last executing test programs:

11.403898996s ago: executing program 1 (id=2230):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f00000005c0)}], 0x1}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xa0, 0x29, 0x4, {0x4, 0x10, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0x80, 0x12, "09e12e5f0b6bdcf72f2ec7008a15fa88b025"}, @calipso={0x7, 0x30, {0x1, 0xa, 0x7a, 0x8001, [0x5, 0x4, 0x4, 0x400, 0xb]}}, @jumbo={0xc2, 0x4, 0x7fffffff}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x11, "e80ee304ecb784ec4655260cecea14e498"}]}}}, @hoplimit={{0x14}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x18, 0x29, 0x39, {0x3a, 0x0, 0x2, 0x70}}}], 0x138}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x80000)
ioctl$NBD_SET_SIZE_BLOCKS(r4, 0xab07, 0x2c3)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
r6 = socket(0x11, 0x2, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r8=>0x0})
bind$packet(r6, &(0x7f0000000180)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @dev}, 0x14)
sendmsg$netlink(r6, &(0x7f0000002ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x1)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0, 0xfffffffffffffdd3}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

11.348086836s ago: executing program 1 (id=2231):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x44e, 0x121e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0x80, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x8, 0xfa}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async, rerun: 64)
r1 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) (rerun: 64)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2}) (async, rerun: 32)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000002dc0)=@userptr={0x2, 0x1, 0x4, 0x0, 0x1, {}, {0x1, 0xc, 0x9, 0xc, 0x6, 0x8, "bf240fef"}, 0x3, 0x2, {&(0x7f00000002c0)}, 0x96000}) (rerun: 32)
syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)={0x20, 0x11, 0x5, {0x5, 0xe, "f2a608"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

10.731493827s ago: executing program 1 (id=2236):
r0 = socket$netlink(0x10, 0x3, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
fcntl$lock(r0, 0x6, &(0x7f0000000080)={0x1, 0x4, 0x1, 0x6, r1})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r4, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r4, 0xda90)
r5 = accept4(r4, 0x0, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x28)
setsockopt$inet_sctp6_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000180)={0x0, 0x4ff3913d, 0xca0, 0x9}, 0x10)
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r9 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r9, 0xc0184800, &(0x7f0000000040)={0x4, <r10=>r8, 0x1})
ioctl$DMA_BUF_IOCTL_SYNC(r10, 0x40086200, &(0x7f0000000180)=0xad0dd75fee8251ee)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x57, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000340)=[@text64={0x40, &(0x7f0000000500)="f77900b805000000b9c5c8115d0f01c166b86b42b9800000c00f3235004000000f30b9890900000f3266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x61}], 0x1, 0xf, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x1e, 0x21, 0x0, 0x0, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r11 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_RADAR_DETECT(r11, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10004000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x0, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x100, 0x44}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}]}, 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x4014)

9.743151084s ago: executing program 1 (id=2244):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101901, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x971})
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f00000001c0)={"ebfb32ba46b327a5cecdda2053b221540c14a03ebe1151dbe6b35f6cb90896249f39433eb73ae4fe06e7267942542fd8d944cbf474d02ee52c2070ab5f25a3d5d95f10f06517ec5d829a7ace4825264f165686ae2a8c6c4ffb499c057ef9b4242c029f67c37ad6449e54aade6fc7d289454dd56db456eb62ec4eaf7a33948f4fa164a02f6a52f742fcb41222cb37abf830bedb422b40aafb51a4d08c58840e9a7cc2d2307256fecdc85a2f234ea21cae9c44d608dec1d4e4bdcfeb5141c64c71ed972e6f6e1e1bd2a836765e795166960d8b3fcc05ac9a9b3ed127457214e30234b2b17bd4043a6745ac13e9e96e15840fc8793e9dd975ea7d7717c9efb14d8eafffd884e39e7d29836c1f82992cd8884b45536f9c7687a6053d557a8773f91d8d6bc5030522327ba357a90fb6d3557e88903b59f94d17fa0ea094b66733805913f66fd560063f9ecfbb65b3c66c34c944bf4f7aefcc2fe5e7ffbcd2f9878342a9b93eaa1cc56cb2e5aa8b9785fbba7983ddf385d14948aeb987aa747b01667d75a9ee6e5432ed217545f3d36ed0dc7434e2eb940061d757db82619e21454bae96c85942e122d2728fd6b27b52ca4e71560e9acdbdc7112cc63f3bb88a2959cc5e216eb0c90f0cbb315e60ed9aec25f097120d246af621c93e41900b2f0a211e375e3f038f642ada318e535180643faeddce3093386817f04f2c0e836aa36bdfd6b312c384a1cdd091be5fc73d98f244ab154480f258b4a4d7c586a685f229df9ad4864c10e7174419cd0e2d9399903bb61649ddbe15279543293feb878da4c93fa2f761e31d7c3aa087b130dd0afa41b24052631d916bb185aca977deb49d1fc47679952d1671fdb2c11f10851bdb90564af8fcbb6da05366441644a01c205ab3c61baac0b5484e96e001ecc9aada40c2409d633e82171a41e5f152f811a5b6d344d250abecbf59f25551a9c4479562051d7683cf4d71cdbc2bdc307507ee7a73f6755d47940cb080711eab7f5db29e1a348e2207b571f809e1d89482293bc7543741777762391e7e51635c42db0351dc13a06a4339607c7e021aabd68efebc70affea3e93736df4b7f505c2587510823acbcf08459858b9f7d10a08d8909e0dbd985b29e0e2b5dda4e24fff7ec89376adaa08cf8ab82551640138042769bc4ee68921ee1f97d6c41561328599c11b392b8e0943b5807fab1b750a1e22a99aa408ac435019bbaee1ea52e43a3b73ce86518e6160cb5bd773b083ca7837e3868fb1b4efd1fede943ab1053cd18f69ba9eaee2015f8d7b056ee2b9669204a03ed363216fe6a7d21e6d5a799b7be2ddaea7523bfc21ddbd1a759ae284a31488a3f1c44c793493b00577847c3622c2f807258667b46a68f43c6382ae699ace6db284708a2e355f5d6e73efcb546645e9e70aa40cb42d94eb914a0dfef85a18e8a99"})
ioctl$KVM_RUN(r0, 0xae80, 0x0)

9.558799467s ago: executing program 1 (id=2247):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000002140)=ANY=[@ANYBLOB="120100008ddfb240490b4f06fdd4010203010902120001000000000904de0000e6f6f79d"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x0, 0x1, 0xea, {0xea, 0x8, "04a16455093cfccc63b66352ecef3aac482437a0bf3498a6a782440d46b4702b3790da3aea2454e73d44f5ecb4bdb1a41c51c757eb0d79d4e1053d320a46067c456e06786c7eb4b0674c2884a097e50416ea4ea950d62e7b01f0bd45b5f0728df349305b3b71701010fc5dd24d7c5f36911da78a755aa56e700bad723ed119716a742198667466422cab7b342fd2bd5f952cffa294f883383420748fa057b341dd0e1420499c55a71301d625f4606b3c850f49d3fe51c779b6c9de6ef99f423858d24714a9cbcbf7da0d85790d96a40abdb83681de352d645e9cac9a2d8182368f5ab4e185053e01"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x101a}}, &(0x7f0000000140)={0x0, 0xf, 0x5a, {0x5, 0xf, 0x5a, 0x5, [@ssp_cap={0x18, 0x10, 0xa, 0x2, 0x3, 0x2, 0x0, 0xfff, [0xfff0, 0xffc000, 0xc000]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x4, 0x7, 0x4}, @generic={0x13, 0x10, 0x1, "732e2200d214b7883b6f307079929dda"}, @ssp_cap={0xc, 0x10, 0xa, 0xf5, 0x0, 0xb, 0x0, 0xcbc9}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "34bf0e3a301fb227fa5c7b696e0034e4"}]}}, &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x60, 0x4, 0x4, "4c419964", "42cb2fe6"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x3, 0x16, 0x5, 0x9, 0x0, 0x1000}}}, &(0x7f0000000680)={0x84, &(0x7f0000000280)={0x40, 0x18, 0x35, "3cb56d822de6cf5b96f991a26ab3caf8539821277c092f0d501279e8d22c75e11a4def2c327157bffaaf20b670f763385c8176cd9f"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0xd2}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000340)={0x20, 0x0, 0x4, {0x0, 0x2}}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x40, 0x1}}, &(0x7f00000003c0)={0x40, 0x7, 0x2, 0xa757}, &(0x7f0000000400)={0x40, 0x9, 0x1, 0x1}, &(0x7f0000000440)={0x40, 0xb, 0x2, "03ed"}, &(0x7f0000000480)={0x40, 0xf, 0x2, 0x1}, &(0x7f00000004c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000000500)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000540)={0x40, 0x19, 0x2, "c2e8"}, &(0x7f0000000580)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000005c0)={0x40, 0x1c, 0x1}, &(0x7f0000000600)={0x40, 0x1e, 0x1, 0xe}, &(0x7f0000000640)={0x40, 0x21, 0x1}})
syz_usb_connect(0x0, 0x24, &(0x7f0000002140)=ANY=[@ANYBLOB="120100008ddfb240490b4f06fdd4010203010902120001000000000904de0000e6f6f79d"], 0x0) (async)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x0, 0x1, 0xea, {0xea, 0x8, "04a16455093cfccc63b66352ecef3aac482437a0bf3498a6a782440d46b4702b3790da3aea2454e73d44f5ecb4bdb1a41c51c757eb0d79d4e1053d320a46067c456e06786c7eb4b0674c2884a097e50416ea4ea950d62e7b01f0bd45b5f0728df349305b3b71701010fc5dd24d7c5f36911da78a755aa56e700bad723ed119716a742198667466422cab7b342fd2bd5f952cffa294f883383420748fa057b341dd0e1420499c55a71301d625f4606b3c850f49d3fe51c779b6c9de6ef99f423858d24714a9cbcbf7da0d85790d96a40abdb83681de352d645e9cac9a2d8182368f5ab4e185053e01"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x101a}}, &(0x7f0000000140)={0x0, 0xf, 0x5a, {0x5, 0xf, 0x5a, 0x5, [@ssp_cap={0x18, 0x10, 0xa, 0x2, 0x3, 0x2, 0x0, 0xfff, [0xfff0, 0xffc000, 0xc000]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x4, 0x7, 0x4}, @generic={0x13, 0x10, 0x1, "732e2200d214b7883b6f307079929dda"}, @ssp_cap={0xc, 0x10, 0xa, 0xf5, 0x0, 0xb, 0x0, 0xcbc9}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "34bf0e3a301fb227fa5c7b696e0034e4"}]}}, &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x5, 0x60, 0x4, 0x4, "4c419964", "42cb2fe6"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x3, 0x3, 0x16, 0x5, 0x9, 0x0, 0x1000}}}, &(0x7f0000000680)={0x84, &(0x7f0000000280)={0x40, 0x18, 0x35, "3cb56d822de6cf5b96f991a26ab3caf8539821277c092f0d501279e8d22c75e11a4def2c327157bffaaf20b670f763385c8176cd9f"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0xd2}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000340)={0x20, 0x0, 0x4, {0x0, 0x2}}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x40, 0x1}}, &(0x7f00000003c0)={0x40, 0x7, 0x2, 0xa757}, &(0x7f0000000400)={0x40, 0x9, 0x1, 0x1}, &(0x7f0000000440)={0x40, 0xb, 0x2, "03ed"}, &(0x7f0000000480)={0x40, 0xf, 0x2, 0x1}, &(0x7f00000004c0)={0x40, 0x13, 0x6, @local}, &(0x7f0000000500)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000540)={0x40, 0x19, 0x2, "c2e8"}, &(0x7f0000000580)={0x40, 0x1a, 0x2, 0x5}, &(0x7f00000005c0)={0x40, 0x1c, 0x1}, &(0x7f0000000600)={0x40, 0x1e, 0x1, 0xe}, &(0x7f0000000640)={0x40, 0x21, 0x1}}) (async)

8.835934503s ago: executing program 1 (id=2248):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback={0xa4}, 0x800, 0x2, 0xff, 0x9, 0x200, 0xfdfe}, 0x20)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFBR(r2, 0x8940, &(0x7f0000000040)=@add_del={0x2, 0x0})
inotify_init()
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
recvfrom(r2, &(0x7f0000000180)=""/73, 0x49, 0x2002, 0x0, 0x0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r3, 0x92d, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0x1}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000800}, 0x40)

7.183702143s ago: executing program 2 (id=2261):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x101000)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f00000001c0))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$inet_sctp(r3, &(0x7f00000067c0)=[{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000440)="888d5f4a10a457dce540e6cd5db970a48ecc34c60604b4a9e6e3f02c91d3b71b6f5665da55f96eb1c90c6b257567a118", 0x30}, {&(0x7f00000004c0)="758b48ba4f2bbe0fabe9b514ada6eea1705befe7322f393e7109627fc3d9cc40bb00ff8679b27e0598b974a856ade48454a4a4fb1274981517571e861452d5a50107ce67f07ba5ad5a3dc66270dabe08fb064d97b7816abcb87384ede9c0dd230b35106bb57b9a5fb7204cec160299c250361f8e1304188ead60fe422bd3f57f9ad146046e29d4c14655b1f0a774c7230aba1b2387ce09fea7e3e400c6f4b033", 0xa0}], 0x2, 0x0, 0x0, 0x90}], 0x1, 0x4004010)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x9, 0xfffffffffffffffd, 0x10000000, 0x10000, 0x3, 0x4002004c2, 0x1000, 0x9, 0x0, 0x400, 0x80, 0x3, 0x0, 0x8, 0x8d], 0x100000, 0x80})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

6.653248908s ago: executing program 2 (id=2263):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000300)={@loopback={0xa4}, 0x800, 0x2, 0xff, 0x9, 0x200, 0xfdfe}, 0x20)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFBR(r2, 0x8940, &(0x7f0000000040)=@add_del={0x2, 0x0})
inotify_init()
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r0)
recvfrom(r2, &(0x7f0000000180)=""/73, 0x49, 0x2002, 0x0, 0x0)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r3, 0x92d, 0x70bd27, 0x25dfdbfc, {}, [@NL802154_ATTR_CHANNEL={0x5, 0x8, 0x1}, @NL802154_ATTR_PAGE={0x5, 0x7, 0x2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000800}, 0x40)

5.693100326s ago: executing program 2 (id=2268):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d000009040101"], 0x0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000000)=ANY=[@ANYRESHEX=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCRMFF(r3, 0x4004550e, 0x0)
bind$alg(r2, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'cryptd(ecb-twofish-avx)\x00'}, 0x58)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(khazad)\x00'}, 0x58)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x9, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='\x00', 0x81901)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$UI_SET_PHYS(r5, 0x4008556c, &(0x7f00000002c0)='syz0\x00')
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000000500)={0x0, 0xcd, "4d57eea78a6a0fba7ad86fcc4ec7eb032088f26f47f594fc79d23263c65963b00bff4e94405f8bac91c544e2a849c7ba51ca68d58f669e6078b0bfd9196542417344a5d36fbaa1e27ec7a8fbcfeca42d012f04200c8a2f5c15e7924637f6c979472856e6da0549333f0ff268d3304d865f7c5f52f070290f0da8b06e24ed93f133e44532d5ab2a745e36113d0c47b2516309f9855ea7c418d01447af2c5ecfdcd5622f42107f40f92ce365e98c52d2b12169df4d4436c58da8bc2807d1289fce7350adddea39f5fc0603d78c1d"}, &(0x7f0000000080)=0xd5)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r6, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4)
listen(r6, 0x9)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

4.589716754s ago: executing program 3 (id=2273):
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x8d0}, 0x4040800)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000034000000040000000000000014000000000000002900000034000000fdffffff0000000000010000000000002900000004000000041c000000000000fe72f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc00f3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5801409e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad0738000000010c7a0180050000000000000009000000000000000400000000000000060000000000000000040000000000000b0000000000000005020a7e00010005020bf4c910fc0200000000000000000000780e000000000000000000140000000000000029000000340000000000000000000000700100000000000029000000360000005e2a000000000000ff4150d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70000100000100010800000000000000000708000000030000ff0f07100000000002070600ff7f00000000000008c6c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e86ab3030700008000000000000001082bdb86d1ce6a20c2000000000020000000000000002900000037000000730000000000000000010000000000001400000000000000290000000b000000000000020000000018000000000000002900000039000000000000000000000038"], 0x340}}, {{0x0, 0x0, &(0x7f0000000f00)=[{0x0}, {&(0x7f0000000600)="58b327f21946add0e0c31b173119ac7b4ceda64bbfbc8159462a8686f4303aeee1d7c9b54c4bd660fe192582950eb09a8bae632fb4e7313e3828773c09fec9b010373ca7be0ccc91233fffcfe03f287a50f2b4a970278097aed06e61a0f2da47b0bd02fcb45bf35e78c15cc4c5d6d163a6eaf921d8afc7d8376e847f403535371a24ce2a19c3898aca95be", 0x8b}, {&(0x7f00000006c0)="138b9f129daf1d79da8ee1c8c74f2040f7892f", 0x13}, {&(0x7f0000000700)="e59c889c8be9e17c21882a76c6907239d44f6a0efb65359c6a8e5ede789aa995", 0x20}], 0x4}}], 0x2, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xeeee8000, 0x4, 0x3, 0xf1, 0x5, 0xfa, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x4f}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0xb, 0x5, 0xf, 0x3, 0xc0}, {0xffff1000, 0xeeef0000, 0xb, 0x1, 0x2, 0x7, 0x4, 0x1, 0x81, 0x0, 0x6, 0x5}, {0x8000000, 0x2000, 0x8, 0xf8, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x8, 0x1}, {0x100000, 0x4000, 0x9, 0x9, 0x3, 0x9, 0xd, 0x6, 0x5, 0x9, 0xc, 0x4b}, {0x6000, 0x0, 0x4, 0x6, 0x3, 0x7d, 0x1, 0xff, 0x4, 0x90, 0x1, 0xfc}, {0x8000000, 0x4000, 0x0, 0x9d, 0x3, 0x0, 0x0, 0xb, 0x5, 0x7, 0x9, 0xf8}, {0xf7f63004, 0x8000000, 0xf, 0x5, 0x28, 0x3, 0xa, 0x9, 0x54, 0x1, 0x2, 0x7}, {0xdddd1000, 0x5}, {0x4, 0x9}, 0x40030000, 0x0, 0x80a0000, 0x300, 0x1, 0x2000, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000300)={0x1, 0x1000}, 0x8)

4.047078543s ago: executing program 3 (id=2275):
prctl$PR_GET_THP_DISABLE(0x2a)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xd8, 0x29, 0x4, {0x4, 0x17, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x6b, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f5"}, @generic={0x80}, @calipso={0x7, 0x20, {0x1, 0x6, 0x7a, 0x5, [0x4, 0x400, 0xb]}}, @ra={0x5, 0x2, 0xa7e}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @rthdr={{0x18}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x3a, 0x2, 0x2, 0x70, 0x0, [@mcast1]}}}], 0x150}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r2, 0x0, 0x0, 0x800)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000240)={0x30, 0x2e, 0x503, 0x0, 0x0, "", [@nested={0x20, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0xc, 0xf, 0x0, 0x0, @u64}]}]}, 0x30}], 0x1}, 0x0)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f00000002c0), 0x15, 0x5, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.142607332s ago: executing program 3 (id=2277):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffffe, 0x0, 0x3, 0x6c4ba42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x7fffffffffffffff, 0x2, 0x0, 0x0, 0x0, 0x7cdd141a, 0x3, 0x7f, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffd, 0x9, 0x0, 0xfffffffffffffffb, 0xfffffffffffffffd, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x400000, 0x200, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x2, 0x0, 0x3, 0x10, 0x4000100000001]})

3.014421103s ago: executing program 3 (id=2278):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]})
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000180), 0x101000)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r1, 0x80045301, &(0x7f00000001c0))
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$inet_sctp(r3, &(0x7f00000067c0)=[{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000440)="888d5f4a10a457dce540e6cd5db970a48ecc34c60604b4a9e6e3f02c91d3b71b6f5665da55f96eb1c90c6b257567a118", 0x30}, {&(0x7f00000004c0)="758b48ba4f2bbe0fabe9b514ada6eea1705befe7322f393e7109627fc3d9cc40bb00ff8679b27e0598b974a856ade48454a4a4fb1274981517571e861452d5a50107ce67f07ba5ad5a3dc66270dabe08fb064d97b7816abcb87384ede9c0dd230b35106bb57b9a5fb7204cec160299c250361f8e1304188ead60fe422bd3f57f9ad146046e29d4c14655b1f0a774c7230aba1b2387ce09fea7e3e400c6f4b033", 0xa0}], 0x2, 0x0, 0x0, 0x90}], 0x1, 0x4004010)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x9, 0xfffffffffffffffd, 0x10000000, 0x10000, 0x3, 0x4002004c2, 0x1000, 0x9, 0x0, 0x400, 0x80, 0x3, 0x0, 0x8, 0x8d], 0x100000, 0x80})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

2.769938696s ago: executing program 3 (id=2280):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a00)=ANY=[@ANYRES64=0x0, @ANYRES32=0x0, @ANYRES64=0x0, @ANYRES32=0x0, @ANYBLOB="0a0034000101010101010000080026006c090000"], 0x30}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) (async)
r1 = socket(0x10, 0x803, 0x0) (async)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000180)={'dt2817\x00', [0x4f27, 0x1, 0x3, 0x4, 0x7, 0xcc9, 0xf, 0x4, 0xa, 0x10, 0x2, 0x3, 0xfffffffe, 0x1001, 0x7, 0x101, 0xc, 0x1a449, 0x3, 0x40000003, 0x2, 0xcaa7, 0x6, 0x20001e58, 0x7, 0x63e, 0x3c, 0x8, 0x4, 0x0, 0xfffffff8]})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="04010000110007000000000000000000ff020000000000000000000000000001e0000002000033"], 0x104}}, 0x0)
sendto(r1, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
setsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f0000000140)={@private=0xa010102, @rand_addr=0x64010101, @multicast2}, 0xc)
r4 = syz_usb_connect(0x3, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100007e9eb4104c053800f516010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000000)={0x2c, 0x0, 0x0, &(0x7f00000007c0)={0x0, 0x8, 0x1, 0x42}, 0x0, 0x0})
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000000)=""/102, 0x66}, {&(0x7f0000000280)=""/76, 0x4c}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/92, 0x5c}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/178, 0xb2}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})

2.534200855s ago: executing program 2 (id=2282):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40440)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x810, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x1, 0x1, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r3 = userfaultfd(0x1)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000000))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
timer_gettime(r2, &(0x7f0000000180))
chdir(&(0x7f00000001c0)='./file1/file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.effective_cpus\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r4, 0x1, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x110, &(0x7f0000000080)=0x80000001, 0x0, 0x4)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0xa, 0x0, 0x0)
close(0x3)
r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r6, 0x891e, 0x0)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
pwritev(r7, &(0x7f0000001980)=[{&(0x7f00000016c0)="ad", 0x1}], 0x1, 0x1, 0x8)
ioctl$VIDIOC_PREPARE_BUF(r7, 0xc058565d, &(0x7f0000000500)=@userptr={0x6, 0xa, 0x4, 0x1, 0x0, {0x0, 0x2710}, {0x1, 0xc, 0xd2, 0x6, 0x77, 0x6, "0080ca6f"}, 0xff, 0x2, {&(0x7f00000002c0)}, 0x6})
ioctl$VIDIOC_G_AUDIO(r0, 0x80345621, 0x0)

2.377735217s ago: executing program 0 (id=2283):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
io_setup(0x4, &(0x7f0000000340)=<r0=>0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x8)
r1 = syz_clone3(&(0x7f0000000980)={0x200, 0x0, &(0x7f0000000780), 0x0, {0x5}, &(0x7f0000000800)=""/112, 0x70, 0x0, 0x0}, 0x58)
io_setup(0x7, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}], 0x1}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)}}], 0x1, 0x810)
r3 = socket$inet6(0xa, 0x3, 0x20008)
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r5=>0x0})
connect$can_bcm(r4, &(0x7f00000000c0)={0x1d, r5}, 0x10)
sendmsg$can_bcm(r4, &(0x7f0000000440)={0x0, 0xfffffffffffffdbd, &(0x7f0000000340)={&(0x7f0000000600)=ANY=[@ANYRESDEC=r4, @ANYRES16=r2, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000000010000000000000000000000a5976ac6acd41fd8"], 0x48}}, 0x0)
sendmsg$can_bcm(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="01000000300600000700000000000000", @ANYRES64=0x0, @ANYRES8=r1, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001000000020000a677", @ANYRESHEX=r0, @ANYRESOCT=r4], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x20000000)
bind$inet6(r3, &(0x7f0000000180)={0xa, 0x4e20, 0x7, @local, 0x5}, 0x1c)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r9 = accept4(r8, 0x0, 0x0, 0x800)
sendmmsg$alg(r9, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000003c0)="e8700e444d0008000067347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c343e9c6ad7d2a8103ef2f4b93766b9a21501f94c1548b13756b66f74f46cf801704d2da8b96c34070b233af0a281bfb85c017fcc436712e58ed25e721193af05a045ad3fdc928f01d3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45", 0xce}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4000000}], 0x1, 0x40800)
recvmsg(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0)
ioctl$TUNSETSNDBUF(r10, 0x400454d4, &(0x7f0000000300)=0xfffffffe)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)

2.336259428s ago: executing program 2 (id=2284):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000080)={{0xa000, 0xeeee0000, 0x10, 0x1, 0x3, 0x3, 0x9, 0x1, 0xc5, 0x6, 0x7, 0x9}, {0x30000, 0xe000, 0x3, 0x3, 0x5, 0x9, 0x41, 0x7f, 0xff, 0x10, 0x1, 0x3}, {0xffff1000, 0x5000, 0x3, 0x1, 0x7, 0x9, 0x8, 0x8, 0x0, 0x3d, 0x4, 0x40}, {0x0, 0x0, 0xb, 0x4, 0xf8, 0x0, 0x2, 0x4, 0x7, 0x0, 0xf, 0x7f}, {0x3000, 0x70000, 0x3, 0x6c, 0x1, 0x1, 0x4a, 0x5, 0x0, 0x81, 0x5, 0x2}, {0x5000, 0x37000, 0x0, 0x1, 0x80, 0x6, 0x0, 0xf0, 0x1, 0x6, 0xe, 0x3e}, {0x100000, 0x54000, 0x0, 0x36, 0x8, 0x4, 0x8, 0x21, 0xd8, 0x1, 0xc, 0x8}, {0x60000, 0x100000, 0xe, 0x24, 0x6f, 0x4, 0x70, 0x2, 0x44, 0xbc, 0x58, 0x37}, {0x10000, 0x34ef}, {0xffff1000, 0x8}, 0x20000010, 0x0, 0xffffffff, 0x20024, 0x5, 0x8000, 0xeeee0000, [0xfbad, 0x5, 0xf1be, 0x3]})
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockopt$sock_buf(r2, 0x1, 0x1f, 0x0, &(0x7f0000000340))
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r1, 0x4068aea3, &(0x7f0000000280)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x4b564d05, 0x0, 0x168}]})

1.999622684s ago: executing program 0 (id=2285):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffffe, 0x0, 0x3, 0x6c4ba42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xcd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x7fffffffffffffff, 0x2, 0x0, 0x0, 0x0, 0x7cdd141a, 0x3, 0x7f, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xfffffffffffffffd, 0x9, 0x0, 0xfffffffffffffffb, 0xfffffffffffffffd, 0x2, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80003, 0x0, 0x0, 0x400000, 0x200, 0x0, 0x40000000000, 0x801, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x2, 0x0, 0x3, 0x10, 0x4000100000001]})

1.999158957s ago: executing program 2 (id=2286):
syz_clone3(&(0x7f0000000440)={0x100040000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x5, 0x0) (async, rerun: 64)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_test', 0x8a881, 0xbb) (rerun: 64)
ftruncate(r0, 0x3) (async)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x3, 0x0, 0x7}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_FAMILY={0x0, 0x5, 0x7}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0xfffffffffffffed4, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}}, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc67be43ea6acc96e3a2503dc31c97214d58128bbad0099cebdc25f5ab60c9e69098c8b534464c516bdd8a0f350000000000000300", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}}) (async)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
ioctl$NBD_SET_BLKSIZE(r1, 0xab01, 0x9)

1.926735629s ago: executing program 0 (id=2287):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000080)=ANY=[@ANYRES8=r1], 0x0)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='attr\x00')
getdents(r4, &(0x7f0000000140)=""/72, 0x48)
getdents(r4, 0xffffffffffffffff, 0x5a)
ioctl$KVM_SET_DEVICE_ATTR_vcpu(r4, 0x4018aee1, &(0x7f0000000140)=@attr_irq_timer={0x0, 0x1, 0x0, &(0x7f00000000c0)=0x16})
r5 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f00000001c0)=ANY=[], 0x5)

1.277946213s ago: executing program 0 (id=2288):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r8=>0x0})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "ff"}]}, 0x24}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r10, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r5, @ANYBLOB="05005b"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0)
r11 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000080e372208c106801b284010203110902240001000010000904020002f8fd00000905060200020d0006090582020002"], 0x0)
syz_usb_ep_write$ath9k_ep1(r11, 0x82, 0x164, &(0x7f0000000640)=ANY=[@ANYBLOB="5d01004e689544c1da98352f1b429a6bc19632b77a2d3cbde3674b55f60dacce1dc20b15344706373e7092260f2a140adacb43471f78a2953c860198f25ca42a497f7d88877e639ba486e1c0b3d38c1afa7f6bd915dd21ca98dc1bba06d794c01d86a7e17c98d7419432727193b57947d0c1413b30cf58b8bbc6ad110ac116c7bbb909abbee5cc16e913b9ea09e5c10332a37dbb894c0f1f0e491156dd1a0ad2de9efd5254017dc6791d6fbbbf6cfdcb8db76970c734bd07c63aaaba8fdfc19cca6e9ca6374a892c825206840b973a3e918fcd93c7c4a29d80092cfdf67831ec4609b535d5e275180bc211851e2dbb33bdcda15263236ae9fe900532867ffb8859bf81ca3cd41a49344fee18afd64879f8db0bddabca5ceebfbff53fc0df5ee30169138c3428c3d95c39ae74273e6e6e9d8346982df996eca6b0e8ec08002bed7d347bfb56f30fb20d12ebc137ba85ac52706dec22eb6e551af174cafe"])
syz_usb_connect(0x2, 0x724, &(0x7f0000000c00)={{0x12, 0x1, 0x310, 0xfb, 0x11, 0x1c, 0xff, 0xbb4, 0xa06, 0x98e7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x712, 0x3, 0x81, 0x3, 0x1e0, 0x6, [{{0x9, 0x4, 0xde, 0x20, 0x9, 0xea, 0x43, 0x69, 0x5, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "5f57ef4f"}, {0x5, 0x24, 0x0, 0x401}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x8, 0x200, 0x9}, [@network_terminal={0x7, 0x24, 0xa, 0xf, 0x4, 0x1, 0x5}, @dmm={0x7, 0x24, 0x14, 0x5, 0x8001}, @obex={0x5, 0x24, 0x15, 0x1}, @ncm={0x6}, @dmm={0x7, 0x24, 0x14, 0x60, 0x1}]}, @cdc_ncm={{0x9, 0x24, 0x6, 0x0, 0x1, '4UV@'}, {0x5, 0x24, 0x0, 0x7fff}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x4, 0xfff, 0x3}, {0x6, 0x24, 0x1a, 0x5, 0x20}}], [{{0x9, 0x5, 0xf, 0x3, 0x3ff, 0x6, 0x6, 0x5}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x2f, 0x2, 0x1, [@generic={0xff, 0x7, "3f6dc1095b3658d3a3802e21c0d3491e7cf339d3f0f8eb53a5d7dd958476db13a23e450f52a6038bec9deff224e8260eae121db7cd8e86501214e9424c69090fa9dd800134e8b2e8fbe4cdac2be8a3dbab9ab40ef0354b5e4a7e99375e91010f82667baa44958733f44e52efaacfb3b61569720e7e964fbb2a336c5078dc97b587f2ea12283256792a1c15bde054fc53ac08dbb23927952dbc683c1bfa267d416f6126f284475294127e4fc47d4e02b820f01cf65f4ebc276f4a3a26cf4b78d62908fe16e2ebe478dc6fc766c208765b0d17e7771f294beca851712dfe4a7cc09c7c206afa2bf1bbfdd66e785ac33b5bcab0d6d6c12f7be4b88ddc9b9c"}]}}, {{0x9, 0x5, 0x4, 0x3, 0x20, 0x2, 0xf1, 0x2}}, {{0x9, 0x5, 0xa, 0x2, 0x400, 0x1, 0xfa, 0x1, [@generic={0x98, 0xe, "b3e89cb854e19f12d83a362b59e7bf8589914a45db0fc3b8d87a0650b98c2d2fdb7930f24673cf711913b5f3809a13fd712d6c665b8633215e798db0170dc29bd1908afd619610c28dc11f127fe65521b1560ffb8d48ba118e6992ad687989383a3ab2edaf7a84147d0bb2abc92abf25c555b1a9935ab3fed0a95f702d822fdf663dac4e0850d551920bd96a75235ba993b1fd8518f6"}]}}, {{0x9, 0x5, 0x4, 0x1, 0x0, 0x3, 0x6, 0xf7, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x4, 0x1}, @generic={0x8a, 0x6, "1eb3131abe268a84626908b96d97d8913384cd09123d53c0b5bfe6cbda773dfe22bef2f66e9c06acd5566cf67035c6963977aa91bfb9a36e4321a6786f3d82bb5f01042f769513df2be3ab6b8ab39d181fef314eaad0e7aded032597ace58047bf6a04675aca5e3098744c410fa4a09585c762057a4e07ffe684f89f38107f4edd51131131276829"}]}}, {{0x9, 0x5, 0xd, 0x8, 0x40, 0x9, 0x5, 0x84, [@generic={0xd9, 0x2, "0f0f04f89457dd54be8072daaf1af3c2b87b5f54e8e1c6039de273d4862b678477020870493d39b5f7f0f3279cdc6f917961d1cc4b5abd378b7e7ca209c72d91b602c457befd69ba0d50d9e077b953a3e3b9feed8503be3c2ae1131c047b8232c88bff8f0a978cf72dedf0466adf64c7847e50b15dcfbab163ae80beff3ca7685797a7f84dafaef3450a7f079891c7c1200c9c5769f28e494c953e0aea88698f603065dfe16d4096ef19208d7f0b0f6f35f100b934aaeeadc34c1ffb469da9733efc6bea6a6e3300c12fead7354c3f9c2607644c7661e3"}, @generic={0x93, 0xa, "f319af912618873e6b19e7eeb233d60141c79cc7226a00910b1abf66022e51d05dd157d5a288febcea973e61d24a242dbfb9423062712107f561801c436a39185559c93dec1507f446eaf304252a9527f5cc321496d9dceba12f81282e624fca1f0cfe754fd7fd0687614aa441f7ba70c0eb6a0094011d6e973c3d30401d24085cf4b80b90f85e6e345f868ba7ce01019a"}]}}, {{0x9, 0x5, 0x5, 0x4, 0x3ff, 0x5, 0x9, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x4, 0x9}, @generic={0xcb, 0xbe6017c9bdd4767d, "35d136379a4e42b6f448f5780d4f18f3fb2b6720737b89963878a648c62584863dbc2b008301dfe2127821b03c1f29dc61ddcf076e0440432cbc7562bd40dbf607209d5d06e10d5a4790ef76d50f932b47fdd47ef813d15e9f60b4dfe0bcb753b8aa61f3c8ac6927c6feb5dd19173fa7f0598748c8d6d51e8c33d2604fc8f8c5769b55fc6067a03c097228d5a7a68eff27391cae13958fe1904e000316210ed72c6a7dd85536490b79ad53829572bf1841fa30eac2675b095bed7fd0ef6295ebde722c17af17df5b11"}]}}, {{0x9, 0x5, 0xa, 0x0, 0x40, 0x1, 0x6, 0xc}}, {{0x9, 0x5, 0xb, 0x0, 0x400, 0x3, 0x80, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0x8000}, @generic={0x26, 0x23, "b080f3595511bae569fa00fc259978835441ef20da8142011b897ad0b858346dd98b5522"}]}}]}}, {{0x9, 0x4, 0x99, 0x81, 0x5, 0x2, 0x6, 0x0, 0x7, [@uac_control={{0xa, 0x24, 0x1, 0x8, 0x1}, [@feature_unit={0xb, 0x24, 0x6, 0x1, 0x1, 0x2, [0x1, 0x5], 0x9}, @mixer_unit={0x9, 0x24, 0x4, 0x4, 0x1, "5adac59b"}]}], [{{0x9, 0x5, 0x85, 0x0, 0x8, 0xb, 0xe, 0x4}}, {{0x9, 0x5, 0x80, 0x2, 0x10, 0xe, 0xff, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x7, 0x4eb}, @generic={0xfb, 0xb, "d0a45501989db1849283eabeceec8a3123a6cff951b3202958942656e1d182a4f28553bfd34f20225eedee23e720ce8be11d35bae5e614c8afb95b463d012b6b4bec22ac0bb4fbc6ab0263183b5ecb0ebd17b7566fb78bc4e303df9fbb880781dec7c0deb850ff6ef5a8ec2cd3ff6069281bca5513585dcc64202e1e6d65f1b0f1a6057ff2ea78d272e0e38baaf78aba73e337ded38b171ba191467a478d3ad5f46e7f51dc7361e7f9f9071412104b176e2468c697b1f659828c44b9cb2b4ee9a77f2a9891b398c297dfeb185c745a4520b33eb3097cf68af917495249d03415d42f8c8a9c3ce731a43f4a3584b46094aad915f6f92f69cdc0"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x3ff, 0xef, 0x2, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xa, 0x1}]}}, {{0x9, 0x5, 0xa, 0x10, 0x20, 0xa1, 0x5, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x5, 0xdc7}, @generic={0x3e, 0x22, "b0519cd3d3bed49c00e7ee39c79cc7a628df8528101b4f9216ca5239f1d54fb8611d3f47e634b10d2f804faa43ad404b6b39ae857e005745ee25bb55"}]}}, {{0x9, 0x5, 0x7, 0x10, 0x20, 0xa1, 0x8, 0x10}}]}}, {{0x9, 0x4, 0x45, 0xfa, 0x1, 0xf2, 0x1e, 0xf5, 0x5, [], [{{0x9, 0x5, 0x3, 0x8, 0x40, 0x3, 0xc4, 0xc, [@generic={0x6, 0x11, "08beb7c9"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x6}]}}]}}]}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x110, 0x2, 0xa2, 0x10, 0x40, 0x6}, 0x33, &(0x7f0000000300)={0x5, 0xf, 0x33, 0x1, [@generic={0x2e, 0x10, 0x4, "7d5cdd5c71a61445017dbb08fef16d65f988a75e2adfb6d7bab22191231e77c543275cd3370f5c2589b6c9"}]}, 0x1, [{0xd0, &(0x7f0000000340)=@string={0xd0, 0x3, "844cfcb16601a08fabfe9f1f6ab33221d3b93b354b71efafa364a69879933b170e9c5ddd461a6d2fa50ed21ff0fb08136368eaa7426945bec32639e5626ad7ed74a0a5d0ba0af5b077033c10192a2fb9e22e444f4d176d7c27d064d4becc19dd8920e5f224ffe22310ce0808c113acb7cbe7f8fd785c9cb0f8cf91edd39fbf4bc6d7539902f07d2f9d89d3e906b2e9a7b1fdc802e73764992258529bd35ddc7d21ae1b99e1ce62f63123b90665aeefbdb0b48f5add77e486994eb50d34f5bd767655b71594b2e2e781071fa3829b"}}]})
syz_usb_control_io(r11, &(0x7f00000002c0)={0x2c, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x805}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$sierra_net(r11, &(0x7f0000000180)={0x14, &(0x7f0000000040)={0x20, 0x31, 0x3d, {0x3d, 0x8, "256dd4bf7f49b249a70768e2c734c67eab553696e71606568f0cb0dd3c2cea44501868d69c00f838172c1bbab74e6e8aa710d41d709148a9848efb"}}, &(0x7f0000000100)={0x0, 0x3, 0x4f, @string={0x4f, 0x3, "1c46f5bb861eb8b9c4c11c8edcf3e190b81e3ecd157a720a374f870358fb4ff5fa0bd96c1b0093ca035c210de23f03f4ff3b2f5ab5e1b3e670a1483f7d26ae6de05e2f759e7257aefcf0f789d9"}}}, &(0x7f0000000240)={0x1c, &(0x7f00000001c0)={0x40, 0x3, 0x16, "0ea8902ee3e8f1ac73a2a4c04dd0cf4151c2b07a0b02"}, &(0x7f00000007c0)={0xa1, 0x1, 0x400, "1172ef7132bc57b0d3182485ef4412e4519afdf4c99ae65fbf5f9a092e04224fd09738505d8da0464efe4d53d6c433716611586f87136f82d2a1f64d376b4222d5cebb2394b977663ebd918fc713e8842ae716e9b3216067adb1e73e8bf1e302604ab709a6c9667078203f3028b4d668491878329c5bb4086fe8b3297a369cbded4841b07ae39132d61581a10525b4c2ab317d94cd5ffff4855a13bcf4369e6c0ee43b788fbc6c9c1266656342706a8c1fe3bcb240a4548943ff5157bb8b9878560d2fc23cf54007735478209a1dc642a410fc22722c6e27f38919b525d7a727b91b27ed954b0fef08d0e6062223ba3d75b10092e72e415b38f8e6a945db4e4d2e4c551d2d853614639e854de34f60463380bdd4a31bb215c8db6b395e2e46d1d9904df5f12fedbc2544bd8e49a4d6b73555031b803afb87fef9e669470192e365105b2858c4f9bc11aa297a26d5d024d573be4ec277643437fbea210cd6e1906f52e231df6a4634a893a31736e9e92c74df9dbcfe79cca48b8104eb9f53a293260a68960ca0acf44485e4fdef19aa9c1f5521ebe180e3c3fecf62159b5ef2cc2a4e7602ac4a869b19f32ed23b3ee8e714154c1e3fc482ea47689dfb4b5977c11c2b9499ef6d8e98d95c6728f4bb84d18f8229ea7a8a64cbae832895902c6670c7330c980b917bf443397fd53b439061ec7a38b5c9892ca0a8260fb41b9d95c575c43804ebe27e365644d252c4466f18518b6d62ff6c892a139fcddf03c50346b7d5c9fd51caca1ff5270ae0d8d186f5ceca87d7ceaa59e3299a62fbe22af87ad342fd7a048ee28cb6e1e1d716baa436a3b2e02a6aa987a9371cad96035c80e196c5e5f00b1928374d5c81da651fba332b6c47abcbc6ca0694439cd21b5838bac3ac2ffa499ebf1ba3d9d5dbb0d3c409a57e7af0aa7c237f953ad31b69323c806adb79b6a458e72180905f2a2884e31db340372a230cb1344c0131bac41f404931cb1ff3e7a634fa0b8698c5b022c1c0d9945e31f5a375fe808d86e25e9078711ad133a3ce0bbc3be02f252ebb45ee12a144c7daf80b85004e56f5740bd9b09e4528f3c87136263f070d8951258629b5a8327779a93f6cc136a89c8dde5dbec526814daa583f74fc7f8cbf68fdc908a757b3f73b2abff1bea90edc30b880f93f11f6b71d22de9a61b30fa0851f9c686d2bd3d5e5a945ea1b849c8a26b36408d282f9cf0eb0a0bdeb48bc6a91e663a3b4625499880cbd2ef012b996df09acf193c4786139dbb882ef4b52d1e677f20f6e0fc7c7b0344526be148a431ddc42b62a1900a7d2b4a3383429bfb4f9f0395611f329293c2e088d1f1d6bb16c000a145270967117946a4159c7f01867a3ad4bb428cf871d6cb44bc07c0f72381953b6e7ca422a6ad1a297b984648b75fc082d97c63bbc1424b1ceba0b4345c18dad1119"}, &(0x7f0000000200)})

183.94006ms ago: executing program 3 (id=2289):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write(r0, 0x81, 0x4, &(0x7f0000000080)="00012c61")

156.840383ms ago: executing program 0 (id=2290):
syz_usb_connect$uac1(0x0, 0xac, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b"], 0x0)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f00000001c0)=ANY=[], 0x5) (fail_nth: 1)

0s ago: executing program 0 (id=2291):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x802)
ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000040)={0x4, 0x5})
syz_clone3(&(0x7f0000000300)={0x8020000, &(0x7f0000000080)=<r1=>0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100), {0x2c}, &(0x7f0000000140)=""/77, 0x4d, &(0x7f00000001c0)=""/241, &(0x7f00000002c0)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x3}, 0x58)
r2 = pidfd_getfd(r1, r0, 0x0)
umount2(&(0x7f0000000380)='./file0\x00', 0x1)
setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000400), &(0x7f0000000440), 0x2, 0x2)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000480)={0x51, 0x7fff, 0x0, 'queue1\x00', 0x2})
clock_gettime(0x0, &(0x7f0000000540)={<r3=>0x0, <r4=>0x0})
ioctl$vim2m_VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000580)=@fd={0x8, 0x0, 0x4, 0x400, 0xfa, {r3, r4/1000+60000}, {0x5, 0x8, 0x6, 0xf6, 0x8, 0xfe, "a271f13f"}, 0xffff, 0x4, {<r5=>0xffffffffffffffff}, 0x4})
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000600)={0x101, r5}, 0x0)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000680), r2)
sendmsg$TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x2c, r6, 0x10, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000890)
syz_genetlink_get_family_id$devlink(&(0x7f0000000780), r2)
clock_gettime(0x6, &(0x7f00000007c0))
ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000800))
recvmmsg(r2, &(0x7f0000005f40)=[{{&(0x7f0000000840)=@hci, 0x80, &(0x7f00000009c0)=[{&(0x7f00000008c0)=""/61, 0x3d}, {&(0x7f0000000900)=""/88, 0x58}, {&(0x7f0000000980)=""/28, 0x1c}], 0x3, &(0x7f0000000a00)=""/42, 0x2a}, 0xb}, {{&(0x7f0000000a40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000002240)=[{&(0x7f0000000ac0)=""/181, 0xb5}, {&(0x7f0000000b80)=""/113, 0x71}, {&(0x7f0000000c00)=""/184, 0xb8}, {&(0x7f0000000cc0)=""/134, 0x86}, {&(0x7f0000000d80)=""/233, 0xe9}, {&(0x7f0000000e80)=""/243, 0xf3}, {&(0x7f0000000f80)=""/4096, 0x1000}, {&(0x7f0000001f80)=""/232, 0xe8}, {&(0x7f0000002080)=""/222, 0xde}, {&(0x7f0000002180)=""/154, 0x9a}], 0xa, &(0x7f0000002300)=""/16, 0x10}, 0x7}, {{&(0x7f0000002340)=@vsock, 0x80, &(0x7f0000003840)=[{&(0x7f00000023c0)=""/250, 0xfa}, {&(0x7f00000024c0)=""/64, 0x40}, {&(0x7f0000002500)=""/232, 0xe8}, {&(0x7f0000002600)=""/141, 0x8d}, {&(0x7f00000026c0)=""/4096, 0x1000}, {&(0x7f00000036c0)=""/156, 0x9c}, {&(0x7f0000003780)=""/137, 0x89}], 0x7}, 0x480}, {{&(0x7f00000038c0)=@l2={0x1f, 0x0, @none}, 0x80, &(0x7f0000003c80)=[{&(0x7f0000003940)=""/135, 0x87}, {&(0x7f0000003a00)=""/221, 0xdd}, {&(0x7f0000003b00)=""/161, 0xa1}, {&(0x7f0000003bc0)=""/158, 0x9e}], 0x4, &(0x7f0000003cc0)=""/17, 0x11}, 0x7}, {{0x0, 0x0, &(0x7f0000005ec0)=[{&(0x7f0000003d00)=""/157, 0x9d}, {&(0x7f0000003dc0)=""/67, 0x43}, {&(0x7f0000003e40)=""/4096, 0x1000}, {&(0x7f0000004e40)}, {&(0x7f0000004e80)=""/4096, 0x1000}, {&(0x7f0000005e80)}], 0x6}, 0xc91}], 0x5, 0x1, 0x0)
r7 = mq_open(&(0x7f0000006080)='/dev/nbd#\x00', 0x2, 0x62, &(0x7f00000060c0)={0x1, 0x7, 0x10, 0x3})
mq_timedsend(r7, &(0x7f0000006100)="7e11aade838b64a1745580f020c734b990d8733d5e824a8d39135efc5d8eb96096a947ec70463aba3fdc914b7b5d321c82df5031bb3a4b7727affc9eeeb4e030e16d2dd65d521f1106acc7cffc5cb5bdf99dfdb273b832ed1a7c22af047b2708a1492d973799511e6a20431c63a5f7880cddab8f091ab0b7cf4ce70f2dce5798695e3a092f856e6844aaa669e5177036422ec0ecc5139d69a8300a33dddf3739f149e86808e94d822e2048a0", 0xac, 0x9, 0x0)
bind$ax25(r2, &(0x7f00000061c0)={{0x3, @default, 0x3}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
getresgid(&(0x7f0000006240)=<r8=>0x0, &(0x7f0000006280), &(0x7f00000062c0))
ioctl$TUNSETGROUP(r2, 0x400454ce, r8)
brk(0xf)
mq_unlink(&(0x7f0000006300)='\x00')
semtimedop(0xffffffffffffffff, &(0x7f0000006340)=[{0x6, 0x9, 0x1000}, {0x2, 0x20e4, 0x1800}, {0xb8b82aff23740c1e, 0x800, 0x800}, {0x3, 0x6, 0x1800}], 0x4, &(0x7f0000006380)={0x0, 0x989680})
ioctl$SNDCTL_SEQ_THRESHOLD(r2, 0x4004510d, &(0x7f00000063c0)=0x4)
r9 = semget$private(0x0, 0x4, 0x210)
semctl$SEM_STAT_ANY(r9, 0x0, 0x14, &(0x7f0000006400)=""/95)
ioctl$KVM_GET_XCRS(r2, 0x8188aea6, &(0x7f0000006480))
r10 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000006640), 0x121102, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r10, 0x1, &(0x7f0000006680)={0x4009, r7}, 0x0)

kernel console output (not intermixed with test programs):

failure.
[  459.393461][T10748] name failslab, interval 1, probability 0, space 0, times 0
[  459.406686][T10748] CPU: 0 UID: 0 PID: 10748 Comm: syz.1.1722 Not tainted syzkaller #0 PREEMPT(full) 
[  459.406717][T10748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  459.406732][T10748] Call Trace:
[  459.406742][T10748]  <TASK>
[  459.406753][T10748]  dump_stack_lvl+0x189/0x250
[  459.406791][T10748]  ? __pfx____ratelimit+0x10/0x10
[  459.406822][T10748]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.406851][T10748]  ? __pfx__printk+0x10/0x10
[  459.406881][T10748]  ? __pfx___might_resched+0x10/0x10
[  459.406908][T10748]  ? fs_reclaim_acquire+0x7d/0x100
[  459.406939][T10748]  should_fail_ex+0x414/0x560
[  459.406975][T10748]  should_failslab+0xa8/0x100
[  459.407006][T10748]  kmem_cache_alloc_noprof+0x88/0x6f0
[  459.407041][T10748]  ? __kvm_mmu_topup_memory_cache+0x463/0x610
[  459.407069][T10748]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  459.407102][T10748]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  459.407142][T10748]  mmu_topup_memory_caches+0x21/0x170
[  459.407174][T10748]  kvm_mmu_load+0x9d/0x22d0
[  459.407206][T10748]  ? vmx_vcpu_load+0x1b0/0x260
[  459.407229][T10748]  ? kvm_arch_vcpu_load+0x1f6/0xa30
[  459.407257][T10748]  ? kvm_arch_vcpu_load+0x75d/0xa30
[  459.407299][T10748]  ? kvm_vcpu_pre_fault_memory+0x15b/0x460
[  459.407343][T10748]  kvm_arch_vcpu_pre_fault_memory+0x63f/0x710
[  459.407383][T10748]  kvm_vcpu_pre_fault_memory+0x229/0x460
[  459.407419][T10748]  ? kvm_vcpu_pre_fault_memory+0x15b/0x460
[  459.407457][T10748]  kvm_vcpu_ioctl+0x82f/0xed0
[  459.407495][T10748]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  459.407527][T10748]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  459.407583][T10748]  ? __fget_files+0x2a/0x420
[  459.407619][T10748]  ? __fget_files+0x2a/0x420
[  459.407658][T10748]  ? bpf_lsm_file_ioctl+0x9/0x20
[  459.407685][T10748]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  459.407716][T10748]  __se_sys_ioctl+0xfc/0x170
[  459.407742][T10748]  do_syscall_64+0xfa/0xf80
[  459.407775][T10748]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.407797][T10748]  ? clear_bhb_loop+0x60/0xb0
[  459.407825][T10748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.407847][T10748] RIP: 0033:0x7f6ce258f749
[  459.407868][T10748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.407888][T10748] RSP: 002b:00007f6ce34d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  459.407912][T10748] RAX: ffffffffffffffda RBX: 00007f6ce27e5fa0 RCX: 00007f6ce258f749
[  459.407929][T10748] RDX: 0000200000000040 RSI: 00000000c040aed5 RDI: 0000000000000006
[  459.407945][T10748] RBP: 00007f6ce34d4090 R08: 0000000000000000 R09: 0000000000000000
[  459.407960][T10748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.407974][T10748] R13: 00007f6ce27e6038 R14: 00007f6ce27e5fa0 R15: 00007ffe8ca915a8
[  459.408011][T10748]  </TASK>
[  459.723237][   T24] usb 1-1: USB disconnect, device number 52
[  459.733080][T10756] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.1724'.
[  459.744705][T10754] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.1724'.
[  459.749444][T10756] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.1724'.
[  459.754876][T10754] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.1724'.
[  459.766132][T10756] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.1724'.
[  459.773037][T10754] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.1724'.
[  460.295633][   T10] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  460.401707][T10767] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  460.457221][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  460.468443][   T10] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  460.478021][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.498534][   T10] usb 2-1: config 0 descriptor??
[  460.620783][T10770] bridge0: port 1(bridge_slave_0) entered forwarding state
[  460.906277][ T5896] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  461.085833][ T5896] usb 1-1: Using ep0 maxpacket: 32
[  461.093755][ T5896] usb 1-1: config 0 has an invalid interface number: 200 but max is 0
[  461.103117][ T5896] usb 1-1: config 0 has no interface number 0
[  461.109593][ T5896] usb 1-1: config 0 interface 200 has no altsetting 0
[  461.119276][ T5896] usb 1-1: New USB device found, idVendor=0681, idProduct=0005, bcdDevice=e3.23
[  461.128698][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.136839][ T5896] usb 1-1: Product: syz
[  461.141089][ T5896] usb 1-1: Manufacturer: syz
[  461.145964][ T5896] usb 1-1: SerialNumber: syz
[  461.159434][ T5896] usb 1-1: config 0 descriptor??
[  461.177538][T10783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.188242][T10783] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.374775][ T5896] usb 1-1: USB disconnect, device number 53
[  461.582742][ T5896] usb 4-1: USB disconnect, device number 52
[  461.749122][T10790] overlayfs: missing 'lowerdir'
[  461.789605][T10790] kvm: emulating exchange as write
[  461.953001][T10799] __nla_validate_parse: 125 callbacks suppressed
[  461.953024][T10799] netlink: 65 bytes leftover after parsing attributes in process `syz.3.1738'.
[  461.972592][T10799] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1738'.
[  462.180295][T10808] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  462.190471][T10808] overlayfs: failed to set xattr on upper
[  462.196667][T10808] overlayfs: ...falling back to redirect_dir=nofollow.
[  462.203829][T10808] overlayfs: ...falling back to index=off.
[  462.210077][T10808] overlayfs: ...falling back to uuid=null.
[  462.221836][T10808] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  462.405755][ T5913] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  462.446349][T10814] ptrace attach of "./syz-executor exec"[10815] was attempted by "./syz-executor exec"[10814]
[  462.580105][ T5913] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  462.595935][ T5913] usb 1-1: config 1 descriptor has 1 excess byte, ignoring
[  462.604939][ T5913] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  462.625695][ T5913] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  462.657787][ T5913] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  462.667143][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  462.675175][ T5913] usb 1-1: Product: syz
[  462.695585][ T5913] usb 1-1: Manufacturer: syz
[  462.715674][ T5913] cdc_wdm 1-1:1.0: skipping garbage
[  462.720988][ T5913] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  462.988153][T10825] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  462.988153][T10825] The task syz.2.1747 (10825) triggered the difference, watch for misbehavior.
[  463.065300][T10825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  463.076631][T10825] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  463.125316][   T10] usbhid 2-1:0.0: can't add hid device: -71
[  463.136486][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  463.161547][   T10] usb 2-1: USB disconnect, device number 54
[  463.434173][T10834] netlink: 65 bytes leftover after parsing attributes in process `syz.1.1750'.
[  463.450225][T10834] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1750'.
[  463.461748][T10834] bridge0: port 1(bridge_slave_0) entered forwarding state
[  463.815613][ T5913] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  463.965641][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  463.975609][   T10] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  463.976309][ T5913] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  463.995110][ T5913] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  464.003956][ T5913] usb 4-1: Product: syz
[  464.008570][ T5913] usb 4-1: Manufacturer: syz
[  464.013304][ T5913] usb 4-1: SerialNumber: syz
[  464.023443][ T5913] usb 4-1: config 0 descriptor??
[  464.033885][ T5913] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  464.136056][   T10] usb 2-1: Using ep0 maxpacket: 16
[  464.144149][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  464.153669][   T10] usb 2-1: config 255 has an invalid interface number: 48 but max is 0
[  464.162434][   T10] usb 2-1: config 255 has no interface number 0
[  464.169009][   T10] usb 2-1: config 255 interface 48 has no altsetting 0
[  464.179084][   T10] usb 2-1: New USB device found, idVendor=2013, idProduct=024f, bcdDevice=e8.70
[  464.188537][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.196747][   T10] usb 2-1: Product: syz
[  464.201072][   T10] usb 2-1: Manufacturer: syz
[  464.205915][   T10] usb 2-1: SerialNumber: syz
[  464.259281][T10839] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  464.419517][T10841] batadv_slave_1: entered promiscuous mode
[  464.431372][   T10] em28xx 2-1:255.48: audio device (2013:024f): interface 48, class 1
[  464.442779][   T10] usb 2-1: USB disconnect, device number 55
[  464.671563][ T5913] gspca_zc3xx: reg_w_i err -71
[  464.678981][ T5913] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  464.691809][ T5913] usb 4-1: USB disconnect, device number 53
[  464.936981][T10842] batadv_slave_1: left promiscuous mode
[  465.189349][   T10] usb 1-1: USB disconnect, device number 54
[  465.280116][T10854] No source specified
[  465.356066][ T5913] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  465.517848][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  465.529097][ T5913] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  465.538686][   T43] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  465.546577][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.558572][ T5913] usb 2-1: config 0 descriptor??
[  465.605090][T10860] netlink: 65 bytes leftover after parsing attributes in process `syz.0.1760'.
[  465.619315][T10860] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1760'.
[  465.630526][T10860] bridge0: port 1(bridge_slave_0) entered forwarding state
[  465.708359][   T43] usb 4-1: config 2 has an invalid interface number: 201 but max is 0
[  465.716935][   T43] usb 4-1: config 2 has no interface number 0
[  465.723080][   T43] usb 4-1: config 2 interface 201 has no altsetting 0
[  465.732727][   T43] usb 4-1: New USB device found, idVendor=05ac, idProduct=c712, bcdDevice=9d.92
[  465.742401][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.750626][   T43] usb 4-1: Product: syz
[  465.755367][   T43] usb 4-1: Manufacturer: syz
[  465.760077][   T43] usb 4-1: SerialNumber: syz
[  465.935651][   T24] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  465.973889][T10854] netlink: 'syz.3.1758': attribute type 28 has an invalid length.
[  465.982525][T10854] netlink: 'syz.3.1758': attribute type 21 has an invalid length.
[  465.997546][T10854] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1758'.
[  466.022281][   T43] usb 4-1: USB disconnect, device number 54
[  466.082629][T10864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.091795][T10864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.099726][   T24] usb 1-1: Using ep0 maxpacket: 32
[  466.107805][   T24] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  466.116129][   T24] usb 1-1: config 0 has no interface number 0
[  466.124722][   T24] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  466.134428][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.142567][   T24] usb 1-1: Product: syz
[  466.147003][   T24] usb 1-1: Manufacturer: syz
[  466.151708][   T24] usb 1-1: SerialNumber: syz
[  466.160410][   T24] usb 1-1: config 0 descriptor??
[  466.168705][   T24] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  466.369546][T10862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.382081][T10862] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.395304][   T24] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  466.408796][   T24] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  466.596118][T10862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.616562][T10862] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.654215][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  466.671807][   T24] usb 1-1: USB disconnect, device number 55
[  466.689818][   T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  466.712749][   T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  466.734958][   T24] quatech2 1-1:0.51: device disconnected
[  467.286997][T10881] netlink: 65 bytes leftover after parsing attributes in process `syz.0.1769'.
[  467.299305][T10881] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1769'.
[  467.311708][T10881] bridge0: port 1(bridge_slave_0) entered forwarding state
[  467.348635][T10883] openvswitch: netlink: IP tunnel dst address not specified
[  467.735679][ T5921] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  467.907434][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  467.918828][ T5921] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  467.929575][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.943374][ T5921] usb 1-1: config 0 descriptor??
[  468.129651][T10907] input: syz1 as /devices/virtual/input/input143
[  468.150824][ T5913] usbhid 2-1:0.0: can't add hid device: -71
[  468.177723][ T5913] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  468.225843][ T5913] usb 2-1: USB disconnect, device number 56
[  468.244406][T10914] netlink: 65 bytes leftover after parsing attributes in process `syz.1.1780'.
[  468.261486][T10914] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1780'.
[  468.272662][T10914] bridge0: port 1(bridge_slave_0) entered forwarding state
[  468.347780][T10919] tmpfs: User quota inode hardlimit too large.
[  468.694928][T10934] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1788'.
[  468.705261][T10934] bridge_slave_1: left allmulticast mode
[  468.711502][T10934] bridge_slave_1: left promiscuous mode
[  468.717993][T10934] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.728585][T10934] bridge_slave_0: left allmulticast mode
[  468.734298][T10934] bridge_slave_0: left promiscuous mode
[  468.740619][T10934] bridge0: port 1(bridge_slave_0) entered disabled state
[  469.224748][T10943] netlink: 65 bytes leftover after parsing attributes in process `syz.2.1791'.
[  469.240450][T10943] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1791'.
[  469.748633][T10961] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1799'.
[  469.913174][T10967] netlink: 65 bytes leftover after parsing attributes in process `syz.2.1801'.
[  469.926536][T10967] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1801'.
[  470.296020][ T5896] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  470.459697][ T5896] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  470.470078][ T5896] usb 2-1: config 1 has an invalid descriptor of length 56, skipping remainder of the config
[  470.481695][ T5896] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  470.491579][ T5896] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  470.514278][ T5896] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  470.524550][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  470.533170][ T5896] usb 2-1: Product: syz
[  470.538055][ T5896] usb 2-1: Manufacturer: syz
[  470.543659][ T5921] usbhid 1-1:0.0: can't add hid device: -71
[  470.552718][ T5921] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  470.576147][ T5896] cdc_wdm 2-1:1.0: skipping garbage
[  470.589482][ T5896] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  470.597480][T10987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  470.604435][ T5921] usb 1-1: USB disconnect, device number 56
[  470.616879][T10987] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  470.782246][T10993] bridge0: port 1(bridge_slave_0) entered forwarding state
[  470.961480][T11001] FAULT_INJECTION: forcing a failure.
[  470.961480][T11001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  470.974747][T11001] CPU: 1 UID: 0 PID: 11001 Comm: syz.0.1815 Not tainted syzkaller #0 PREEMPT(full) 
[  470.974769][T11001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  470.974780][T11001] Call Trace:
[  470.974788][T11001]  <TASK>
[  470.974795][T11001]  dump_stack_lvl+0x189/0x250
[  470.974819][T11001]  ? __pfx____ratelimit+0x10/0x10
[  470.974841][T11001]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.974861][T11001]  ? __pfx__printk+0x10/0x10
[  470.974880][T11001]  ? __might_fault+0xb0/0x130
[  470.974919][T11001]  should_fail_ex+0x414/0x560
[  470.974945][T11001]  _copy_from_user+0x2d/0xb0
[  470.974963][T11001]  ___sys_sendmsg+0x158/0x2a0
[  470.974985][T11001]  ? __pfx____sys_sendmsg+0x10/0x10
[  470.975010][T11001]  ? rcu_read_lock_any_held+0xb3/0x120
[  470.975053][T11001]  ? __fget_files+0x2a/0x420
[  470.975074][T11001]  ? __fget_files+0x3a0/0x420
[  470.975102][T11001]  __x64_sys_sendmsg+0x19b/0x260
[  470.975122][T11001]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  470.975146][T11001]  ? __pfx_ksys_write+0x10/0x10
[  470.975168][T11001]  ? do_syscall_64+0xbe/0xf80
[  470.975192][T11001]  do_syscall_64+0xfa/0xf80
[  470.975216][T11001]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.975231][T11001]  ? clear_bhb_loop+0x60/0xb0
[  470.975251][T11001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.975267][T11001] RIP: 0033:0x7fe87678f749
[  470.975282][T11001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.975296][T11001] RSP: 002b:00007fe8776bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  470.975314][T11001] RAX: ffffffffffffffda RBX: 00007fe8769e5fa0 RCX: 00007fe87678f749
[  470.975326][T11001] RDX: 0000000004080800 RSI: 0000200000000040 RDI: 0000000000000003
[  470.975337][T11001] RBP: 00007fe8776bb090 R08: 0000000000000000 R09: 0000000000000000
[  470.975347][T11001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.975356][T11001] R13: 00007fe8769e6038 R14: 00007fe8769e5fa0 R15: 00007ffe389eb958
[  470.975381][T11001]  </TASK>
[  471.341762][T11009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  471.353715][T11009] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  471.748109][ T5918] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  471.908991][ T5918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  471.925485][ T5918] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  471.935330][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.946943][ T5829] block nbd1: Receive control failed (result -32)
[  471.965222][ T5918] usb 1-1: config 0 descriptor??
[  472.197652][T11031] nbd: must specify a device to reconfigure
[  472.445669][ T5913] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  472.607457][ T5913] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  472.616617][ T5913] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  472.627260][ T5913] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  472.639398][ T5913] usb 4-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[  472.649051][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.657191][ T5913] usb 4-1: Product: syz
[  472.661958][ T5913] usb 4-1: Manufacturer: syz
[  472.666807][ T5913] usb 4-1: SerialNumber: syz
[  472.674399][ T5913] usb 4-1: config 0 descriptor??
[  472.885907][ T5921] usb 4-1: USB disconnect, device number 55
[  473.084274][   T43] usb 2-1: USB disconnect, device number 57
[  473.200598][T11047] __nla_validate_parse: 5 callbacks suppressed
[  473.200620][T11047] netlink: 65 bytes leftover after parsing attributes in process `syz.2.1829'.
[  473.220043][T11047] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1829'.
[  473.475908][   T43] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  473.616903][   T43] usb 2-1: device descriptor read/64, error -71
[  473.795623][ T5921] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  473.856648][   T43] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  473.958195][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  473.969589][ T5921] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  473.978967][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.996352][ T5921] usb 4-1: config 0 descriptor??
[  474.002712][   T43] usb 2-1: device descriptor read/64, error -71
[  474.127684][   T43] usb usb2-port1: attempt power cycle
[  474.196729][T11071] FAULT_INJECTION: forcing a failure.
[  474.196729][T11071] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  474.210166][T11071] CPU: 0 UID: 0 PID: 11071 Comm: syz.2.1838 Not tainted syzkaller #0 PREEMPT(full) 
[  474.210195][T11071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  474.210211][T11071] Call Trace:
[  474.210222][T11071]  <TASK>
[  474.210233][T11071]  dump_stack_lvl+0x189/0x250
[  474.210271][T11071]  ? __pfx____ratelimit+0x10/0x10
[  474.210302][T11071]  ? __pfx_dump_stack_lvl+0x10/0x10
[  474.210331][T11071]  ? __pfx__printk+0x10/0x10
[  474.210356][T11071]  ? fs_reclaim_acquire+0x7d/0x100
[  474.210389][T11071]  should_fail_ex+0x414/0x560
[  474.210427][T11071]  prepare_alloc_pages+0x22b/0x650
[  474.210461][T11071]  __alloc_frozen_pages_noprof+0x123/0x370
[  474.210492][T11071]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  474.210527][T11071]  ? policy_nodemask+0x27c/0x720
[  474.210561][T11071]  alloc_pages_mpol+0x232/0x4a0
[  474.210597][T11071]  vma_alloc_folio_noprof+0xe4/0x200
[  474.210625][T11071]  ? page_table_check_set+0x148/0x610
[  474.210656][T11071]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  474.210700][T11071]  folio_prealloc+0x30/0x180
[  474.210726][T11071]  do_pte_missing+0x14e8/0x3330
[  474.210773][T11071]  handle_mm_fault+0x1b26/0x32b0
[  474.210807][T11071]  ? __pte_offset_map_lock+0x13e/0x210
[  474.210856][T11071]  ? handle_mm_fault+0xdb/0x32b0
[  474.210896][T11071]  ? __pfx_handle_mm_fault+0x10/0x10
[  474.210930][T11071]  ? follow_page_pte+0x7ef/0x13e0
[  474.210970][T11071]  ? __pfx_follow_page_pte+0x10/0x10
[  474.211002][T11071]  ? vma_is_secretmem+0xd/0x50
[  474.211025][T11071]  ? check_vma_flags+0x50d/0x580
[  474.211064][T11071]  __get_user_pages+0x1650/0x29f0
[  474.211129][T11071]  get_user_pages_unlocked+0x1e6/0x730
[  474.211172][T11071]  hva_to_pfn+0x313/0xc90
[  474.211201][T11071]  ? rcu_is_watching+0x15/0xb0
[  474.211235][T11071]  ? __pfx_hva_to_pfn+0x10/0x10
[  474.211273][T11071]  ? xas_start+0x390/0x770
[  474.211303][T11071]  ? xa_load+0x60/0x210
[  474.211343][T11071]  ? kvm_follow_pfn+0x21a/0x3c0
[  474.211375][T11071]  __kvm_faultin_pfn+0xaa/0x100
[  474.211415][T11071]  kvm_mmu_faultin_pfn+0x73c/0x1570
[  474.211457][T11071]  ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10
[  474.211495][T11071]  kvm_tdp_page_fault+0x273/0x370
[  474.211524][T11071]  kvm_mmu_do_page_fault+0x2c5/0x640
[  474.211560][T11071]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  474.211591][T11071]  ? __lock_acquire+0x6b6/0x2cf0
[  474.211617][T11071]  ? __vmx_complete_interrupts+0x308/0x690
[  474.211643][T11071]  kvm_mmu_page_fault+0x22f/0xb70
[  474.211679][T11071]  ? handle_ept_violation+0x420/0x710
[  474.211709][T11071]  ? __pfx_handle_ept_violation+0x10/0x10
[  474.211735][T11071]  vmx_handle_exit+0xf23/0x1690
[  474.211757][T11071]  ? vcpu_run+0x427b/0x76b0
[  474.211790][T11071]  vcpu_run+0x54ca/0x76b0
[  474.211829][T11071]  ? vcpu_run+0x427b/0x76b0
[  474.211904][T11071]  ? __pfx_vcpu_run+0x10/0x10
[  474.211933][T11071]  ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90
[  474.211961][T11071]  ? rcu_is_watching+0x15/0xb0
[  474.211993][T11071]  kvm_arch_vcpu_ioctl_run+0x1148/0x1c90
[  474.212026][T11071]  ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90
[  474.212045][T11071]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  474.212066][T11071]  ? rcu_is_watching+0x15/0xb0
[  474.212091][T11071]  ? trace_contention_end+0x39/0x100
[  474.212121][T11071]  ? __mutex_lock+0x335/0x1350
[  474.212158][T11071]  ? kasan_quarantine_put+0xdd/0x220
[  474.212178][T11071]  ? lockdep_hardirqs_on+0x98/0x140
[  474.212204][T11071]  ? kvm_vcpu_ioctl+0x269/0xed0
[  474.212234][T11071]  ? __pfx___mutex_lock+0x10/0x10
[  474.212266][T11071]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  474.212297][T11071]  ? do_vfs_ioctl+0xbe8/0x1430
[  474.212315][T11071]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  474.212342][T11071]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  474.212365][T11071]  kvm_vcpu_ioctl+0x99a/0xed0
[  474.212402][T11071]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  474.212430][T11071]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  474.212479][T11071]  ? __fget_files+0x2a/0x420
[  474.212514][T11071]  ? __fget_files+0x3a0/0x420
[  474.212542][T11071]  ? __fget_files+0x2a/0x420
[  474.212576][T11071]  ? bpf_lsm_file_ioctl+0x9/0x20
[  474.212600][T11071]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  474.212627][T11071]  __se_sys_ioctl+0xfc/0x170
[  474.212657][T11071]  do_syscall_64+0xfa/0xf80
[  474.212690][T11071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.212710][T11071]  ? clear_bhb_loop+0x60/0xb0
[  474.212733][T11071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.212752][T11071] RIP: 0033:0x7f7047b8f749
[  474.212771][T11071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.212789][T11071] RSP: 002b:00007f7048991038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  474.212813][T11071] RAX: ffffffffffffffda RBX: 00007f7047de5fa0 RCX: 00007f7047b8f749
[  474.212829][T11071] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  474.212842][T11071] RBP: 00007f7048991090 R08: 0000000000000000 R09: 0000000000000000
[  474.212854][T11071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  474.212866][T11071] R13: 00007f7047de6038 R14: 00007f7047de5fa0 R15: 00007ffcdfd2f158
[  474.212899][T11071]  </TASK>
[  474.714502][   T43] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  474.753286][ T5918] usbhid 1-1:0.0: can't add hid device: -71
[  474.775683][   T43] usb 2-1: device descriptor read/8, error -71
[  474.788742][ T5918] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  474.824735][ T5918] usb 1-1: USB disconnect, device number 57
[  475.015805][   T43] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  475.036641][   T43] usb 2-1: device descriptor read/8, error -71
[  475.053667][T11085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.064818][T11085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.132069][T11077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.146791][T11077] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.156227][   T43] usb usb2-port1: unable to enumerate USB device
[  475.964957][T11096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.976946][T11096] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  476.005722][ T5896] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  476.157781][ T5896] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  476.167281][ T5896] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.180322][ T5896] usb 1-1: config 0 descriptor??
[  476.198064][ T5896] gspca_main: sunplus-2.14.0 probing 055f:c420
[  476.587178][   T43] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  476.596157][T11091] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  476.609539][ T5921] usbhid 4-1:0.0: can't add hid device: -71
[  476.622598][ T5921] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  476.641403][ T5921] usb 4-1: USB disconnect, device number 56
[  476.762221][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.774051][   T43] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  476.805740][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.827214][   T43] usb 2-1: config 0 descriptor??
[  476.882221][T11113] FAULT_INJECTION: forcing a failure.
[  476.882221][T11113] name failslab, interval 1, probability 0, space 0, times 0
[  476.895181][T11113] CPU: 1 UID: 0 PID: 11113 Comm: syz.2.1851 Not tainted syzkaller #0 PREEMPT(full) 
[  476.895211][T11113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  476.895226][T11113] Call Trace:
[  476.895235][T11113]  <TASK>
[  476.895246][T11113]  dump_stack_lvl+0x189/0x250
[  476.895289][T11113]  ? __pfx____ratelimit+0x10/0x10
[  476.895319][T11113]  ? __pfx_dump_stack_lvl+0x10/0x10
[  476.895348][T11113]  ? __pfx__printk+0x10/0x10
[  476.895378][T11113]  ? __pfx___might_resched+0x10/0x10
[  476.895405][T11113]  ? fs_reclaim_acquire+0x7d/0x100
[  476.895435][T11113]  should_fail_ex+0x414/0x560
[  476.895471][T11113]  should_failslab+0xa8/0x100
[  476.895500][T11113]  kmem_cache_alloc_node_noprof+0x8c/0x710
[  476.895537][T11113]  ? __alloc_skb+0x255/0x430
[  476.895577][T11113]  ? napi_skb_cache_get+0x4a5/0x780
[  476.895609][T11113]  ? napi_skb_cache_get+0x151/0x780
[  476.895647][T11113]  __alloc_skb+0x255/0x430
[  476.895684][T11113]  ? __pfx___alloc_skb+0x10/0x10
[  476.895718][T11113]  ? stack_trace_save+0x9c/0xe0
[  476.895739][T11113]  ? __pfx_stack_trace_save+0x10/0x10
[  476.895765][T11113]  alloc_skb_with_frags+0xca/0x890
[  476.895794][T11113]  ? save_netdev_trace_buffer+0x4b5/0x5a0
[  476.895833][T11113]  sock_alloc_send_pskb+0x84d/0x980
[  476.895878][T11113]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  476.895909][T11113]  ? dev_getfirstbyhwtype+0x24/0x290
[  476.895939][T11113]  ? dev_getfirstbyhwtype+0x24/0x290
[  476.895968][T11113]  ? dev_getfirstbyhwtype+0x24/0x290
[  476.895999][T11113]  ? dev_getfirstbyhwtype+0x250/0x290
[  476.896032][T11113]  dgram_sendmsg+0x3fe/0xe80
[  476.896061][T11113]  ? __pfx_dgram_sendmsg+0x10/0x10
[  476.896086][T11113]  ? __pfx_aa_sk_perm+0x10/0x10
[  476.896129][T11113]  ? __pfx_ieee802154_sock_sendmsg+0x10/0x10
[  476.896154][T11113]  sock_sendmsg_nosec+0x18f/0x1d0
[  476.896186][T11113]  ____sys_sendmsg+0x577/0x880
[  476.896218][T11113]  ? __pfx_____sys_sendmsg+0x10/0x10
[  476.896251][T11113]  ? import_iovec+0x74/0xa0
[  476.896278][T11113]  ___sys_sendmsg+0x21f/0x2a0
[  476.896304][T11113]  ? __pfx____sys_sendmsg+0x10/0x10
[  476.896335][T11113]  ? rcu_read_lock_any_held+0xb3/0x120
[  476.896395][T11113]  ? __fget_files+0x2a/0x420
[  476.896424][T11113]  ? __fget_files+0x3a0/0x420
[  476.896464][T11113]  __x64_sys_sendmsg+0x19b/0x260
[  476.896491][T11113]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  476.896526][T11113]  ? __pfx_ksys_write+0x10/0x10
[  476.896553][T11113]  ? do_syscall_64+0xbe/0xf80
[  476.896596][T11113]  do_syscall_64+0xfa/0xf80
[  476.896629][T11113]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.896652][T11113]  ? clear_bhb_loop+0x60/0xb0
[  476.896679][T11113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.896702][T11113] RIP: 0033:0x7f7047b8f749
[  476.896723][T11113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  476.896743][T11113] RSP: 002b:00007f7048991038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  476.896767][T11113] RAX: ffffffffffffffda RBX: 00007f7047de5fa0 RCX: 00007f7047b8f749
[  476.896784][T11113] RDX: 0000000004040000 RSI: 00002000000001c0 RDI: 0000000000000004
[  476.896800][T11113] RBP: 00007f7048991090 R08: 0000000000000000 R09: 0000000000000000
[  476.896814][T11113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  476.896828][T11113] R13: 00007f7047de6038 R14: 00007f7047de5fa0 R15: 00007ffcdfd2f158
[  476.896864][T11113]  </TASK>
[  477.302219][T11117] openvswitch: netlink: IP tunnel dst address not specified
[  477.485947][   T24] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  477.498261][T11123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.507607][T11123] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.521606][T11123] Invalid option length (0) for dns_resolver key
[  477.635693][   T24] usb 4-1: Using ep0 maxpacket: 32
[  477.643156][   T24] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  477.652769][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.664118][   T24] usb 4-1: config 0 descriptor??
[  477.735966][ T5896] gspca_sunplus: reg_w_riv err -110
[  477.741343][ T5896] sunplus 1-1:0.0: probe with driver sunplus failed with error -110
[  477.876584][   T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  477.887311][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  477.898142][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  477.905714][   T24] usb 4-1: media controller created
[  477.923586][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  478.089333][T11115] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1852'.
[  478.098719][T11115] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1852'.
[  478.110267][T11115] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1852'.
[  478.146954][T11127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  478.158820][T11127] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.188130][   T24] az6027: usb out operation failed. (-71)
[  478.198253][   T24] az6027: usb out operation failed. (-71)
[  478.205634][   T24] stb0899_attach: Driver disabled by Kconfig
[  478.211743][   T24] az6027: no front-end attached
[  478.211743][   T24] 
[  478.220522][   T24] az6027: usb out operation failed. (-71)
[  478.226727][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  478.240719][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input144
[  478.256879][   T24] dvb-usb: schedule remote query interval to 400 msecs.
[  478.264325][   T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  478.277009][   T24] usb 4-1: USB disconnect, device number 57
[  478.337606][   T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  478.846822][ T5918] usb 1-1: USB disconnect, device number 58
[  479.273992][   T43] usbhid 2-1:0.0: can't add hid device: -71
[  479.284767][   T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  479.300612][T11149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  479.311851][   T43] usb 2-1: USB disconnect, device number 62
[  479.324692][T11149] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  479.775608][ T5896] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  479.814236][T11161] FAULT_INJECTION: forcing a failure.
[  479.814236][T11161] name failslab, interval 1, probability 0, space 0, times 0
[  479.827277][T11161] CPU: 0 UID: 0 PID: 11161 Comm: syz.1.1868 Not tainted syzkaller #0 PREEMPT(full) 
[  479.827307][T11161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  479.827323][T11161] Call Trace:
[  479.827332][T11161]  <TASK>
[  479.827341][T11161]  dump_stack_lvl+0x189/0x250
[  479.827374][T11161]  ? __pfx____ratelimit+0x10/0x10
[  479.827402][T11161]  ? __pfx_dump_stack_lvl+0x10/0x10
[  479.827430][T11161]  ? __pfx__printk+0x10/0x10
[  479.827463][T11161]  ? __pfx___might_resched+0x10/0x10
[  479.827494][T11161]  should_fail_ex+0x414/0x560
[  479.827530][T11161]  should_failslab+0xa8/0x100
[  479.827560][T11161]  __kmalloc_noprof+0xdf/0x7f0
[  479.827581][T11161]  ? kfree+0x4d/0x660
[  479.827611][T11161]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  479.827640][T11161]  tomoyo_realpath_from_path+0xe3/0x5d0
[  479.827663][T11161]  ? tomoyo_domain+0xd8/0x130
[  479.827700][T11161]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  479.827731][T11161]  tomoyo_path_number_perm+0x1e8/0x5a0
[  479.827765][T11161]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  479.827813][T11161]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  479.827867][T11161]  ? __fget_files+0x2a/0x420
[  479.827902][T11161]  ? __fget_files+0x3a0/0x420
[  479.827930][T11161]  ? __fget_files+0x2a/0x420
[  479.827963][T11161]  security_file_ioctl+0xcb/0x2d0
[  479.827994][T11161]  __se_sys_ioctl+0x47/0x170
[  479.828020][T11161]  do_syscall_64+0xfa/0xf80
[  479.828052][T11161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.828074][T11161]  ? clear_bhb_loop+0x60/0xb0
[  479.828102][T11161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.828123][T11161] RIP: 0033:0x7f6ce258f749
[  479.828144][T11161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  479.828164][T11161] RSP: 002b:00007f6ce34d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  479.828188][T11161] RAX: ffffffffffffffda RBX: 00007f6ce27e5fa0 RCX: 00007f6ce258f749
[  479.828205][T11161] RDX: 0000200000000080 RSI: 000000004008ae89 RDI: 0000000000000005
[  479.828220][T11161] RBP: 00007f6ce34d4090 R08: 0000000000000000 R09: 0000000000000000
[  479.828234][T11161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  479.828248][T11161] R13: 00007f6ce27e6038 R14: 00007f6ce27e5fa0 R15: 00007ffe8ca915a8
[  479.828284][T11161]  </TASK>
[  479.828294][T11161] ERROR: Out of memory at tomoyo_realpath_from_path.
[  480.161602][ T5896] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  480.173378][ T5896] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  480.183719][ T5896] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  480.192920][ T5896] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  480.204020][ T5896] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  480.226947][ T5896] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  480.245161][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  480.254298][ T5896] usb 1-1: Product: syz
[  480.264055][ T5896] usb 1-1: Manufacturer: syz
[  480.284970][ T5896] cdc_wdm 1-1:1.0: skipping garbage
[  480.295934][ T5896] cdc_wdm 1-1:1.0: skipping garbage
[  480.304010][T11176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  480.314979][ T5896] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  480.315022][T11176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  480.321350][ T5896] cdc_wdm 1-1:1.0: Unknown control protocol
[  480.495641][ T5896] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  480.657346][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  480.668450][ T5896] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  480.682275][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  480.694088][ T5896] usb 2-1: config 0 descriptor??
[  480.913036][T11182] program syz.2.1874 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  481.074889][T11192] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1877'.
[  481.469865][T11200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.480536][T11200] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.549408][ T5918] usb 1-1: USB disconnect, device number 59
[  482.617409][T11214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  482.632663][T11214] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.885643][   T43] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  482.957718][ T5918] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  483.045657][   T43] usb 4-1: Using ep0 maxpacket: 16
[  483.052992][   T43] usb 4-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  483.062442][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.073696][   T43] usb 4-1: config 0 descriptor??
[  483.127624][ T5918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.139072][ T5918] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  483.148494][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.159943][ T5918] usb 1-1: config 0 descriptor??
[  483.251525][ T5896] usbhid 2-1:0.0: can't add hid device: -71
[  483.265283][ T5896] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  483.288522][ T5896] usb 2-1: USB disconnect, device number 63
[  483.379550][T11224] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  483.390013][T11224] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  483.572883][ T5918] keytouch 0003:0926:3333.0098: fixing up Keytouch IEC report descriptor
[  483.586070][ T5918] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0098/input/input145
[  483.645803][ T5896] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  483.677431][ T5918] keytouch 0003:0926:3333.0098: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  483.808720][ T5896] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  483.818698][ T5896] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.830159][ T5896] usb 2-1: config 0 descriptor??
[  483.838800][ T5896] cp210x 2-1:0.0: cp210x converter detected
[  483.998424][   T10] usb 1-1: USB disconnect, device number 60
[  484.060623][T11232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.084045][T11232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.113470][T11232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.122931][T11232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.135073][T11232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.144183][T11232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.239711][ T5896] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  484.260122][ T5896] usb 2-1: cp210x converter now attached to ttyUSB0
[  484.452396][ T5896] usb 2-1: USB disconnect, device number 64
[  484.464637][ T5896] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  484.484525][ T5896] cp210x 2-1:0.0: device disconnected
[  484.786612][T11218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  484.797848][T11218] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  484.827095][T11216] rtc_cmos 00:00: Alarms can be up to one day in the future
[  485.035872][   T24] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  485.084283][ T5918] rtc_cmos 00:00: Alarms can be up to one day in the future
[  485.092969][ T5918] rtc_cmos 00:00: Alarms can be up to one day in the future
[  485.101624][ T5918] rtc_cmos 00:00: Alarms can be up to one day in the future
[  485.113827][ T5918] rtc_cmos 00:00: Alarms can be up to one day in the future
[  485.121843][ T5918] rtc rtc0: __rtc_set_alarm: err=-22
[  485.205849][   T24] usb 1-1: Using ep0 maxpacket: 16
[  485.218822][   T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  485.242293][   T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  485.267849][   T24] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  485.287131][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  485.305585][   T24] usb 1-1: Product: syz
[  485.316182][   T24] usb 1-1: Manufacturer: syz
[  485.329807][   T24] usb 1-1: SerialNumber: syz
[  485.354175][   T43] pegasus 4-1:0.0: can't reset MAC
[  485.378714][   T43] pegasus 4-1:0.0: probe with driver pegasus failed with error -5
[  485.408660][   T43] usb 4-1: USB disconnect, device number 58
[  485.542984][T11254] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  485.565032][T11254] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  485.656003][ T5918] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  485.840221][ T5918] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  485.851515][ T5918] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  485.861205][ T5918] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.872746][   T24] usb 1-1: 0:2 : does not exist
[  485.895654][   T24] usb 1-1: unit 9 not found!
[  485.901250][ T5918] usb 2-1: config 0 descriptor??
[  485.920548][   T24] usb 1-1: 4:0: cannot get min/max values for control 1 (id 4)
[  485.926901][T11268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  485.959317][T11268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  485.969818][   T24] usb 1-1: 4:0: cannot get min/max values for control 3 (id 4)
[  485.991811][   T24] usb 1-1: 4:0: cannot get min/max values for control 4 (id 4)
[  486.040577][   T24] usb 1-1: USB disconnect, device number 61
[  486.077814][ T5926] udevd[5926]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  486.441759][T11277] FAULT_INJECTION: forcing a failure.
[  486.441759][T11277] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  486.455263][T11277] CPU: 0 UID: 0 PID: 11277 Comm: syz.3.1904 Not tainted syzkaller #0 PREEMPT(full) 
[  486.455298][T11277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  486.455312][T11277] Call Trace:
[  486.455323][T11277]  <TASK>
[  486.455332][T11277]  dump_stack_lvl+0x189/0x250
[  486.455364][T11277]  ? __pfx____ratelimit+0x10/0x10
[  486.455391][T11277]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.455411][T11277]  ? __pfx__printk+0x10/0x10
[  486.455431][T11277]  ? __might_fault+0xb0/0x130
[  486.455479][T11277]  should_fail_ex+0x414/0x560
[  486.455520][T11277]  _copy_from_user+0x2d/0xb0
[  486.455542][T11277]  ___sys_sendmsg+0x158/0x2a0
[  486.455567][T11277]  ? __pfx____sys_sendmsg+0x10/0x10
[  486.455597][T11277]  ? rcu_read_lock_any_held+0xb3/0x120
[  486.455654][T11277]  ? __fget_files+0x2a/0x420
[  486.455683][T11277]  ? __fget_files+0x3a0/0x420
[  486.455723][T11277]  __x64_sys_sendmsg+0x19b/0x260
[  486.455749][T11277]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  486.455783][T11277]  ? __pfx_ksys_write+0x10/0x10
[  486.455810][T11277]  ? do_syscall_64+0xbe/0xf80
[  486.455845][T11277]  do_syscall_64+0xfa/0xf80
[  486.455877][T11277]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.455899][T11277]  ? clear_bhb_loop+0x60/0xb0
[  486.455927][T11277]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.455948][T11277] RIP: 0033:0x7f9ed7d8f749
[  486.455969][T11277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.455988][T11277] RSP: 002b:00007f9ed8bf7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  486.456012][T11277] RAX: ffffffffffffffda RBX: 00007f9ed7fe5fa0 RCX: 00007f9ed7d8f749
[  486.456029][T11277] RDX: 00000000200008d4 RSI: 0000200000000000 RDI: 0000000000000003
[  486.456044][T11277] RBP: 00007f9ed8bf7090 R08: 0000000000000000 R09: 0000000000000000
[  486.456058][T11277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.456072][T11277] R13: 00007f9ed7fe6038 R14: 00007f9ed7fe5fa0 R15: 00007ffe9c43a2c8
[  486.456108][T11277]  </TASK>
[  487.038492][T11289] C: renamed from team_slave_0 (while UP)
[  487.125037][T11289] netlink: 'syz.2.1909': attribute type 1 has an invalid length.
[  487.154406][T11289] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1909'.
[  487.345730][ T5913] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  487.357295][T11295] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  487.368709][T11295] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  487.539146][ T5913] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  487.554925][ T5913] usb 4-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[  487.573045][ T5913] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  487.583513][ T5913] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  487.599446][ T5913] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  487.609390][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  487.618849][ T5913] usb 4-1: Product: syz
[  487.623403][ T5913] usb 4-1: Manufacturer: syz
[  487.638024][ T5913] cdc_wdm 4-1:1.0: skipping garbage
[  487.643458][ T5913] cdc_wdm 4-1:1.0: skipping garbage
[  487.649148][ T5913] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  488.147736][T11305] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  488.158803][T11305] block device autoloading is deprecated and will be removed.
[  488.416345][ T5918] usbhid 2-1:0.0: can't add hid device: -71
[  488.436774][ T5918] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  488.458325][ T5918] usb 2-1: USB disconnect, device number 65
[  488.835356][T11317] FAULT_INJECTION: forcing a failure.
[  488.835356][T11317] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  488.848897][T11317] CPU: 0 UID: 0 PID: 11317 Comm: syz.0.1919 Not tainted syzkaller #0 PREEMPT(full) 
[  488.848930][T11317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  488.848946][T11317] Call Trace:
[  488.848955][T11317]  <TASK>
[  488.848965][T11317]  dump_stack_lvl+0x189/0x250
[  488.848999][T11317]  ? __pfx____ratelimit+0x10/0x10
[  488.849028][T11317]  ? __pfx_dump_stack_lvl+0x10/0x10
[  488.849056][T11317]  ? __pfx__printk+0x10/0x10
[  488.849084][T11317]  ? __might_fault+0xb0/0x130
[  488.849129][T11317]  should_fail_ex+0x414/0x560
[  488.849165][T11317]  _copy_from_user+0x2d/0xb0
[  488.849200][T11317]  ___sys_sendmsg+0x158/0x2a0
[  488.849223][T11317]  ? __pfx____sys_sendmsg+0x10/0x10
[  488.849247][T11317]  ? rcu_read_lock_any_held+0xb3/0x120
[  488.849294][T11317]  ? __fget_files+0x2a/0x420
[  488.849318][T11317]  ? __fget_files+0x3a0/0x420
[  488.849350][T11317]  __x64_sys_sendmsg+0x19b/0x260
[  488.849372][T11317]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  488.849399][T11317]  ? __pfx_ksys_write+0x10/0x10
[  488.849421][T11317]  ? do_syscall_64+0xbe/0xf80
[  488.849451][T11317]  do_syscall_64+0xfa/0xf80
[  488.849478][T11317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.849496][T11317]  ? clear_bhb_loop+0x60/0xb0
[  488.849518][T11317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.849536][T11317] RIP: 0033:0x7fe87678f749
[  488.849553][T11317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  488.849569][T11317] RSP: 002b:00007fe8776bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  488.849589][T11317] RAX: ffffffffffffffda RBX: 00007fe8769e5fa0 RCX: 00007fe87678f749
[  488.849603][T11317] RDX: 00000000200008d4 RSI: 0000200000000000 RDI: 0000000000000003
[  488.849616][T11317] RBP: 00007fe8776bb090 R08: 0000000000000000 R09: 0000000000000000
[  488.849628][T11317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  488.849640][T11317] R13: 00007fe8769e6038 R14: 00007fe8769e5fa0 R15: 00007ffe389eb958
[  488.849668][T11317]  </TASK>
[  489.481458][T11330] netlink: 'syz.0.1925': attribute type 1 has an invalid length.
[  489.489871][T11330] netlink: 'syz.0.1925': attribute type 3 has an invalid length.
[  489.497861][ T5913] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  489.505796][T11330] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1925'.
[  489.668081][ T5913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  489.679695][ T5913] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  489.690151][ T5913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.718436][ T5913] usb 2-1: config 0 descriptor??
[  489.937501][T11338] vlan0: entered promiscuous mode
[  490.152407][   T10] usb 4-1: USB disconnect, device number 59
[  490.170731][T11340] FAULT_INJECTION: forcing a failure.
[  490.170731][T11340] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  490.199994][T11340] CPU: 1 UID: 0 PID: 11340 Comm: syz.2.1929 Not tainted syzkaller #0 PREEMPT(full) 
[  490.200029][T11340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  490.200044][T11340] Call Trace:
[  490.200054][T11340]  <TASK>
[  490.200064][T11340]  dump_stack_lvl+0x189/0x250
[  490.200099][T11340]  ? __pfx____ratelimit+0x10/0x10
[  490.200161][T11340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  490.200190][T11340]  ? __pfx__printk+0x10/0x10
[  490.200231][T11340]  should_fail_ex+0x414/0x560
[  490.200266][T11340]  _copy_to_user+0x31/0xb0
[  490.200292][T11340]  simple_read_from_buffer+0xe1/0x170
[  490.200325][T11340]  proc_fail_nth_read+0x1b3/0x220
[  490.200353][T11340]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  490.200381][T11340]  ? rw_verify_area+0x2a6/0x4d0
[  490.200402][T11340]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  490.200428][T11340]  vfs_read+0x200/0xa30
[  490.200450][T11340]  ? fdget_pos+0x247/0x320
[  490.200483][T11340]  ? __pfx___mutex_lock+0x10/0x10
[  490.200516][T11340]  ? __pfx_vfs_read+0x10/0x10
[  490.200540][T11340]  ? __fget_files+0x2a/0x420
[  490.200573][T11340]  ? __fget_files+0x3a0/0x420
[  490.200600][T11340]  ? __fget_files+0x2a/0x420
[  490.200638][T11340]  ksys_read+0x145/0x250
[  490.200663][T11340]  ? __pfx_ksys_read+0x10/0x10
[  490.200688][T11340]  ? do_syscall_64+0xbe/0xf80
[  490.200722][T11340]  do_syscall_64+0xfa/0xf80
[  490.200754][T11340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.200776][T11340]  ? clear_bhb_loop+0x60/0xb0
[  490.200802][T11340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.200824][T11340] RIP: 0033:0x7f7047b8e15c
[  490.200845][T11340] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  490.200865][T11340] RSP: 002b:00007f7048991030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  490.200889][T11340] RAX: ffffffffffffffda RBX: 00007f7047de5fa0 RCX: 00007f7047b8e15c
[  490.200906][T11340] RDX: 000000000000000f RSI: 00007f70489910a0 RDI: 0000000000000003
[  490.200919][T11340] RBP: 00007f7048991090 R08: 0000000000000000 R09: 0000000000000000
[  490.200932][T11340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  490.200946][T11340] R13: 00007f7047de6038 R14: 00007f7047de5fa0 R15: 00007ffcdfd2f158
[  490.200983][T11340]  </TASK>
[  490.517127][T11344] tmpfs: Bad value for 'mpol'
[  490.535250][T11344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  490.545485][T11344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  490.569416][T11345] overlayfs: failed lookup in lower (newroot/443, name='file0', err=-40): overlapping layers
[  491.836078][ T5918] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  492.001436][ T5918] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  492.011290][ T5918] usb 1-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  492.024236][ T5918] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  492.034085][ T5918] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  492.051402][ T5918] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  492.069565][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  492.079727][ T5918] usb 1-1: Product: syz
[  492.084052][ T5918] usb 1-1: Manufacturer: syz
[  492.097937][ T5918] cdc_wdm 1-1:1.0: skipping garbage
[  492.103544][ T5918] cdc_wdm 1-1:1.0: skipping garbage
[  492.109452][ T5918] cdc_wdm 1-1:1.0: skipping garbage
[  492.115223][ T5918] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  492.119701][   T10] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  492.189430][T11374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  492.199475][T11374] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  492.269418][ T5913] usbhid 2-1:0.0: can't add hid device: -71
[  492.279304][ T5913] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  492.291077][ T5913] usb 2-1: USB disconnect, device number 66
[  492.302322][   T10] usb 4-1: Invalid ep0 maxpacket: 9
[  492.445672][   T10] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  492.605701][   T10] usb 4-1: Invalid ep0 maxpacket: 9
[  492.616089][   T10] usb usb4-port1: attempt power cycle
[  492.799122][T11391] netlink: 'syz.1.1945': attribute type 1 has an invalid length.
[  492.807413][T11391] netlink: 'syz.1.1945': attribute type 3 has an invalid length.
[  492.815470][T11391] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1945'.
[  492.890810][T11393] netlink: 65 bytes leftover after parsing attributes in process `syz.1.1947'.
[  492.902959][T11393] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1947'.
[  492.914898][T11393] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.966576][   T10] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  492.986776][   T10] usb 4-1: Invalid ep0 maxpacket: 9
[  493.115874][   T10] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  493.136769][   T10] usb 4-1: Invalid ep0 maxpacket: 9
[  493.142739][   T10] usb usb4-port1: unable to enumerate USB device
[  493.634633][T11403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  493.647742][T11403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.372647][T11416] netlink: 65 bytes leftover after parsing attributes in process `syz.1.1956'.
[  494.385093][T11416] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1956'.
[  494.397226][T11416] bridge0: port 1(bridge_slave_0) entered forwarding state
[  494.610075][   T43] usb 1-1: USB disconnect, device number 62
[  495.005783][T11436] mkiss: ax0: crc mode is auto.
[  495.129845][T11441] netlink: 'syz.1.1965': attribute type 29 has an invalid length.
[  495.239362][T11443] netlink: 65 bytes leftover after parsing attributes in process `syz.3.1966'.
[  495.307660][T11443] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1966'.
[  495.496363][ T5829] Bluetooth: hci0: SCO packet for unknown connection handle 201
[  495.507679][T11453] FAULT_INJECTION: forcing a failure.
[  495.507679][T11453] name failslab, interval 1, probability 0, space 0, times 0
[  495.558755][T11453] CPU: 0 UID: 0 PID: 11453 Comm: syz.0.1969 Not tainted syzkaller #0 PREEMPT(full) 
[  495.558785][T11453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  495.558798][T11453] Call Trace:
[  495.558807][T11453]  <TASK>
[  495.558817][T11453]  dump_stack_lvl+0x189/0x250
[  495.558850][T11453]  ? __pfx____ratelimit+0x10/0x10
[  495.558881][T11453]  ? __pfx_dump_stack_lvl+0x10/0x10
[  495.558934][T11453]  ? __pfx__printk+0x10/0x10
[  495.558967][T11453]  ? __pfx___might_resched+0x10/0x10
[  495.558991][T11453]  ? fs_reclaim_acquire+0x7d/0x100
[  495.559022][T11453]  should_fail_ex+0x414/0x560
[  495.559058][T11453]  should_failslab+0xa8/0x100
[  495.559088][T11453]  __kmalloc_noprof+0xdf/0x7f0
[  495.559110][T11453]  ? tomoyo_encode+0x28b/0x550
[  495.559137][T11453]  tomoyo_encode+0x28b/0x550
[  495.559164][T11453]  tomoyo_realpath_from_path+0x58d/0x5d0
[  495.559188][T11453]  ? tomoyo_domain+0xd8/0x130
[  495.559220][T11453]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  495.559246][T11453]  tomoyo_path_number_perm+0x1e8/0x5a0
[  495.559274][T11453]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  495.559316][T11453]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  495.559362][T11453]  ? __fget_files+0x2a/0x420
[  495.559391][T11453]  ? __fget_files+0x3a0/0x420
[  495.559414][T11453]  ? __fget_files+0x2a/0x420
[  495.559442][T11453]  security_file_ioctl+0xcb/0x2d0
[  495.559468][T11453]  __se_sys_ioctl+0x47/0x170
[  495.559490][T11453]  do_syscall_64+0xfa/0xf80
[  495.559518][T11453]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.559536][T11453]  ? clear_bhb_loop+0x60/0xb0
[  495.559559][T11453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  495.559578][T11453] RIP: 0033:0x7fe87678f749
[  495.559596][T11453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  495.559612][T11453] RSP: 002b:00007fe8776bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  495.559633][T11453] RAX: ffffffffffffffda RBX: 00007fe8769e5fa0 RCX: 00007fe87678f749
[  495.559648][T11453] RDX: 0000200000000080 RSI: 000000004008ae89 RDI: 0000000000000005
[  495.559661][T11453] RBP: 00007fe8776bb090 R08: 0000000000000000 R09: 0000000000000000
[  495.559674][T11453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  495.559686][T11453] R13: 00007fe8769e6038 R14: 00007fe8769e5fa0 R15: 00007ffe389eb958
[  495.559717][T11453]  </TASK>
[  495.559741][T11453] ERROR: Out of memory at tomoyo_realpath_from_path.
[  496.033388][T11471] netlink: 65 bytes leftover after parsing attributes in process `syz.0.1976'.
[  496.045342][T11471] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1976'.
[  496.056782][T11471] bridge0: port 1(bridge_slave_0) entered forwarding state
[  496.088526][T11472] overlayfs: failed lookup in lower (newroot/530, name='file0', err=-40): overlapping layers
[  496.180736][T11476] FAULT_INJECTION: forcing a failure.
[  496.180736][T11476] name failslab, interval 1, probability 0, space 0, times 0
[  496.195976][T11476] CPU: 1 UID: 0 PID: 11476 Comm: syz.0.1978 Not tainted syzkaller #0 PREEMPT(full) 
[  496.196007][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  496.196022][T11476] Call Trace:
[  496.196031][T11476]  <TASK>
[  496.196042][T11476]  dump_stack_lvl+0x189/0x250
[  496.196076][T11476]  ? __pfx____ratelimit+0x10/0x10
[  496.196105][T11476]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.196134][T11476]  ? __pfx__printk+0x10/0x10
[  496.196163][T11476]  ? __pfx___might_resched+0x10/0x10
[  496.196197][T11476]  ? fs_reclaim_acquire+0x7d/0x100
[  496.196229][T11476]  should_fail_ex+0x414/0x560
[  496.196265][T11476]  should_failslab+0xa8/0x100
[  496.196295][T11476]  kmem_cache_alloc_noprof+0x88/0x6f0
[  496.196330][T11476]  ? __kvm_mmu_topup_memory_cache+0x463/0x610
[  496.196358][T11476]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  496.196390][T11476]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  496.196431][T11476]  mmu_topup_memory_caches+0x21/0x170
[  496.196462][T11476]  kvm_mmu_load+0x9d/0x22d0
[  496.196489][T11476]  ? kvm_msr_allowed+0x9a/0x490
[  496.196519][T11476]  ? kvm_msr_allowed+0x3f4/0x490
[  496.196549][T11476]  ? kvm_msr_allowed+0x9a/0x490
[  496.196578][T11476]  ? kvm_msr_allowed+0x9a/0x490
[  496.196614][T11476]  ? kvm_apic_has_interrupt+0x744/0x770
[  496.196646][T11476]  ? vmx_set_intercept_for_msr+0x2ea/0x3e0
[  496.196692][T11476]  vcpu_run+0x54d7/0x76b0
[  496.196733][T11476]  ? __lock_acquire+0x6b6/0x2cf0
[  496.196817][T11476]  ? __pfx_vcpu_run+0x10/0x10
[  496.196849][T11476]  ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90
[  496.196879][T11476]  ? rcu_is_watching+0x15/0xb0
[  496.196913][T11476]  kvm_arch_vcpu_ioctl_run+0x1148/0x1c90
[  496.196951][T11476]  ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90
[  496.196973][T11476]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  496.196997][T11476]  ? __lock_acquire+0x6b6/0x2cf0
[  496.197025][T11476]  ? __mutex_lock+0x335/0x1350
[  496.197066][T11476]  ? kasan_quarantine_put+0xdd/0x220
[  496.197089][T11476]  ? lockdep_hardirqs_on+0x98/0x140
[  496.197160][T11476]  kvm_vcpu_ioctl+0x99a/0xed0
[  496.197206][T11476]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  496.197239][T11476]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  496.197293][T11476]  ? __fget_files+0x2a/0x420
[  496.197328][T11476]  ? __fget_files+0x3a0/0x420
[  496.197362][T11476]  ? __fget_files+0x2a/0x420
[  496.197395][T11476]  ? bpf_lsm_file_ioctl+0x9/0x20
[  496.197422][T11476]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  496.197454][T11476]  __se_sys_ioctl+0xfc/0x170
[  496.197480][T11476]  do_syscall_64+0xfa/0xf80
[  496.197513][T11476]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.197536][T11476]  ? clear_bhb_loop+0x60/0xb0
[  496.197564][T11476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.197586][T11476] RIP: 0033:0x7fe87678f749
[  496.197607][T11476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  496.197628][T11476] RSP: 002b:00007fe8776bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  496.197653][T11476] RAX: ffffffffffffffda RBX: 00007fe8769e5fa0 RCX: 00007fe87678f749
[  496.197670][T11476] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  496.197685][T11476] RBP: 00007fe8776bb090 R08: 0000000000000000 R09: 0000000000000000
[  496.197700][T11476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  496.197714][T11476] R13: 00007fe8769e6038 R14: 00007fe8769e5fa0 R15: 00007ffe389eb958
[  496.197751][T11476]  </TASK>
[  496.699994][T11485] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1982'.
[  496.830882][T11492] netlink: 'syz.3.1983': attribute type 7 has an invalid length.
[  496.838938][T11492] netlink: 'syz.3.1983': attribute type 5 has an invalid length.
[  497.137509][T11498] bridge0: port 1(bridge_slave_0) entered forwarding state
[  497.329428][T11504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  497.366078][T11504] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  497.518830][T11507] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3041981459 (12167925836 ns) > initial count (3565394076 ns). Using initial count to start timer.
[  497.712009][T11512] FAULT_INJECTION: forcing a failure.
[  497.712009][T11512] name failslab, interval 1, probability 0, space 0, times 0
[  497.725039][T11512] CPU: 1 UID: 0 PID: 11512 Comm: syz.0.1991 Not tainted syzkaller #0 PREEMPT(full) 
[  497.725069][T11512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  497.725084][T11512] Call Trace:
[  497.725093][T11512]  <TASK>
[  497.725102][T11512]  dump_stack_lvl+0x189/0x250
[  497.725144][T11512]  ? __pfx____ratelimit+0x10/0x10
[  497.725174][T11512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  497.725201][T11512]  ? __pfx__printk+0x10/0x10
[  497.725231][T11512]  ? __pfx___might_resched+0x10/0x10
[  497.725254][T11512]  ? fs_reclaim_acquire+0x7d/0x100
[  497.725281][T11512]  should_fail_ex+0x414/0x560
[  497.725314][T11512]  should_failslab+0xa8/0x100
[  497.725341][T11512]  __kmalloc_noprof+0xdf/0x7f0
[  497.725362][T11512]  ? alloc_pipe_info+0x1fd/0x4d0
[  497.725390][T11512]  alloc_pipe_info+0x1fd/0x4d0
[  497.725416][T11512]  splice_direct_to_actor+0xa5d/0xcc0
[  497.725463][T11512]  ? __pfx_aa_file_perm+0x10/0x10
[  497.725492][T11512]  ? __pfx_direct_splice_actor+0x10/0x10
[  497.725521][T11512]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  497.725560][T11512]  do_splice_direct+0x181/0x270
[  497.725592][T11512]  ? __pfx_do_splice_direct+0x10/0x10
[  497.725620][T11512]  ? common_file_perm+0x1b5/0x220
[  497.725653][T11512]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  497.725688][T11512]  ? bpf_lsm_file_permission+0x9/0x20
[  497.725712][T11512]  ? security_file_permission+0x75/0x290
[  497.725740][T11512]  ? rw_verify_area+0x255/0x4d0
[  497.725766][T11512]  do_sendfile+0x4da/0x7e0
[  497.725805][T11512]  ? __pfx_do_sendfile+0x10/0x10
[  497.725845][T11512]  __se_sys_sendfile64+0xd9/0x190
[  497.725876][T11512]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  497.725909][T11512]  ? do_syscall_64+0xbe/0xf80
[  497.725944][T11512]  do_syscall_64+0xfa/0xf80
[  497.725976][T11512]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.725998][T11512]  ? clear_bhb_loop+0x60/0xb0
[  497.726025][T11512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.726046][T11512] RIP: 0033:0x7fe87678f749
[  497.726065][T11512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  497.726084][T11512] RSP: 002b:00007fe8776bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  497.726109][T11512] RAX: ffffffffffffffda RBX: 00007fe8769e5fa0 RCX: 00007fe87678f749
[  497.726134][T11512] RDX: 0000200000000040 RSI: 0000000000000005 RDI: 0000000000000003
[  497.726148][T11512] RBP: 00007fe8776bb090 R08: 0000000000000000 R09: 0000000000000000
[  497.726162][T11512] R10: 0000000000000200 R11: 0000000000000246 R12: 0000000000000001
[  497.726208][T11512] R13: 00007fe8769e6038 R14: 00007fe8769e5fa0 R15: 00007ffe389eb958
[  497.726250][T11512]  </TASK>
[  498.186382][T11521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.196038][T11521] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  498.286251][T11523] __nla_validate_parse: 5 callbacks suppressed
[  498.286273][T11523] netlink: 65 bytes leftover after parsing attributes in process `syz.1.1996'.
[  498.322222][T11523] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1996'.
[  498.334182][T11523] bridge0: port 1(bridge_slave_0) entered forwarding state
[  498.385615][   T43] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  498.535875][   T43] usb 1-1: Using ep0 maxpacket: 32
[  498.543781][   T43] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  498.555470][   T43] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  498.587939][   T43] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  498.597638][   T43] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  498.615149][   T43] usb 1-1: Product: syz
[  498.625294][   T43] usb 1-1: Manufacturer: syz
[  498.646394][   T43] hub 1-1:4.0: USB hub found
[  498.647404][ T5921] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  498.809028][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  498.834273][ T5921] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  498.862798][T11519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.871906][T11544] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2001'.
[  498.878281][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.882978][T11519] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  498.922588][ T5921] usb 4-1: config 0 descriptor??
[  498.961118][T11542] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.982181][   T43] hub 1-1:4.0: config failed, hub has too many ports! (err -19)
[  499.081476][T11542] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.181939][T11542] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.304708][T11542] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.318165][   T43] usb 1-1: USB disconnect, device number 63
[  499.339569][ T5921] keytouch 0003:0926:3333.0099: fixing up Keytouch IEC report descriptor
[  499.374835][ T5921] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0099/input/input146
[  499.479962][   T60] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  499.527226][ T5921] keytouch 0003:0926:3333.0099: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  499.561919][   T60] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  499.580665][   T60] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  499.601045][   T60] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  499.749931][ T5921] usb 4-1: USB disconnect, device number 64
[  499.884538][T11556] netlink: 65 bytes leftover after parsing attributes in process `syz.2.2006'.
[  499.898747][T11556] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2006'.
[  500.195098][T11567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  500.206703][T11567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.398032][ T5921] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  500.540445][T11582] netlink: 65 bytes leftover after parsing attributes in process `syz.1.2015'.
[  500.552815][T11582] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2015'.
[  500.563852][T11582] bridge0: port 1(bridge_slave_0) entered forwarding state
[  500.566642][ T5921] usb 1-1: Using ep0 maxpacket: 8
[  500.578207][ T5921] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  500.598112][ T5921] usb 1-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  500.607860][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.625624][ T5921] usb 1-1: Product: syz
[  500.630944][ T5921] usb 1-1: Manufacturer: syz
[  500.635699][ T5921] usb 1-1: SerialNumber: syz
[  500.648574][ T5921] usb 1-1: config 0 descriptor??
[  500.668424][ T5921] gspca_main: stk014-2.14.0 probing 05e1:0893
[  500.675248][ T5921] usb 1-1: selecting invalid altsetting 1
[  500.721283][T11586] netlink: 'syz.1.2017': attribute type 21 has an invalid length.
[  500.729938][T11586] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2017'.
[  500.740283][T11586] netlink: 'syz.1.2017': attribute type 5 has an invalid length.
[  500.749025][T11586] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2017'.
[  500.755759][ T5896] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  500.862455][ T5921] gspca_stk014: init reg: 0x00
[  500.875639][ T5921] stk014 1-1:0.0: probe with driver stk014 failed with error -5
[  500.917924][ T5896] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  500.926999][ T5896] usb 4-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  500.946655][ T5896] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  500.955865][ T5896] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  500.978083][ T5896] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  500.987839][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  501.005904][ T5896] usb 4-1: Product: syz
[  501.010280][ T5896] usb 4-1: Manufacturer: syz
[  501.029392][ T5896] cdc_wdm 4-1:1.0: skipping garbage
[  501.034813][ T5896] cdc_wdm 4-1:1.0: skipping garbage
[  501.058344][ T5896] cdc_wdm 4-1:1.0: skipping garbage
[  501.063640][ T5896] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  501.071537][   T24] usb 1-1: USB disconnect, device number 64
[  501.867391][T11606] netlink: 65 bytes leftover after parsing attributes in process `syz.0.2024'.
[  501.883704][T11606] bridge0: port 1(bridge_slave_0) entered forwarding state
[  502.095748][T11610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  502.115883][T11610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  502.136999][T11608] syzkaller1: entered promiscuous mode
[  502.142619][T11608] syzkaller1: entered allmulticast mode
[  502.614171][ T5896] IPVS: starting estimator thread 0...
[  502.705853][T11620] IPVS: using max 23 ests per chain, 55200 per kthread
[  502.895273][T11625] FAULT_INJECTION: forcing a failure.
[  502.895273][T11625] name failslab, interval 1, probability 0, space 0, times 0
[  502.908302][T11625] CPU: 0 UID: 0 PID: 11625 Comm: syz.2.2031 Not tainted syzkaller #0 PREEMPT(full) 
[  502.908333][T11625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  502.908348][T11625] Call Trace:
[  502.908358][T11625]  <TASK>
[  502.908368][T11625]  dump_stack_lvl+0x189/0x250
[  502.908402][T11625]  ? __pfx____ratelimit+0x10/0x10
[  502.908433][T11625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  502.908462][T11625]  ? __pfx__printk+0x10/0x10
[  502.908496][T11625]  ? __pfx___might_resched+0x10/0x10
[  502.908529][T11625]  should_fail_ex+0x414/0x560
[  502.908565][T11625]  should_failslab+0xa8/0x100
[  502.908597][T11625]  __kmalloc_noprof+0xdf/0x7f0
[  502.908620][T11625]  ? kfree+0x4d/0x660
[  502.908649][T11625]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  502.908679][T11625]  tomoyo_realpath_from_path+0xe3/0x5d0
[  502.908703][T11625]  ? tomoyo_domain+0xd8/0x130
[  502.908732][T11625]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  502.908763][T11625]  tomoyo_path_number_perm+0x1e8/0x5a0
[  502.908797][T11625]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  502.908846][T11625]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  502.908902][T11625]  ? __fget_files+0x2a/0x420
[  502.908937][T11625]  ? __fget_files+0x3a0/0x420
[  502.908965][T11625]  ? __fget_files+0x2a/0x420
[  502.909008][T11625]  security_file_ioctl+0xcb/0x2d0
[  502.909039][T11625]  __se_sys_ioctl+0x47/0x170
[  502.909065][T11625]  do_syscall_64+0xfa/0xf80
[  502.909098][T11625]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.909121][T11625]  ? clear_bhb_loop+0x60/0xb0
[  502.909149][T11625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  502.909171][T11625] RIP: 0033:0x7f7047b8f749
[  502.909192][T11625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  502.909216][T11625] RSP: 002b:00007f7048991038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  502.909240][T11625] RAX: ffffffffffffffda RBX: 00007f7047de5fa0 RCX: 00007f7047b8f749
[  502.909258][T11625] RDX: 00002000000004c0 RSI: 000000004008ae89 RDI: 0000000000000005
[  502.909274][T11625] RBP: 00007f7048991090 R08: 0000000000000000 R09: 0000000000000000
[  502.909287][T11625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  502.909302][T11625] R13: 00007f7047de6038 R14: 00007f7047de5fa0 R15: 00007ffcdfd2f158
[  502.909338][T11625]  </TASK>
[  502.909479][T11625] ERROR: Out of memory at tomoyo_realpath_from_path.
[  503.318177][T11630] netlink: 'syz.0.2033': attribute type 1 has an invalid length.
[  503.334831][T11633] __nla_validate_parse: 1 callbacks suppressed
[  503.334846][T11633] netlink: 65 bytes leftover after parsing attributes in process `syz.2.2034'.
[  503.363309][T11633] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2034'.
[  503.421028][T11635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  503.430164][T11635] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  503.562169][ T5921] usb 4-1: USB disconnect, device number 65
[  503.714164][ T9313] IPVS: stop unused estimator thread 0...
[  503.965628][ T5921] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  504.124346][T11654] netlink: 65 bytes leftover after parsing attributes in process `syz.2.2043'.
[  504.138053][T11652] syzkaller1: entered promiscuous mode
[  504.139848][ T5921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  504.143725][T11652] syzkaller1: entered allmulticast mode
[  504.155607][T11654] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2043'.
[  504.170569][ T5921] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  504.174090][T11652] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.2042' resets device
[  504.190005][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.219694][ T5921] usb 4-1: config 0 descriptor??
[  504.269296][T11656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  504.279188][T11656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  504.642885][ T5921] keytouch 0003:0926:3333.009A: fixing up Keytouch IEC report descriptor
[  504.654836][ T5921] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.009A/input/input147
[  504.747688][ T5921] keytouch 0003:0926:3333.009A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  504.970930][T11667] syzkaller1: entered promiscuous mode
[  504.976760][T11667] syzkaller1: entered allmulticast mode
[  505.066081][ T5896] usb 4-1: USB disconnect, device number 66
[  505.137947][ T5921] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  505.298316][ T5921] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  505.307469][ T5921] usb 1-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  505.317960][ T5921] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  505.328243][ T5921] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  505.335377][T11680] netlink: 65 bytes leftover after parsing attributes in process `syz.2.2052'.
[  505.340810][ T5921] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 52, changing to 7
[  505.352883][T11680] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2052'.
[  505.370522][ T5921] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 9272, setting to 1024
[  505.385911][ T5921] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  505.395201][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  505.403980][ T5921] usb 1-1: Product: syz
[  505.409325][ T5921] usb 1-1: Manufacturer: syz
[  505.423059][ T5921] cdc_wdm 1-1:1.0: skipping garbage
[  505.429562][ T5921] cdc_wdm 1-1:1.0: skipping garbage
[  505.435453][ T5921] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  505.593966][T11686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  505.605369][T11686] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.105904][   T43] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  506.187765][T11702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.201385][T11702] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.255817][   T43] usb 4-1: Using ep0 maxpacket: 16
[  506.262956][   T43] usb 4-1: config 2 has an invalid interface number: 32 but max is 2
[  506.271321][   T43] usb 4-1: config 2 has an invalid interface number: 196 but max is 2
[  506.282844][   T43] usb 4-1: config 2 has no interface number 1
[  506.289048][   T43] usb 4-1: config 2 has no interface number 2
[  506.295203][   T43] usb 4-1: config 2 interface 32 has no altsetting 0
[  506.302032][   T43] usb 4-1: config 2 interface 0 has no altsetting 0
[  506.308983][   T43] usb 4-1: config 2 interface 196 has no altsetting 0
[  506.318574][   T43] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=67.11
[  506.328489][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.336786][   T43] usb 4-1: Product: syz
[  506.341003][   T43] usb 4-1: Manufacturer: syz
[  506.345762][   T43] usb 4-1: SerialNumber: syz
[  506.363902][T11709] netlink: 65 bytes leftover after parsing attributes in process `syz.1.2062'.
[  506.375703][T11709] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2062'.
[  506.386815][T11709] bridge0: port 1(bridge_slave_0) entered forwarding state
[  506.714855][   T43] usb 4-1: USB disconnect, device number 67
[  506.794091][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  506.809169][ T8647] udevd[8647]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:2.196/sound/card5/controlC5/../uevent} for writing: No such file or directory
[  506.827981][T11718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.838440][T11718] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.848611][ T6148] udevd[6148]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:2.32/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  506.873044][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:2.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  507.257765][T11725] tmpfs: Bad value for 'mpol'
[  507.448267][T11730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.457385][T11730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.469982][T11730] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.2070'.
[  507.521922][T11732] netlink: 65 bytes leftover after parsing attributes in process `syz.3.2071'.
[  507.694245][T11737] usb usb8: usbfs: process 11737 (syz.3.2073) did not claim interface 0 before use
[  507.866017][T11742] bridge0: port 1(bridge_slave_0) entered disabled state
[  507.917477][   T10] usb 1-1: USB disconnect, device number 66
[  508.095129][T11752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  508.116884][T11752] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  508.345850][   T10] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  508.361009][T11760] __nla_validate_parse: 1 callbacks suppressed
[  508.361024][T11760] netlink: 65 bytes leftover after parsing attributes in process `syz.3.2080'.
[  508.384009][T11760] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2080'.
[  508.496886][   T10] usb 1-1: Using ep0 maxpacket: 8
[  508.504328][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  508.514228][   T10] usb 1-1: too many configurations: 10, using maximum allowed: 8
[  508.523853][   T10] usb 1-1: unable to read config index 0 descriptor/start: -61
[  508.531560][   T10] usb 1-1: can't read configurations, error -61
[  508.644912][   T31] audit: type=1326 audit(1764076722.489:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11741 comm="syz.1.2075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ce258f749 code=0x7fc00000
[  508.685670][   T10] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  508.734537][T11769] netlink: 108 bytes leftover after parsing attributes in process `syz.1.2084'.
[  508.755399][T11769] overlayfs: missing 'lowerdir'
[  508.796624][T11772] usb usb8: usbfs: process 11772 (syz.2.2085) did not claim interface 0 before use
[  508.805781][   T24] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  508.845625][   T10] usb 1-1: Using ep0 maxpacket: 8
[  508.859616][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  508.868891][   T10] usb 1-1: too many configurations: 10, using maximum allowed: 8
[  508.881787][   T10] usb 1-1: unable to read config index 0 descriptor/start: -61
[  508.889966][   T10] usb 1-1: can't read configurations, error -61
[  508.896861][   T10] usb usb1-port1: attempt power cycle
[  508.967370][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.978920][   T24] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  508.988548][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.001168][   T24] usb 4-1: config 0 descriptor??
[  509.255738][   T10] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  509.276296][   T10] usb 1-1: Using ep0 maxpacket: 8
[  509.284415][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  509.296102][   T10] usb 1-1: too many configurations: 10, using maximum allowed: 8
[  509.305892][   T10] usb 1-1: unable to read config index 0 descriptor/start: -61
[  509.313710][   T10] usb 1-1: can't read configurations, error -61
[  509.351076][T11782] netlink: 65 bytes leftover after parsing attributes in process `syz.2.2089'.
[  509.362761][T11782] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2089'.
[  509.418935][   T24] keytouch 0003:0926:3333.009B: fixing up Keytouch IEC report descriptor
[  509.447280][   T10] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  509.455846][   T24] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.009B/input/input148
[  509.486601][   T10] usb 1-1: Using ep0 maxpacket: 8
[  509.501575][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  509.509847][   T10] usb 1-1: too many configurations: 10, using maximum allowed: 8
[  509.521712][   T10] usb 1-1: unable to read config index 0 descriptor/start: -61
[  509.529821][   T10] usb 1-1: can't read configurations, error -61
[  509.537711][   T10] usb usb1-port1: unable to enumerate USB device
[  509.571459][   T24] keytouch 0003:0926:3333.009B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  509.956813][   T10] usb 4-1: USB disconnect, device number 68
[  510.324351][T11805] netlink: 65 bytes leftover after parsing attributes in process `syz.1.2098'.
[  510.335746][T11805] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2098'.
[  510.346661][T11805] bridge0: port 1(bridge_slave_0) entered forwarding state
[  510.503663][T11811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  510.517813][T11811] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.047816][T11825] netlink: 65 bytes leftover after parsing attributes in process `syz.3.2107'.
[  511.056970][T11827] usb usb8: usbfs: process 11827 (syz.0.2105) did not claim interface 0 before use
[  511.089263][T11825] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2107'.
[  511.437272][T11842] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2113'.
[  511.491017][T11850] overlayfs: missing 'lowerdir'
[  511.676623][   T43] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  511.725673][   T10] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  511.825600][   T43] usb 1-1: Using ep0 maxpacket: 32
[  511.832807][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  511.855573][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  511.865593][   T43] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  511.874724][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.885618][   T10] usb 4-1: Using ep0 maxpacket: 8
[  511.893920][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  511.898965][   T43] usb 1-1: config 0 descriptor??
[  511.910687][   T10] usb 4-1: config 4 has an invalid interface number: 147 but max is 0
[  511.922429][   T10] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  511.937493][   T10] usb 4-1: config 4 has no interface number 0
[  511.947220][   T10] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  511.957963][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.966696][   T10] usb 4-1: Product: syz
[  511.971087][   T10] usb 4-1: Manufacturer: syz
[  511.976325][   T10] usb 4-1: SerialNumber: syz
[  512.217277][   T10] uvcvideo 4-1:4.147: Found multiple Units with ID 6
[  512.246048][   T10] uvcvideo 4-1:4.147: Found UVC 0.02 device syz (04f2:b746)
[  512.253572][   T10] uvcvideo 4-1:4.147: Entity type for entity Output 251 was not initialized!
[  512.289362][   T10] uvcvideo 4-1:4.147: Failed to create links for entity 251
[  512.303846][   T10] uvcvideo 4-1:4.147: Failed to register entities (-22).
[  512.323227][   T10] usb 4-1: USB disconnect, device number 69
[  512.699672][T11875] FAULT_INJECTION: forcing a failure.
[  512.699672][T11875] name failslab, interval 1, probability 0, space 0, times 0
[  512.712494][T11875] CPU: 0 UID: 0 PID: 11875 Comm: syz.2.2128 Not tainted syzkaller #0 PREEMPT(full) 
[  512.712526][T11875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  512.712540][T11875] Call Trace:
[  512.712552][T11875]  <TASK>
[  512.712562][T11875]  dump_stack_lvl+0x189/0x250
[  512.712595][T11875]  ? __pfx____ratelimit+0x10/0x10
[  512.712625][T11875]  ? __pfx_dump_stack_lvl+0x10/0x10
[  512.712655][T11875]  ? __pfx__printk+0x10/0x10
[  512.712688][T11875]  ? __pfx___might_resched+0x10/0x10
[  512.712713][T11875]  ? fs_reclaim_acquire+0x7d/0x100
[  512.712744][T11875]  should_fail_ex+0x414/0x560
[  512.712780][T11875]  should_failslab+0xa8/0x100
[  512.712811][T11875]  __kmalloc_noprof+0xdf/0x7f0
[  512.712835][T11875]  ? nla_strdup+0x9d/0x140
[  512.712854][T11875]  ? __kmalloc_cache_noprof+0x3e2/0x6f0
[  512.712881][T11875]  nla_strdup+0x9d/0x140
[  512.712904][T11875]  nf_tables_newchain+0x1990/0x2760
[  512.712954][T11875]  ? __pfx_nf_tables_newchain+0x10/0x10
[  512.713010][T11875]  ? nft_trans_table_add+0x230/0x430
[  512.713049][T11875]  ? nfnl_pernet+0x23/0x240
[  512.713095][T11875]  ? __nla_parse+0x40/0x60
[  512.713120][T11875]  nfnetlink_rcv+0x11d9/0x2590
[  512.713192][T11875]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  512.713241][T11875]  ? __pfx_save_netdev_trace_buffer+0x10/0x10
[  512.713271][T11875]  ? ref_tracker_free+0x63a/0x7d0
[  512.713303][T11875]  ? netlink_unicast+0x7fa/0x9e0
[  512.713337][T11875]  ? netlink_sendmsg+0x805/0xb30
[  512.713392][T11875]  ? __netlink_deliver_tap+0x866/0x8b0
[  512.713423][T11875]  ? netlink_deliver_tap+0x2e/0x1b0
[  512.713463][T11875]  netlink_unicast+0x82f/0x9e0
[  512.713506][T11875]  ? __pfx_netlink_unicast+0x10/0x10
[  512.713539][T11875]  ? netlink_sendmsg+0x642/0xb30
[  512.713559][T11875]  ? skb_put+0x11b/0x210
[  512.713583][T11875]  netlink_sendmsg+0x805/0xb30
[  512.713605][T11875]  ? aa_sk_perm+0x15f/0x920
[  512.713646][T11875]  ? __pfx_netlink_sendmsg+0x10/0x10
[  512.713673][T11875]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  512.713706][T11875]  ? __pfx_netlink_sendmsg+0x10/0x10
[  512.713727][T11875]  sock_sendmsg_nosec+0x18f/0x1d0
[  512.713759][T11875]  ____sys_sendmsg+0x577/0x880
[  512.713791][T11875]  ? __pfx_____sys_sendmsg+0x10/0x10
[  512.713825][T11875]  ? import_iovec+0x74/0xa0
[  512.713853][T11875]  ___sys_sendmsg+0x21f/0x2a0
[  512.713879][T11875]  ? __pfx____sys_sendmsg+0x10/0x10
[  512.713912][T11875]  ? rcu_read_lock_any_held+0xb3/0x120
[  512.713972][T11875]  ? __fget_files+0x2a/0x420
[  512.714001][T11875]  ? __fget_files+0x3a0/0x420
[  512.714042][T11875]  __x64_sys_sendmsg+0x19b/0x260
[  512.714069][T11875]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  512.714103][T11875]  ? __pfx_ksys_write+0x10/0x10
[  512.714131][T11875]  ? do_syscall_64+0xbe/0xf80
[  512.714167][T11875]  do_syscall_64+0xfa/0xf80
[  512.714199][T11875]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.714222][T11875]  ? clear_bhb_loop+0x60/0xb0
[  512.714249][T11875]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.714270][T11875] RIP: 0033:0x7f7047b8f749
[  512.714291][T11875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  512.714311][T11875] RSP: 002b:00007f7048991038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  512.714336][T11875] RAX: ffffffffffffffda RBX: 00007f7047de5fa0 RCX: 00007f7047b8f749
[  512.714353][T11875] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  512.714367][T11875] RBP: 00007f7048991090 R08: 0000000000000000 R09: 0000000000000000
[  512.714382][T11875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  512.714395][T11875] R13: 00007f7047de6038 R14: 00007f7047de5fa0 R15: 00007ffcdfd2f158
[  512.714438][T11875]  </TASK>
[  512.735926][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  512.842149][T11882] overlayfs: missing 'lowerdir'
[  512.926190][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.172776][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.216021][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.227851][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.236687][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.246857][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.256135][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.264888][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.321803][T11877] netlink: 'syz.1.2127': attribute type 83 has an invalid length.
[  513.654613][T11907] __nla_validate_parse: 2 callbacks suppressed
[  513.654635][T11907] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2137'.
[  513.918792][T11913] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2141'.
[  514.559354][T11943] FAULT_INJECTION: forcing a failure.
[  514.559354][T11943] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  514.574248][T11943] CPU: 1 UID: 0 PID: 11943 Comm: syz.3.2154 Not tainted syzkaller #0 PREEMPT(full) 
[  514.574283][T11943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  514.574297][T11943] Call Trace:
[  514.574306][T11943]  <TASK>
[  514.574316][T11943]  dump_stack_lvl+0x189/0x250
[  514.574351][T11943]  ? __pfx____ratelimit+0x10/0x10
[  514.574389][T11943]  ? __pfx_dump_stack_lvl+0x10/0x10
[  514.574417][T11943]  ? __pfx__printk+0x10/0x10
[  514.574457][T11943]  should_fail_ex+0x414/0x560
[  514.574493][T11943]  strncpy_from_user+0x36/0x2c0
[  514.574528][T11943]  getname_flags+0xf3/0x540
[  514.574556][T11943]  ? _copy_from_user+0x94/0xb0
[  514.574582][T11943]  user_path_at+0x24/0x60
[  514.574618][T11943]  __se_sys_mount+0x2d4/0x410
[  514.574654][T11943]  ? __pfx___se_sys_mount+0x10/0x10
[  514.574687][T11943]  ? do_syscall_64+0xbe/0xf80
[  514.574716][T11943]  ? __x64_sys_mount+0x20/0xc0
[  514.574746][T11943]  do_syscall_64+0xfa/0xf80
[  514.574778][T11943]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.574799][T11943]  ? clear_bhb_loop+0x60/0xb0
[  514.574825][T11943]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.574848][T11943] RIP: 0033:0x7f9ed7d8f749
[  514.574880][T11943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  514.574900][T11943] RSP: 002b:00007f9ed8bf7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  514.574925][T11943] RAX: ffffffffffffffda RBX: 00007f9ed7fe5fa0 RCX: 00007f9ed7d8f749
[  514.574943][T11943] RDX: 0000200000000ac0 RSI: 0000200000000a80 RDI: 0000200000000040
[  514.574959][T11943] RBP: 00007f9ed8bf7090 R08: 0000000000000000 R09: 0000000000000000
[  514.574974][T11943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  514.574988][T11943] R13: 00007f9ed7fe6038 R14: 00007f9ed7fe5fa0 R15: 00007ffe9c43a2c8
[  514.575024][T11943]  </TASK>
[  514.918144][T11949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.927697][T11949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  515.637044][T11962] FAULT_INJECTION: forcing a failure.
[  515.637044][T11962] name failslab, interval 1, probability 0, space 0, times 0
[  515.665707][T11962] CPU: 0 UID: 0 PID: 11962 Comm: syz.0.2162 Not tainted syzkaller #0 PREEMPT(full) 
[  515.665740][T11962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  515.665755][T11962] Call Trace:
[  515.665765][T11962]  <TASK>
[  515.665775][T11962]  dump_stack_lvl+0x189/0x250
[  515.665807][T11962]  ? __pfx____ratelimit+0x10/0x10
[  515.665838][T11962]  ? __pfx_dump_stack_lvl+0x10/0x10
[  515.665866][T11962]  ? __pfx__printk+0x10/0x10
[  515.665901][T11962]  ? __pfx___might_resched+0x10/0x10
[  515.665931][T11962]  ? fs_reclaim_acquire+0x7d/0x100
[  515.665962][T11962]  should_fail_ex+0x414/0x560
[  515.665997][T11962]  should_failslab+0xa8/0x100
[  515.666031][T11962]  kmem_cache_alloc_noprof+0x88/0x6f0
[  515.666064][T11962]  ? __kvm_mmu_topup_memory_cache+0x463/0x610
[  515.666091][T11962]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  515.666123][T11962]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  515.666165][T11962]  mmu_topup_memory_caches+0x21/0x170
[  515.666199][T11962]  kvm_mmu_load+0x9d/0x22d0
[  515.666227][T11962]  ? kvm_msr_allowed+0x9a/0x490
[  515.666257][T11962]  ? kvm_msr_allowed+0x9a/0x490
[  515.666297][T11962]  ? kvm_msr_allowed+0x9a/0x490
[  515.666328][T11962]  ? kvm_msr_allowed+0x9a/0x490
[  515.666357][T11962]  ? kvm_apic_has_interrupt+0x744/0x770
[  515.666402][T11962]  vcpu_run+0x54d7/0x76b0
[  515.666422][T11962]  ? rcu_is_watching+0x15/0xb0
[  515.666468][T11962]  ? __lock_acquire+0x6b6/0x2cf0
[  515.666552][T11962]  ? __pfx_vcpu_run+0x10/0x10
[  515.666584][T11962]  ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90
[  515.666615][T11962]  ? rcu_is_watching+0x15/0xb0
[  515.666653][T11962]  kvm_arch_vcpu_ioctl_run+0x1148/0x1c90
[  515.666694][T11962]  ? kvm_arch_vcpu_ioctl_run+0x285/0x1c90
[  515.666718][T11962]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  515.666742][T11962]  ? __lock_acquire+0x6b6/0x2cf0
[  515.666771][T11962]  ? __mutex_lock+0x335/0x1350
[  515.666813][T11962]  ? kasan_quarantine_put+0xdd/0x220
[  515.666836][T11962]  ? lockdep_hardirqs_on+0x98/0x140
[  515.666898][T11962]  kvm_vcpu_ioctl+0x99a/0xed0
[  515.666937][T11962]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  515.666969][T11962]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  515.667023][T11962]  ? __fget_files+0x2a/0x420
[  515.667058][T11962]  ? __fget_files+0x3a0/0x420
[  515.667086][T11962]  ? __fget_files+0x2a/0x420
[  515.667119][T11962]  ? bpf_lsm_file_ioctl+0x9/0x20
[  515.667146][T11962]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  515.667178][T11962]  __se_sys_ioctl+0xfc/0x170
[  515.667203][T11962]  do_syscall_64+0xfa/0xf80
[  515.667235][T11962]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.667257][T11962]  ? clear_bhb_loop+0x60/0xb0
[  515.667293][T11962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  515.667315][T11962] RIP: 0033:0x7fe87678f749
[  515.667337][T11962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  515.667357][T11962] RSP: 002b:00007fe8776bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  515.667382][T11962] RAX: ffffffffffffffda RBX: 00007fe8769e5fa0 RCX: 00007fe87678f749
[  515.667399][T11962] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  515.667413][T11962] RBP: 00007fe8776bb090 R08: 0000000000000000 R09: 0000000000000000
[  515.667428][T11962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  515.667443][T11962] R13: 00007fe8769e6038 R14: 00007fe8769e5fa0 R15: 00007ffe389eb958
[  515.667479][T11962]  </TASK>
[  516.281115][T11973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.297487][T11973] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.876272][T11990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.889040][T11990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  516.948350][   T43] usbhid 1-1:0.0: can't add hid device: -32
[  516.960508][   T43] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[  516.970217][T11992] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  517.002545][T11992] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  517.709079][T12012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  517.723730][T12012] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.030489][T12022] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.039636][T12022] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.265605][ T5921] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  518.312335][T12024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  518.321906][T12024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  518.439307][ T5921] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  518.456494][ T5921] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.469945][ T5921] usb 4-1: config 0 descriptor??
[  518.679943][ T5921] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  518.706062][ T5921] [drm:udl_init] *ERROR* Selecting channel failed
[  518.756429][ T5921] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  518.763189][ T5921] [drm] Initialized udl on minor 2
[  518.804325][ T5921] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  518.835363][ T5921] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  518.858292][ T5896] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  518.876945][ T5921] usb 4-1: USB disconnect, device number 70
[  518.907896][ T5896] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  519.002698][T12045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.035273][T12045] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.180393][T12054] kernel read not supported for file /file1 (pid: 12054 comm: syz.1.2197)
[  519.209239][   T31] audit: type=1800 audit(1764076733.059:353): pid=12054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2197" name="file1" dev="mqueue" ino=83540 res=0 errno=0
[  519.665627][ T5918] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  519.820193][ T5918] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  519.845574][ T5918] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  519.865296][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.892118][ T5918] usb 4-1: config 0 descriptor??
[  520.001867][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  520.027524][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  520.039745][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  520.062717][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  520.071258][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  520.122692][T12072] overlayfs: failed to clone upperpath
[  520.326112][ T5918] keytouch 0003:0926:3333.009C: fixing up Keytouch IEC report descriptor
[  520.351599][ T5918] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.009C/input/input149
[  520.512592][ T5918] keytouch 0003:0926:3333.009C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  520.826280][T12068] chnl_net:caif_netlink_parms(): no params data found
[  520.889068][ T5913] usb 4-1: USB disconnect, device number 71
[  520.924926][ T5921] usb 3-1: USB disconnect, device number 38
[  521.233469][   T60] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.476649][   T60] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.526155][T12068] bridge0: port 1(bridge_slave_0) entered blocking state
[  521.534851][T12068] bridge0: port 1(bridge_slave_0) entered disabled state
[  521.544380][T12068] bridge_slave_0: entered allmulticast mode
[  521.552569][T12068] bridge_slave_0: entered promiscuous mode
[  521.623970][   T60] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.653166][T12068] bridge0: port 2(bridge_slave_1) entered blocking state
[  521.677032][T12068] bridge0: port 2(bridge_slave_1) entered disabled state
[  521.684790][T12068] bridge_slave_1: entered allmulticast mode
[  521.707662][T12068] bridge_slave_1: entered promiscuous mode
[  521.760237][   T60] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  521.901904][T12068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  521.926221][T12068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  522.011478][T12068] team0: Port device team_slave_0 added
[  522.031510][T12068] team0: Port device team_slave_1 added
[  522.145750][ T5829] Bluetooth: hci4: command tx timeout
[  522.153819][T12068] batman_adv: batadv0: Adding interface: batadv_slave_0
[  522.162846][T12068] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  522.189632][T12068] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  522.205417][T12068] batman_adv: batadv0: Adding interface: batadv_slave_1
[  522.213060][T12068] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  522.248437][T12068] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  522.295660][ T5913] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  522.471869][ T5913] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  522.492845][ T5913] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  522.507337][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.519538][ T5913] usb 4-1: config 0 descriptor??
[  522.760216][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  522.774293][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  522.786200][   T60] bond0 (unregistering): Released all slaves
[  522.849348][T12068] hsr_slave_0: entered promiscuous mode
[  522.871534][T12068] hsr_slave_1: entered promiscuous mode
[  522.896572][T12068] debugfs: 'hsr0' already exists in 'hsr'
[  522.902949][T12068] Cannot create hsr debugfs directory
[  522.923621][   T60] tipc: Left network mode
[  522.943632][ T5913] keytouch 0003:0926:3333.009D: fixing up Keytouch IEC report descriptor
[  522.969200][ T5913] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.009D/input/input150
[  523.092629][ T5913] keytouch 0003:0926:3333.009D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  523.443557][   T60] hsr_slave_0: left promiscuous mode
[  523.451263][   T60] hsr_slave_1: left promiscuous mode
[  523.458226][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  523.469925][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  523.470224][ T5913] usb 4-1: USB disconnect, device number 72
[  523.485354][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  523.510814][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  523.578566][   T60] veth1_macvtap: left promiscuous mode
[  523.584717][   T60] veth0_macvtap: left promiscuous mode
[  523.593218][   T60] veth1_vlan: left promiscuous mode
[  524.127376][T12156] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2228'.
[  524.234808][ T5829] Bluetooth: hci4: command tx timeout
[  524.413674][   T60] team0 (unregistering): Port device team_slave_1 removed
[  524.460639][   T60] team0 (unregistering): Port device C removed
[  525.512382][   T60] IPVS: stop unused estimator thread 0...
[  525.760327][T12068] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  525.793423][T12068] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  525.839583][T12068] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  525.894481][T12068] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  525.977319][T12202] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2240'.
[  526.119824][T12068] 8021q: adding VLAN 0 to HW filter on device bond0
[  526.165047][T12068] 8021q: adding VLAN 0 to HW filter on device team0
[  526.206978][ T1007] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.214594][ T1007] bridge0: port 1(bridge_slave_0) entered forwarding state
[  526.264317][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.271728][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state
[  526.305739][ T5829] Bluetooth: hci4: command tx timeout
[  526.411697][T12215] x_tables: duplicate underflow at hook 1
[  526.414867][T12068] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  526.685713][ T5896] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  526.739966][T12068] 8021q: adding VLAN 0 to HW filter on device batadv0
[  526.817925][T12068] veth0_vlan: entered promiscuous mode
[  526.835445][T12068] veth1_vlan: entered promiscuous mode
[  526.869566][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  526.875945][T12068] veth0_macvtap: entered promiscuous mode
[  526.899622][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 102, changing to 7
[  526.904272][T12068] veth1_macvtap: entered promiscuous mode
[  526.917244][ T5896] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 24624, setting to 1024
[  526.934009][ T5896] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  526.955378][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.974549][ T5896] usb 4-1: Product: syz
[  526.988710][ T5896] usb 4-1: Manufacturer: syz
[  526.995441][T12068] batman_adv: batadv0: Interface activated: batadv_slave_0
[  527.010433][ T5896] usb 4-1: SerialNumber: syz
[  527.019854][T12068] batman_adv: batadv0: Interface activated: batadv_slave_1
[  527.032103][ T5896] usb 4-1: config 0 descriptor??
[  527.058716][ T5896] usb 4-1: 0:0 : invalid sync pipe. bmAttributes e5, bLength 9, bSynchAddress 66
[  527.071859][ T3002] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  527.085050][ T3002] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  527.100513][ T3002] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  527.122222][ T3002] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  527.315876][ T5896] usb 4-1: USB disconnect, device number 73
[  527.335704][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  527.359039][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  527.530064][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  527.553006][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  527.982275][T12265] : entered promiscuous mode
[  528.388328][ T5829] Bluetooth: hci4: command tx timeout
[  528.588394][ T5913] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  528.747368][T12288] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2260'.
[  528.766304][ T5913] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  528.805683][ T5913] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  528.814796][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.849999][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  528.859973][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  528.870112][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  528.880923][ T5913] usb 4-1: config 0 descriptor??
[  528.889104][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  528.900418][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  528.926580][ T5913] pwc: Askey VC010 type 2 USB webcam detected.
[  529.293080][ T5913] pwc: recv_control_msg error -32 req 02 val 2b00
[  529.332460][ T5913] pwc: recv_control_msg error -32 req 02 val 2700
[  529.347477][ T5913] pwc: recv_control_msg error -32 req 02 val 2c00
[  529.365227][ T5913] pwc: recv_control_msg error -32 req 04 val 1000
[  529.389236][ T5913] pwc: recv_control_msg error -32 req 04 val 1300
[  529.407672][ T5913] pwc: recv_control_msg error -32 req 04 val 1400
[  529.416356][ T5913] pwc: recv_control_msg error -32 req 02 val 2000
[  529.426268][ T5913] pwc: recv_control_msg error -32 req 02 val 2100
[  529.442524][ T5913] pwc: recv_control_msg error -32 req 04 val 1500
[  529.450827][ T5913] pwc: recv_control_msg error -32 req 02 val 2500
[  529.532445][T12289] chnl_net:caif_netlink_parms(): no params data found
[  529.660010][ T5913] pwc: recv_control_msg error -32 req 02 val 2600
[  529.683509][ T5913] pwc: recv_control_msg error -32 req 02 val 2900
[  529.707296][ T5913] pwc: recv_control_msg error -32 req 02 val 2800
[  529.725864][ T5913] pwc: recv_control_msg error -32 req 04 val 1100
[  529.733200][ T5913] pwc: recv_control_msg error -32 req 04 val 1200
[  529.769930][ T5913] pwc: Registered as video103.
[  529.786175][ T5913] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input151
[  529.954679][T12289] bridge0: port 1(bridge_slave_0) entered blocking state
[  529.975891][T12289] bridge0: port 1(bridge_slave_0) entered disabled state
[  529.983325][T12289] bridge_slave_0: entered allmulticast mode
[  530.007851][T12289] bridge_slave_0: entered promiscuous mode
[  530.029382][T12289] bridge0: port 2(bridge_slave_1) entered blocking state
[  530.048053][T12289] bridge0: port 2(bridge_slave_1) entered disabled state
[  530.062322][T12289] bridge_slave_1: entered allmulticast mode
[  530.075458][T12289] bridge_slave_1: entered promiscuous mode
[  530.163063][T12289] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  530.194030][T12289] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  530.345941][T12289] team0: Port device team_slave_0 added
[  530.377723][T12289] team0: Port device team_slave_1 added
[  530.519987][T12289] batman_adv: batadv0: Adding interface: batadv_slave_0
[  530.528711][T12289] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  530.585559][T12289] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  530.606112][T12289] batman_adv: batadv0: Adding interface: batadv_slave_1
[  530.618369][T12289] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  530.664297][T12289] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  530.705763][ T5913] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  530.755167][   T60] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.831720][T12289] hsr_slave_0: entered promiscuous mode
[  530.855758][T12289] hsr_slave_1: entered promiscuous mode
[  530.858695][ T5913] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  530.862577][T12289] debugfs: 'hsr0' already exists in 'hsr'
[  530.884878][ T5913] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  530.885991][T12289] Cannot create hsr debugfs directory
[  530.904886][ T5913] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  530.924604][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.933278][ T5913] usb 3-1: Product: syz
[  530.938078][ T5913] usb 3-1: Manufacturer: syz
[  530.942817][ T5913] usb 3-1: SerialNumber: syz
[  530.955715][ T5837] Bluetooth: hci2: command tx timeout
[  530.976109][   T60] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  531.060632][   T60] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  531.161616][T12317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  531.176333][T12317] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  531.188627][   T60] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  531.387427][ T5896] usb 4-1: USB disconnect, device number 74
[  531.489070][   T60] bridge_slave_1: left allmulticast mode
[  531.494840][   T60] bridge_slave_1: left promiscuous mode
[  531.537914][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  531.613027][   T60] bridge_slave_0: left allmulticast mode
[  531.635456][   T60] bridge_slave_0: left promiscuous mode
[  531.652475][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  531.719833][ T5913] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[  531.744459][ T5913] cdc_ncm 3-1:1.0: bind() failure
[  531.774094][ T5913] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[  531.801592][ T5913] cdc_ncm 3-1:1.1: bind() failure
[  532.027752][T12350] netlink: 7064 bytes leftover after parsing attributes in process `syz.0.2274'.
[  532.079303][T12350] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  532.454269][   T60] team0: Port device geneve1 removed
[  532.715220][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  532.726614][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  532.737507][   T60] bond0 (unregistering): Released all slaves
[  533.032040][ T5837] Bluetooth: hci2: command tx timeout
[  533.383319][T12383] netlink: 220 bytes leftover after parsing attributes in process `syz.3.2280'.
[  533.394246][   T60] hsr_slave_1: left promiscuous mode
[  533.406905][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  533.429668][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  533.490713][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  533.503899][ T5913] usb 3-1: USB disconnect, device number 39
[  533.526661][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  533.625759][   T60] veth1_macvtap: left promiscuous mode
[  533.631825][   T60] veth0_macvtap: left promiscuous mode
[  533.638096][   T60] veth1_vlan: left promiscuous mode
[  533.643677][   T60] veth0_vlan: left promiscuous mode
[  533.718807][ T5921] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  533.877083][ T5921] usb 4-1: Using ep0 maxpacket: 16
[  533.898753][ T5921] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  533.922030][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  533.951344][ T5921] usb 4-1: Product: syz
[  533.969173][ T5921] usb 4-1: Manufacturer: syz
[  533.973915][ T5921] usb 4-1: SerialNumber: syz
[  533.989496][ T5921] usb 4-1: config 0 descriptor??
[  534.055982][ T5921] visor 4-1:0.0: Sony Clie 3.5 converter detected
[  534.270597][T12407] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2286'.
[  534.322916][T12407] loop5: detected capacity change from 0 to 7
[  534.414019][T12407] Dev loop5: unable to read RDB block 7
[  534.422012][T12407]  loop5: unable to read partition table
[  534.431231][T12407] loop5: partition table beyond EOD, truncated
[  534.450569][T12407] loop_reread_partitions: partition scan of loop5 (�������g�C�j̖�P=��!MX���	���%��`�搘ȵ4FLQk݊5) failed (rc=-5)
[  534.623110][   T60] team0 (unregistering): Port device team_slave_1 removed
[  534.677957][   T60] team0 (unregistering): Port device team_slave_0 removed
[  535.108562][ T5837] Bluetooth: hci2: command tx timeout
[  535.251165][ T5921] usb 4-1: clie_3_5_startup: get interface number failed: -71
[  535.259073][ T5921] visor 4-1:0.0: probe with driver visor failed with error -71
[  535.283172][ T5921] usb 4-1: USB disconnect, device number 75
[  535.512335][T12289] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  535.547041][T12289] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  535.569019][T12289] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  535.582718][T12289] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  535.774277][T12289] 8021q: adding VLAN 0 to HW filter on device bond0
[  535.827232][T12289] 8021q: adding VLAN 0 to HW filter on device team0
[  535.866508][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.874311][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  535.894390][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.902551][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  536.146329][ T5913] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  536.220422][T12443] 
[  536.223313][T12443] ================================================
[  536.230367][T12443] WARNING: lock held when returning to user space!
[  536.237885][T12443] syzkaller #0 Not tainted
[  536.243772][T12443] ------------------------------------------------
[  536.251332][T12443] syz.0.2291/12443 is leaving the kernel with locks still held!
[  536.259803][T12443] 1 lock held by syz.0.2291/12443:
[  536.265254][T12443]  #0: ffff88807870a420 (sb_writers#18){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  536.336927][ T5913] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  536.351383][T12289] 8021q: adding VLAN 0 to HW filter on device batadv0
[  536.362847][ T5913] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  536.380493][ T5913] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  536.400204][ T5913] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  536.415843][ T5913] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  536.448623][T12289] veth0_vlan: entered promiscuous mode
[  536.457528][ T5913] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  536.468705][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  536.482416][T12289] veth1_vlan: entered promiscuous mode
[  536.488292][ T5913] usb 4-1: Product: syz
[  536.492517][ T5913] usb 4-1: Manufacturer: syz
[  536.518041][ T5913] cdc_wdm 4-1:1.0: skipping garbage
[  536.523524][ T5913] cdc_wdm 4-1:1.0: skipping garbage
[  536.548480][ T5913] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  536.554704][ T5913] cdc_wdm 4-1:1.0: Unknown control protocol
[  536.563224][T12289] veth0_macvtap: entered promiscuous mode
[  536.586852][T12289] veth1_macvtap: entered promiscuous mode
[  536.606476][T12289] batman_adv: batadv0: Interface activated: batadv_slave_0
[  536.623405][T12289] batman_adv: batadv0: Interface activated: batadv_slave_1
[  536.640691][ T1007] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  536.652742][ T1007] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  536.663047][ T1007] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  536.673039][ T1007] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  536.714242][T12289] ieee80211 phy16: Selected rate control algorithm 'minstrel_ht'
[  536.748655][ T1007] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  536.761107][T12289] ieee80211 phy17: Selected rate control algorithm 'minstrel_ht'
[  536.769219][ T1007] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  536.799921][ T1007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  536.808982][ T1007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  537.074314][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 4 bytes
[  537.196292][ T5837] Bluetooth: hci2: command tx timeout
[  538.913215][ T5913] usb 4-1: USB disconnect, device number 76