736]  </TASK>
[ 1137.515794][ T5714] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1137.666970][ T5714] usb 8-1: Using ep0 maxpacket: 8
[ 1137.711492][ T5714] usb 8-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1137.711511][ T5714] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1137.711522][ T5714] usb 8-1: Product: syz
[ 1137.711530][ T5714] usb 8-1: Manufacturer: syz
[ 1137.711538][ T5714] usb 8-1: SerialNumber: syz
[ 1137.721623][ T5714] usb 8-1: config 0 descriptor??
[ 1137.785902][ T5714] gspca_main: se401-2.14.0 probing 047d:5003
[ 1137.813167][T20740] netlink: 5364 bytes leftover after parsing attributes in process `syz.6.5543'.
[ 1137.814239][T20740] netlink: 5364 bytes leftover after parsing attributes in process `syz.6.5543'.
[ 1137.928577][T20740] pvfs2: Unknown parameter 'usrquota-�p'
[ 1138.441500][ T5714] input: se401 as /devices/platform/dummy_hcd.7/usb8/8-1/input/input82
[ 1138.486408][ T9631] Bluetooth: hci6: Malformed HCI Event: 0x22
[ 1138.643721][   T32] usb 8-1: USB disconnect, device number 15
[ 1139.570264][T20773] FAULT_INJECTION: forcing a failure.
[ 1139.570264][T20773] name failslab, interval 1, probability 0, space 0, times 0
[ 1139.570294][T20773] CPU: 0 UID: 0 PID: 20773 Comm: syz.6.5548 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1139.570315][T20773] Tainted: [L]=SOFTLOCKUP
[ 1139.570320][T20773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1139.570329][T20773] Call Trace:
[ 1139.570335][T20773]  <TASK>
[ 1139.570342][T20773]  dump_stack_lvl+0xe8/0x150
[ 1139.570366][T20773]  should_fail_ex+0x46b/0x600
[ 1139.570391][T20773]  should_failslab+0xa8/0x100
[ 1139.570413][T20773]  __kmalloc_cache_noprof+0x84/0x690
[ 1139.570433][T20773]  ? pagemap_read+0x284/0x7d0
[ 1139.570451][T20773]  pagemap_read+0x284/0x7d0
[ 1139.570467][T20773]  ? __lock_acquire+0x6b5/0x2d10
[ 1139.570488][T20773]  ? __pfx_pagemap_read+0x10/0x10
[ 1139.570508][T20773]  ? rw_verify_area+0x2ac/0x4e0
[ 1139.570528][T20773]  ? __pfx_pagemap_read+0x10/0x10
[ 1139.570545][T20773]  vfs_read+0x212/0xa80
[ 1139.570573][T20773]  ? __pfx_vfs_read+0x10/0x10
[ 1139.570596][T20773]  ? __fget_files+0x2a/0x420
[ 1139.570615][T20773]  ? __fget_files+0x2a/0x420
[ 1139.570629][T20773]  ? __fget_files+0x3a6/0x420
[ 1139.570644][T20773]  ? __fget_files+0x2a/0x420
[ 1139.570665][T20773]  __x64_sys_pread64+0x19c/0x230
[ 1139.570688][T20773]  ? __pfx___x64_sys_pread64+0x10/0x10
[ 1139.570714][T20773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1139.570730][T20773]  do_syscall_64+0x174/0x580
[ 1139.570752][T20773]  ? trace_irq_disable+0x3b/0x140
[ 1139.570774][T20773]  ? clear_bhb_loop+0x40/0x90
[ 1139.570793][T20773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1139.570809][T20773] RIP: 0033:0x7f117c3ace59
[ 1139.570824][T20773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1139.570837][T20773] RSP: 002b:00007f117a5fe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011
[ 1139.570855][T20773] RAX: ffffffffffffffda RBX: 00007f117c625fa0 RCX: 00007f117c3ace59
[ 1139.570867][T20773] RDX: 0000000000019000 RSI: 0000200000000200 RDI: 0000000000000003
[ 1139.570878][T20773] RBP: 00007f117a5fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1139.570887][T20773] R10: 0000001000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1139.570897][T20773] R13: 00007f117c626038 R14: 00007f117c625fa0 R15: 00007ffcfe91a168
[ 1139.570921][T20773]  </TASK>
[ 1139.683554][T20775] nfs: Bad value for 'source'
[ 1141.365311][T20806] FAULT_INJECTION: forcing a failure.
[ 1141.365311][T20806] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1141.365345][T20806] CPU: 1 UID: 0 PID: 20806 Comm: syz.7.5552 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1141.365372][T20806] Tainted: [L]=SOFTLOCKUP
[ 1141.365380][T20806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1141.365390][T20806] Call Trace:
[ 1141.365398][T20806]  <TASK>
[ 1141.365406][T20806]  dump_stack_lvl+0xe8/0x150
[ 1141.365434][T20806]  should_fail_ex+0x46b/0x600
[ 1141.365465][T20806]  _copy_from_user+0x2d/0xb0
[ 1141.365487][T20806]  hci_sock_setsockopt+0x494/0xad0
[ 1141.365507][T20806]  ? __fget_files+0x2a/0x420
[ 1141.365532][T20806]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1141.365550][T20806]  ? __pfx_hci_sock_setsockopt+0x10/0x10
[ 1141.365572][T20806]  ? aa_sock_opt_perm+0x131/0x1f0
[ 1141.365596][T20806]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1141.365620][T20806]  ? __pfx_hci_sock_setsockopt+0x10/0x10
[ 1141.365643][T20806]  do_sock_setsockopt+0x17c/0x1b0
[ 1141.365676][T20806]  __x64_sys_setsockopt+0x143/0x1b0
[ 1141.365705][T20806]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1141.365726][T20806]  do_syscall_64+0x174/0x580
[ 1141.365754][T20806]  ? clear_bhb_loop+0x40/0x90
[ 1141.365778][T20806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1141.365797][T20806] RIP: 0033:0x7f148241ce59
[ 1141.365815][T20806] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1141.365831][T20806] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1141.365852][T20806] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1141.365867][T20806] RDX: 000000000000000d RSI: 0000000000000112 RDI: 0000000000000004
[ 1141.365879][T20806] RBP: 00007f148066e090 R08: 0000000000000002 R09: 0000000000000000
[ 1141.365891][T20806] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[ 1141.365903][T20806] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1141.365933][T20806]  </TASK>
[ 1141.617486][ T5801] usb 7-1: new high-speed USB device number 80 using dummy_hcd
[ 1141.652531][T20379] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1141.701158][ T9631] Bluetooth: hci6: Malformed HCI Event: 0x22
[ 1141.743218][T20379] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1141.775306][ T5801] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 12
[ 1141.775357][ T5801] usb 7-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00
[ 1141.775382][ T5801] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1141.809887][ T5801] usb 7-1: config 0 descriptor??
[ 1141.856670][T20379] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1142.142808][T20379] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1142.222059][T20379] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1142.357627][T20379] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1142.384875][T20379] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1142.421991][ T5801] hid_parser_main: 29 callbacks suppressed
[ 1142.422016][ T5801] sony 0003:1345:3008.0017: unknown main item tag 0x3
[ 1142.422051][ T5801] sony 0003:1345:3008.0017: unknown main item tag 0x0
[ 1142.422077][ T5801] sony 0003:1345:3008.0017: unknown main item tag 0x0
[ 1142.422103][ T5801] sony 0003:1345:3008.0017: unknown main item tag 0x0
[ 1142.422130][ T5801] sony 0003:1345:3008.0017: unknown main item tag 0x0
[ 1142.422154][ T5801] sony 0003:1345:3008.0017: unknown main item tag 0x0
[ 1142.422192][ T5801] sony 0003:1345:3008.0017: unknown main item tag 0x0
[ 1142.422345][ T5801] sony 0003:1345:3008.0017: unknown main item tag 0x0
[ 1142.537203][T20379] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1142.680544][ T5801] sony 0003:1345:3008.0017: hiddev0,hidraw0: USB HID v80.05 Device [HID 1345:3008] on usb-dummy_hcd.6-1/input0
[ 1142.680580][ T5801] sony 0003:1345:3008.0017: failed to claim input
[ 1142.951053][ T5801] usb 7-1: USB disconnect, device number 80
[ 1143.163211][T20854] tipc: Started in network mode
[ 1143.163241][T20854] tipc: Node identity ac1414aa, cluster identity 4711
[ 1143.265353][T20854] tipc: Enabled bearer <udp:s>, priority 15
[ 1143.503730][ T9631] Bluetooth: hci6: Malformed HCI Event: 0x22
[ 1143.909848][T20379] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1144.060258][T20884] FAULT_INJECTION: forcing a failure.
[ 1144.060258][T20884] name failslab, interval 1, probability 0, space 0, times 0
[ 1144.060288][T20884] CPU: 1 UID: 0 PID: 20884 Comm: syz.8.5568 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1144.060309][T20884] Tainted: [L]=SOFTLOCKUP
[ 1144.060315][T20884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1144.060323][T20884] Call Trace:
[ 1144.060329][T20884]  <TASK>
[ 1144.060336][T20884]  dump_stack_lvl+0xe8/0x150
[ 1144.060359][T20884]  should_fail_ex+0x46b/0x600
[ 1144.060385][T20884]  should_failslab+0xa8/0x100
[ 1144.060406][T20884]  __kmalloc_noprof+0xdf/0x7b0
[ 1144.060423][T20884]  ? kfree+0x4d/0x6c0
[ 1144.060436][T20884]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1144.060458][T20884]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1144.060476][T20884]  ? tomoyo_domain+0xd7/0x130
[ 1144.060497][T20884]  ? tomoyo_path_number_perm+0x219/0x630
[ 1144.060519][T20884]  tomoyo_path_number_perm+0x246/0x630
[ 1144.060542][T20884]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1144.060562][T20884]  ? __lock_acquire+0x6b5/0x2d10
[ 1144.060581][T20884]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1144.060618][T20884]  ? __fget_files+0x2a/0x420
[ 1144.060638][T20884]  ? __fget_files+0x2a/0x420
[ 1144.060653][T20884]  ? __fget_files+0x3a6/0x420
[ 1144.060668][T20884]  ? __fget_files+0x2a/0x420
[ 1144.060686][T20884]  security_file_ioctl+0xc3/0x2a0
[ 1144.060708][T20884]  __se_sys_ioctl+0x47/0x170
[ 1144.060730][T20884]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1144.060747][T20884]  do_syscall_64+0x174/0x580
[ 1144.060768][T20884]  ? trace_irq_disable+0x3b/0x140
[ 1144.060784][T20884]  ? clear_bhb_loop+0x40/0x90
[ 1144.060802][T20884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1144.060816][T20884] RIP: 0033:0x7faa4aa9ce59
[ 1144.060830][T20884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1144.060842][T20884] RSP: 002b:00007faa48cf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1144.060858][T20884] RAX: ffffffffffffffda RBX: 00007faa4ad15fa0 RCX: 00007faa4aa9ce59
[ 1144.060868][T20884] RDX: 0000000000000000 RSI: 0000000000002284 RDI: 0000000000000003
[ 1144.060877][T20884] RBP: 00007faa48cf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1144.060886][T20884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1144.060895][T20884] R13: 00007faa4ad16038 R14: 00007faa4ad15fa0 R15: 00007ffea00eec48
[ 1144.060918][T20884]  </TASK>
[ 1144.060924][T20884] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1144.122226][T20379] 8021q: adding VLAN 0 to HW filter on device team0
[ 1144.169477][   T74] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1144.170342][   T74] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1144.360967][ T1315] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1144.361120][ T1315] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1144.394582][ T5714] tipc: Node number set to 2886997162
[ 1144.491786][T20892] batadv_slave_1: entered promiscuous mode
[ 1144.512735][T20890] batadv_slave_1: left promiscuous mode
[ 1144.934082][T20905] FAULT_INJECTION: forcing a failure.
[ 1144.934082][T20905] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1144.934119][T20905] CPU: 1 UID: 0 PID: 20905 Comm: syz.6.5572 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1144.934145][T20905] Tainted: [L]=SOFTLOCKUP
[ 1144.934152][T20905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1144.934164][T20905] Call Trace:
[ 1144.934172][T20905]  <TASK>
[ 1144.934181][T20905]  dump_stack_lvl+0xe8/0x150
[ 1144.934210][T20905]  should_fail_ex+0x46b/0x600
[ 1144.934243][T20905]  _copy_from_user+0x2d/0xb0
[ 1144.934265][T20905]  ___sys_sendmsg+0x1c6/0x360
[ 1144.934290][T20905]  ? __lock_acquire+0x6b5/0x2d10
[ 1144.934315][T20905]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1144.934370][T20905]  ? __fget_files+0x2a/0x420
[ 1144.934392][T20905]  ? __fget_files+0x3a6/0x420
[ 1144.934424][T20905]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1144.934455][T20905]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1144.934494][T20905]  ? __pfx_ksys_write+0x10/0x10
[ 1144.934530][T20905]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1144.934551][T20905]  do_syscall_64+0x174/0x580
[ 1144.934575][T20905]  ? trace_irq_disable+0x3b/0x140
[ 1144.934596][T20905]  ? clear_bhb_loop+0x40/0x90
[ 1144.934620][T20905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1144.934644][T20905] RIP: 0033:0x7f117c3ace59
[ 1144.934661][T20905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1144.934678][T20905] RSP: 002b:00007f117a5fe028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1144.934700][T20905] RAX: ffffffffffffffda RBX: 00007f117c625fa0 RCX: 00007f117c3ace59
[ 1144.934715][T20905] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[ 1144.934728][T20905] RBP: 00007f117a5fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1144.934741][T20905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1144.934754][T20905] R13: 00007f117c626038 R14: 00007f117c625fa0 R15: 00007ffcfe91a168
[ 1144.934782][T20905]  </TASK>
[ 1145.036025][ T5613] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1145.221640][ T5613] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1145.221668][ T5613] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1145.226148][ T5613] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1145.226177][ T5613] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1145.226198][ T5613] usb 9-1: SerialNumber: syz
[ 1145.500583][ T5613] usb 9-1: 0:2 : does not exist
[ 1145.681847][ T9631] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1145.722632][ T5613] usb 9-1: USB disconnect, device number 7
[ 1145.870807][T16084] udevd[16084]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1146.091713][T20379] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1146.343945][T20379] veth0_vlan: entered promiscuous mode
[ 1146.455024][T20379] veth1_vlan: entered promiscuous mode
[ 1146.762519][T20379] veth0_macvtap: entered promiscuous mode
[ 1146.790510][T20379] veth1_macvtap: entered promiscuous mode
[ 1146.898379][T20379] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1146.938275][T20379] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1147.042963][T17126] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1147.043837][T17126] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1147.044380][T17126] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1147.045135][T17126] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1147.379280][T17142] usb 7-1: new full-speed USB device number 81 using dummy_hcd
[ 1147.590612][T17142] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1147.590640][T17142] usb 7-1: config 0 has no interfaces?
[ 1147.615186][T17142] usb 7-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1147.615218][T17142] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1147.615238][T17142] usb 7-1: Product: syz
[ 1147.615252][T17142] usb 7-1: Manufacturer: syz
[ 1147.615266][T17142] usb 7-1: SerialNumber: syz
[ 1147.654428][T17142] usb 7-1: config 0 descriptor??
[ 1147.913162][   T32] usb 7-1: USB disconnect, device number 81
[ 1147.945761][ T5712] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[ 1148.155724][ T5712] usb 8-1: Using ep0 maxpacket: 8
[ 1148.235078][ T5712] usb 8-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1148.235098][ T5712] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1148.235109][ T5712] usb 8-1: Product: syz
[ 1148.235117][ T5712] usb 8-1: Manufacturer: syz
[ 1148.235124][ T5712] usb 8-1: SerialNumber: syz
[ 1148.270844][ T5712] usb 8-1: config 0 descriptor??
[ 1148.466421][ T5712] gspca_main: se401-2.14.0 probing 047d:5003
[ 1148.915702][ T5714] usb 7-1: new full-speed USB device number 82 using dummy_hcd
[ 1149.071928][ T5714] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[ 1149.071956][ T5714] usb 7-1: config 0 has no interface number 0
[ 1149.072000][ T5714] usb 7-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F
[ 1149.072028][ T5714] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 31091, setting to 64
[ 1149.073453][T21004] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1149.073471][T21004] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1149.084710][ T5712] input: se401 as /devices/platform/dummy_hcd.7/usb8/8-1/input/input83
[ 1149.092161][ T5714] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1149.092191][ T5714] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1149.092220][ T5714] usb 7-1: Product: syz
[ 1149.092236][ T5714] usb 7-1: SerialNumber: syz
[ 1149.251685][ T5714] usb 7-1: config 0 descriptor??
[ 1149.287828][T20965] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1149.301561][ T5712] usb 8-1: USB disconnect, device number 16
[ 1149.358150][ T5714] cm109 7-1:0.8: invalid payload size 64, expected 4
[ 1149.361025][ T5714] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input84
[ 1149.503756][T21010] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1149.503778][T21010] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1150.344000][T21016] hfs: can't find a HFS filesystem on dev nbd8
[ 1150.498092][ T5712] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[ 1150.665598][ T5712] usb 8-1: Using ep0 maxpacket: 8
[ 1150.675764][ T5712] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1150.677304][ T5712] usb 8-1: config index 0 descriptor too short (expected 57, got 27)
[ 1150.677328][ T5712] usb 8-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1150.690887][ T5712] usb 8-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[ 1150.690916][ T5712] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1150.690936][ T5712] usb 8-1: Product: syz
[ 1150.690951][ T5712] usb 8-1: Manufacturer: syz
[ 1150.690966][ T5712] usb 8-1: SerialNumber: syz
[ 1150.942487][ T5714] usb 8-1: USB disconnect, device number 17
[ 1150.994540][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.007841][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.008750][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.008996][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.009226][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.009452][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.009676][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.009903][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.010128][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.010348][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1151.021858][ T5691] usb 7-1: USB disconnect, device number 82
[ 1151.021864][    C0] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1151.134322][ T5691] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1151.615001][T21039] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5594'.
[ 1151.645633][ T5714] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[ 1151.648649][T21039] netlink: 12 bytes leftover after parsing attributes in process `syz.7.5594'.
[ 1151.677652][ T5712] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1151.795760][ T5714] usb 4-1: Using ep0 maxpacket: 8
[ 1151.799500][ T5714] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1151.799571][ T5714] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1151.799601][ T5714] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1151.799633][ T5714] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1151.799664][ T5714] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1151.799708][ T5714] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1151.799729][ T5714] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.849965][ T5712] usb 9-1: Using ep0 maxpacket: 8
[ 1151.853013][ T5712] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[ 1151.853079][ T5712] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1151.853102][ T5712] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1151.853126][ T5712] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1151.853150][ T5712] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1151.853194][ T5712] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1151.853218][ T5712] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1151.915616][ T5691] usb 7-1: new high-speed USB device number 83 using dummy_hcd
[ 1152.161568][ T5691] usb 7-1: Using ep0 maxpacket: 8
[ 1152.177684][ T5691] usb 7-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1152.177718][ T5691] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1152.177789][ T5691] usb 7-1: Product: syz
[ 1152.177804][ T5691] usb 7-1: Manufacturer: syz
[ 1152.177819][ T5691] usb 7-1: SerialNumber: syz
[ 1152.186910][ T5691] usb 7-1: config 0 descriptor??
[ 1152.197203][ T5691] gspca_main: se401-2.14.0 probing 047d:5003
[ 1152.213493][ T5712] usb 9-1: usb_control_msg returned -32
[ 1152.213598][ T5712] usbtmc 9-1:16.0: can't read capabilities
[ 1152.248254][ T5714] usb 4-1: usb_control_msg returned -32
[ 1152.248301][ T5714] usbtmc 4-1:16.0: can't read capabilities
[ 1152.850630][T21052] FAULT_INJECTION: forcing a failure.
[ 1152.850630][T21052] name failslab, interval 1, probability 0, space 0, times 0
[ 1152.850655][T21052] CPU: 1 UID: 0 PID: 21052 Comm: syz.7.5597 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1152.850671][T21052] Tainted: [L]=SOFTLOCKUP
[ 1152.850676][T21052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1152.850683][T21052] Call Trace:
[ 1152.850688][T21052]  <TASK>
[ 1152.850693][T21052]  dump_stack_lvl+0xe8/0x150
[ 1152.850711][T21052]  should_fail_ex+0x46b/0x600
[ 1152.850731][T21052]  should_failslab+0xa8/0x100
[ 1152.850746][T21052]  kmem_cache_alloc_node_noprof+0x8f/0x6e0
[ 1152.850760][T21052]  ? __alloc_skb+0x1d0/0x7d0
[ 1152.850773][T21052]  ? __pfx_tcp_current_mss+0x10/0x10
[ 1152.850797][T21052]  __alloc_skb+0x1d0/0x7d0
[ 1152.850814][T21052]  tcp_stream_alloc_skb+0x3f/0x5c0
[ 1152.850831][T21052]  tcp_sendmsg_locked+0x134b/0x5370
[ 1152.850871][T21052]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 1152.850895][T21052]  ? __local_bh_enable_ip+0x1ae/0x2b0
[ 1152.850915][T21052]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1152.850939][T21052]  tcp_sendmsg+0x2f/0x50
[ 1152.850954][T21052]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1152.850967][T21052]  sock_sendmsg_nosec+0x10e/0x180
[ 1152.850982][T21052]  __sys_sendto+0x402/0x590
[ 1152.850999][T21052]  ? __pfx___sys_sendto+0x10/0x10
[ 1152.851025][T21052]  ? ksys_write+0x248/0x270
[ 1152.851043][T21052]  ? __pfx_ksys_write+0x10/0x10
[ 1152.851059][T21052]  __x64_sys_sendto+0xde/0x100
[ 1152.851074][T21052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.851085][T21052]  do_syscall_64+0x174/0x580
[ 1152.851100][T21052]  ? trace_irq_disable+0x3b/0x140
[ 1152.851113][T21052]  ? clear_bhb_loop+0x40/0x90
[ 1152.851126][T21052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.851137][T21052] RIP: 0033:0x7f148241ce59
[ 1152.851148][T21052] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1152.851157][T21052] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1152.851170][T21052] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1152.851178][T21052] RDX: ffffffffffffff94 RSI: 0000200000000000 RDI: 0000000000000003
[ 1152.851185][T21052] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1152.851191][T21052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.851198][T21052] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1152.851214][T21052]  </TASK>
[ 1152.926038][T21054] usbtmc 9-1:16.0: usb_control_msg returned -32
[ 1152.975891][T21055] FAULT_INJECTION: forcing a failure.
[ 1152.975891][T21055] name failslab, interval 1, probability 0, space 0, times 0
[ 1152.975927][T21055] CPU: 1 UID: 0 PID: 21055 Comm: syz.3.5593 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1152.975953][T21055] Tainted: [L]=SOFTLOCKUP
[ 1152.975961][T21055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1152.975973][T21055] Call Trace:
[ 1152.975980][T21055]  <TASK>
[ 1152.975996][T21055]  dump_stack_lvl+0xe8/0x150
[ 1152.976025][T21055]  should_fail_ex+0x46b/0x600
[ 1152.976059][T21055]  should_failslab+0xa8/0x100
[ 1152.976085][T21055]  __kmalloc_noprof+0xdf/0x7b0
[ 1152.976106][T21055]  ? kfree+0x4d/0x6c0
[ 1152.976126][T21055]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1152.976154][T21055]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1152.976177][T21055]  ? tomoyo_domain+0xd7/0x130
[ 1152.976208][T21055]  ? tomoyo_path_number_perm+0x219/0x630
[ 1152.976237][T21055]  tomoyo_path_number_perm+0x246/0x630
[ 1152.976267][T21055]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1152.976294][T21055]  ? __lock_acquire+0x6b5/0x2d10
[ 1152.976318][T21055]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1152.976367][T21055]  ? __fget_files+0x2a/0x420
[ 1152.976391][T21055]  ? __fget_files+0x2a/0x420
[ 1152.976411][T21055]  ? __fget_files+0x3a6/0x420
[ 1152.976431][T21055]  ? __fget_files+0x2a/0x420
[ 1152.976456][T21055]  security_file_ioctl+0xc3/0x2a0
[ 1152.976484][T21055]  __se_sys_ioctl+0x47/0x170
[ 1152.976511][T21055]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.976531][T21055]  do_syscall_64+0x174/0x580
[ 1152.976558][T21055]  ? trace_irq_disable+0x3b/0x140
[ 1152.976579][T21055]  ? clear_bhb_loop+0x40/0x90
[ 1152.976602][T21055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.976620][T21055] RIP: 0033:0x7fa8372fce59
[ 1152.976638][T21055] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1152.976655][T21055] RSP: 002b:00007fa835514028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1152.976675][T21055] RAX: ffffffffffffffda RBX: 00007fa837576180 RCX: 00007fa8372fce59
[ 1152.976690][T21055] RDX: 0000000000000000 RSI: 0000000000005b02 RDI: 0000000000000004
[ 1152.976702][T21055] RBP: 00007fa835514090 R08: 0000000000000000 R09: 0000000000000000
[ 1152.976713][T21055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.976725][T21055] R13: 00007fa837576218 R14: 00007fa837576180 R15: 00007ffef17c4b88
[ 1152.976754][T21055]  </TASK>
[ 1152.978041][T21055] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1153.681988][T21053] syz.7.5597 (21053) used greatest stack depth: 16896 bytes left
[ 1154.147286][ T5691] gspca_se401: read req failed req 0x06 error -19
[ 1154.174066][ T5691] usb 7-1: USB disconnect, device number 83
[ 1154.289821][ T5714] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[ 1154.435643][ T5714] usb 8-1: Using ep0 maxpacket: 16
[ 1154.440881][ T5714] usb 8-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[ 1154.440912][ T5714] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1154.440932][ T5714] usb 8-1: Product: syz
[ 1154.440946][ T5714] usb 8-1: Manufacturer: syz
[ 1154.440960][ T5714] usb 8-1: SerialNumber: syz
[ 1154.498272][ T5714] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[ 1154.753175][ T5714] snd-usb-audio 8-1:222.0: probe with driver snd-usb-audio failed with error -2
[ 1154.813428][T16084] udevd[16084]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1155.458641][ T5691] usb 8-1: USB disconnect, device number 18
[ 1155.675675][ T5801] usb 7-1: new high-speed USB device number 84 using dummy_hcd
[ 1155.827603][ T5801] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1155.827630][ T5801] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1155.828781][ T5801] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1155.828809][ T5801] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1155.828829][ T5801] usb 7-1: SerialNumber: syz
[ 1155.855660][ T5691] usb 8-1: new full-speed USB device number 19 using dummy_hcd
[ 1156.044925][ T5801] usb 7-1: 0:2 : does not exist
[ 1156.054509][ T5691] usb 8-1: config 0 has an invalid interface number: 41 but max is 0
[ 1156.054539][ T5691] usb 8-1: config 0 has no interface number 0
[ 1156.054638][ T5691] usb 8-1: config 0 interface 41 has no altsetting 0
[ 1156.060869][ T5691] usb 8-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[ 1156.060901][ T5691] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1156.060920][ T5691] usb 8-1: Product: syz
[ 1156.060935][ T5691] usb 8-1: Manufacturer: syz
[ 1156.060949][ T5691] usb 8-1: SerialNumber: syz
[ 1156.076250][ T5691] usb 8-1: config 0 descriptor??
[ 1156.184624][ T5801] usb 7-1: USB disconnect, device number 84
[ 1156.248564][T16084] udevd[16084]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1156.744595][ T5691] CoreChips 8-1:0.41: probe with driver CoreChips failed with error -71
[ 1156.763111][ T5691] usb 8-1: USB disconnect, device number 19
[ 1156.785766][T16210] udevd[16210]: setting owner of /dev/bus/usb/008/019 to uid=0, gid=0 failed: No such file or directory
[ 1157.434884][ T9631] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1158.037604][ T5714] usb 7-1: new high-speed USB device number 85 using dummy_hcd
[ 1158.074775][T21055] usbtmc 9-1:16.0: usb_control_msg returned -110
[ 1158.092216][ T5712] usb 9-1: USB disconnect, device number 8
[ 1158.171599][  T822] usb 4-1: USB disconnect, device number 19
[ 1158.195705][ T5714] usb 7-1: Using ep0 maxpacket: 32
[ 1158.210824][ T5714] usb 7-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 1158.210857][ T5714] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1158.277015][ T5714] usb 7-1: config 0 descriptor??
[ 1158.306862][ T5714] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 1158.639896][T21106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1158.640605][T21106] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1158.721598][T21111] netlink: 'syz.6.5612': attribute type 4 has an invalid length.
[ 1158.814270][T21112] netlink: 'syz.6.5612': attribute type 4 has an invalid length.
[ 1158.831529][ T5714] gspca_sq930x: reg_r 001f failed -110
[ 1158.831621][ T5714] sq930x 7-1:0.0: probe with driver sq930x failed with error -110
[ 1159.355576][ T5712] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1159.532145][ T5712] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1159.532179][ T5712] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1159.534348][ T5712] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1159.534376][ T5712] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1159.534387][ T5712] usb 9-1: SerialNumber: syz
[ 1159.542851][ T9631] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1159.726565][T21124] binder_alloc: 21123: pid 21123 spamming oneway? 1 buffers allocated for a total size of 4096
[ 1159.727288][T21124] binder_alloc: 21123: pid 21123 spamming oneway? 2 buffers allocated for a total size of 5120
[ 1159.818575][ T5712] usb 9-1: 0:2 : does not exist
[ 1159.879613][ T5712] usb 9-1: USB disconnect, device number 9
[ 1159.995190][T16084] udevd[16084]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1160.136846][  T822] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[ 1160.286955][ T5691] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 1160.318036][  T822] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1160.319172][  T822] usb 8-1: config 129 has an invalid interface number: 135 but max is 0
[ 1160.319200][  T822] usb 8-1: config 129 has an invalid interface number: 5 but max is 0
[ 1160.319220][  T822] usb 8-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[ 1160.319243][  T822] usb 8-1: config 129 has no interface number 0
[ 1160.319260][  T822] usb 8-1: config 129 has no interface number 1
[ 1160.319316][  T822] usb 8-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[ 1160.319350][  T822] usb 8-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[ 1160.319372][  T822] usb 8-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[ 1160.319388][  T822] usb 8-1: config 129 interface 135 has no altsetting 0
[ 1160.319398][  T822] usb 8-1: config 129 interface 5 has no altsetting 0
[ 1160.322647][  T822] usb 8-1: string descriptor 0 read error: -22
[ 1160.322796][  T822] usb 8-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[ 1160.322812][  T822] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.487018][  T822] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[ 1160.487076][  T822] usb 8-1: MIDIStreaming interface descriptor not found
[ 1160.546021][ T5691] usb 4-1: Using ep0 maxpacket: 32
[ 1160.559087][ T5691] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[ 1160.559119][ T5691] usb 4-1: config 0 has no interface number 0
[ 1160.559182][ T5691] usb 4-1: config 0 interface 12 has no altsetting 0
[ 1160.563260][ T5691] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1160.563291][ T5691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.563320][ T5691] usb 4-1: Product: syz
[ 1160.563344][ T5691] usb 4-1: Manufacturer: syz
[ 1160.563359][ T5691] usb 4-1: SerialNumber: syz
[ 1160.632087][ T5691] usb 4-1: config 0 descriptor??
[ 1160.898483][T21133] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size
[ 1160.911027][T21127] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5621'.
[ 1160.931970][ T5801] usb 8-1: USB disconnect, device number 20
[ 1160.954576][T12126] usb 7-1: USB disconnect, device number 85
[ 1161.155595][  T822] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1161.315712][  T822] usb 9-1: Using ep0 maxpacket: 8
[ 1161.318274][  T822] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[ 1161.318336][  T822] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1161.318412][  T822] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1161.318438][  T822] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1161.318464][  T822] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1161.318510][  T822] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1161.318561][  T822] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1161.365819][T12126] usb 7-1: new high-speed USB device number 86 using dummy_hcd
[ 1161.549401][T12126] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1161.549436][T12126] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1161.557876][T12126] usb 7-1: config 0 descriptor??
[ 1161.587657][T12126] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1161.618865][  T822] usb 9-1: usb_control_msg returned -32
[ 1161.618965][  T822] usbtmc 9-1:16.0: can't read capabilities
[ 1161.883791][T21135] usbtmc 9-1:16.0: usb_control_msg returned -71
[ 1161.890990][ T5195] usb 9-1: USB disconnect, device number 10
[ 1161.981947][T12126] cpia1 7-1:0.0: unexpected state after lo power cmd: 00
[ 1162.100583][T21135] netlink: 32 bytes leftover after parsing attributes in process `syz.8.5624'.
[ 1162.277154][T21143] C: renamed from lo (while UP)
[ 1162.332008][T21143] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check.
[ 1162.388939][T21137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1162.391988][T21137] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1162.430842][ T9631] Bluetooth: hci5: Malformed HCI Event: 0x22
[ 1162.605777][T12126] gspca_cpia1: usb_control_msg 05, error -71
[ 1162.605793][T12126] cpia1 7-1:0.0: unexpected systemstate: 00
[ 1162.629200][T12126] usb 7-1: USB disconnect, device number 86
[ 1163.008761][T21152] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5630'.
[ 1163.008896][T21152] bridge_slave_1: left allmulticast mode
[ 1163.008919][T21152] bridge_slave_1: left promiscuous mode
[ 1163.043205][T21152] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1163.260978][T21152] bridge_slave_0: left allmulticast mode
[ 1163.261018][T21152] bridge_slave_0: left promiscuous mode
[ 1163.267039][T21152] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1163.500110][T21129] genirq: Flags mismatch irq 4. 00202000 (pcl818) vs. 00202080 (ttyS0)
[ 1163.536221][ T5801] usb 7-1: new high-speed USB device number 87 using dummy_hcd
[ 1163.695528][ T5801] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1163.695555][ T5801] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1163.704145][ T5801] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1163.704173][ T5801] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1163.704248][ T5801] usb 7-1: SerialNumber: syz
[ 1163.773550][T21129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1163.774385][T21129] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1164.001417][ T5691] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[ 1164.001470][ T5691] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[ 1164.001488][ T5691] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1164.001570][ T5691] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[ 1164.058873][ T5801] usb 7-1: 0:2 : does not exist
[ 1164.058967][ T5801] usb 7-1: unit 5: unexpected type 0x09
[ 1164.075470][ T5691] usb 4-1: USB disconnect, device number 20
[ 1164.177911][ T5801] usb 7-1: USB disconnect, device number 87
[ 1164.240942][T16084] udevd[16084]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1164.605817][ T5691] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[ 1164.766914][ T5691] usb 4-1: Using ep0 maxpacket: 8
[ 1164.769253][ T5691] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1164.770498][ T5691] usb 4-1: config 4 has an invalid interface number: 147 but max is 0
[ 1164.770526][ T5691] usb 4-1: config 4 has an invalid descriptor of length 250, skipping remainder of the config
[ 1164.770547][ T5691] usb 4-1: config 4 has no interface number 0
[ 1164.774268][ T5691] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[ 1164.774286][ T5691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.774299][ T5691] usb 4-1: Product: syz
[ 1164.774307][ T5691] usb 4-1: Manufacturer: syz
[ 1164.774315][ T5691] usb 4-1: SerialNumber: syz
[ 1164.925843][  T822] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[ 1165.061601][ T5691] uvcvideo 4-1:4.147: Found multiple Units with ID 6
[ 1165.062186][ T5691] uvcvideo 4-1:4.147: Found UVC 0.02 device syz (04f2:b746)
[ 1165.062277][ T5691] uvcvideo 4-1:4.147: No valid video chain found.
[ 1165.069046][ T5691] usb 4-1: USB disconnect, device number 21
[ 1165.113558][  T822] usb 9-1: Using ep0 maxpacket: 16
[ 1165.121443][  T822] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1165.121499][  T822] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1165.121527][  T822] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1165.121547][  T822] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1165.121572][  T822] usb 9-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1165.137072][  T822] usb 9-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1165.137108][  T822] usb 9-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1165.137131][  T822] usb 9-1: Manufacturer: syz
[ 1165.159020][  T822] usb 9-1: config 0 descriptor??
[ 1165.246205][   T32] usb 7-1: new high-speed USB device number 88 using dummy_hcd
[ 1165.432370][   T32] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1165.432405][   T32] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1165.441536][   T32] usb 7-1: config 0 descriptor??
[ 1165.470679][   T32] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1165.525834][  T822] rc_core: IR keymap rc-hauppauge not found
[ 1165.525860][  T822] Registered IR keymap rc-empty
[ 1165.526116][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.548678][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.583493][  T822] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0
[ 1165.587365][  T822] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/rc/rc0/input85
[ 1165.593673][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.605762][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.625902][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.659260][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.676354][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.697528][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.715197][T21183] FAULT_INJECTION: forcing a failure.
[ 1165.715197][T21183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1165.715226][T21183] CPU: 1 UID: 0 PID: 21183 Comm: syz.3.5641 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1165.715242][T21183] Tainted: [L]=SOFTLOCKUP
[ 1165.715246][T21183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1165.715254][T21183] Call Trace:
[ 1165.715259][T21183]  <TASK>
[ 1165.715265][T21183]  dump_stack_lvl+0xe8/0x150
[ 1165.715285][T21183]  should_fail_ex+0x46b/0x600
[ 1165.715308][T21183]  _copy_from_user+0x2d/0xb0
[ 1165.715322][T21183]  ___sys_sendmsg+0x1c6/0x360
[ 1165.715339][T21183]  ? __lock_acquire+0x6b5/0x2d10
[ 1165.715356][T21183]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1165.715388][T21183]  ? __fget_files+0x2a/0x420
[ 1165.715401][T21183]  ? __fget_files+0x3a6/0x420
[ 1165.715423][T21183]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1165.715450][T21183]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1165.715481][T21183]  ? __pfx_ksys_write+0x10/0x10
[ 1165.715514][T21183]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.715533][T21183]  do_syscall_64+0x174/0x580
[ 1165.715559][T21183]  ? trace_irq_disable+0x3b/0x140
[ 1165.715582][T21183]  ? clear_bhb_loop+0x40/0x90
[ 1165.715606][T21183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.715625][T21183] RIP: 0033:0x7fa8372fce59
[ 1165.715643][T21183] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1165.715660][T21183] RSP: 002b:00007fa835556028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1165.715681][T21183] RAX: ffffffffffffffda RBX: 00007fa837575fa0 RCX: 00007fa8372fce59
[ 1165.715695][T21183] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1165.715708][T21183] RBP: 00007fa835556090 R08: 0000000000000000 R09: 0000000000000000
[ 1165.715720][T21183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1165.715732][T21183] R13: 00007fa837576038 R14: 00007fa837575fa0 R15: 00007ffef17c4b88
[ 1165.715777][T21183]  </TASK>
[ 1165.719496][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.736511][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.756115][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.775985][  T822] mceusb 9-1:0.0: Error: mce write submit urb error = -90
[ 1165.837275][  T822] mceusb 9-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1165.837305][  T822] mceusb 9-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1165.895163][   T32] cpia1 7-1:0.0: unexpected state after lo power cmd: 00
[ 1166.295663][T12126] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1166.306472][T21179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1166.310425][T21179] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1166.315813][   T32] gspca_cpia1: usb_control_msg 02, error -71
[ 1166.317233][   T32] gspca_cpia1: usb_control_msg 05, error -71
[ 1166.317251][   T32] cpia1 7-1:0.0: unexpected systemstate: 00
[ 1166.330270][   T32] usb 7-1: USB disconnect, device number 88
[ 1166.446261][T12126] usb 4-1: Using ep0 maxpacket: 32
[ 1166.448214][T12126] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[ 1166.448241][T12126] usb 4-1: config 0 has no interface number 0
[ 1166.448286][T12126] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[ 1166.448313][T12126] usb 4-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1166.448335][T12126] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 1166.448359][T12126] usb 4-1: config 0 interface 196 has no altsetting 0
[ 1166.450661][T12126] usb 4-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[ 1166.450690][T12126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1166.450711][T12126] usb 4-1: Product: syz
[ 1166.450727][T12126] usb 4-1: Manufacturer: syz
[ 1166.450742][T12126] usb 4-1: SerialNumber: syz
[ 1166.542599][T12126] usb 4-1: config 0 descriptor??
[ 1166.568997][ T5195] usb 9-1: USB disconnect, device number 11
[ 1166.575900][T21187] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1166.794159][T12126] ipheth 4-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[ 1166.794570][T12126] ipheth 4-1:0.196: probe with driver ipheth failed with error -71
[ 1166.828583][T12126] usb 4-1: USB disconnect, device number 22
[ 1167.266974][   T32] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[ 1167.429096][   T32] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1167.429125][   T32] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1167.430274][   T32] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1167.430303][   T32] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1167.430325][   T32] usb 9-1: SerialNumber: syz
[ 1167.556573][T21209] netlink: 92 bytes leftover after parsing attributes in process `syz.6.5652'.
[ 1167.676055][   T32] usb 9-1: 0:2 : does not exist
[ 1167.676148][   T32] usb 9-1: unit 5: unexpected type 0x09
[ 1167.759214][   T32] usb 9-1: USB disconnect, device number 12
[ 1167.832568][T16084] udevd[16084]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1167.845747][T12126] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[ 1167.917204][T17142] usb 7-1: new high-speed USB device number 89 using dummy_hcd
[ 1168.009676][T12126] usb 4-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[ 1168.009713][T12126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1168.009734][T12126] usb 4-1: Product: syz
[ 1168.009750][T12126] usb 4-1: Manufacturer: syz
[ 1168.009761][T12126] usb 4-1: SerialNumber: syz
[ 1168.013571][T12126] usb 4-1: config 0 descriptor??
[ 1168.052248][ T5801] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[ 1168.054447][T12126] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[ 1168.054509][T12126] dvb-usb: bulk message failed: -22 (4/0)
[ 1168.054520][T12126] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[ 1168.054591][T12126] dvb-usb: bulk message failed: -22 (5/0)
[ 1168.054600][T12126] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[ 1168.078606][T17142] usb 7-1: Using ep0 maxpacket: 16
[ 1168.108895][T17142] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1168.108917][T17142] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1168.108929][T17142] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1168.108957][T17142] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1168.108981][T17142] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1168.121420][T17142] usb 7-1: config 0 descriptor??
[ 1168.171711][T12126] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1168.209121][ T5801] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1168.209141][ T5801] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1168.240163][ T5801] usb 8-1: config 0 descriptor??
[ 1168.270060][ T5801] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1168.272630][T12126] dvb-usb: Pinnacle 450e DVB-S USB2.0 error while loading driver (-19)
[ 1168.594777][T17142] microsoft 0003:045E:07DA.0018: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0
[ 1168.594870][T17142] microsoft 0003:045E:07DA.0018: no inputs found
[ 1168.594885][T17142] microsoft 0003:045E:07DA.0018: could not initialize ff, continuing anyway
[ 1168.656579][ T5801] cpia1 8-1:0.0: unexpected state after lo power cmd: 00
[ 1168.777969][T17142] usb 7-1: USB disconnect, device number 89
[ 1169.061313][T21216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1169.062047][T21216] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1169.067380][ T5801] gspca_cpia1: usb_control_msg 02, error -71
[ 1169.068291][ T5801] gspca_cpia1: usb_control_msg 05, error -71
[ 1169.068309][ T5801] cpia1 8-1:0.0: unexpected systemstate: 00
[ 1169.159624][ T5801] usb 8-1: USB disconnect, device number 21
[ 1169.576016][ T5801] usb 7-1: new full-speed USB device number 90 using dummy_hcd
[ 1169.710291][ T5801] usb 7-1: device descriptor read/64, error -71
[ 1169.777740][T21237] binder_alloc: 21236: pid 21236 spamming oneway? 1 buffers allocated for a total size of 4096
[ 1169.778060][T21237] binder_alloc: 21236: pid 21236 spamming oneway? 2 buffers allocated for a total size of 5120
[ 1169.966990][ T5801] usb 7-1: new full-speed USB device number 91 using dummy_hcd
[ 1170.116813][ T5801] usb 7-1: device descriptor read/64, error -71
[ 1170.226764][ T5801] usb usb7-port1: attempt power cycle
[ 1170.351343][T21248] FAULT_INJECTION: forcing a failure.
[ 1170.351343][T21248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1170.351380][T21248] CPU: 0 UID: 0 PID: 21248 Comm: syz.7.5667 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1170.351406][T21248] Tainted: [L]=SOFTLOCKUP
[ 1170.351413][T21248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1170.351424][T21248] Call Trace:
[ 1170.351433][T21248]  <TASK>
[ 1170.351440][T21248]  dump_stack_lvl+0xe8/0x150
[ 1170.351470][T21248]  should_fail_ex+0x46b/0x600
[ 1170.351504][T21248]  _copy_from_user+0x2d/0xb0
[ 1170.351528][T21248]  ucma_write+0x166/0x2f0
[ 1170.351551][T21248]  ? __pfx_ucma_write+0x10/0x10
[ 1170.351578][T21248]  ? rw_verify_area+0x25b/0x4e0
[ 1170.351603][T21248]  ? __pfx_ucma_write+0x10/0x10
[ 1170.351624][T21248]  vfs_write+0x2a3/0xba0
[ 1170.351655][T21248]  ? __pfx_vfs_write+0x10/0x10
[ 1170.351682][T21248]  ? __fget_files+0x2a/0x420
[ 1170.351706][T21248]  ? __fget_files+0x2a/0x420
[ 1170.351727][T21248]  ? __fget_files+0x3a6/0x420
[ 1170.351746][T21248]  ? __fget_files+0x2a/0x420
[ 1170.351774][T21248]  ksys_write+0x156/0x270
[ 1170.351802][T21248]  ? __pfx_ksys_write+0x10/0x10
[ 1170.351834][T21248]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.351855][T21248]  do_syscall_64+0x174/0x580
[ 1170.351881][T21248]  ? trace_irq_disable+0x3b/0x140
[ 1170.351903][T21248]  ? clear_bhb_loop+0x40/0x90
[ 1170.351926][T21248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.351945][T21248] RIP: 0033:0x7f148241ce59
[ 1170.351963][T21248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1170.351980][T21248] RSP: 002b:00007f148066e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1170.352000][T21248] RAX: ffffffffffffffda RBX: 00007f1482695fa0 RCX: 00007f148241ce59
[ 1170.352014][T21248] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000003
[ 1170.352026][T21248] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1170.352038][T21248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1170.352051][T21248] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1170.352079][T21248]  </TASK>
[ 1170.404184][T17142] usb 4-1: USB disconnect, device number 23
[ 1170.565661][ T5801] usb 7-1: new full-speed USB device number 92 using dummy_hcd
[ 1170.586958][ T5801] usb 7-1: device descriptor read/8, error -71
[ 1170.698727][T21254] FAULT_INJECTION: forcing a failure.
[ 1170.698727][T21254] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1170.698750][T21254] CPU: 0 UID: 0 PID: 21254 Comm: syz.7.5670 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1170.698766][T21254] Tainted: [L]=SOFTLOCKUP
[ 1170.698770][T21254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1170.698777][T21254] Call Trace:
[ 1170.698782][T21254]  <TASK>
[ 1170.698787][T21254]  dump_stack_lvl+0xe8/0x150
[ 1170.698804][T21254]  should_fail_ex+0x46b/0x600
[ 1170.698830][T21254]  _copy_to_user+0x31/0xb0
[ 1170.698844][T21254]  simple_read_from_buffer+0xe1/0x170
[ 1170.698860][T21254]  proc_fail_nth_read+0x1be/0x230
[ 1170.698875][T21254]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1170.698889][T21254]  ? rw_verify_area+0x2ac/0x4e0
[ 1170.698903][T21254]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1170.698916][T21254]  vfs_read+0x212/0xa80
[ 1170.698934][T21254]  ? __pfx_vfs_read+0x10/0x10
[ 1170.698949][T21254]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1170.698965][T21254]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1170.698984][T21254]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1170.699009][T21254]  ? mutex_lock_nested+0x152/0x1d0
[ 1170.699029][T21254]  ? fdget_pos+0x252/0x320
[ 1170.699059][T21254]  ksys_read+0x156/0x270
[ 1170.699085][T21254]  ? __pfx_ksys_read+0x10/0x10
[ 1170.699115][T21254]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.699127][T21254]  do_syscall_64+0x174/0x580
[ 1170.699143][T21254]  ? trace_irq_disable+0x3b/0x140
[ 1170.699155][T21254]  ? clear_bhb_loop+0x40/0x90
[ 1170.699168][T21254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1170.699179][T21254] RIP: 0033:0x7f14823dd68e
[ 1170.699190][T21254] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1170.699201][T21254] RSP: 002b:00007f148066dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1170.699212][T21254] RAX: ffffffffffffffda RBX: 00007f148066e6c0 RCX: 00007f14823dd68e
[ 1170.699220][T21254] RDX: 000000000000000f RSI: 00007f148066e0a0 RDI: 0000000000000004
[ 1170.699227][T21254] RBP: 00007f148066e090 R08: 0000000000000000 R09: 0000000000000000
[ 1170.699233][T21254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1170.699240][T21254] R13: 00007f1482696038 R14: 00007f1482695fa0 R15: 00007fff69a86078
[ 1170.699256][T21254]  </TASK>
[ 1170.825652][ T5801] usb 7-1: new full-speed USB device number 93 using dummy_hcd
[ 1170.848438][ T5801] usb 7-1: device descriptor read/8, error -71
[ 1170.956254][ T5801] usb usb7-port1: unable to enumerate USB device
[ 1171.137101][T17142] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[ 1171.272226][T21269] FAULT_INJECTION: forcing a failure.
[ 1171.272226][T21269] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1171.272266][T21269] CPU: 1 UID: 0 PID: 21269 Comm: syz.3.5678 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1171.272292][T21269] Tainted: [L]=SOFTLOCKUP
[ 1171.272300][T21269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1171.272312][T21269] Call Trace:
[ 1171.272320][T21269]  <TASK>
[ 1171.272329][T21269]  dump_stack_lvl+0xe8/0x150
[ 1171.272358][T21269]  should_fail_ex+0x46b/0x600
[ 1171.272392][T21269]  _copy_from_user+0x2d/0xb0
[ 1171.272417][T21269]  ___sys_sendmsg+0x1c6/0x360
[ 1171.272446][T21269]  ? __lock_acquire+0x6b5/0x2d10
[ 1171.272474][T21269]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1171.272508][T21269]  ? kstrtouint+0x6e/0xe0
[ 1171.272559][T21269]  ? __fget_files+0x2a/0x420
[ 1171.272582][T21269]  ? __fget_files+0x3a6/0x420
[ 1171.272610][T21269]  __sys_sendmmsg+0x282/0x4e0
[ 1171.272642][T21269]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1171.272679][T21269]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1171.272717][T21269]  ? ksys_write+0x248/0x270
[ 1171.272747][T21269]  ? __pfx_ksys_write+0x10/0x10
[ 1171.272778][T21269]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1171.272807][T21269]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1171.272828][T21269]  do_syscall_64+0x174/0x580
[ 1171.272857][T21269]  ? clear_bhb_loop+0x40/0x90
[ 1171.272881][T21269]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1171.272901][T21269] RIP: 0033:0x7fa8372fce59
[ 1171.272978][T21269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1171.272995][T21269] RSP: 002b:00007fa835556028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1171.273016][T21269] RAX: ffffffffffffffda RBX: 00007fa837575fa0 RCX: 00007fa8372fce59
[ 1171.273030][T21269] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000004
[ 1171.273047][T21269] RBP: 00007fa835556090 R08: 0000000000000000 R09: 0000000000000000
[ 1171.273059][T21269] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001
[ 1171.273072][T21269] R13: 00007fa837576038 R14: 00007fa837575fa0 R15: 00007ffef17c4b88
[ 1171.273102][T21269]  </TASK>
[ 1171.338087][T17142] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1171.338120][T17142] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1171.353370][T17142] usb 8-1: config 0 descriptor??
[ 1171.373962][T17142] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1171.774243][T17142] cpia1 8-1:0.0: unexpected state after lo power cmd: 00
[ 1172.025693][T12126] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1172.180490][T12126] usb 4-1: config 0 has an invalid interface number: 125 but max is 0
[ 1172.180522][T12126] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1172.180543][T12126] usb 4-1: config 0 has no interface number 0
[ 1172.180807][T21258] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1172.180877][T12126] usb 4-1: too many endpoints for config 0 interface 125 altsetting 197: 110, using maximum allowed: 30
[ 1172.180971][T12126] usb 4-1: config 0 interface 125 altsetting 197 has 0 endpoint descriptors, different from the interface descriptor's value: 110
[ 1172.181007][T12126] usb 4-1: config 0 interface 125 has no altsetting 0
[ 1172.181043][T12126] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1172.181286][T12126] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1172.185856][T21258] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1172.207634][T17142] gspca_cpia1: usb_control_msg 02, error -71
[ 1172.208046][T17142] gspca_cpia1: usb_control_msg 05, error -71
[ 1172.208061][T17142] cpia1 8-1:0.0: unexpected systemstate: 00
[ 1172.233385][T12126] usb 4-1: config 0 descriptor??
[ 1172.243388][T17142] usb 8-1: USB disconnect, device number 22
[ 1172.528195][T12126] usb 4-1: string descriptor 0 read error: -32
[ 1172.887425][T21292] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5687'.
[ 1172.887442][T21292] netlink: 16 bytes leftover after parsing attributes in process `syz.7.5687'.
[ 1172.918201][T21292] syzkaller1: entered promiscuous mode
[ 1172.918217][T21292] syzkaller1: entered allmulticast mode
[ 1173.182460][T21304] FAULT_INJECTION: forcing a failure.
[ 1173.182460][T21304] name failslab, interval 1, probability 0, space 0, times 0
[ 1173.182484][T21304] CPU: 0 UID: 0 PID: 21304 Comm: syz.6.5691 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1173.182511][T21304] Tainted: [L]=SOFTLOCKUP
[ 1173.182518][T21304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1173.182530][T21304] Call Trace:
[ 1173.182538][T21304]  <TASK>
[ 1173.182546][T21304]  dump_stack_lvl+0xe8/0x150
[ 1173.182591][T21304]  should_fail_ex+0x46b/0x600
[ 1173.182630][T21304]  should_failslab+0xa8/0x100
[ 1173.182654][T21304]  kmem_cache_alloc_noprof+0x87/0x680
[ 1173.182667][T21304]  ? do_getname+0x2e/0x250
[ 1173.182681][T21304]  do_getname+0x2e/0x250
[ 1173.182692][T21304]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.182704][T21304]  __se_sys_unlinkat+0x4f/0x1a0
[ 1173.182715][T21304]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.182726][T21304]  do_syscall_64+0x174/0x580
[ 1173.182741][T21304]  ? trace_irq_disable+0x3b/0x140
[ 1173.182761][T21304]  ? clear_bhb_loop+0x40/0x90
[ 1173.182785][T21304]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.182803][T21304] RIP: 0033:0x7f117c3ace59
[ 1173.182821][T21304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1173.182843][T21304] RSP: 002b:00007f117a5fe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[ 1173.182864][T21304] RAX: ffffffffffffffda RBX: 00007f117c625fa0 RCX: 00007f117c3ace59
[ 1173.182878][T21304] RDX: 0000000000000200 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1173.182887][T21304] RBP: 00007f117a5fe090 R08: 0000000000000000 R09: 0000000000000000
[ 1173.182894][T21304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1173.182901][T21304] R13: 00007f117c626038 R14: 00007f117c625fa0 R15: 00007ffcfe91a168
[ 1173.182917][T21304]  </TASK>
[ 1173.736073][ T5195] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[ 1173.788725][T21321] FAULT_INJECTION: forcing a failure.
[ 1173.788725][T21321] name failslab, interval 1, probability 0, space 0, times 0
[ 1173.788749][T21321] CPU: 1 UID: 0 PID: 21321 Comm: syz.8.5698 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1173.788771][T21321] Tainted: [L]=SOFTLOCKUP
[ 1173.788776][T21321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1173.788783][T21321] Call Trace:
[ 1173.788787][T21321]  <TASK>
[ 1173.788793][T21321]  dump_stack_lvl+0xe8/0x150
[ 1173.788810][T21321]  should_fail_ex+0x46b/0x600
[ 1173.788829][T21321]  should_failslab+0xa8/0x100
[ 1173.788845][T21321]  __kmalloc_noprof+0xdf/0x7b0
[ 1173.788857][T21321]  ? kfree+0x4d/0x6c0
[ 1173.788867][T21321]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1173.788883][T21321]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1173.788896][T21321]  ? tomoyo_domain+0xd7/0x130
[ 1173.788911][T21321]  ? tomoyo_path_number_perm+0x219/0x630
[ 1173.788928][T21321]  tomoyo_path_number_perm+0x246/0x630
[ 1173.788945][T21321]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1173.788959][T21321]  ? __lock_acquire+0x6b5/0x2d10
[ 1173.788974][T21321]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1173.789001][T21321]  ? __fget_files+0x2a/0x420
[ 1173.789016][T21321]  ? __fget_files+0x2a/0x420
[ 1173.789027][T21321]  ? __fget_files+0x3a6/0x420
[ 1173.789038][T21321]  ? __fget_files+0x2a/0x420
[ 1173.789052][T21321]  security_file_ioctl+0xc3/0x2a0
[ 1173.789069][T21321]  __se_sys_ioctl+0x47/0x170
[ 1173.789084][T21321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.789096][T21321]  do_syscall_64+0x174/0x580
[ 1173.789111][T21321]  ? trace_irq_disable+0x3b/0x140
[ 1173.789123][T21321]  ? clear_bhb_loop+0x40/0x90
[ 1173.789136][T21321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.789146][T21321] RIP: 0033:0x7faa4aa9ce59
[ 1173.789158][T21321] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1173.789167][T21321] RSP: 002b:00007faa48cf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1173.789178][T21321] RAX: ffffffffffffffda RBX: 00007faa4ad15fa0 RCX: 00007faa4aa9ce59
[ 1173.789187][T21321] RDX: 0000200000000000 RSI: 000000000000127f RDI: 0000000000000003
[ 1173.789194][T21321] RBP: 00007faa48cf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1173.789200][T21321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1173.789207][T21321] R13: 00007faa4ad16038 R14: 00007faa4ad15fa0 R15: 00007ffea00eec48
[ 1173.789224][T21321]  </TASK>
[ 1173.789229][T21321] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1173.917520][ T5195] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1173.917550][ T5195] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1173.957806][ T5195] usb 8-1: config 0 descriptor??
[ 1173.982995][ T5195] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1174.365336][ T5195] cpia1 8-1:0.0: unexpected state after lo power cmd: 00
[ 1174.385586][ T9631] Bluetooth: hci5: command 0x0406 tx timeout
[ 1174.813953][   T32] usb 4-1: USB disconnect, device number 24
[ 1174.833833][T21311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1174.848429][T21311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1174.868290][ T5613] usb 7-1: new high-speed USB device number 94 using dummy_hcd
[ 1175.016384][ T5613] usb 7-1: Using ep0 maxpacket: 32
[ 1175.020001][ T5613] usb 7-1: config 127 has an invalid interface number: 167 but max is 0
[ 1175.020030][ T5613] usb 7-1: config 127 has no interface number 0
[ 1175.020086][ T5613] usb 7-1: config 127 interface 167 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[ 1175.020113][ T5613] usb 7-1: config 127 interface 167 altsetting 13 endpoint 0xD has invalid maxpacket 1024, setting to 64
[ 1175.020141][ T5613] usb 7-1: config 127 interface 167 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[ 1175.020165][ T5613] usb 7-1: config 127 interface 167 altsetting 13 bulk endpoint 0x9 has invalid maxpacket 64
[ 1175.020189][ T5613] usb 7-1: config 127 interface 167 altsetting 13 has an invalid descriptor for endpoint zero, skipping
[ 1175.020211][ T5613] usb 7-1: config 127 interface 167 altsetting 13 endpoint 0xA has invalid maxpacket 1024, setting to 64
[ 1175.020239][ T5613] usb 7-1: config 127 interface 167 has no altsetting 0
[ 1175.023380][ T5613] usb 7-1: New USB device found, idVendor=12d1, idProduct=1464, bcdDevice=b7.17
[ 1175.023410][ T5613] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1175.023432][ T5613] usb 7-1: Product: ࠁ
[ 1175.023449][ T5613] usb 7-1: Manufacturer: о
[ 1175.023463][ T5613] usb 7-1: SerialNumber: Ⰹ
[ 1175.052272][ T5195] gspca_cpia1: usb_control_msg 05, error -71
[ 1175.052295][ T5195] cpia1 8-1:0.0: unexpected systemstate: 00
[ 1175.061882][ T5195] usb 8-1: USB disconnect, device number 23
[ 1175.183295][T21337] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1175.295719][ T5714] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[ 1175.397727][ T5613] option 7-1:127.167: GSM modem (1-port) converter detected
[ 1175.421305][ T5613] usb 7-1: USB disconnect, device number 94
[ 1175.430707][T21346] FAULT_INJECTION: forcing a failure.
[ 1175.430707][T21346] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1175.430742][T21346] CPU: 1 UID: 0 PID: 21346 Comm: syz.3.5707 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1175.430769][T21346] Tainted: [L]=SOFTLOCKUP
[ 1175.430776][T21346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1175.430789][T21346] Call Trace:
[ 1175.430797][T21346]  <TASK>
[ 1175.430805][T21346]  dump_stack_lvl+0xe8/0x150
[ 1175.430832][T21346]  should_fail_ex+0x46b/0x600
[ 1175.430864][T21346]  _copy_from_user+0x2d/0xb0
[ 1175.430888][T21346]  ___sys_sendmsg+0x1c6/0x360
[ 1175.430915][T21346]  ? __lock_acquire+0x6b5/0x2d10
[ 1175.430942][T21346]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1175.430997][T21346]  ? __fget_files+0x2a/0x420
[ 1175.431019][T21346]  ? __fget_files+0x3a6/0x420
[ 1175.431050][T21346]  __x64_sys_sendmsg+0x1c3/0x2a0
[ 1175.431078][T21346]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1175.431114][T21346]  ? __pfx_ksys_write+0x10/0x10
[ 1175.431148][T21346]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1175.431169][T21346]  do_syscall_64+0x174/0x580
[ 1175.431195][T21346]  ? trace_irq_disable+0x3b/0x140
[ 1175.431215][T21346]  ? clear_bhb_loop+0x40/0x90
[ 1175.431238][T21346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1175.431257][T21346] RIP: 0033:0x7fa8372fce59
[ 1175.431275][T21346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1175.431291][T21346] RSP: 002b:00007fa835556028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1175.431311][T21346] RAX: ffffffffffffffda RBX: 00007fa837575fa0 RCX: 00007fa8372fce59
[ 1175.431325][T21346] RDX: 0000000004000800 RSI: 0000200000000000 RDI: 0000000000000003
[ 1175.431338][T21346] RBP: 00007fa835556090 R08: 0000000000000000 R09: 0000000000000000
[ 1175.431350][T21346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1175.431362][T21346] R13: 00007fa837576038 R14: 00007fa837575fa0 R15: 00007ffef17c4b88
[ 1175.431397][T21346]  </TASK>
[ 1175.646097][ T5714] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1175.647368][ T5714] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1175.647392][ T5714] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1175.653077][ T5714] usb 9-1: string descriptor 0 read error: -22
[ 1175.653215][ T5714] usb 9-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[ 1175.653241][ T5714] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1175.713200][T18628] Bluetooth: hci5: ACL packet for unknown connection handle 201
[ 1175.713370][ T5613] option 7-1:127.167: device disconnected
[ 1176.335773][ T5613] usb 7-1: new full-speed USB device number 95 using dummy_hcd
[ 1176.351732][ T5714] snd-usb-audio 9-1:1.0: probe with driver snd-usb-audio failed with error -71
[ 1176.374477][ T5714] usb 9-1: USB disconnect, device number 13
[ 1176.490317][ T5613] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1176.490348][ T5613] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1176.490359][ T5613] usb 7-1: Product: syz
[ 1176.490368][ T5613] usb 7-1: Manufacturer: syz
[ 1176.490379][ T5613] usb 7-1: SerialNumber: syz
[ 1176.504426][ T5613] usb 7-1: config 0 descriptor??
[ 1176.742251][ T5613] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1176.793182][T17142] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1176.793582][T12126] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[ 1176.949093][T12126] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1176.949124][T12126] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1176.950942][T12126] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1176.950972][T12126] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1176.950992][T12126] usb 8-1: SerialNumber: syz
[ 1176.955745][T17142] usb 4-1: Using ep0 maxpacket: 32
[ 1176.980318][T17142] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 1176.980353][T17142] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1176.980375][T17142] usb 4-1: Product: syz
[ 1176.980441][T17142] usb 4-1: Manufacturer: syz
[ 1176.980457][T17142] usb 4-1: SerialNumber: syz
[ 1177.034120][T17142] usb 4-1: config 0 descriptor??
[ 1177.179496][   T38] audit: type=1326 audit(2000000468.730:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21371 comm="syz.8.5718" exe="/root/ci-upstream-rust-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa4aa9ce59 code=0x0
[ 1177.231248][T12126] usb 8-1: 0:2 : does not exist
[ 1177.276990][T17142] airspy 4-1:0.0: usb_control_msg() failed -71 request 09
[ 1177.277572][T17142] airspy 4-1:0.0: Could not detect board
[ 1177.277729][T17142] airspy 4-1:0.0: probe with driver airspy failed with error -71
[ 1177.311964][T17142] usb 4-1: USB disconnect, device number 25
[ 1177.367832][T12126] usb 8-1: USB disconnect, device number 24
[ 1177.427558][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.433823][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.539612][T16109] udevd[16109]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1178.058321][   T39] INFO: task syz.2.5092:19304 blocked for more than 143 seconds.
[ 1178.058350][   T39]       Tainted: G             L      syzkaller #0
[ 1178.058362][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1178.058371][   T39] task:syz.2.5092      state:D stack:27152 pid:19304 tgid:19302 ppid:15876  task_flags:0x400140 flags:0x00080002
[ 1178.058429][   T39] Call Trace:
[ 1178.058437][   T39]  <TASK>
[ 1178.058449][   T39]  __schedule+0x16f9/0x5500
[ 1178.058494][   T39]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1178.058527][   T39]  ? __pfx___schedule+0x10/0x10
[ 1178.058561][   T39]  ? schedule+0x90/0x360
[ 1178.058587][   T39]  schedule+0x164/0x360
[ 1178.058615][   T39]  cgroup_lock_and_drain_offline+0x516/0x650
[ 1178.058649][   T39]  ? __pfx_cgroup_lock_and_drain_offline+0x10/0x10
[ 1178.058672][   T39]  ? __pfx_autoremove_wake_function+0x10/0x10
[ 1178.058707][   T39]  cgroup_kn_lock_live+0x120/0x230
[ 1178.058730][   T39]  cgroup_subtree_control_write+0x4b3/0x10a0
[ 1178.058761][   T39]  ? __pfx_cgroup_subtree_control_write+0x10/0x10
[ 1178.058781][   T39]  ? kernfs_root+0x1c/0x230
[ 1178.058800][   T39]  ? kernfs_root+0x1c/0x230
[ 1178.058822][   T39]  ? kernfs_root+0x1ea/0x230
[ 1178.058845][   T39]  ? __pfx_cgroup_subtree_control_write+0x10/0x10
[ 1178.058866][   T39]  cgroup_file_write+0x331/0x8f0
[ 1178.058900][   T39]  ? __pfx_cgroup_file_write+0x10/0x10
[ 1178.058927][   T39]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1178.058955][   T39]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1178.058991][   T39]  ? __pfx_cgroup_file_write+0x10/0x10
[ 1178.059016][   T39]  kernfs_fop_write_iter+0x3b0/0x540
[ 1178.059051][   T39]  vfs_write+0x629/0xba0
[ 1178.059145][   T39]  ? __pfx_vfs_write+0x10/0x10
[ 1178.059174][   T39]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1178.059201][   T39]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1178.059229][   T39]  ? mutex_lock_nested+0x152/0x1d0
[ 1178.059247][   T39]  ? fdget_pos+0x252/0x320
[ 1178.059275][   T39]  ksys_write+0x156/0x270
[ 1178.059307][   T39]  ? __pfx_ksys_write+0x10/0x10
[ 1178.059338][   T39]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.059360][   T39]  do_syscall_64+0x174/0x580
[ 1178.059386][   T39]  ? trace_irq_disable+0x3b/0x140
[ 1178.059409][   T39]  ? clear_bhb_loop+0x40/0x90
[ 1178.059444][   T39]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1178.059465][   T39] RIP: 0033:0x7fad15cbce59
[ 1178.059481][   T39] RSP: 002b:00007fad13ef5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1178.059502][   T39] RAX: ffffffffffffffda RBX: 00007fad15f36090 RCX: 00007fad15cbce59
[ 1178.059518][   T39] RDX: 0000000000000005 RSI: 0000200000000300 RDI: 0000000000000008
[ 1178.059531][   T39] RBP: 00007fad15d52d6f R08: 0000000000000000 R09: 0000000000000000
[ 1178.059542][   T39] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1178.059555][   T39] R13: 00007fad15f36128 R14: 00007fad15f36090 R15: 00007fff10431fe8
[ 1178.059584][   T39]  </TASK>
[ 1178.059682][   T39] 
[ 1178.059682][   T39] Showing all locks held in the system:
[ 1178.059693][   T39] 1 lock held by khungtaskd/39:
[ 1178.059704][   T39]  #0: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1178.059774][   T39] 4 locks held by kworker/u8:10/1842:
[ 1178.059785][   T39]  #0: ffff888011cf6138 ((wq_completion)wg-kex-wg2#24){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1178.059842][   T39]  #1: ffffc90007077c40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1178.059893][   T39]  #2: ffff88806e9416f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x12f/0x830
[ 1178.059947][   T39]  #3: ffff88804e619948 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x140/0x830
[ 1178.060015][   T39] 2 locks held by getty/5364:
[ 1178.060025][   T39]  #0: ffff8880325420a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1178.060070][   T39]  #1: ffffc90003cc62e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x462/0x13a0
[ 1178.060118][   T39] 2 locks held by syz-executor/5595:
[ 1178.060129][   T39]  #0: ffff88802ab59318 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x21/0x50
[ 1178.060180][   T39]  #1: ffff8880b863b8a0 (&rq->__lock){-...}-{2:2}, at: raw_spin_rq_lock_nested+0x31/0x150
[ 1178.060228][   T39] 6 locks held by kworker/0:3/5613:
[ 1178.060238][   T39]  #0: ffff88801af95d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1178.060284][   T39]  #1: ffffc90004c6fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1178.060344][   T39]  #2: ffff88802a22c210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60
[ 1178.060389][   T39]  #3: ffff88805cb4a210 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450
[ 1178.060436][   T39]  #4: ffff88802f3511d8 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450
[ 1178.060483][   T39]  #5: ffff88802c0540c0 (&d->usb_mutex){+.+.}-{4:4}, at: rtl28xxu_ctrl_msg+0x59/0x690
[ 1178.060530][   T39] 10 locks held by kworker/0:6/5714:
[ 1178.060542][   T39]  #0: ffff88802b866938 ((wq_completion)wg-crypt-wg0#14){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1178.060594][   T39]  #1: ffffc9000502fc40 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1178.060641][   T39]  #2: ffffffff8e0613c0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1178.060707][   T39]  #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1178.060749][   T39]  #4: ffff88803ae49798 (&peer->endpoint_lock){++..}-{3:3}, at: wg_socket_send_skb_to_peer+0x6e/0x200
[ 1178.060785][   T39]  #5: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_read_lock+0x277/0x4b0
[ 1178.060825][   T39]  #6: ffffffff8e0613c0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1178.060862][   T39]  #7: ffffffff8e1cacc0 (rcu_read_lock_bh){....}-{1:3}, at: send6+0x255/0x910
[ 1178.060893][   T39]  #8: ffffe8ffffc3ad68 ((&({ do { const void *__vpp_verify = (typeof((dst_cache->cache) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((dst_cache->cache))) *)(( unsigned long)((dst_cache->cache)))))((unsigned long)((__typeof_unqual__(*((dst_cache->cache))) *)(( unsigned long)((dst_cache->cache)))) + (((__per_cpu_offset[(i)]))))); })->bh_lock)){+...}-{3:3}, at: dst_cache_get_ip6+0xb1/0x260
[ 1178.060941][   T39]  #9: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[ 1178.060975][   T39] 6 locks held by kworker/0:1/12126:
[ 1178.060984][   T39]  #0: ffff88801af95d38 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1178.061020][   T39]  #1: ffffc9000c00fc40 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1178.061057][   T39]  #2: ffff88802a2fe210 (&dev->mutex){....}-{4:4}, at: hub_event+0x17c/0x4f60
[ 1178.061089][   T39]  #3: ffff88802a31b658 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b0/0x4f60
[ 1178.061120][   T39]  #4: ffff88802a046158 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e0/0x4f60
[ 1178.061151][   T39]  #5: ffffffff8ee53c20 (ehci_cf_port_reset_rwsem){.+.+}-{4:4}, at: hub_port_reset+0x14e/0x1820
[ 1178.061187][   T39] 4 locks held by udevd/16084:
[ 1178.061195][   T39]  #0: ffff88803c1da720 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb8/0xe20
[ 1178.061234][   T39]  #1: ffff88805ab95c78 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[ 1178.061276][   T39]  #2: ffff88806d69e4b8 (kn->active#16){.+.+}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[ 1178.061322][   T39]  #3: ffff88805cb4a210 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[ 1178.061361][   T39] 3 locks held by syz.2.5092/19304:
[ 1178.061369][   T39]  #0: ffff88803b9e4128 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x252/0x320
[ 1178.061404][   T39]  #1: ffff8880350fc480 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0
[ 1178.061443][   T39]  #2: ffff88803ba51878 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540
[ 1178.061480][   T39] 3 locks held by syz.5.5187/19523:
[ 1178.061488][   T39]  #0: ffff888025a28128 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x252/0x320
[ 1178.061522][   T39]  #1: ffff8880350fc480 (sb_writers#9){.+.+}-{0:0}, at: vfs_write+0x22d/0xba0
[ 1178.061560][   T39]  #2: ffff88805a998078 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1df/0x540
[ 1178.061597][   T39] 2 locks held by syz-executor/19525:
[ 1178.061605][   T39]  #0: ffffffff8e900c38 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_perm+0x251/0x560
[ 1178.061644][   T39]  #1: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xa6/0x2550
[ 1178.061688][   T39] 11 locks held by kworker/u8:65/21004:
[ 1178.061696][   T39]  #0: ffff888011cf1938 ((wq_completion)wg-kex-wg1#26){+.+.}-{0:0}, at: process_one_work+0x897/0x1630
[ 1178.061736][   T39]  #1: ffffc90007097c40 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_one_work+0x8be/0x1630
[ 1178.061772][   T39]  #2: ffffffff8e0613c0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1178.061809][   T39]  #3: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1178.061845][   T39]  #4: ffff88804e61ace8 (&peer->endpoint_lock){++..}-{3:3}, at: wg_socket_send_skb_to_peer+0x6e/0x200
[ 1178.061878][   T39]  #5: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_read_lock+0x277/0x4b0
[ 1178.061912][   T39]  #6: ffffffff8e0613c0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0x3c/0x420
[ 1178.061948][   T39]  #7: ffffffff8e1cacc0 (rcu_read_lock_bh){....}-{1:3}, at: send4+0x220/0xed0
[ 1178.061979][   T39]  #8: ffffe8ffffcc0958 ((&({ do { const void *__vpp_verify = (typeof((dst_cache->cache) + 0))((void *)0); (void)__vpp_verify; } while (0); ((typeof((__typeof_unqual__(*((dst_cache->cache))) *)(( unsigned long)((dst_cache->cache)))))((unsigned long)((__typeof_unqual__(*((dst_cache->cache))) *)(( unsigned long)((dst_cache->cache)))) + (((__per_cpu_offset[(i)]))))); })->bh_lock)){+...}-{3:3}, at: dst_cache_get_ip4+0xb1/0x2c0
[ 1178.062024][   T39]  #9: ffffffff8e1cac60 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1e0/0x400
[ 1178.062076][   T39]  #10: ffff8880808848f8 (&p->pi_lock){-...}-{2:2}, at: _task_rq_lock+0x5b/0x470
[ 1178.062180][   T39] 2 locks held by syz.3.5719/21376:
[ 1178.062189][   T39]  #0: ffff88805ed36138 (&sb->s_type->i_mutex_key#13){+.+.}-{4:4}, at: __sock_release+0x89/0x250
[ 1178.062226][   T39]  #1: ffff88803b93a358 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_release+0x7b8/0xd60
[ 1178.062261][   T39] 
[ 1178.062265][   T39] =============================================
[ 1178.062265][   T39] 
[ 1178.062283][   T39] NMI backtrace for cpu 1
[ 1178.062302][   T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1178.062323][   T39] Tainted: [L]=SOFTLOCKUP
[ 1178.062328][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1178.062337][   T39] Call Trace:
[ 1178.062344][   T39]  <TASK>
[ 1178.062351][   T39]  dump_stack_lvl+0xe8/0x150
[ 1178.062371][   T39]  nmi_cpu_backtrace+0x274/0x2d0
[ 1178.062389][   T39]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1178.062408][   T39]  nmi_trigger_cpumask_backtrace+0x17a/0x380
[ 1178.062427][   T39]  sys_info+0x135/0x170
[ 1178.062443][   T39]  watchdog+0xfd3/0x1030
[ 1178.062463][   T39]  ? watchdog+0x1c9/0x1030
[ 1178.062482][   T39]  kthread+0x388/0x470
[ 1178.062498][   T39]  ? __pfx_watchdog+0x10/0x10
[ 1178.062512][   T39]  ? __pfx_kthread+0x10/0x10
[ 1178.062529][   T39]  ret_from_fork+0x514/0xb70
[ 1178.062549][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[ 1178.062566][   T39]  ? __switch_to+0xc79/0x1410
[ 1178.062582][   T39]  ? __pfx_kthread+0x10/0x10
[ 1178.062599][   T39]  ret_from_fork_asm+0x1a/0x30
[ 1178.062628][   T39]  </TASK>
[ 1178.062634][   T39] Sending NMI from CPU 1 to CPUs 0:
[ 1178.062664][    C0] NMI backtrace for cpu 0
[ 1178.062681][    C0] CPU: 0 UID: 0 PID: 21004 Comm: kworker/u8:65 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1178.062705][    C0] Tainted: [L]=SOFTLOCKUP
[ 1178.062711][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1178.062722][    C0] Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker
[ 1178.062742][    C0] RIP: 0010:__lock_acquire+0x1878/0x2d10
[ 1178.062764][    C0] Code: 80 e2 fa 80 78 2b 00 0f b6 c2 0f 44 c1 84 c0 0f 84 3d ff ff ff a8 0c 41 0f 94 44 24 2b 4d 8b 6c 24 10 41 0f b6 85 c6 00 00 00 <85> c0 74 5f 83 f8 01 0f 85 1b ff ff ff 83 3d 04 57 04 18 00 0f 85
[ 1178.062778][    C0] RSP: 0018:ffffc900070971c0 EFLAGS: 00000002
[ 1178.062792][    C0] RAX: 0000000000000000 RBX: 00000000000003cd RCX: 0000000000000008
[ 1178.062802][    C0] RDX: 0000000000000008 RSI: ffff888080884bb8 RDI: 00000000000003cd
[ 1178.062814][    C0] RBP: 1aa6cf73d6d9bbe7 R08: ffffc90007097188 R09: 0000000000000020
[ 1178.062825][    C0] R10: dffffc0000000000 R11: ffffffff81a17080 R12: ffffffff96498998
[ 1178.062837][    C0] R13: ffffffff934cf0b0 R14: ffff888080883e00 R15: 00000000000007f0
[ 1178.062850][    C0] FS:  0000000000000000(0000) GS:ffff888125c7e000(0000) knlGS:0000000000000000
[ 1178.062863][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1178.062875][    C0] CR2: 00007f2debf49c14 CR3: 000000003b9b8000 CR4: 00000000003526f0
[ 1178.062890][    C0] Call Trace:
[ 1178.062897][    C0]  <TASK>
[ 1178.062906][    C0]  ? lockdep_unlock+0x5d/0xd0
[ 1178.062921][    C0]  ? __lock_acquire+0x146e/0x2d10
[ 1178.062945][    C0]  ? raw_spin_rq_lock_nested+0x31/0x150
[ 1178.062967][    C0]  lock_acquire+0x106/0x350
[ 1178.062984][    C0]  ? raw_spin_rq_lock_nested+0x31/0x150
[ 1178.063007][    C0]  ? lock_acquire+0x106/0x350
[ 1178.063025][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1178.063042][    C0]  _raw_spin_lock_nested+0x32/0x50
[ 1178.063071][    C0]  ? raw_spin_rq_lock_nested+0x31/0x150
[ 1178.063093][    C0]  raw_spin_rq_lock_nested+0x31/0x150
[ 1178.063117][    C0]  _task_rq_lock+0xbc/0x470
[ 1178.063140][    C0]  __schedule+0x1870/0x5500
[ 1178.063168][    C0]  ? __lock_acquire+0x6b5/0x2d10
[ 1178.063187][    C0]  ? __alloc_skb+0x27d/0x7d0
[ 1178.063209][    C0]  ? __pfx___schedule+0x10/0x10
[ 1178.063229][    C0]  ? __lock_acquire+0x6b5/0x2d10
[ 1178.063251][    C0]  preempt_schedule_irq+0x4d/0xa0
[ 1178.063273][    C0]  irqentry_exit+0x14f/0x8b0
[ 1178.063295][    C0]  ? trace_irq_disable+0x3b/0x140
[ 1178.063314][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1178.063332][    C0] RIP: 0010:dst_cache_per_cpu_get+0x7d/0x2d0
[ 1178.063353][    C0] Code: 85 ed 0f 84 bb 01 00 00 e8 10 f7 98 f8 4c 8d 73 08 4c 89 f0 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 f7 e8 56 a2 03 f9 4d 8b 36 <4d> 85 f6 0f 84 30 01 00 00 4d 8d 66 40 4c 89 e7 be 04 00 00 00 e8
[ 1178.063366][    C0] RSP: 0018:ffffc900070977a8 EFLAGS: 00000246
[ 1178.063379][    C0] RAX: 1ffffd1ffff9811f RBX: ffffe8ffffcc08f0 RCX: ffff888080883e00
[ 1178.063391][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1178.063401][    C0] RBP: 0000000000000400 R08: 0000000000000000 R09: 0000000000000000
[ 1178.063411][    C0] R10: dffffc0000000000 R11: fffffbfff1f5d99f R12: ffffe8ffffcc08f0
[ 1178.063423][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88804e61ac70
[ 1178.063441][    C0]  ? dst_cache_per_cpu_get+0x60/0x2d0
[ 1178.063462][    C0]  dst_cache_get_ip4+0x113/0x2c0
[ 1178.063482][    C0]  send4+0x379/0xed0
[ 1178.063500][    C0]  ? send4+0x220/0xed0
[ 1178.063517][    C0]  ? __pfx_send4+0x10/0x10
[ 1178.063532][    C0]  ? rt_read_lock+0x2a5/0x4b0
[ 1178.063552][    C0]  ? __local_bh_disable_ip+0x3c/0x420
[ 1178.063575][    C0]  ? wg_socket_send_skb_to_peer+0x59/0x200
[ 1178.063593][    C0]  ? wg_socket_send_skb_to_peer+0x59/0x200
[ 1178.063610][    C0]  wg_socket_send_skb_to_peer+0xe8/0x200
[ 1178.063629][    C0]  wg_packet_handshake_send_worker+0x203/0x350
[ 1178.063647][    C0]  ? __pfx_wg_packet_handshake_send_worker+0x10/0x10
[ 1178.063675][    C0]  ? process_one_work+0x8be/0x1630
[ 1178.063696][    C0]  process_one_work+0x98b/0x1630
[ 1178.063724][    C0]  ? __pfx_process_one_work+0x10/0x10
[ 1178.063745][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1178.063766][    C0]  worker_thread+0xb49/0x1140
[ 1178.063797][    C0]  kthread+0x388/0x470
[ 1178.063814][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1178.063836][    C0]  ? __pfx_kthread+0x10/0x10
[ 1178.063853][    C0]  ret_from_fork+0x514/0xb70
[ 1178.063872][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1178.063889][    C0]  ? __switch_to+0xc79/0x1410
[ 1178.063905][    C0]  ? __pfx_kthread+0x10/0x10
[ 1178.063922][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1178.063948][    C0]  </TASK>
[ 1178.064725][   T39] Kernel panic - not syncing: hung_task: blocked tasks
[ 1178.064741][   T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1178.064761][   T39] Tainted: [L]=SOFTLOCKUP
[ 1178.064766][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[ 1178.064775][   T39] Call Trace:
[ 1178.064782][   T39]  <TASK>
[ 1178.064788][   T39]  vpanic+0x56c/0xa60
[ 1178.064811][   T39]  ? __pfx___schedule+0x10/0x10
[ 1178.064830][   T39]  ? __pfx_vpanic+0x10/0x10
[ 1178.064856][   T39]  panic+0xc5/0xd0
[ 1178.064877][   T39]  ? __pfx_panic+0x10/0x10
[ 1178.064897][   T39]  ? preempt_schedule_thunk+0x16/0x40
[ 1178.064923][   T39]  ? nmi_trigger_cpumask_backtrace+0x319/0x380
[ 1178.064944][   T39]  watchdog+0x102c/0x1030
[ 1178.064964][   T39]  ? watchdog+0x1c9/0x1030
[ 1178.064982][   T39]  kthread+0x388/0x470
[ 1178.064999][   T39]  ? __pfx_watchdog+0x10/0x10
[ 1178.065014][   T39]  ? __pfx_kthread+0x10/0x10
[ 1178.065032][   T39]  ret_from_fork+0x514/0xb70
[ 1178.065053][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[ 1178.065073][   T39]  ? __switch_to+0xc79/0x1410
[ 1178.065093][   T39]  ? __pfx_kthread+0x10/0x10
[ 1178.065114][   T39]  ret_from_fork_asm+0x1a/0x30
[ 1178.065148][   T39]  </TASK>
[ 1178.065504][   T39] Kernel Offset: disabled