last executing test programs:

7m53.999974418s ago: executing program 3 (id=822):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000001240)={<r2=>0xffffffffffffffff}, 0x111, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x400, 0x2, @loopback}, {0xa, 0x4e21, 0x101, @mcast2, 0x9}, r2, 0x6}}, 0x48)
write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f00000001c0)={0xc, 0x8, 0xfa00, {0x0}}, 0x10)

7m53.937830199s ago: executing program 3 (id=823):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000180)={{@hyper, 0x2}, @hyper, 0x0, 0x5, 0x3, 0xfffffffffffffff7})

7m53.866021952s ago: executing program 3 (id=824):
r0 = socket(0x10, 0x80002, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}})
syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
close_range(r0, 0xffffffffffffffff, 0x200000000000000)

7m53.757231087s ago: executing program 3 (id=825):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) (async)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
chdir(&(0x7f0000000080)='./file1\x00') (async)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0) (async)
setpgid(0x0, r0) (async)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x180) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x200000, 0x0)

7m53.635886932s ago: executing program 3 (id=827):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000000)={0x0, 0x2}, 0x8)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000180)='h', 0x1}], 0x1}, 0x20044800)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'das08_isa\x00', [0x4f27, 0x7, 0x10000, 0x2, 0x3, 0xcc7, 0x4, 0x8000b, 0xe, 0x4, 0x4, 0x1, 0x1, 0x1, 0x6, 0x10000105, 0x0, 0x1a451, 0x3, 0x3fff7fff, 0x89, 0x10, 0x1, 0x20801e58, 0x800009, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]})
ioctl$COMEDI_POLL(r1, 0x640f)

7m53.314917017s ago: executing program 3 (id=829):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x3, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7m53.029402178s ago: executing program 32 (id=829):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x3, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7m5.484731676s ago: executing program 2 (id=1061):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf3, 0xfffffffb, 0x39, 0x747d5e13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x80, 0x800, 0x300000, 0x7, 0x11, 0x4623f, 0x6, 0x0, 0x1ff, 0x8000, 0xfffffffe, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0xa, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0xa, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c33, 0x3, 0x5, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x985, 0x4, 0x8, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x9, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd3, 0x7, 0x20, 0x404, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x9, 0x80000001, 0x8, 0x3f92, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x1000, 0x80000001, 0x4, 0xff, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x47, 0x0, 0x3, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x8, 0x95e, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x6, 0xd9, 0x5, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x7, 0x0, 0x5, 0x1e2, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x20000002, 0x5, 0x800, 0xa80a, 0x65f413f9, 0xfffffff8, 0x20008, 0x8a8, 0x2, 0x800, 0x409, 0x7, 0x4, 0x4, 0x10, 0x4, 0x0, 0x7fff, 0x8, 0x8, 0x401, 0x1, 0x1fd, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x6]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501)
readv(r0, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x29}], 0x1)
openat$cachefiles(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x8002, 0x0)

7m5.278748401s ago: executing program 2 (id=1064):
r0 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c00009040000020701010009050102"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000a40)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r3, 0x3}, 0x18)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000480)={0x1d, r3, 0x12, {0x0, 0x1, 0x1}, 0x1}, 0x18)
close(r4)
pwritev2(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0)

7m3.843526456s ago: executing program 2 (id=1068):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
ioctl$KVM_RUN(r2, 0xae80, 0x2000000)

7m3.676018622s ago: executing program 2 (id=1069):
r0 = socket(0x11, 0x3, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0xc8901, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8042, 0x0)
write$UHID_CREATE2(r2, &(0x7f0000000200)={0xb, {'syz1\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x3, 0x80000001, 0xda6, 0x1ff, 0x4}}, 0x118)
fallocate(r2, 0x0, 0x5, 0x5)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r3 = fcntl$dupfd(r1, 0x0, r1)
write$FUSE_INIT(r3, 0x0, 0x0)
getsockopt$sock_int(r0, 0xffff, 0x1002, 0xffffffffffffffff, &(0x7f0000000240))
r4 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_G_DV_TIMINGS(r4, 0xc0845658, &(0x7f0000000300)={0x0, @bt={0x7, 0x6a25, 0xeebc57947b7197d8, 0x3, 0x7, 0x9, 0x1, 0xc, 0x2, 0x7, 0x5, 0xa, 0xc00000, 0x9, 0x2, 0x2a, {0x0, 0x9}, 0x31, 0x2}})
r5 = creat(&(0x7f0000001380)='./file0\x00', 0x12c)
r6 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
bind$inet(r6, &(0x7f0000e15000)={0x2, 0x4e20, @local}, 0x10)
r7 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r7, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
bind$inet(r7, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000040)={0x4, [<r8=>0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x14)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x1f, &(0x7f0000000240)={r8, @in={{0x2, 0x4e21, @multicast2}}, 0x3, 0x4a4e}, 0x90)
mount(&(0x7f0000001400)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x9802, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f00000000c0)={@hyper, 0x2})

7m3.66602619s ago: executing program 2 (id=1070):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_TABLE(r1, 0x0, 0xcf, &(0x7f00000000c0)=0xfd, 0x4)

7m3.618728956s ago: executing program 2 (id=1071):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x84)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

6m48.444453537s ago: executing program 33 (id=1071):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x84)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4m36.834130613s ago: executing program 1 (id=1776):
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000100)={0x0, <r0=>0x0})
ptrace(0x4208, r0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0)
close(r1)
r2 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000004c0)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x4, 0x3, 0x1, 0xffffffff, {0xa, 0x4e23, 0x9, @loopback, 0x97}}}, 0x80, 0x0}, 0x2000f765)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000)={'#! ', './file0'}, 0xb)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7)
ioctl$SIOCSIFHWADDR(r1, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @broadcast})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000180)={0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 0x7fffffff], 0x80a0000})
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r7, 0x6, 0x2, 0x0, &(0x7f0000000080))
ioctl$KVM_RUN(r6, 0xae80, 0x0)

4m36.46846268s ago: executing program 1 (id=1780):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x7)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000005180)={0x2020}, 0x2020)

4m36.34797043s ago: executing program 1 (id=1781):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xca)
getsockopt$ax25_int(r1, 0x101, 0x1, &(0x7f0000000500), &(0x7f0000000040)=0x4)
fadvise64(r0, 0x92, 0x5, 0x2)
mmap(&(0x7f0000997000/0x1000)=nil, 0x1000, 0x3000000, 0x1010, r0, 0xa821b000)
gettid()
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
syz_init_net_socket$ax25(0x3, 0x2, 0xca) (async)
getsockopt$ax25_int(r1, 0x101, 0x1, &(0x7f0000000500), &(0x7f0000000040)=0x4) (async)
fadvise64(r0, 0x92, 0x5, 0x2) (async)
mmap(&(0x7f0000997000/0x1000)=nil, 0x1000, 0x3000000, 0x1010, r0, 0xa821b000) (async)
gettid() (async)

4m36.282107635s ago: executing program 1 (id=1782):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x40}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000140)=ANY=[@ANYRES8=r2], 0x10)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@posixacl}]}})
ioctl$HIDIOCSREPORT(r2, 0x400c4808, &(0x7f0000000000)={0x3, 0x100, 0x144})
chdir(&(0x7f0000000080)='./file1\x00')
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000380)={0x1d, r7, 0x0, {0x2, 0xf0, 0x4}, 0xfe}, 0x18)
setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$can_j1939(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)="5f7327a543a8643e22", 0x9}, 0x1, 0x0, 0x0, 0x2400c040}, 0x41)
close_range(r4, 0xffffffffffffffff, 0x0)
setpgid(r3, 0x0)
setpgid(0x0, r3)
fstat(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
mount$9p_fd(0x0, &(0x7f0000000180)='./file1/file1\x00', &(0x7f0000000200), 0x80024, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}, {@directio}], [{@smackfsroot}, {@obj_user}, {@appraise}, {@euid_lt={'euid<', r8}}, {@smackfstransmute={'smackfstransmute', 0x3d, '.\x7f\\'}}, {@obj_role={'obj_role', 0x3d, '!'}}, {@fsname={'fsname', 0x3d, 'posixacl'}}, {@appraise_type}, {@subj_role={'subj_role', 0x3d, '('}}]}})
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
umount2(&(0x7f00000000c0)='./file1/file0\x00', 0x5)

4m35.938303189s ago: executing program 1 (id=1786):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0x358, 0xffff8880b8709000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x26)
r2 = creat(&(0x7f0000001380)='./file0\x00', 0xd)
ptrace$setsig(0x4203, r0, 0x8, &(0x7f0000000080)={0x2f, 0x6, 0x7})
waitid$P_PIDFD(0x3, r2, 0x0, 0x2, &(0x7f0000000100))
mount(&(0x7f0000000000)=@sg0, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext4\x00', 0x8000, 0x0)

4m34.595923394s ago: executing program 1 (id=1793):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendto(r0, 0x0, 0x0, 0x40080c3, 0x0, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0)

4m34.042418442s ago: executing program 34 (id=1793):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendto(r0, 0x0, 0x0, 0x40080c3, 0x0, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0)

6.600058203s ago: executing program 6 (id=3068):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000280)={0x1, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x44, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f00000004c0)="66baf80cb80019c389ef66bafc0cb800000000ef660fc7b19e0000000f01d10f23e866ba420066ed26f30f59ad00000000360f2213c4c3e16e0700c4c1fee6100f769c9a0c000000", 0x48}], 0x1, 0x61, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6.423340754s ago: executing program 6 (id=3069):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r0 = getpid()
bind$inet6(0xffffffffffffffff, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
process_vm_readv(r0, &(0x7f0000000140)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}, {&(0x7f0000000000)=""/33, 0x21}, {&(0x7f0000000040)=""/237, 0xed}], 0x4, &(0x7f0000000280)=[{&(0x7f0000000180)=""/70, 0x46}, {&(0x7f0000000200)=""/64, 0x40}, {&(0x7f0000000240)=""/60, 0x3c}], 0x3, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x18, r2, 0x8, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}}, 0x0)
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x0, 0x0)

6.328065818s ago: executing program 6 (id=3071):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x10})
ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'hsr0\x00', @multicast})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x6004}, @void, @eth={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@llc={0x4, {@snap={0xaa, 0xaa, "1c", "e71155", 0x88f5}}}}}}, 0x1e)

6.152315918s ago: executing program 6 (id=3072):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000640)={0x20, 0x3, 0x4, "5905d900"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000b40)={0x44, &(0x7f0000000840)={0x0, 0x30, 0x4, "ad972f8f"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000740)={0x34, &(0x7f0000000240)={0x40, 0x15, 0x4, "6ce4d1f4"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000280)={0x40, 0x0, 0x4, "71615214"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000000100)={0x14, 0x0, 0x0}, &(0x7f0000000600)={0x34, &(0x7f0000000940)={0x40, 0xa, 0x12, "31af787c311c5caf626381fb9c2f958c0133"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000380)={0x0, 0xc, 0x3, "ca39ac"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000000c0)={0x34, &(0x7f00000005c0)={0x0, 0x3, 0x4, "6ab6cae0"}, 0x0, 0x0, 0x0, 0x0, 0x0})

5.781601309s ago: executing program 0 (id=3073):
syz_io_uring_setup(0xbc3, &(0x7f0000001480)={0x0, 0x1064, 0x40, 0x0, 0x3dd}, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000060a0b040000000000000000020000001400048010000180090001006d617371000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x20000805}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000140)={0x54, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x44}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}]}, 0x54}}, 0x80)
close_range(0xffffffffffffffff, r0, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x40000012})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000180)={0x300, 0x1, &(0x7f0000000340)=[r3], &(0x7f0000000040)=[0x1], &(0x7f0000000200), &(0x7f0000000240), 0x0, 0x7f})

5.689956191s ago: executing program 0 (id=3074):
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000180)=""/4096, &(0x7f0000000080)=0x1000)
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x1029, 0x2)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
lsm_get_self_attr(0x68, 0x0, &(0x7f0000000ac0), 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r3, &(0x7f00000004c0)=""/57, 0x39)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, 0x0, 0x0, <r4=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r4, r2, <r5=>0x0, 0x0, 0x0, 0x0, 0x0})
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000001300)={0x3a, 0x2, r2})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000001200)={0x48, 0x2, r2, 0x0, 0x0, 0x0, <r6=>0x0})
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000012c0), 0x10000, 0x0)
ioctl$IOMMU_HWPT_ALLOC$TEST(r7, 0x3b89, &(0x7f0000000200)={0x28, 0x1, r6, r5, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000001280)})
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x422200, 0x0)
ioctl$IOC_PR_CLEAR(r8, 0x401070cd, &(0x7f0000001180)={0x4})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r1, 0x3ba0, &(0x7f0000001380)={0x48, 0xa, 0x0, 0x0, r9})
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000140)={0xa5, 0x20323159, 0x3, @stepwise={0x8, 0x4, 0x7f0b7b93, 0x0, 0xa2, 0x80}})

5.50399653s ago: executing program 0 (id=3075):
openat$cuse(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
close(0x3)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000340)=0x1, 0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x2, {{0x2, 0x1}, 0x3}}, 0x80, 0x0}, 0x20000001)

5.473208011s ago: executing program 0 (id=3077):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x66002, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000001c0)="66b9800000c00f326635004000000f300f2335660f38049408a06766c74424000f5200006766c7442402008000006766c744240600000000670f011c2467260f7938360f01c30f20d86635200000000f22d8360f302e0f01b400000f01c9", 0x5e}], 0x1, 0x0, 0x0, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103000000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a04d113905241510000905810300020800040904010000020d00000904010102020d0000090582020002e1ad000905"], 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000ac0)={0x0, 0x2, 0x401, 0x2})
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="120110012cae9308da040d39dffa0102030109022d0001c94080010904f90403c0da26ff0905f10f40000300bf090503", @ANYRES16], 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r3)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="c50f00000000000000001100000008000300", @ANYRES32=0x0, @ANYBLOB="08002a0084610000"], 0x24}}, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000000)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x20, 0x80, 0x1c, {0x3, 0x2070, 0x1000, 0x9, 0x4, 0x8000, 0xfffd, 0x8, 0x3906, 0xfffc, 0x401, 0xfb}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmmsg(r6, &(0x7f00000018c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="1073eeda8705da74bc83496ee251e51e6d155c558a4f6dbf7076341df55b7aecaad952f364f05d5e0f", 0x29}, {&(0x7f0000000240)="02a2f97a177137003d9b418698b97c81bf1bde7a9b76365fd7b1bbae5f5e09cb9b4432ed011564c718321c92affddb69470547b1baefcdb5445c31a7d34e0b20bd", 0x41}], 0x2}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000180)="2001987c5ccf58f5f75061ee", 0xc}, {&(0x7f00000003c0)="8b120728c90b0b4a530fab46abf402095b65870c2a0ac8f0847a8e8ab1d98f34cdd3a1c838f816c52ca57b8a7efbcea529afab803882b9f88c28cab3df58895ebffef931a275cc35f9fefa5bd7a1f580106f3c7defd09032cf42417504eefea81cfa7bfea5032e42cc0858cee1b8e74e133934cc54cd707c5c85d4e5008025c28b72b46d12248babbe0d3f7916a5610416ee255a331398dea59a1a406070cc13e81701447ded270b0c1bce36d2bf06db98dd9c1ed65668eb5c2f4cab0ee3", 0xbe}, {&(0x7f0000000940)="0154cb3eb8695dcc7f253cb0f84f99ca40dada3fa997c3cdeaf5fba62ba9dca2592b2e1f1a3b323346857c2dc8a7feb60cabba8b2bae17b6adbf986484866d0995da61fdd7468d7a890840c77e27f020ceeaac9105570794647e71a0180a96c66f23d8bb7da1bb5d4862d206943bc4807d54daa921f15e47c4e1ef9e5453e90fa5a65dbad4f0e98312d6b50fe713144c7beff1daa197cb11a05d6aa9ed7288290f954371c4c9dfc1fd57608fd51e02eb51b584d991791f63de7c0cd140f4454c632bcd294397f135188640e6ffb3770ac4dc926ca179633fd5facb445ac6cbd89cfa08b6369bd75bcaa7b3f5413e397f09001487425dcefad05f495f6272349569b6d61af045b36268fd33ac21bff3e68ad67d870bd55a1d66f62b5a87f6ad529d2b0311de32f3af1279886415af8f1ceee3243855c903e619458cc6ef9399d453d3c7bf571fef041f3bd413446cc10203b239c55aa752085cf0efe2a5ef1e596895c20aba8ae469608b73f814d264e2f4c9a5c4a1184f", 0x177}, {&(0x7f0000000ac0)="cb0985ad89d03db16683167ac85f0aa2385eb0d0d7bec5bc858d28d00aee32f13954a3bb61ef29056625ca65858a754b2fa6acf5600ac1e45d5a3158ff95835a6e08d415224f9c3afc53186a7a77b6e87b339ec5e6", 0x55}], 0x4}}], 0x2, 0x8810)
sendmsg$alg(r6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4040001}, 0x0)
recvmsg$unix(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001f00)=""/4096, 0x1000}], 0x1}, 0x12060)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0)
syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x7, 0x20, 0x8c, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x3, 0x1, 0x3, 0xcd, {0x9, 0x21, 0x9, 0x7f, 0x1, {0x22, 0xc74}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0x4d, 0x4}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x2, 0xf, 0x5}}]}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x200, 0x6, 0x10, 0x6, 0x10, 0x8}, 0x5, &(0x7f0000000280)={0x5, 0xf, 0x5}, 0x9, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x426}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x814}}, {0x5a, &(0x7f0000000400)=@string={0x5a, 0x3, "8ea27d2187988c9f153624d7ff3bd913db0d314099b6430b2ed38572c502a3e8146cc3aa78234112f7ffac7da4bed27011ac4f2e2e6e971b6de11c6819a8692fe62e31e87c89b3abf2a11bb3cd805a363d2fdeba3dc478f1"}}, {0xc1, &(0x7f0000000580)=@string={0xc1, 0x3, "1d9f66aec7e7a776cd72d08e48fc49e356440e358ee85996e7551caf02f2ed3aca4cdeb1784d6df6d46bcbd7c16251fddd288ed25640445a50d17cc9253ef0a8d465d6c7a331f3281100d56bffe74b939d515633d743a37c32553d1925aa7ba370cbb8383ac854eb047451b6239a5e6be3440b584cf7793fceae59419ef1ce94b99f9c92fde8c20ac6713b007c0ce9a0d5ab6105bcc3f3bed83b7b53f57e6d9b1b177155a522043f59d211520a3f0ad899171f78dd76fda27ee41e2e57707a"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4}}, {0xff, &(0x7f0000000680)=@string={0xff, 0x3, "8caa7d7642a3a777ab96da9c0f0bb32a9b33a6f3a0d809e8ff53bc9c2dfcc08edb8842a165a4952a4c61c265912e0e559d25fee84cb9a8e91e09a65cea33768173125741b27f3cf9c6d8ddb8a3748acd109de06e2d43f99198ccaef768240e6ec875862d875d13f5ec0cb2014999168cba12469783ac2375a2d51218d4f9a99d4abe485967206d26dbde130226f4eb3863e599055b137f6e7c984b409349fa59b0c54f8e41e9233632b106ff270c10a5fc88f60b1ecb0a446f4afbfaf37c7790ea60a3e9b58b60b9ec553fd00fd06a29943d314aa60eafbbe9c8f0c6e8163d769900b9c7d8baef4907098f673a21dc535fa61e6dfd79caf6d278ece534"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x40d}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x80c}}, {0x3f, &(0x7f0000000500)=@string={0x3f, 0x3, "61d43d003666c90582fac7513c924179567e752c001cc968e7c3446f0c738a83a410d9cddffb55f2f411e497f064e2b3b6a7e13d3a340d23b8e3c232e4"}}]})
ioctl$SIOCSIFHWADDR(r7, 0xc0189436, &(0x7f0000000000)={'wlan1\x00', @random='\rh\x00 \x00'})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
syz_usb_control_io$cdc_ecm(r2, &(0x7f0000000900)={0x14, &(0x7f0000000840)={0x40, 0x7, 0x45, {0x45, 0xa, "7c05e4e36749ef77bc5f1bf2e13332169f406504e8b33779a3d0d81342f78f366d163c966da0fdb08ac5428cdbe9ce6ab9aa3474e102a5f6d6b28bcdda28ede0e2afcc"}}, &(0x7f00000008c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000a80)={0x1c, &(0x7f0000000940)={0x0, 0x0, 0x9c, "10c860b86d6fc9e86dfd1d523a38d6c8616729c827a633351fc31ce20102f87c296aa93032f2a24d0d3ffbc7098b926fccd61ade72535d6015bf42c9308f0ce0c8b05d41075be4ae3aded138ddadd291de901f5fa7f158fd7d24b05cce0ae027457900b273b2a558a52956f85534382fbaf17ff59a370302dbb5c5b2958fc3fee2ea1fe93b5fca8d290310cddbe055358b006b92a487d5ecdec2c053"}, &(0x7f0000000a00)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000a40)={0x0, 0x8, 0x1, 0x7}})

2.378379669s ago: executing program 0 (id=3105):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000005580)='/sys/kernel/vmcoreinfo', 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000180), 0x111}}, 0x20)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1fd, 0x0)
ioctl$USBDEVFS_ALLOC_STREAMS(r2, 0x8008551c, &(0x7f0000000140)={0xe021, 0x1, [{0x1, 0x1}]})
ioctl$RTC_WKALM_SET(r1, 0x40187014, 0x0)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file8\x00', 0x0, 0x3)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a64000000060a0b040000000000000000020000000900010073797a30000000000900020073797a32000000003800048034000180090001007866726d00000000240002800500030000000000080001400000000008000440000000830800024000000005"], 0x8c}}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
symlinkat(&(0x7f0000000380)='./file8/file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file6\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000b80)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000bc0)='./file4\x00', 0x4)
mkdir(&(0x7f0000000140)='./control\x00', 0x8)
rmdir(&(0x7f0000000100)='./control\x00')
setuid(0xee00)
r4 = syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x9, 0x511600)
sendfile(r4, r0, 0x0, 0xb)

2.147937669s ago: executing program 0 (id=3108):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha384\x00'}, 0x58)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x3)
socket$netlink(0x10, 0x3, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$video4linux(&(0x7f0000001540), 0x6, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
fsopen(&(0x7f0000000240)='vfat\x00', 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = epoll_create(0x400)
r2 = syz_usb_connect(0x3, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000055090238000100000000090400000371055900090582eb1000000001020009050276000000000000000000"], 0x0)
syz_usb_control_io$cdc_ncm(r2, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xc38, &(0x7f00000020c0)=ANY=[@ANYBLOB="7c2f0aec9d222ea5ee20e6b25cf191669d6293d87d67cbc22a8dca55b40c545d1439d9ab278a279afd807e25e3c9aacca664836fec718e063c9b06cd66442b6407fec5c3e5cd9d0f1001c90a801c4fadce8e13a5e0209edf5c5693acccefa24d4f5a2ef062e701d054d19e9e6340a1651e05fd87b70942c679234426f9b19c0723563d0e38ec970aec02a6154ab61081aae03050d00192bd9d59977bb2f1297a7cd0571a0dfc5688a8e3d5f4a226b7e397b43c186967c74821bc70005059ab5606c70045a6a9915285c8215b9abd839f50530dde8ad500d70d8f7c1a0093293e6d632f8e8939f3199ab4ec92caed14c26975b57578c8ea666a2e4253ca9516f3c07bdc5ad27c2ff29e1569795f9dfbd1b92919432e423ff4f9a35b77419d6a8540fc9431ca78e05e278bef5a21b1423a3c9f7c1e2bd16a1ecdfde51cfa4aef38e6afb92770bcefb5fcb277ccede1ddc8647db538661b3d10effa1b6f705ef1b74e5bea20b4f98421b7b4be4c5c6be101f5503a4ecaffae335ef565920d678ed5b41031122b21f9d9b7f270b95f94624a7ddc657c83d3722a8d01f321fd7f685fc74d61a4e1914dda6df4be639c4910c56a84c24a41b9ef07eee4083dd9a30a53a58b50186c12180da4186fe5845b6b325fd112378a82d53bee449bc9d4c2d4331a1323c69c99c778560fc2142d138b23000c5403156cd8223f07a73811ab5b81e287bd6ad95c2fefce002ac77a1ac74d5e868870f29277da69987652b0055b3072efab2fe56fe0fe287f7d51aa772b2e3ae77954a938be2792442e1ab2e6fc078d821c70222142568b6db9609f1db23e8a4a460b9fbbeb48469e6bf0acffd85af86e69535a95c02c30d5ad776002c48e19e134688780bbafaf81097358b0c8f63bcefb61d8f29aacb3dc1a485bb7343539387f1e83b9283674bdc0d7fe8bf86948439f4b4a20e2832c560c743e4c2d37eddbf341c47f71a93101a08a533e96601f98752531428944d88c836c7d7a082859a3120721afd99130e83f689720638e889ddf4a23228dc23e955ae67fe5447e134b63f4c72e5664d2ed8a7406568e08f3582661006cf5800615fc4a5ec88ef3361ea027d2a1a550ac3e017a212570cd145fcc2e1984e4fca28bf4110f33a5ac847fcd3605e546ee8ea49a7de5d4b599926a76028e9d5259db7fd6f908c7a8657d42f895380c88ac85cdc183f6b61172b966a41888ceae895eaf18cb8da8d1918411b297959a8abacf8c4cee15ca87048aae13ffe068dee23a9edc2b259aeb0595b7ed2633431067a999f915934aef1be5f360f0db726f24e8eb89adb8db535de6fd7c06678831d17e47c67cd22f047b92d8fba83a49a1285def4dfdf634408cb05ae73f24df76e7393d1e90d40c50bd388bb53e281b889084a1a19efdfa6be16aed1a621d964c1ac332b65765e7440ccc75ef44851409c458905127bd161bf98cb6a3681af073e3650f52d5ee691c347e86360c3aebae4a691b2485d68c57d09e269656b1efbfd3413d54c8d3e467c0bfa84669d0cc5e9cfd50b9c79171f8b6a5e66e8c6f66c0916083b8e8a464498aed3badd2f267fb56adb0953b9ebd0370f941d796abffa81722d502c8d1e9d844802f4197067598b2394dddf76641f9c2ec0403bd379e8f712668b98e1121a27888b227104875999cd562fa9833458879652bfeffabc6bbb5c354dc36ad91354ccb5050d69b28b562a72bbf277f96bd1d5dc6408329f6f850a96762a6aebf2a7b5bacbbc032be8b29c453867a47094289f6b8aa38f85051fc4d4478a02af664b3250a396583001a7971cfa6f5a4931e32e7bfb7b4c3f7be3bc5f91ba46554773b9102dbd4aba4344c6fe87bd050f79175d7918d57bc137cde33a884bba63a1adf6e7e71ba783eb1fe689b23d3ad18627b0b229c0d982631308a88c4bf1e2079eb0fcc486ef864e7c6a75cce17b133577fa88d62807398b8a795ae2bb7610f8b17cfc56ff11b8ffc4aa316e612fc76955dc44e66467c4d632657d4cac3cc1bda8c2c6207915a89f76bf1fd61c156ba8720bb8048601cd1221f6996e6f04e44b842e00a4487cd59501a65db1f6ade7f22ba5d7ee8e67125e284eef41ad5f2069a48cc71c621eb08d832ef8592874199c5c03249d3ee03422535c2be6919c43724277d56a885ab67753ae8d7f1317b7e534bb1a111a0edb5d298c1374c7824a80fb00ae268f2fd641f1b2a12f712d9a5e027957941ffb4218c6d8a8e7950dca0b4c9018dcfb67244a30080d54781b5111c85cd89e08f51c55975301ff389baf2242ef0fb662122a2eb89c1dcaf82d6391906a1b235635e6c484cd5fa32bc80ce68d505df9a9c6b21e222c3b9330243b8e02a3e661c20e0da633d88f7debaf6643654050ab73613dbea6176109b5c35c4d280739aee77f81a1b58efa9e606259f45745b69523bc81828cfcfffd185ad51b4b183b7a1ef86757172ef67a4f153b7c3a3e99f15ef5b09d81cd1ccec8016ecc9864ccf2efdbf7a79ff9ba814a4a9e3124d735a591c649cdefa98bd569c5f4db18a537c55544c671d398ec50d9fc2b1ca1f9b0278acc9a21779c3815fcb0ee1c66c774b6591e8f6b5c9828db8a5d104213cd4513974be404a50c11009c15a1e2aaa81abc6c706c341f145f975717819c4429007ee648f6c3fca45d714981cd9240beea8b02a19e0ddb083dc8115d64d75ab087c87e00792b8b83551ca82b311444067923656b0e70015ca4775da3d5e984ea8af20955f92d9cbd9acca8cd258df4276a118505d440b74e93bd0b97caeb0e24dbb09e7dbdfe0c3b4bdc0983a7d1eee02bee9c5d381bfbd7dfbb6329539698477f3a8bc7f82c01588d679a167e91487f150e5923cbf3030f09c8fb89cf178f5e953618887b7e56afdfd6a6b5e3003cecdbcba76ed86bc48907fada5e0178f9194970323ae9c818215ae2feb1ee56b289d83e8e9d2ab27056ede5651d2a92a93dd3d6c519ac128a44f1414f93e96c55485a73f3cb7e4750d0f2a2acef87e46a7012a30712f7cfe2ac9372af0efcb6475e3a1a8db1961040002915038412b892eee569aae8f38fb07c27aef5bbab7750a244a7c3b0193004246afa1a72368db45cd3649a89b54e880ea12c92beb59e366d7893f725bb8080aebcd35857ff686d03eddc33af248cecc5198bda6f395b55294821f6853232cb5bde67a4166a35224cd9c5b54e6b5a38376b1fdfaeb7563a8ea93148997e2bf490c67916f059e3e1992a986f96d2720a6418cf8c57d6e72eb90d7ca59a3a20fd414e404900aa4a45f381ff7828e15558b4862055bf795c9134836878999200e71e9ba9f83a2e28955c7b37244f3abc8f9d15a5e6c3d9b2f76620b3b2bcb13c0c44c63b9bddd51e339aedfc3a4d995df0eca66c6891ca9099923577e7cd84cb58cf0d6d6eda2baeb00775c4e717e31dbc881615d5f1a0898017954e882a444017e947b1fc05fdcf4495c5dbe3b7b4ce4c1535070fbc64d135df094fe4f6cdd452e7a5f844145af9b746dc5eecede9a834de1ff65525ea3017478ee08dc1bcff852a9d2ad94f46840bdcf1b6226fb0cdb620787692e52aae3b9b703f30b3ce6ca6dcaeb8b3a5884c30c570b29741c70ad99f5d7f463c7e5e1b4bbaafae33e789c0ae1114674732d50c0a799bfa6388365c392d47c3e0d2992a61d21e4ca034ed3d386fe959a94601a4007f1f2060b59359747635b076db7697ba5ad45af0423dbb9966113fa5eb59118cac394c2e2b17ebec1b7ce18ede120b1f56956b12a95de708e780ba7a1ac3a9e31267a2c195acfcb3b20c2f5d20de288846045211da53649a6d8b23008449b763fe6a58243cde95093a9755e5725307af09c997520f159f4ec7d1e687a0cf5148721062ecc6b080f65a550730da9257f1515a10830e29b85de3138a77ee8d2f0cb129c971417d7bbcd982d684b697364084c5764bafb4e2211a82e8c962eefb1f000ac8f5f2567b580931676943cea9b95977d842c247a98672b5c73594eb51f927ee5ec2b0c45eda29fb83a092880e542c60113ca653923aa0c16e2e1604e5f437876cb7fa7d1498584f8800ff80804d41c7b89e9cba341fed8d260a6abd0fc242ba6b3d624c91c468e269069d0a121f0951c3765f18693a2c547d9bc924058d0ecece5c7802126d293d3033d6bbf83d4b8b0144d27cbb985dba465d75b62a93bf7a438cce59f", @ANYRES64=r1])

1.986306007s ago: executing program 4 (id=3110):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x80, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000080)={0x50, 0x0, r1, {0x7, 0x29, 0x9, 0xffffffff9080edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.923756242s ago: executing program 5 (id=3111):
r0 = socket$rds(0x15, 0x5, 0x0)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f00000002c0)=@generic={0x0, 0x6})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x621e81, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x66002, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r2, 0x2000)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c000180140003"], 0xe4}}, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
pipe(0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x6)
r4 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000000314010000fd0000000000000900020073797a320000000008004100736977001400000000129a699d0765865a15fa52fea715e682d597f38800"/84], 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r6, &(0x7f0000000340)="07000000010001", 0x7)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
mmap(&(0x7f00001fd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0xd0f01000)
socket$rds(0x15, 0x5, 0x0) (async)
ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f00000002c0)=@generic={0x0, 0x6}) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x621e81, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x66002, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r2, 0x2000) (async)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000000000000000a000000d00001800c000280050001000000000014000180080001000000000008000200000000002c000180140003"], 0xe4}}, 0x0) (async)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) (async)
pipe(0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) (async)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
ioctl$TUNSETLINK(r3, 0x400454cd, 0x6) (async)
socket$netlink(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000000314010000fd0000000000000900020073797a320000000008004100736977001400000000129a699d0765865a15fa52fea715e682d597f38800"/84], 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x100) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) (async)
write(r6, &(0x7f0000000340)="07000000010001", 0x7) (async)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) (async)
mmap(&(0x7f00001fd000/0x2000)=nil, 0x2000, 0x1000000, 0x13, r1, 0xd0f01000) (async)

1.829984845s ago: executing program 4 (id=3112):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r1, 0x40405515, &(0x7f0000000000)={0x1, 0x6, 0x3, 0x401, '\x00', 0x3})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @hyper, 0x0, 0x0, 0x5e})
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, 0x0, &(0x7f0000000100)=0x56)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$F2FS_IOC_COMPRESS_FILE(r0, 0xf518, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000180)={{@hyper, 0x2}, @my=0x0, 0xe, 0x0, 0x5e, 0xfffffffffffffff9})

1.80615044s ago: executing program 5 (id=3113):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='hybla\x00', 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
pwritev(r2, &(0x7f0000000a00), 0x1046, 0x1000, 0x10)
r3 = dup2(r0, r1)
sendmmsg$inet(r3, &(0x7f0000001300), 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendto$inet(r3, &(0x7f0000001600)='\t', 0x1, 0x11, 0x0, 0x0) (fail_nth: 2)

1.696005064s ago: executing program 4 (id=3114):
r0 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000340)=0x1, 0x4)
sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x2, {{0x2, 0x1}, 0x3}}, 0x80, 0x0}, 0x20000001)

1.675738687s ago: executing program 4 (id=3115):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0x8900, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'das16m1\x00', [0x4f27, 0x7, 0x4d34a271, 0x2, 0x1, 0xcc7, 0x44, 0x1, 0xe, 0x4, 0x4, 0x1, 0x1, 0x1, 0x6, 0x10000105, 0x0, 0x1a451, 0x2, 0x3fff7fff, 0x89, 0x10, 0x1, 0x20001e58, 0x8001, 0xe69, 0x3c, 0x1, 0x6, 0x0, 0xfffffff8]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0xb0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x71c}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xfffffff9}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x35e}]}]}, 0xb0}}, 0x8040)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x22052, r0, 0x93771000)

1.102348425s ago: executing program 6 (id=3116):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'vlan0\x00', <r1=>0x0})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
connect$bt_sco(r2, &(0x7f0000000040)={0x1f, @none}, 0x8)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x163640, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
sendto$packet(r0, &(0x7f00000000c0)="3f031c00eee8140006001e00892f", 0xe, 0xc044, &(0x7f0000000540)={0xc9, 0x7, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

1.102144185s ago: executing program 5 (id=3117):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000280)={0x1, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000100)="f3a50f09cbd0640f01c4660f38817ac5baf80c66b814370f8766efbafc0cb000ef0f01c40f07568000048e3665660ff5649ff082622463baf80c66b8b8ba8a8966efbafc0cec8ed8", 0x48}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x61, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

995.835506ms ago: executing program 4 (id=3118):
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x190)
fcntl$setlease(r0, 0x400, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/4\x00')
read$FUSE(r1, &(0x7f0000000480)={0x2020}, 0x2020)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0)
mmap(&(0x7f00002a7000/0x3000)=nil, 0x3000, 0x500000e, 0x4008032, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000000)={0x0, 0x9, 0x0, 0x0, 0x10, 0x8000})
r4 = socket(0x2d, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r4, &(0x7f0000000080)={&(0x7f0000000000)={0x2d, 0x0, 0x20, 0x100}, 0xc, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0xc0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r6)
r7 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
setsockopt$llc_int(r7, 0x10c, 0x3, &(0x7f0000000040)=0x2, 0x4)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000002c0)=ANY=[], 0x20}}, 0x20000000)
ioctl$F2FS_IOC_MOVE_RANGE(r5, 0x541b, 0x0)
r8 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r8, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r8, 0x6, 0x21, &(0x7f00000000c0)="89d36b40f2b658396380d5ae3ba566f4", 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000024c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01040000000000000000010000000900010073797a30000000000900030073797aa5d2935b4dadd2c14f9ac357cb25aafb310000000054000000060af30400000000000000000100000008000b40000000002c000480280001800b00010064796e7365740000180002800900010073797a32000000000800034000000000000000140000001100010000000000000000000000000a000000000000000000"], 0xc8}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000380)=""/172, &(0x7f0000000140)=0xac)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)

925.724964ms ago: executing program 6 (id=3119):
syz_usb_connect$uac1(0x3, 0xbe, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xac, 0x3, 0x1, 0x7, 0x190, 0xf1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xffff, 0xa}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xb1, 0x9, 0x3}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x3e, 0x4, 0x0, 0x1, "d18d0051ff750cdd"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x93, 0x9, 0x7, {0x7, 0x25, 0x1, 0x3, 0x40, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x40, 0x2, 0x4, 0x19, "c446b12861"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x8, 0x3, 0x6, 0x0, "12d4"}, @format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x7, 0x1, 0x1}, @format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x7f, 0x19, 0x81, "73ac6a"}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x3ff, 0x0, 0x2, "addd"}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x2, 0x8, 0x2, {0x7, 0x25, 0x1, 0x1, 0xb9, 0x7}}}}}}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x200, 0xc, 0x9, 0x9, 0x40, 0xbe}, 0x28, &(0x7f0000000140)={0x5, 0xf, 0x28, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x0, 0x8, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x6, 0x7, 0xfff}, @wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x7, 0xa, 0x0, 0x2}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0xc, 0x3, 0x4}]}, 0x3, [{0xa4, &(0x7f0000000180)=@string={0xa4, 0x3, "6847b7811df169c723aaa739aa77f7c36ad1a092b101d627d0a9635d8f0e26ba766ce0238391c9486dbed555853eb7598045f910838e90820e1b32abeb0528f80816f1fd4194e12f698adfb04f655cad361f87c4f701bad12abd6f2d51fd2e75e44a6fbc7fc0a00f3475b33788fc1ae40379589b57405d764d283c9ee7c1786182b8877eb1e20db9eaa0ae0ec69088f7efda76d66bdc639f568e94f6af14cf5e6048"}}, {0x8e, &(0x7f0000000240)=@string={0x8e, 0x3, "5449665ff25f2a2edf761453bea2787eb84b175b1cfd791bfb61f3ce8f644674aa8b2135c95aa56cbf1a94ef5eed883f8d2586b515b1f4d7f6710024eae2d068a0bf238d85f2ba48ff455b432cbc2e0faaba3e08d376420024a003dfb0d93db4c330a440467b79372cb2dcb6ca7d5854facb7f6e1446175653dd58cdbef96eaa0fee95ef1486f175747c5c03"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x405}}]})
syz_emit_vhci(&(0x7f0000000600)=ANY=[@ANYBLOB="041817aaaaaaaaaa105c"], 0x1a)
syz_emit_vhci(&(0x7f0000000380)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x6a}, "f11a8393592f9ec01cd83208a03b90292ca00a6afb0aa8221d43de11a8c0bb5427439d4b5449503896b6736f55e556653905c65a8476833d89989bac77c58036743f09ada6ed810ea8c8f1ce110b293fb4898a7ec9fb9d8ad7e3a3616df411681bb868ba478b7078d6ec"}, 0x6e)

886.026959ms ago: executing program 5 (id=3120):
r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x2, 0x200)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000040))
ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f0000000080)) (async)
madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1) (async)
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x64)
setsockopt$MRT_ASSERT(r1, 0x0, 0xcf, &(0x7f0000000100), 0x4) (async)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/netfilter\x00')
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x9) (async)
ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f0000000180)={0x4, 0x7}) (async)
ioctl$SG_SET_COMMAND_Q(r2, 0x2271, &(0x7f00000001c0)=0x1)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/keys\x00', 0x0, 0x0)
ioctl$KVM_CAP_MEMORY_FAULT_INFO(r3, 0x4068aea3, &(0x7f0000000240)) (async)
ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000002c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x2}) (async)
ioctl$TIOCMBIC(r1, 0x5417, &(0x7f0000000300)=0x2) (async)
ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000340)) (async)
read$FUSE(r1, &(0x7f0000000380)={0x2020, 0x0, <r4=>0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f00000023c0)={0x50, 0x0, r4, {0x7, 0x2b, 0x140, 0x12000000, 0x0, 0x3e4d, 0x1, 0x4, 0x0, 0x0, 0x80, 0x21e}}, 0x50) (async)
ioctl$KVM_CAP_HYPERV_SYNIC(r1, 0x4068aea3, &(0x7f0000002440))
r6 = open(&(0x7f00000024c0)='./file0\x00', 0x200, 0x1) (async)
r7 = syz_open_dev$sg(&(0x7f0000002500), 0xc4b0, 0x400)
ioctl$SG_BLKTRACETEARDOWN(r7, 0x1276, 0x0)
ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f0000002540)) (async)
r8 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000002580), 0x1, 0x0)
close_range(r2, r8, 0x0)
sendto$netrom(r0, &(0x7f00000025c0), 0x0, 0x4000840, 0x0, 0x0) (async)
ioctl$TIOCSPGRP(r6, 0x5410, &(0x7f0000002600)=r5)
ioctl$EXT4_IOC_GETFSUUID(r8, 0x8008662c, &(0x7f0000002640)) (async)
mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000, 0x7, &(0x7f0000ffc000/0x2000)=nil)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000002680))

783.880509ms ago: executing program 5 (id=3121):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_disconnect(r0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCGICOUNT(r1, 0x545d, 0x0)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB='\x00\f\x00\b'], 0x0, 0x0, 0x0, 0x0})

77.938325ms ago: executing program 4 (id=3122):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x14d342, 0x0)
sendfile(r0, r0, 0x0, 0x7ffff000)
ioprio_set$pid(0x2, 0x0, 0x0)

0s ago: executing program 5 (id=3123):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40186f40, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000100)={0xb1a1, 0x7})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a039d9d1e863b5432da00070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d08000c40000000080800034000000110"], 0x94}}, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xe, 0xa, 0x301, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}}, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x20000000008)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
writev(r3, &(0x7f0000019880)=[{&(0x7f0000000400)="fa", 0xffffffffffffff4e}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d243090000000000000098d026438b65eda8341073b6752ac37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aae75caf2facafa21c25be3c200"/127, 0x7f}], 0x2)
poll(&(0x7f0000002100)=[{r3, 0x400}], 0x1, 0x2)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x100080, 0x0)
ioctl$TIOCSSOFTCAR(r4, 0x5453, 0x0)
r5 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000140)=ANY=[@ANYRES64=r1, @ANYRES16=r3, @ANYRESDEC=r4, @ANYRESDEC=r1, @ANYRES8=r1, @ANYRES64=r0, @ANYRES8=r0], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f0000000340)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='@#E'], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x80)
ioctl$KDGETKEYCODE(r0, 0x4b4c, &(0x7f0000000080)={0x360, 0x4})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r7 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000780)=ANY=[@ANYRESHEX=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r7, 0x82, 0xfffffffffffffe67, &(0x7f0000000040)=ANY=[])
syz_usb_control_io$cdc_ncm(r7, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0xc4c}}, './file0\x00'})
socket$inet_sctp(0x2, 0x5, 0x84)
r8 = dup(r6)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="90010000090605000000000000000000020000013c0007800c001b4000000000000000091800028014000240fe8000000000000000000000000000aa060005404e2000000c00194000000000000000000800094000000006480008801c0007801800018014000240fe8000000000000000000000000000bb0c000780060005404e230000100007800c00168008000140e00000020c00078008000b4000000004050001000700000008000940000002000500010007000000480007800800064000001000080009400099b05646630c16730000001400170067656e65766530000000000000000000060005404e230000060005404e2400000800094000000006380008800c000780060005404e210000100007800900120073797a31000000000c000780060004404e2100000c00078008000640000000070900020073797a32000000004c000880140007800e001a002f6465762f70746d780000000c00078006001d40000000000c0007800500030007000000100007800900120073797a30000000000c000780080006400000000428edd95788133b88fd232b54660699675e096d4539b315471c179f3894a56c07e01d3b6f791390b4351b2c8ebce0275a6d23bf827e78dc0fad32b76c169030e711e079a428a997953a4dfffbaaffa4d414f0e644c4ca6c2d198fd08324fa6f0de31fe571633593ff82e87f7ab6b10d8a1c71a9a738ae9c9c3326ce5dd2712e"], 0x190}, 0x1, 0x0, 0x0, 0x4040001}, 0x20004010)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)

kernel console output (not intermixed with test programs):

loop6: unable to read RDB block 7
[  633.563215][ T5219]  loop6: unable to read partition table
[  633.571861][ T5892] usb 5-1: config 95 has an invalid descriptor of length 120, skipping remainder of the config
[  633.584606][ T5219] loop6: partition table beyond EOD, truncated
[  633.594423][ T5892] usb 5-1: config 95 has 0 interfaces, different from the descriptor's value: 236
[  633.622186][ T5892] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  633.636007][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.648701][ T5219] Dev loop6: unable to read RDB block 7
[  633.654390][ T5219]  loop6: unable to read partition table
[  633.660677][ T5219] loop6: partition table beyond EOD, truncated
[  633.669223][ T5892] usb 5-1: Product: syz
[  633.673632][ T5892] usb 5-1: Manufacturer: syz
[  633.678343][ T5892] usb 5-1: SerialNumber: syz
[  633.878874][ T5964] usb 6-1: string descriptor 0 read error: -110
[  633.892558][ T5964] gspca_main: vc032x-2.14.0 probing 046d:0892
[  633.903507][T14366] 9pnet_fd: Insufficient options for proto=fd
[  633.910620][ T5964] gspca_vc032x: reg_r err -32
[  633.915469][ T5964] vc032x 6-1:0.48: probe with driver vc032x failed with error -32
[  633.978632][   T24] usb 7-1: new high-speed USB device number 76 using dummy_hcd
[  634.050900][ T5892] usb 5-1: USB disconnect, device number 14
[  634.138486][   T24] usb 7-1: Using ep0 maxpacket: 32
[  634.150111][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  634.168363][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  634.189584][   T24] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  634.204853][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.240410][   T24] usb 7-1: config 0 descriptor??
[  634.259596][   T24] hub 7-1:0.0: USB hub found
[  634.343095][T14403] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  634.353993][T14403] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  634.354903][T14402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  634.371685][T14402] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  634.461452][   T24] hub 7-1:0.0: 31 ports detected
[  634.466935][   T24] hub 7-1:0.0: insufficient power available to use all downstream ports
[  634.568170][ T5892] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  634.729340][ T5892] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  634.740705][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.749204][ T5892] usb 5-1: Product: syz
[  634.753732][ T5892] usb 5-1: Manufacturer: syz
[  634.759256][ T5892] usb 5-1: SerialNumber: syz
[  634.769553][ T5892] usb 5-1: config 0 descriptor??
[  634.990795][ T5892] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  635.207277][T14400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  635.252923][T14400] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  635.651365][T14427] /dev/rnullb0: Can't open blockdev
[  635.677695][ T5892] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  635.926562][T14432] /dev/rnullb0: Can't open blockdev
[  636.071399][ T5892] hub 7-1:0.0: hub_ext_port_status failed (err = -32)
[  636.227751][ T5854] usb 7-1: USB disconnect, device number 76
[  636.297865][T14441] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  636.307081][T14441] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  636.316944][T14441] syzkaller1: entered promiscuous mode
[  636.324270][T14441] syzkaller1: entered allmulticast mode
[  637.251645][ T5892] usb 5-1: USB disconnect, device number 15
[  637.616728][ T5892] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  637.780208][ T5892] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  637.806566][ T5892] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  637.824352][ T5892] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  637.848219][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.874774][ T5892] usb 5-1: config 0 descriptor??
[  637.902013][ T5892] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  638.121141][T14490] FAULT_INJECTION: forcing a failure.
[  638.121141][T14490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  638.142744][T14490] CPU: 1 UID: 0 PID: 14490 Comm: syz.5.2556 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  638.142777][T14490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  638.142792][T14490] Call Trace:
[  638.142800][T14490]  <TASK>
[  638.142810][T14490]  dump_stack_lvl+0x189/0x250
[  638.142847][T14490]  ? __pfx____ratelimit+0x10/0x10
[  638.142878][T14490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  638.142907][T14490]  ? __pfx__printk+0x10/0x10
[  638.142949][T14490]  should_fail_ex+0x414/0x560
[  638.142981][T14490]  strncpy_from_user+0x36/0x290
[  638.143013][T14490]  getname_flags+0xf3/0x540
[  638.143038][T14490]  user_path_at+0x24/0x60
[  638.143062][T14490]  __se_sys_chdir+0x91/0x280
[  638.143102][T14490]  ? __pfx___se_sys_chdir+0x10/0x10
[  638.143144][T14490]  ? do_syscall_64+0xbe/0x3b0
[  638.143179][T14490]  do_syscall_64+0xfa/0x3b0
[  638.143209][T14490]  ? lockdep_hardirqs_on+0x9c/0x150
[  638.143239][T14490]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.143259][T14490]  ? clear_bhb_loop+0x60/0xb0
[  638.143286][T14490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.143306][T14490] RIP: 0033:0x7fe639d8e9a9
[  638.143326][T14490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  638.143344][T14490] RSP: 002b:00007fe63ac2a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000050
[  638.143366][T14490] RAX: ffffffffffffffda RBX: 00007fe639fb6160 RCX: 00007fe639d8e9a9
[  638.143382][T14490] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[  638.143395][T14490] RBP: 00007fe63ac2a090 R08: 0000000000000000 R09: 0000000000000000
[  638.143409][T14490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  638.143421][T14490] R13: 0000000000000001 R14: 00007fe639fb6160 R15: 00007ffff2d42eb8
[  638.143452][T14490]  </TASK>
[  638.945225][T14507] /dev/rnullb0: Can't open blockdev
[  639.020877][T14511] random: crng reseeded on system resumption
[  639.070029][T14514] cgroup: Need name or subsystem set
[  639.082159][T14511] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  639.096898][T14514] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  640.315600][   T24] usb 7-1: new high-speed USB device number 77 using dummy_hcd
[  640.343418][ T5854] usb 5-1: USB disconnect, device number 16
[  640.449377][T14559] /dev/rnullb0: Can't open blockdev
[  640.488358][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  640.501367][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  640.514365][   T24] usb 7-1: New USB device found, idVendor=1223, idProduct=0107, bcdDevice= 0.00
[  640.529825][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.545493][   T24] usb 7-1: config 0 descriptor??
[  640.732149][T14566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  640.747796][T14566] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  640.765268][ T5854] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  640.924962][ T5854] usb 5-1: Using ep0 maxpacket: 8
[  640.934064][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  640.948159][ T5854] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  640.962133][ T5854] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  640.963701][   T24] hid (null): unknown global tag 0xc
[  640.985006][ T5854] usb 5-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  640.994709][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  640.996628][   T24] hid (null): usage index exceeded
[  641.014330][ T5854] usb 5-1: config 0 descriptor??
[  641.035054][   T24] hid (null): usage index exceeded
[  641.040243][   T24] hid (null): unknown global tag 0xc
[  641.055600][   T24] hid (null): invalid report_size 1078742164
[  641.062723][   T24] hid (null): unknown global tag 0xc
[  641.077495][   T24] hid-generic 0003:1223:0107.005E: unknown global tag 0xc
[  641.087145][   T24] hid-generic 0003:1223:0107.005E: item 0 1 1 12 parsing failed
[  641.099754][   T24] hid-generic 0003:1223:0107.005E: probe with driver hid-generic failed with error -22
[  641.436509][ T5854] usbhid 5-1:0.0: can't add hid device: -71
[  641.449628][T14583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  641.458598][ T5854] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  641.480507][T14583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  641.492837][ T5854] usb 5-1: USB disconnect, device number 17
[  641.531608][T14583] netlink: 72 bytes leftover after parsing attributes in process `syz.5.2571'.
[  642.152155][T14607] /dev/rnullb0: Can't open blockdev
[  642.568265][T14625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  642.575825][T14621] /dev/rnullb0: Can't open blockdev
[  642.584852][T14625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  642.944123][ T5892] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  643.087718][   T24] usb 7-1: USB disconnect, device number 77
[  643.093883][ T5892] usb 5-1: Using ep0 maxpacket: 32
[  643.117680][ T5892] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  643.136220][ T5892] usb 5-1: config 0 has no interface number 0
[  643.148472][ T5892] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  643.170323][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.190997][ T5892] usb 5-1: Product: syz
[  643.202077][ T5892] usb 5-1: Manufacturer: syz
[  643.214070][ T5892] usb 5-1: SerialNumber: syz
[  643.237098][T14634] /dev/rnullb0: Can't open blockdev
[  643.243764][ T5892] usb 5-1: config 0 descriptor??
[  643.260148][T14636] IPVS: dh: UDP 224.0.0.2:0 - no destination available
[  643.289101][ T5892] smsc95xx v2.0.0
[  643.372466][T14640] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2583'.
[  643.512375][T14646] ufs: You didn't specify the type of your ufs filesystem
[  643.512375][T14646] 
[  643.512375][T14646] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  643.512375][T14646] 
[  643.512375][T14646] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  643.548244][T14646] ufs: ufstype=old is supported read-only
[  643.558392][T14646] syz.0.2586: attempt to access beyond end of device
[  643.558392][T14646] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0
[  643.584073][T14646] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2586'.
[  643.593316][T14646] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2586'.
[  643.613928][   T24] usb 7-1: new high-speed USB device number 78 using dummy_hcd
[  643.664561][ T5892] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  643.678376][ T5892] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  643.781896][T14651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.793672][   T24] usb 7-1: Using ep0 maxpacket: 8
[  643.799335][T14651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.805823][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  643.818906][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  643.831865][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  643.832745][T14653] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2588'.
[  643.845636][   T24] usb 7-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  643.866586][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.885276][   T24] usb 7-1: config 0 descriptor??
[  644.296949][   T24] usbhid 7-1:0.0: can't add hid device: -71
[  644.306574][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  644.317915][   T24] usb 7-1: USB disconnect, device number 78
[  644.454306][T14659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.466543][T14659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  645.049910][T14667] /dev/rnullb0: Can't open blockdev
[  645.274683][T14669] /dev/rnullb0: Can't open blockdev
[  645.524059][ T5919] usb 7-1: new full-speed USB device number 79 using dummy_hcd
[  645.704075][ T5919] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  645.717583][ T5919] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  645.734273][ T5919] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.748576][ T5919] usb 7-1: Product: syz
[  645.753216][ T5919] usb 7-1: Manufacturer: syz
[  645.757849][ T5919] usb 7-1: SerialNumber: syz
[  645.770746][ T5919] usb 7-1: config 0 descriptor??
[  646.022687][ T5919] usb 7-1: USB disconnect, device number 79
[  646.062004][ T8295] udevd[8295]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: Read-only file system
[  646.196451][T14678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.205556][T14678] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.893021][T14689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.905216][T14689] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  647.336936][ T5892] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000011c: -71
[  647.350039][ T5892] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  647.374009][ T5892] usb 5-1: USB disconnect, device number 18
[  647.440918][T14708] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2609'.
[  647.455112][T14708] netlink: 2 bytes leftover after parsing attributes in process `syz.6.2609'.
[  647.465697][T14708] batadv_slave_1: entered promiscuous mode
[  647.771846][   T24] usb 7-1: new high-speed USB device number 80 using dummy_hcd
[  647.924224][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  647.937395][   T24] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  647.948266][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.958873][   T24] usb 7-1: config 0 descriptor??
[  647.970948][   T24] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  647.991445][ T5919] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  648.141423][ T5919] usb 5-1: Using ep0 maxpacket: 8
[  648.167576][T14712] sctp: [Deprecated]: syz.4.2611 (pid 14712) Use of struct sctp_assoc_value in delayed_ack socket option.
[  648.167576][T14712] Use struct sctp_sack_info instead
[  648.190528][ T5919] usb 5-1: unable to get BOS descriptor or descriptor too short
[  648.205007][ T5919] usb 5-1: unable to read config index 0 descriptor/start: -71
[  648.212826][ T5919] usb 5-1: can't read configurations, error -71
[  649.437598][T14719] Invalid source name
[  649.442745][T14719] UBIFS error (pid: 14719): cannot open "./file0", error -22
[  649.909067][ T5859] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  649.975113][T14733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  649.991412][T14733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  650.320334][   T24] usb 5-1: new low-speed USB device number 21 using dummy_hcd
[  650.472462][   T24] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  650.482194][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.493176][   T24] usb 5-1: config 0 descriptor??
[  650.532405][   T10] usb 7-1: USB disconnect, device number 80
[  650.673088][T14750] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  650.680958][T14750] /dev/rnullb0: Can't open blockdev
[  651.052481][T14760] binder: 14759:14760 ioctl c0306201 0 returned -14
[  651.218269][T14768] overlayfs: failed lookup in lower (newroot/365, name='bus', err=-40): overlapping layers
[  651.339625][T14772] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  651.350577][T14772] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  651.399405][T14758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  651.415926][T14758] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  652.179406][ T5919] usb 7-1: new high-speed USB device number 81 using dummy_hcd
[  652.331018][ T5919] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  652.347799][ T5919] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  652.357605][ T5919] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.368911][ T5919] usb 7-1: config 0 descriptor??
[  652.384094][ T5919] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  652.949098][T14784] input: syz1 as /devices/virtual/input/input42
[  653.083074][T14784] /dev/rnullb0: Can't open blockdev
[  653.260593][   T24] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  653.275203][   T24] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  653.286200][   T24] asix 5-1:0.0: probe with driver asix failed with error -71
[  653.298309][   T24] usb 5-1: USB disconnect, device number 21
[  653.479635][T14794] /dev/rnullb0: Can't open blockdev
[  653.518099][T14796] /dev/rnullb0: Can't open blockdev
[  653.653554][T14805] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  653.664958][T14805] FAULT_INJECTION: forcing a failure.
[  653.664958][T14805] name failslab, interval 1, probability 0, space 0, times 0
[  653.682822][T14805] CPU: 0 UID: 0 PID: 14805 Comm: syz.5.2642 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  653.682859][T14805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  653.682873][T14805] Call Trace:
[  653.682883][T14805]  <TASK>
[  653.682891][T14805]  dump_stack_lvl+0x189/0x250
[  653.682917][T14805]  ? __pfx____ratelimit+0x10/0x10
[  653.682939][T14805]  ? __pfx_dump_stack_lvl+0x10/0x10
[  653.682960][T14805]  ? __pfx__printk+0x10/0x10
[  653.682985][T14805]  ? __pfx___might_resched+0x10/0x10
[  653.683003][T14805]  ? fs_reclaim_acquire+0x7d/0x100
[  653.683026][T14805]  should_fail_ex+0x414/0x560
[  653.683048][T14805]  should_failslab+0xa8/0x100
[  653.683067][T14805]  __kmalloc_cache_noprof+0x70/0x3d0
[  653.683084][T14805]  ? mock_domain_alloc_nested+0x234/0x3e0
[  653.683111][T14805]  mock_domain_alloc_nested+0x234/0x3e0
[  653.683130][T14805]  ? __pfx_mock_domain_alloc_nested+0x10/0x10
[  653.683148][T14805]  ? do_raw_spin_unlock+0x122/0x240
[  653.683175][T14805]  ? __pfx_mock_domain_alloc_nested+0x10/0x10
[  653.683196][T14805]  iommufd_hwpt_nested_alloc+0x302/0x4a0
[  653.683222][T14805]  iommufd_hwpt_alloc+0x4d0/0xb60
[  653.683243][T14805]  ? __pfx_iommufd_hwpt_alloc+0x10/0x10
[  653.683271][T14805]  iommufd_fops_ioctl+0x45e/0x580
[  653.683298][T14805]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  653.683324][T14805]  ? __fget_files+0x2a/0x420
[  653.683351][T14805]  ? __fget_files+0x2a/0x420
[  653.683375][T14805]  ? bpf_lsm_file_ioctl+0x9/0x20
[  653.683391][T14805]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  653.683413][T14805]  __se_sys_ioctl+0xf9/0x170
[  653.683433][T14805]  do_syscall_64+0xfa/0x3b0
[  653.683454][T14805]  ? lockdep_hardirqs_on+0x9c/0x150
[  653.683475][T14805]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.683489][T14805]  ? clear_bhb_loop+0x60/0xb0
[  653.683507][T14805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.683522][T14805] RIP: 0033:0x7fe639d8e9a9
[  653.683536][T14805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  653.683549][T14805] RSP: 002b:00007fe63ac6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  653.683565][T14805] RAX: ffffffffffffffda RBX: 00007fe639fb5fa0 RCX: 00007fe639d8e9a9
[  653.683576][T14805] RDX: 0000200000000200 RSI: 0000000000003b89 RDI: 0000000000000003
[  653.683586][T14805] RBP: 00007fe63ac6c090 R08: 0000000000000000 R09: 0000000000000000
[  653.683596][T14805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  653.683605][T14805] R13: 0000000000000000 R14: 00007fe639fb5fa0 R15: 00007ffff2d42eb8
[  653.683627][T14805]  </TASK>
[  653.942493][    C0] vkms_vblank_simulate: vblank timer overrun
[  654.018438][ T5919] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  654.022142][T14809] FAULT_INJECTION: forcing a failure.
[  654.022142][T14809] name failslab, interval 1, probability 0, space 0, times 0
[  654.042710][T14809] CPU: 0 UID: 0 PID: 14809 Comm: syz.5.2644 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  654.042740][T14809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  654.042759][T14809] Call Trace:
[  654.042768][T14809]  <TASK>
[  654.042778][T14809]  dump_stack_lvl+0x189/0x250
[  654.042812][T14809]  ? __pfx____ratelimit+0x10/0x10
[  654.042843][T14809]  ? __pfx_dump_stack_lvl+0x10/0x10
[  654.042872][T14809]  ? __pfx__printk+0x10/0x10
[  654.042909][T14809]  ? __pfx___might_resched+0x10/0x10
[  654.042933][T14809]  ? fs_reclaim_acquire+0x7d/0x100
[  654.042966][T14809]  should_fail_ex+0x414/0x560
[  654.042998][T14809]  should_failslab+0xa8/0x100
[  654.043024][T14809]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  654.043049][T14809]  ? __alloc_skb+0x112/0x2d0
[  654.043073][T14809]  __alloc_skb+0x112/0x2d0
[  654.043098][T14809]  netlink_ack+0x146/0xa50
[  654.043126][T14809]  ? __pfx_genl_rcv_msg+0x10/0x10
[  654.043148][T14809]  ? ref_tracker_free+0x63a/0x7d0
[  654.043174][T14809]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  654.043197][T14809]  ? __pfx_nl80211_post_doit+0x10/0x10
[  654.043223][T14809]  ? __pfx_ref_tracker_free+0x10/0x10
[  654.043263][T14809]  netlink_rcv_skb+0x28c/0x470
[  654.043294][T14809]  ? __pfx_genl_rcv_msg+0x10/0x10
[  654.043320][T14809]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  654.043370][T14809]  ? down_read+0x1ad/0x2e0
[  654.043393][T14809]  genl_rcv+0x28/0x40
[  654.043415][T14809]  netlink_unicast+0x759/0x8e0
[  654.043456][T14809]  netlink_sendmsg+0x805/0xb30
[  654.043498][T14809]  ? __pfx_netlink_sendmsg+0x10/0x10
[  654.043534][T14809]  ? aa_sock_msg_perm+0xf1/0x1d0
[  654.043568][T14809]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  654.043599][T14809]  ? __pfx_netlink_sendmsg+0x10/0x10
[  654.043632][T14809]  __sock_sendmsg+0x219/0x270
[  654.043664][T14809]  ____sys_sendmsg+0x505/0x830
[  654.043698][T14809]  ? __pfx_____sys_sendmsg+0x10/0x10
[  654.043732][T14809]  ? import_iovec+0x74/0xa0
[  654.043764][T14809]  ___sys_sendmsg+0x21f/0x2a0
[  654.043791][T14809]  ? __pfx____sys_sendmsg+0x10/0x10
[  654.043853][T14809]  ? __fget_files+0x2a/0x420
[  654.043883][T14809]  ? __fget_files+0x3a0/0x420
[  654.043925][T14809]  __x64_sys_sendmsg+0x19b/0x260
[  654.043952][T14809]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  654.043986][T14809]  ? __pfx_ksys_write+0x10/0x10
[  654.044020][T14809]  ? do_syscall_64+0xbe/0x3b0
[  654.044055][T14809]  do_syscall_64+0xfa/0x3b0
[  654.044084][T14809]  ? lockdep_hardirqs_on+0x9c/0x150
[  654.044113][T14809]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.044134][T14809]  ? clear_bhb_loop+0x60/0xb0
[  654.044160][T14809]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.044180][T14809] RIP: 0033:0x7fe639d8e9a9
[  654.044199][T14809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  654.044217][T14809] RSP: 002b:00007fe63ac6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  654.044238][T14809] RAX: ffffffffffffffda RBX: 00007fe639fb5fa0 RCX: 00007fe639d8e9a9
[  654.044254][T14809] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003
[  654.044267][T14809] RBP: 00007fe63ac6c090 R08: 0000000000000000 R09: 0000000000000000
[  654.044281][T14809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  654.044293][T14809] R13: 0000000000000000 R14: 00007fe639fb5fa0 R15: 00007ffff2d42eb8
[  654.044325][T14809]  </TASK>
[  654.375290][    C0] vkms_vblank_simulate: vblank timer overrun
[  654.438440][T14811] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2645'.
[  654.461226][ T5919] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  654.472672][ T5919] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  654.484168][ T5919] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  654.495434][ T5919] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  654.515272][ T5919] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  654.524548][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.532635][ T5919] usb 5-1: Product: syz
[  654.536826][ T5919] usb 5-1: Manufacturer: syz
[  654.541525][ T5919] usb 5-1: SerialNumber: syz
[  654.555131][T14801] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  654.653668][T14813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.662890][T14813] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  654.766706][T14801] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  654.774753][T14801] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  654.945032][   T24] usb 7-1: USB disconnect, device number 81
[  655.010076][T14815] /dev/rnullb0: Can't open blockdev
[  655.205832][   T30] audit: type=1326 audit(1540.593:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14819 comm="syz.6.2649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29d9d8e9a9 code=0x0
[  655.236095][ T5919] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[  655.256540][ T5919] cdc_ncm 5-1:1.0: bind() failure
[  655.272240][ T5919] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  655.284317][ T5919] cdc_ncm 5-1:1.1: bind() failure
[  655.538572][   T24] usb 7-1: new high-speed USB device number 82 using dummy_hcd
[  656.561082][   T24] usb 7-1: Using ep0 maxpacket: 32
[  656.571988][   T24] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  656.591580][   T24] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  656.601468][   T24] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  656.610160][   T24] usb 7-1: Product: syz
[  656.614569][   T24] usb 7-1: Manufacturer: syz
[  656.620261][   T24] usb 7-1: SerialNumber: syz
[  656.627722][   T24] usb 7-1: config 0 descriptor??
[  656.636036][T14823] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22
[  656.646611][   T24] hub 7-1:0.0: bad descriptor, ignoring hub
[  656.649210][   T10] usb 5-1: USB disconnect, device number 22
[  656.652815][   T24] hub 7-1:0.0: probe with driver hub failed with error -5
[  657.168860][   T10] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  657.329824][   T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  657.343242][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.368980][   T10] usb 5-1: config 0 descriptor??
[  657.400693][T14847] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2659'.
[  657.714113][   T44] usb 7-1: USB disconnect, device number 82
[  657.793378][   T10] ath6kl: Failed to read usb control message: -71
[  657.803060][   T10] ath6kl: Unable to read the bmi data from the device: -71
[  657.814941][   T10] ath6kl: Unable to recv target info: -71
[  657.836511][   T10] ath6kl: Failed to init ath6kl core: -71
[  657.845843][   T10] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  657.862448][   T10] usb 5-1: USB disconnect, device number 23
[  657.900275][T14850] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2660'.
[  658.120978][T14860] /dev/rnullb0: Can't open blockdev
[  658.131675][T14860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  658.141039][T14860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.650757][T14868] FAULT_INJECTION: forcing a failure.
[  658.650757][T14868] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  658.667051][T14868] CPU: 0 UID: 0 PID: 14868 Comm: syz.4.2668 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  658.667083][T14868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  658.667097][T14868] Call Trace:
[  658.667106][T14868]  <TASK>
[  658.667115][T14868]  dump_stack_lvl+0x189/0x250
[  658.667151][T14868]  ? __pfx____ratelimit+0x10/0x10
[  658.667183][T14868]  ? __pfx_dump_stack_lvl+0x10/0x10
[  658.667213][T14868]  ? __pfx__printk+0x10/0x10
[  658.667242][T14868]  ? __might_fault+0xb0/0x130
[  658.667278][T14868]  should_fail_ex+0x414/0x560
[  658.667311][T14868]  _copy_from_iter+0x1db/0x16f0
[  658.667335][T14868]  ? __lock_acquire+0xab9/0xd20
[  658.667364][T14868]  ? __pfx__copy_from_iter+0x10/0x10
[  658.667424][T14868]  tun_get_user+0x219/0x3e20
[  658.667465][T14868]  ? aa_file_perm+0x13e/0x11b0
[  658.667487][T14868]  ? aa_file_perm+0x3ed/0x11b0
[  658.667506][T14868]  ? __pfx_tun_get_user+0x10/0x10
[  658.667528][T14868]  ? _parse_integer_limit+0x1ae/0x1f0
[  658.667567][T14868]  ? __lock_acquire+0xab9/0xd20
[  658.667597][T14868]  ? ref_tracker_alloc+0x318/0x460
[  658.667625][T14868]  ? __lock_acquire+0xab9/0xd20
[  658.667650][T14868]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  658.667685][T14868]  ? tun_get+0x1c/0x2f0
[  658.667713][T14868]  ? tun_get+0x1c/0x2f0
[  658.667733][T14868]  ? tun_get+0x1c/0x2f0
[  658.667761][T14868]  tun_chr_write_iter+0x113/0x200
[  658.667786][T14868]  vfs_write+0x54b/0xa90
[  658.667818][T14868]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  658.667842][T14868]  ? __pfx_vfs_write+0x10/0x10
[  658.667880][T14868]  ? __fget_files+0x2a/0x420
[  658.667921][T14868]  ksys_write+0x145/0x250
[  658.667950][T14868]  ? __pfx_ksys_write+0x10/0x10
[  658.667975][T14868]  ? rcu_is_watching+0x15/0xb0
[  658.668007][T14868]  ? do_syscall_64+0xbe/0x3b0
[  658.668043][T14868]  do_syscall_64+0xfa/0x3b0
[  658.668076][T14868]  ? lockdep_hardirqs_on+0x9c/0x150
[  658.668105][T14868]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.668126][T14868]  ? clear_bhb_loop+0x60/0xb0
[  658.668152][T14868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.668172][T14868] RIP: 0033:0x7f1eddf8e9a9
[  658.668191][T14868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.668210][T14868] RSP: 002b:00007f1eded9f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  658.668232][T14868] RAX: ffffffffffffffda RBX: 00007f1ede1b5fa0 RCX: 00007f1eddf8e9a9
[  658.668248][T14868] RDX: 0000000000000036 RSI: 0000200000000100 RDI: 0000000000000003
[  658.668262][T14868] RBP: 00007f1eded9f090 R08: 0000000000000000 R09: 0000000000000000
[  658.668275][T14868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  658.668287][T14868] R13: 0000000000000000 R14: 00007f1ede1b5fa0 R15: 00007ffeddda8e38
[  658.668319][T14868]  </TASK>
[  658.983543][T14870] afs: Unknown parameter 'fowner'
[  659.003745][T14870] netlink: 92 bytes leftover after parsing attributes in process `syz.5.2669'.
[  659.022610][T14870] /dev/rnullb0: Can't open blockdev
[  659.196528][T14878] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2671'.
[  659.282355][T14880] /dev/rnullb0: Can't open blockdev
[  659.605706][   T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  659.694869][T14891] /dev/rnullb0: Can't open blockdev
[  659.788542][   T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  659.797927][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.816689][   T10] usb 5-1: config 0 descriptor??
[  659.826519][T14895] /dev/rnullb0: Can't open blockdev
[  659.854072][T14895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  659.885705][T14895] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  660.240791][   T10] ath6kl: Failed to read usb control message: -71
[  660.248702][   T10] ath6kl: Unable to read the bmi data from the device: -71
[  660.263896][   T10] ath6kl: Unable to recv target info: -71
[  660.283728][   T10] ath6kl: Failed to init ath6kl core: -71
[  660.294937][   T10] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  660.340068][   T10] usb 5-1: USB disconnect, device number 24
[  660.485396][   T44] usb 7-1: new high-speed USB device number 83 using dummy_hcd
[  660.581646][T14914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  660.591015][T14914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  660.649436][T14914] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  660.659091][T14914] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  660.665135][   T44] usb 7-1: Using ep0 maxpacket: 16
[  660.684470][   T44] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  660.694811][   T44] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[  660.708578][   T44] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  660.718139][   T44] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  660.728830][   T44] usb 7-1: SerialNumber: syz
[  660.738405][T14902] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  660.748930][T14902] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  660.962012][T14902] /dev/rnullb0: Can't open blockdev
[  660.972835][   T44] cdc_acm 7-1:1.0: Control and data interfaces are not separated!
[  660.986715][   T44] cdc_acm 7-1:1.0: ttyACM0: USB ACM device
[  660.999754][   T44] usb 7-1: USB disconnect, device number 83
[  661.315112][T14924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.324314][T14924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.804525][   T10] usb 7-1: new high-speed USB device number 84 using dummy_hcd
[  661.955160][   T10] usb 7-1: Using ep0 maxpacket: 32
[  661.968648][   T10] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  662.002921][   T10] usb 7-1: config 0 has no interface number 0
[  662.016683][   T10] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  662.035235][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.045741][   T10] usb 7-1: Product: syz
[  662.049973][   T10] usb 7-1: Manufacturer: syz
[  662.054950][   T10] usb 7-1: SerialNumber: syz
[  662.062680][   T10] usb 7-1: config 0 descriptor??
[  662.081763][   T10] smsc95xx v2.0.0
[  662.181190][T14947] /dev/rnullb0: Can't open blockdev
[  662.497279][   T10] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  662.508335][   T10] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  662.824162][T13116] Bluetooth: hci2: command 0x0405 tx timeout
[  662.918200][T14958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.928440][T14958] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.276443][T14963] /dev/rnullb0: Can't open blockdev
[  663.283294][T14963] netlink: 'syz.4.2701': attribute type 33 has an invalid length.
[  663.292987][T14963] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2701'.
[  663.360960][ T5859] Bluetooth: hci3: unexpected Set CIG Parameters response data
[  663.370738][ T5859] Bluetooth: hci3: unexpected event for opcode 0x2062
[  663.826602][T14971] nfs: Unknown parameter 'filter'
[  663.951487][T14976] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2706'.
[  663.971566][T14976] /dev/rnullb0: Can't open blockdev
[  664.033112][T14978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.047190][T14978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.059690][T14978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.068658][T14978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.079361][T14978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.090782][T14978] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  664.226843][T14981] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  664.449474][T14985] /dev/rnullb0: Can't open blockdev
[  664.692916][T14989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.702376][T14989] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.271127][T14991] program syz.5.2712 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  665.532013][T14997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  665.548619][T14997] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.026791][T15005] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  666.159196][   T10] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000011c: -71
[  666.203006][   T10] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[  666.231141][   T10] usb 7-1: USB disconnect, device number 84
[  666.281203][T15014] openvswitch: netlink: Tunnel attr 228 out of range max 16
[  666.542520][ T5892] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  666.580692][T15017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.604193][T15017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.660510][T15019] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  666.714456][ T5892] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  666.727362][ T5892] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  666.737891][ T5892] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  666.748407][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  666.757733][ T5892] usb 5-1: SerialNumber: syz
[  666.979944][ T5892] usb 5-1: 0:2 : does not exist
[  666.996233][ T5892] usb 5-1: USB disconnect, device number 25
[  667.028581][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  667.381790][ T5859] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  667.393934][ T5859] Bluetooth: hci3: Injecting HCI hardware error event
[  667.403964][T13116] Bluetooth: hci3: hardware error 0x00
[  667.595270][T15025] Malformed UNC in devname
[  667.595270][T15025] 
[  667.602607][T15025] CIFS: VFS: Malformed UNC in devname
[  667.971713][ T5892] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  668.143201][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  668.154501][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  668.164619][ T5892] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  668.174211][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.186463][ T5892] usb 5-1: config 0 descriptor??
[  668.596465][T15050] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2732'.
[  668.626614][ T5892] usbhid 5-1:0.0: can't add hid device: -71
[  668.640484][ T5892] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  668.678940][ T5892] usb 5-1: USB disconnect, device number 26
[  669.460812][T13116] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  669.525885][   T30] audit: type=1326 audit(1554.920:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15060 comm="syz.6.2736" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f29d9d8e9a9 code=0x0
[  669.606617][T15066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.616681][T15066] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.631254][T15066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.641987][T15066] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.802018][ T5854] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  669.963249][ T5854] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  669.972508][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.983457][ T5854] usb 5-1: config 0 descriptor??
[  670.205543][T15069] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2739'.
[  670.220143][T15069] /dev/rnullb0: Can't open blockdev
[  670.279630][T15071] FAULT_INJECTION: forcing a failure.
[  670.279630][T15071] name failslab, interval 1, probability 0, space 0, times 0
[  670.294976][T15071] CPU: 0 UID: 0 PID: 15071 Comm: syz.5.2740 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  670.295008][T15071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  670.295022][T15071] Call Trace:
[  670.295031][T15071]  <TASK>
[  670.295043][T15071]  dump_stack_lvl+0x189/0x250
[  670.295078][T15071]  ? __pfx____ratelimit+0x10/0x10
[  670.295109][T15071]  ? __pfx_dump_stack_lvl+0x10/0x10
[  670.295138][T15071]  ? __pfx__printk+0x10/0x10
[  670.295175][T15071]  ? __pfx___might_resched+0x10/0x10
[  670.295200][T15071]  ? fs_reclaim_acquire+0x7d/0x100
[  670.295233][T15071]  should_fail_ex+0x414/0x560
[  670.295271][T15071]  should_failslab+0xa8/0x100
[  670.295297][T15071]  __kmalloc_cache_noprof+0x70/0x3d0
[  670.295319][T15071]  ? rfcomm_dev_ioctl+0xa7a/0x1d20
[  670.295345][T15071]  rfcomm_dev_ioctl+0xa7a/0x1d20
[  670.295370][T15071]  ? kasan_quarantine_put+0xdd/0x220
[  670.295403][T15071]  ? __pfx_rfcomm_dev_ioctl+0x10/0x10
[  670.295428][T15071]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  670.295458][T15071]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  670.295495][T15071]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  670.295529][T15071]  sock_do_ioctl+0xdc/0x300
[  670.295560][T15071]  ? __pfx_sock_do_ioctl+0x10/0x10
[  670.295584][T15071]  ? __lock_acquire+0xab9/0xd20
[  670.295627][T15071]  sock_ioctl+0x576/0x790
[  670.295655][T15071]  ? __pfx_sock_ioctl+0x10/0x10
[  670.295682][T15071]  ? __fget_files+0x2a/0x420
[  670.295712][T15071]  ? __fget_files+0x3a0/0x420
[  670.295742][T15071]  ? __fget_files+0x2a/0x420
[  670.295777][T15071]  ? bpf_lsm_file_ioctl+0x9/0x20
[  670.295798][T15071]  ? __pfx_sock_ioctl+0x10/0x10
[  670.295824][T15071]  __se_sys_ioctl+0xf9/0x170
[  670.295851][T15071]  do_syscall_64+0xfa/0x3b0
[  670.295881][T15071]  ? lockdep_hardirqs_on+0x9c/0x150
[  670.295911][T15071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.295931][T15071]  ? clear_bhb_loop+0x60/0xb0
[  670.295956][T15071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.295977][T15071] RIP: 0033:0x7fe639d8e9a9
[  670.295996][T15071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  670.296014][T15071] RSP: 002b:00007fe63ac6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  670.296037][T15071] RAX: ffffffffffffffda RBX: 00007fe639fb5fa0 RCX: 00007fe639d8e9a9
[  670.296052][T15071] RDX: 0000200000000100 RSI: 00000000400452c8 RDI: 0000000000000004
[  670.296066][T15071] RBP: 00007fe63ac6c090 R08: 0000000000000000 R09: 0000000000000000
[  670.296079][T15071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  670.296092][T15071] R13: 0000000000000000 R14: 00007fe639fb5fa0 R15: 00007ffff2d42eb8
[  670.296125][T15071]  </TASK>
[  670.647135][ T5854] ath6kl: Failed to read usb control message: -71
[  670.653796][ T5854] ath6kl: Unable to read the bmi data from the device: -71
[  670.679493][ T5854] ath6kl: Unable to recv target info: -71
[  670.696839][ T5854] ath6kl: Failed to init ath6kl core: -71
[  670.703257][ T5854] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  670.715204][ T5854] usb 5-1: USB disconnect, device number 27
[  670.862014][T15077] netlink: 108 bytes leftover after parsing attributes in process `syz.5.2742'.
[  670.909730][T15077] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2742'.
[  671.169872][   T44] usb 7-1: new high-speed USB device number 85 using dummy_hcd
[  671.340044][   T44] usb 7-1: Using ep0 maxpacket: 8
[  671.356610][   T44] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  671.369191][   T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.386853][   T44] usb 7-1: Product: syz
[  671.391427][   T44] usb 7-1: Manufacturer: syz
[  671.396233][   T44] usb 7-1: SerialNumber: syz
[  671.404990][   T44] usb 7-1: config 0 descriptor??
[  671.519679][ T5892] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  671.625122][   T44] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  671.693592][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  671.717135][ T5892] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  671.727639][ T5892] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  671.737232][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.759342][ T5892] usb 5-1: config 0 descriptor??
[  671.826646][   T30] audit: type=1326 audit(1557.221:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15087 comm="syz.0.2747" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbe70b8e9a9 code=0x0
[  672.192832][ T5892] usbhid 5-1:0.0: can't add hid device: -71
[  672.201918][ T5892] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  672.220455][ T5892] usb 5-1: USB disconnect, device number 28
[  672.919949][T15112] /dev/rnullb0: Can't open blockdev
[  673.001618][   T30] audit: type=1326 audit(1558.402:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15113 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eddf8e9a9 code=0x7ff00000
[  673.023454][    C1] vkms_vblank_simulate: vblank timer overrun
[  673.041732][   T30] audit: type=1326 audit(1558.402:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15113 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f1eddf8e9a9 code=0x7ff00000
[  673.088935][   T30] audit: type=1326 audit(1558.402:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15113 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eddf8e9a9 code=0x7ff00000
[  673.110712][    C1] vkms_vblank_simulate: vblank timer overrun
[  673.129091][   T30] audit: type=1326 audit(1558.402:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15113 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eddf8e9a9 code=0x7ff00000
[  673.159510][   T30] audit: type=1326 audit(1558.402:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15113 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eddf8e9a9 code=0x7ff00000
[  673.185629][   T30] audit: type=1326 audit(1558.402:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15113 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eddf8e9a9 code=0x7ff00000
[  673.223315][   T30] audit: type=1326 audit(1558.432:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15113 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eddf8e9a9 code=0x7ff00000
[  673.252628][   T30] audit: type=1326 audit(1558.432:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15113 comm="syz.4.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eddf8e9a9 code=0x7ff00000
[  673.282036][   T44] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  673.629428][   T44] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  673.810375][   T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  673.821427][   T44] usb 5-1: config 0 has no interfaces?
[  673.831314][   T44] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  673.841909][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.850482][   T44] usb 5-1: Product: syz
[  673.854678][   T44] usb 5-1: Manufacturer: syz
[  673.859856][   T44] usb 5-1: SerialNumber: syz
[  673.866779][   T44] usb 5-1: config 0 descriptor??
[  674.315758][   T10] usb 7-1: USB disconnect, device number 85
[  674.680502][T15130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  674.692780][T15130] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  675.029418][T15132] ubi0: attaching mtd0
[  675.033561][T15132] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65)
[  675.278769][T15142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.293893][T15142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.321590][T15159] /dev/rnullb0: Can't open blockdev
[  676.396860][ T5919] usb 5-1: USB disconnect, device number 29
[  676.505549][T15166] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2771'.
[  676.857046][ T5919] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  676.882054][T15178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  676.892907][T15178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  677.028201][ T5892] usb 7-1: new high-speed USB device number 86 using dummy_hcd
[  677.035015][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  677.047456][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  677.057667][ T5919] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  677.066744][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.082786][ T5919] usb 5-1: config 0 descriptor??
[  677.186882][ T5892] usb 7-1: Using ep0 maxpacket: 16
[  677.194124][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[  677.205382][ T5892] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  677.221841][ T5892] usb 7-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82
[  677.231190][ T5892] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.239475][ T5892] usb 7-1: Product: syz
[  677.243736][ T5892] usb 7-1: Manufacturer: syz
[  677.248596][ T5892] usb 7-1: SerialNumber: syz
[  677.256069][ T5892] usb 7-1: config 0 descriptor??
[  677.264252][ T5892] kobil_sct 7-1:0.0: KOBIL USB smart card terminal converter detected
[  677.275660][ T5892] usb 7-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  677.460332][T15180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  677.472108][T15180] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  677.492657][    C0] raw-gadget.2 gadget.4: ignoring, device is not running
[  677.504660][    C0] raw-gadget.2 gadget.4: ignoring, device is not running
[  677.507124][T15180] program syz.5.2775 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  677.513143][    C0] raw-gadget.2 gadget.4: ignoring, device is not running
[  677.530596][ T5919] usbhid 5-1:0.0: can't add hid device: -32
[  677.536859][ T5919] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[  677.554386][ T5919] usb 5-1: USB disconnect, device number 30
[  677.685459][ T5892] usb 7-1: USB disconnect, device number 86
[  677.695640][ T5892] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  677.708629][ T5892] kobil_sct 7-1:0.0: device disconnected
[  678.586172][ T5919] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  678.738168][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  678.748624][ T5919] usb 5-1: config 0 has no interfaces?
[  678.759136][ T5919] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  678.768313][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.776656][ T5919] usb 5-1: Product: syz
[  678.780862][ T5919] usb 5-1: Manufacturer: syz
[  678.785519][ T5919] usb 5-1: SerialNumber: syz
[  678.793600][ T5919] usb 5-1: config 0 descriptor??
[  679.322064][T15216] FAULT_INJECTION: forcing a failure.
[  679.322064][T15216] name failslab, interval 1, probability 0, space 0, times 0
[  679.340001][T15216] CPU: 0 UID: 0 PID: 15216 Comm: syz.0.2784 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  679.340033][T15216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  679.340047][T15216] Call Trace:
[  679.340056][T15216]  <TASK>
[  679.340066][T15216]  dump_stack_lvl+0x189/0x250
[  679.340101][T15216]  ? __pfx____ratelimit+0x10/0x10
[  679.340131][T15216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  679.340160][T15216]  ? __pfx__printk+0x10/0x10
[  679.340192][T15216]  ? __pfx___might_resched+0x10/0x10
[  679.340218][T15216]  ? fs_reclaim_acquire+0x7d/0x100
[  679.340249][T15216]  should_fail_ex+0x414/0x560
[  679.340283][T15216]  should_failslab+0xa8/0x100
[  679.340309][T15216]  __kmalloc_noprof+0xcb/0x4f0
[  679.340331][T15216]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  679.340358][T15216]  ? snd_pcm_plugin_build+0x5d/0x500
[  679.340393][T15216]  snd_pcm_plugin_build+0x5d/0x500
[  679.340430][T15216]  snd_pcm_plugin_build_mulaw+0x227/0x750
[  679.340463][T15216]  ? __pfx_mulaw_decode+0x10/0x10
[  679.340498][T15216]  ? __pfx_snd_pcm_plugin_build_mulaw+0x10/0x10
[  679.340528][T15216]  ? snd_pcm_hw_params+0x12ca/0x1d30
[  679.340552][T15216]  ? snd_pcm_plug_format_plugins+0x551/0x10f0
[  679.340589][T15216]  snd_pcm_plug_format_plugins+0xad6/0x10f0
[  679.340634][T15216]  ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10
[  679.340683][T15216]  snd_pcm_oss_change_params_locked+0x2302/0x3e40
[  679.340745][T15216]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  679.340771][T15216]  ? aa_file_perm+0x3ed/0x11b0
[  679.340808][T15216]  ? __lock_acquire+0xab9/0xd20
[  679.340833][T15216]  ? __pfx_aa_file_perm+0x10/0x10
[  679.340858][T15216]  snd_pcm_oss_write+0x2fb/0x11a0
[  679.340882][T15216]  ? get_pid_task+0x20/0x1f0
[  679.340932][T15216]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  679.340959][T15216]  ? bpf_lsm_file_permission+0x9/0x20
[  679.340980][T15216]  ? security_file_permission+0x75/0x290
[  679.341008][T15216]  ? rw_verify_area+0x255/0x4d0
[  679.341033][T15216]  ? __lock_acquire+0xab9/0xd20
[  679.341054][T15216]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  679.341092][T15216]  vfs_write+0x27b/0xa90
[  679.341127][T15216]  ? __pfx_vfs_write+0x10/0x10
[  679.341154][T15216]  ? __fget_files+0x2a/0x420
[  679.341185][T15216]  ? __fget_files+0x2a/0x420
[  679.341213][T15216]  ? __fget_files+0x3a0/0x420
[  679.341240][T15216]  ? __fget_files+0x2a/0x420
[  679.341277][T15216]  ksys_write+0x145/0x250
[  679.341305][T15216]  ? __pfx_ksys_write+0x10/0x10
[  679.341329][T15216]  ? rcu_is_watching+0x15/0xb0
[  679.341361][T15216]  ? do_syscall_64+0xbe/0x3b0
[  679.341395][T15216]  do_syscall_64+0xfa/0x3b0
[  679.341424][T15216]  ? lockdep_hardirqs_on+0x9c/0x150
[  679.341452][T15216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.341471][T15216]  ? clear_bhb_loop+0x60/0xb0
[  679.341495][T15216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.341514][T15216] RIP: 0033:0x7fbe70b8e9a9
[  679.341532][T15216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  679.341550][T15216] RSP: 002b:00007fbe709f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  679.341571][T15216] RAX: ffffffffffffffda RBX: 00007fbe70db5fa0 RCX: 00007fbe70b8e9a9
[  679.341585][T15216] RDX: 000000000000fdbc RSI: 0000200000000500 RDI: 0000000000000003
[  679.341598][T15216] RBP: 00007fbe709f7090 R08: 0000000000000000 R09: 0000000000000000
[  679.341610][T15216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  679.341628][T15216] R13: 0000000000000000 R14: 00007fbe70db5fa0 R15: 00007ffeb3bf1bc8
[  679.341659][T15216]  </TASK>
[  679.692677][ T5892] usb 7-1: new high-speed USB device number 87 using dummy_hcd
[  679.874977][T15225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.885022][T15225] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  679.925933][ T5892] usb 7-1: Using ep0 maxpacket: 32
[  679.932742][ T5892] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  679.941682][ T5892] usb 7-1: config 0 has no interface number 0
[  679.950805][ T5892] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  679.960664][ T5892] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.969139][ T5892] usb 7-1: Product: syz
[  679.973337][ T5892] usb 7-1: Manufacturer: syz
[  679.980284][ T5892] usb 7-1: SerialNumber: syz
[  679.989761][ T5892] usb 7-1: config 0 descriptor??
[  680.004105][ T5892] smsc95xx v2.0.0
[  680.408083][ T5892] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  680.419558][ T5892] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  680.682501][T15241] /dev/rnullb0: Can't open blockdev
[  680.764766][T15243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.774141][T15243] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.336073][   T44] usb 5-1: USB disconnect, device number 31
[  681.550695][T15252] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2798'.
[  681.655393][T15256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  681.664269][T15256] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.884536][   T44] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  682.068034][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  682.079362][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  682.089609][   T44] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  682.099036][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  682.111022][   T44] usb 5-1: config 0 descriptor??
[  682.527353][   T44] usbhid 5-1:0.0: can't add hid device: -71
[  682.533613][   T44] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  682.547229][   T44] usb 5-1: USB disconnect, device number 32
[  683.343809][   T10] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  683.427969][T15271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  683.439304][T15271] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  683.484098][   T10] usb 5-1: device descriptor read/64, error -71
[  683.659191][ T5892] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000024: -32
[  683.671859][ T5892] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -32
[  683.723613][   T10] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  683.853962][   T10] usb 5-1: device descriptor read/64, error -71
[  683.963865][   T10] usb usb5-port1: attempt power cycle
[  684.164444][ T5892] usb 7-1: USB disconnect, device number 87
[  684.280186][T15282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.294266][T15282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.303881][   T10] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  684.337454][   T10] usb 5-1: device descriptor read/8, error -71
[  684.378023][T15285] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.390824][T15285] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  684.583145][   T10] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  684.603823][   T10] usb 5-1: device descriptor read/8, error -71
[  684.716631][   T10] usb usb5-port1: unable to enumerate USB device
[  685.317974][   T30] kauditd_printk_skb: 65 callbacks suppressed
[  685.317994][   T30] audit: type=1400 audit(1570.718:133): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=15289 comm="syz.6.2814"
[  685.722721][ T5940] usb 7-1: new high-speed USB device number 88 using dummy_hcd
[  685.874773][ T5940] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  685.885026][ T5940] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  685.898998][ T5940] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  685.908150][ T5940] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.917658][ T5940] usb 7-1: Product: syz
[  685.921859][ T5940] usb 7-1: Manufacturer: syz
[  685.926532][ T5940] usb 7-1: SerialNumber: syz
[  685.933811][ T5940] usb 7-1: config 0 descriptor??
[  686.482204][  T981] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  686.642230][  T981] usb 5-1: Using ep0 maxpacket: 32
[  686.651870][  T981] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  686.660143][  T981] usb 5-1: config 0 has no interface number 0
[  686.669640][  T981] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  686.680079][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.690876][  T981] usb 5-1: Product: syz
[  686.695108][  T981] usb 5-1: Manufacturer: syz
[  686.699762][  T981] usb 5-1: SerialNumber: syz
[  686.709768][  T981] usb 5-1: config 0 descriptor??
[  686.717358][  T981] smsc95xx v2.0.0
[  687.124516][  T981] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  687.135625][  T981] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  687.508547][T15310] /dev/rnullb0: Can't open blockdev
[  688.085202][T15317] /dev/rnullb0: Can't open blockdev
[  688.384922][   T30] audit: type=1800 audit(1573.789:134): pid=15323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2828" name="/" dev="9p" ino=2 res=0 errno=0
[  688.389397][T15323] netfs: Couldn't get user pages (rc=-14)
[  688.481728][ T5940] usb 7-1: USB disconnect, device number 88
[  688.825819][T15336] /dev/rnullb0: Can't open blockdev
[  689.157519][T15348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  689.169462][T15348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  689.230832][ T5919] usb 7-1: new high-speed USB device number 89 using dummy_hcd
[  689.390913][ T5919] usb 7-1: Using ep0 maxpacket: 32
[  689.398436][ T5919] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  689.406705][ T5919] usb 7-1: config 0 has no interface number 0
[  689.415597][ T5919] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  689.424786][ T5919] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.432945][ T5919] usb 7-1: Product: syz
[  689.437145][ T5919] usb 7-1: Manufacturer: syz
[  689.442185][ T5919] usb 7-1: SerialNumber: syz
[  689.450134][ T5919] usb 7-1: config 0 descriptor??
[  689.464450][ T5919] smsc95xx v2.0.0
[  689.841795][T15351] /dev/rnullb0: Can't open blockdev
[  689.869040][ T5919] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  689.879992][ T5919] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  690.104418][T15357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  690.113906][T15357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.369247][  T981] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000024: -32
[  690.380813][  T981] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -32
[  690.676801][T15359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  690.688849][T15359] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.697808][T15359] /dev/rnullb0: Can't open blockdev
[  691.216373][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  691.275684][ T5940] usb 5-1: USB disconnect, device number 37
[  691.350356][T15364] autofs4:pid:15364:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  691.377799][T15369] FAULT_INJECTION: forcing a failure.
[  691.377799][T15369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  691.391522][T15369] CPU: 0 UID: 0 PID: 15369 Comm: syz.4.2844 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  691.391552][T15369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  691.391570][T15369] Call Trace:
[  691.391579][T15369]  <TASK>
[  691.391588][T15369]  dump_stack_lvl+0x189/0x250
[  691.391625][T15369]  ? __pfx____ratelimit+0x10/0x10
[  691.391655][T15369]  ? __pfx_dump_stack_lvl+0x10/0x10
[  691.391695][T15369]  ? __pfx__printk+0x10/0x10
[  691.391726][T15369]  ? __might_fault+0xb0/0x130
[  691.391762][T15369]  should_fail_ex+0x414/0x560
[  691.391795][T15369]  _copy_from_user+0x2d/0xb0
[  691.391819][T15369]  ___sys_recvmsg+0x12e/0x510
[  691.391851][T15369]  ? __pfx____sys_recvmsg+0x10/0x10
[  691.391910][T15369]  ? __might_fault+0xb0/0x130
[  691.391937][T15369]  do_recvmmsg+0x307/0x770
[  691.391970][T15369]  ? __pfx_do_recvmmsg+0x10/0x10
[  691.392008][T15369]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  691.392059][T15369]  __x64_sys_recvmmsg+0x190/0x240
[  691.392087][T15369]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  691.392110][T15369]  ? rcu_is_watching+0x15/0xb0
[  691.392142][T15369]  ? do_syscall_64+0xbe/0x3b0
[  691.392177][T15369]  do_syscall_64+0xfa/0x3b0
[  691.392207][T15369]  ? lockdep_hardirqs_on+0x9c/0x150
[  691.392236][T15369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.392257][T15369]  ? clear_bhb_loop+0x60/0xb0
[  691.392283][T15369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.392304][T15369] RIP: 0033:0x7f1eddf8e9a9
[  691.392322][T15369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.392349][T15369] RSP: 002b:00007f1eded9f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  691.392371][T15369] RAX: ffffffffffffffda RBX: 00007f1ede1b5fa0 RCX: 00007f1eddf8e9a9
[  691.392387][T15369] RDX: 0000000000000004 RSI: 0000200000000a80 RDI: 0000000000000003
[  691.392401][T15369] RBP: 00007f1eded9f090 R08: 0000000000000000 R09: 0000000000000000
[  691.392415][T15369] R10: 0000000040002120 R11: 0000000000000246 R12: 0000000000000002
[  691.392428][T15369] R13: 0000000000000000 R14: 00007f1ede1b5fa0 R15: 00007ffeddda8e38
[  691.392459][T15369]  </TASK>
[  691.620857][T15371] 9pnet_fd: Insufficient options for proto=fd
[  691.634595][T15371] qnx6: wrong signature (magic) at position (0x2000) - will try alternative position (0x0000).
[  691.645873][T15371] qnx6: wrong signature (magic) in superblock #1.
[  691.652443][T15371] qnx6: unable to read the first superblock
[  691.915088][T15379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  691.928677][T15379] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  691.971095][T13116] Bluetooth: hci2: unexpected event for opcode 0x0c1a
[  692.535132][T15385] /dev/rnullb0: Can't open blockdev
[  692.834699][T15344] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  692.918816][ T5919] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -71
[  692.961151][ T5919] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[  693.007046][ T5919] usb 7-1: USB disconnect, device number 89
[  693.358771][ T5919] usb 7-1: new high-speed USB device number 90 using dummy_hcd
[  693.530582][ T5919] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  693.541992][ T5919] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  693.559226][ T5919] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  693.560545][T15397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  693.568601][ T5919] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.582900][T15397] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.614368][ T5919] usb 7-1: config 0 descriptor??
[  694.011926][T15399] usb usb1: usbfs: process 15399 (syz.0.2854) did not claim interface 0 before use
[  694.226991][ T5919] usbhid 7-1:0.0: can't add hid device: -71
[  694.233707][ T5919] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  694.261040][T15407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.272479][ T5919] usb 7-1: USB disconnect, device number 90
[  694.289341][T15407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.503212][T15413] trusted_key: encrypted_key: insufficient parameters specified
[  694.906806][T15422] /dev/rnullb0: Can't open blockdev
[  694.923891][T15423] /dev/rnullb0: Can't open blockdev
[  695.049796][T15429] program syz.6.2865 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  695.448013][  T981] usb 7-1: new high-speed USB device number 91 using dummy_hcd
[  695.627765][  T981] usb 7-1: Using ep0 maxpacket: 32
[  695.640173][T15455] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.642582][  T981] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  695.650863][T15455] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.677584][  T981] usb 7-1: config 0 has no interface number 0
[  695.690928][  T981] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  695.700356][  T981] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.708830][  T981] usb 7-1: Product: syz
[  695.713154][  T981] usb 7-1: Manufacturer: syz
[  695.718716][  T981] usb 7-1: SerialNumber: syz
[  695.734120][  T981] usb 7-1: config 0 descriptor??
[  695.745123][  T981] smsc95xx v2.0.0
[  695.821054][T15449] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2872'.
[  696.154244][  T981] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  696.182018][  T981] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  696.216115][T15463] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2878'.
[  696.225787][T15463] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2878'.
[  696.235911][T15463] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2878'.
[  696.999876][  T981] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  697.011397][  T981] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -32
[  697.433263][T15493] nbd: must specify a device to reconfigure
[  697.444906][T15493] /dev/rnullb0: Can't open blockdev
[  698.226654][ T5919] usb 7-1: USB disconnect, device number 91
[  698.412582][T15521] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  698.716921][T15532] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2897'.
[  698.726266][ T5919] usb 7-1: new full-speed USB device number 92 using dummy_hcd
[  698.757761][T15534] syzkaller1: entered promiscuous mode
[  698.763333][T15534] syzkaller1: entered allmulticast mode
[  698.880671][ T5919] usb 7-1: unable to get BOS descriptor or descriptor too short
[  698.885517][T15536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  698.891521][ T5919] usb 7-1: not running at top speed; connect to a high speed hub
[  698.905372][T15536] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  698.907838][ T5919] usb 7-1: config 4 has an invalid interface number: 147 but max is 0
[  698.921604][ T5919] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  698.931856][ T5919] usb 7-1: config 4 has no interface number 0
[  698.941206][ T5919] usb 7-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  698.950637][ T5919] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.958779][ T5919] usb 7-1: Product: syz
[  698.963032][ T5919] usb 7-1: Manufacturer: syz
[  698.967709][ T5919] usb 7-1: SerialNumber: syz
[  699.210434][ T5919] usb 7-1: Found UVC 0.02 device syz (04f2:b746)
[  699.217096][ T5919] usb 7-1: No valid video chain found.
[  699.227669][ T5919] usb 7-1: USB disconnect, device number 92
[  699.981319][T15548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  699.997648][T15548] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  700.065532][  T981] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  700.227981][  T981] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  700.237234][  T981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.248955][ T5892] usb 7-1: new full-speed USB device number 93 using dummy_hcd
[  700.259374][  T981] usb 5-1: config 0 descriptor??
[  700.418131][ T5892] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  700.426962][ T5892] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  700.438186][ T5892] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  700.450617][ T5892] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64
[  700.461690][ T5892] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  700.474929][ T5892] usb 7-1: config 0 interface 0 has no altsetting 0
[  700.484122][ T5892] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  700.493299][ T5892] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  700.501879][ T5892] usb 7-1: Product: syz
[  700.506121][ T5892] usb 7-1: Manufacturer: syz
[  700.510766][ T5892] usb 7-1: SerialNumber: syz
[  700.526363][ T5892] usb 7-1: config 0 descriptor??
[  700.535882][T15550] raw-gadget.3 gadget.6: fail, usb_ep_enable returned -22
[  700.557691][ T5892] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  700.587939][ T5892] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  700.592618][T15553] FAULT_INJECTION: forcing a failure.
[  700.592618][T15553] name failslab, interval 1, probability 0, space 0, times 0
[  700.614977][T15553] CPU: 0 UID: 0 PID: 15553 Comm: syz.5.2907 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  700.615010][T15553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  700.615024][T15553] Call Trace:
[  700.615033][T15553]  <TASK>
[  700.615042][T15553]  dump_stack_lvl+0x189/0x250
[  700.615076][T15553]  ? __pfx____ratelimit+0x10/0x10
[  700.615107][T15553]  ? __pfx_dump_stack_lvl+0x10/0x10
[  700.615137][T15553]  ? __pfx__printk+0x10/0x10
[  700.615172][T15553]  ? __pfx___might_resched+0x10/0x10
[  700.615199][T15553]  ? fs_reclaim_acquire+0x7d/0x100
[  700.615232][T15553]  should_fail_ex+0x414/0x560
[  700.615265][T15553]  should_failslab+0xa8/0x100
[  700.615293][T15553]  __kmalloc_cache_noprof+0x70/0x3d0
[  700.615317][T15553]  ? register_netdevice+0x58b/0x1ae0
[  700.615350][T15553]  register_netdevice+0x58b/0x1ae0
[  700.615389][T15553]  ? __pfx___mutex_lock+0x10/0x10
[  700.615421][T15553]  ? __pfx_register_netdevice+0x10/0x10
[  700.615444][T15553]  ? __local_bh_enable_ip+0x12d/0x1c0
[  700.615475][T15553]  ? __local_bh_enable_ip+0x12d/0x1c0
[  700.615500][T15553]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  700.615535][T15553]  register_netdev+0x40/0x60
[  700.615561][T15553]  sixpack_open+0x589/0x9c0
[  700.615597][T15553]  ? __pfx_sixpack_open+0x10/0x10
[  700.615627][T15553]  ? up_write+0x1c4/0x420
[  700.615661][T15553]  tty_ldisc_open+0xa1/0x100
[  700.615696][T15553]  tty_set_ldisc+0x373/0x560
[  700.615735][T15553]  tty_ioctl+0xc38/0xde0
[  700.615755][T15553]  ? __pfx_tty_ioctl+0x10/0x10
[  700.615774][T15553]  __se_sys_ioctl+0xf9/0x170
[  700.615802][T15553]  do_syscall_64+0xfa/0x3b0
[  700.615832][T15553]  ? lockdep_hardirqs_on+0x9c/0x150
[  700.615861][T15553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.615897][T15553]  ? clear_bhb_loop+0x60/0xb0
[  700.615924][T15553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  700.615945][T15553] RIP: 0033:0x7fe639d8e9a9
[  700.615963][T15553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  700.615982][T15553] RSP: 002b:00007fe63ac6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  700.616004][T15553] RAX: ffffffffffffffda RBX: 00007fe639fb5fa0 RCX: 00007fe639d8e9a9
[  700.616021][T15553] RDX: 0000200000000080 RSI: 0000000000005423 RDI: 0000000000000003
[  700.616035][T15553] RBP: 00007fe63ac6c090 R08: 0000000000000000 R09: 0000000000000000
[  700.616047][T15553] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  700.616060][T15553] R13: 0000000000000000 R14: 00007fe639fb5fa0 R15: 00007ffff2d42eb8
[  700.616093][T15553]  </TASK>
[  700.883731][T15550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  700.892694][T15550] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  700.892934][  T981] ath6kl: Failed to read usb control message: -71
[  700.909885][ T5919] usb 7-1: USB disconnect, device number 93
[  700.932858][  T981] ath6kl: Unable to read the bmi data from the device: -71
[  700.946478][ T5919] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  700.970860][  T981] ath6kl: Unable to recv target info: -71
[  701.010837][  T981] ath6kl: Failed to init ath6kl core: -71
[  701.045364][  T981] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  701.092661][  T981] usb 5-1: USB disconnect, device number 38
[  701.133549][T15561] netlink: 'syz.0.2910': attribute type 10 has an invalid length.
[  701.333367][T15567] syzkaller1: entered promiscuous mode
[  701.339645][T15567] syzkaller1: entered allmulticast mode
[  701.713492][T15579] /dev/rnullb0: Can't open blockdev
[  701.774574][   T10] usb 7-1: new high-speed USB device number 94 using dummy_hcd
[  701.937211][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  701.948380][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  701.958527][   T10] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  701.967775][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.968337][T15560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  701.979702][   T10] usb 7-1: config 0 descriptor??
[  702.606141][   T10] usbhid 7-1:0.0: can't add hid device: -71
[  702.617426][   T10] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  702.649389][   T10] usb 7-1: USB disconnect, device number 94
[  702.661746][T15586] syzkaller1: entered promiscuous mode
[  702.672212][T15586] syzkaller1: entered allmulticast mode
[  702.924869][T15594] overlayfs: conflicting lowerdir path
[  703.446595][T15604] binder: 15603:15604 unknown command 0
[  703.452437][T15604] binder: 15603:15604 ioctl c0306201 2000000003c0 returned -22
[  703.463840][T15604] binder: 15603:15604 unknown command 0
[  703.469476][T15604] binder: 15603:15604 ioctl c0306201 200000000180 returned -22
[  703.623367][T15609] /dev/rnullb0: Can't open blockdev
[  703.699781][T15611] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2930'.
[  703.712137][T15611] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2930'.
[  703.725022][T15611] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2930'.
[  703.782804][T15613] FAULT_INJECTION: forcing a failure.
[  703.782804][T15613] name failslab, interval 1, probability 0, space 0, times 0
[  703.798214][T15613] CPU: 1 UID: 0 PID: 15613 Comm: syz.6.2931 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  703.798243][T15613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  703.798256][T15613] Call Trace:
[  703.798265][T15613]  <TASK>
[  703.798274][T15613]  dump_stack_lvl+0x189/0x250
[  703.798308][T15613]  ? __pfx____ratelimit+0x10/0x10
[  703.798346][T15613]  ? __pfx_dump_stack_lvl+0x10/0x10
[  703.798374][T15613]  ? __pfx__printk+0x10/0x10
[  703.798408][T15613]  ? __pfx___might_resched+0x10/0x10
[  703.798438][T15613]  should_fail_ex+0x414/0x560
[  703.798470][T15613]  should_failslab+0xa8/0x100
[  703.798496][T15613]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  703.798521][T15613]  ? __alloc_skb+0x112/0x2d0
[  703.798546][T15613]  __alloc_skb+0x112/0x2d0
[  703.798570][T15613]  netlink_sendmsg+0x5c6/0xb30
[  703.798613][T15613]  ? __pfx_netlink_sendmsg+0x10/0x10
[  703.798648][T15613]  ? aa_sock_msg_perm+0xf1/0x1d0
[  703.798682][T15613]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  703.798712][T15613]  ? __pfx_netlink_sendmsg+0x10/0x10
[  703.798750][T15613]  __sock_sendmsg+0x219/0x270
[  703.798782][T15613]  ____sys_sendmsg+0x505/0x830
[  703.798811][T15613]  ? __pfx_____sys_sendmsg+0x10/0x10
[  703.798845][T15613]  ? import_iovec+0x74/0xa0
[  703.798871][T15613]  ___sys_sendmsg+0x21f/0x2a0
[  703.798898][T15613]  ? __pfx____sys_sendmsg+0x10/0x10
[  703.798960][T15613]  ? __fget_files+0x2a/0x420
[  703.798990][T15613]  ? __fget_files+0x3a0/0x420
[  703.799032][T15613]  __x64_sys_sendmsg+0x19b/0x260
[  703.799059][T15613]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  703.799093][T15613]  ? __pfx_ksys_write+0x10/0x10
[  703.799118][T15613]  ? rcu_is_watching+0x15/0xb0
[  703.799151][T15613]  ? do_syscall_64+0xbe/0x3b0
[  703.799187][T15613]  do_syscall_64+0xfa/0x3b0
[  703.799216][T15613]  ? lockdep_hardirqs_on+0x9c/0x150
[  703.799244][T15613]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  703.799264][T15613]  ? clear_bhb_loop+0x60/0xb0
[  703.799289][T15613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  703.799309][T15613] RIP: 0033:0x7f29d9d8e9a9
[  703.799335][T15613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  703.799353][T15613] RSP: 002b:00007f29daca3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  703.799375][T15613] RAX: ffffffffffffffda RBX: 00007f29d9fb5fa0 RCX: 00007f29d9d8e9a9
[  703.799391][T15613] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  703.799405][T15613] RBP: 00007f29daca3090 R08: 0000000000000000 R09: 0000000000000000
[  703.799418][T15613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  703.799430][T15613] R13: 0000000000000000 R14: 00007f29d9fb5fa0 R15: 00007ffd63b31ff8
[  703.799462][T15613]  </TASK>
[  704.070830][    C1] vkms_vblank_simulate: vblank timer overrun
[  704.161705][   T30] audit: type=1800 audit(1589.567:135): pid=15617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2933" name="/" dev="9p" ino=2 res=0 errno=0
[  704.353252][  T981] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  704.503262][  T981] usb 5-1: Using ep0 maxpacket: 32
[  704.510828][  T981] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  704.522469][  T981] usb 5-1: config 0 interface 0 has no altsetting 0
[  704.529285][  T981] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  704.538453][  T981] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.550063][  T981] usb 5-1: config 0 descriptor??
[  704.623367][ T5919] usb 7-1: new high-speed USB device number 95 using dummy_hcd
[  704.777497][ T5919] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  704.788980][ T5919] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  704.799013][ T5919] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  704.808183][ T5919] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.819041][ T5919] usb 7-1: config 0 descriptor??
[  705.101666][T15627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  705.111419][T15627] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  705.320443][  T981] corsair-psu 0003:1B1C:1C09.005F: unknown main item tag 0x0
[  705.328079][  T981] corsair-psu 0003:1B1C:1C09.005F: unknown main item tag 0x0
[  705.336259][  T981] corsair-psu 0003:1B1C:1C09.005F: unknown main item tag 0x0
[  705.343796][  T981] corsair-psu 0003:1B1C:1C09.005F: unknown main item tag 0x0
[  705.351282][  T981] corsair-psu 0003:1B1C:1C09.005F: unknown main item tag 0x0
[  705.366281][  T981] corsair-psu 0003:1B1C:1C09.005F: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.4-1/input0
[  705.440448][ T5919] usbhid 7-1:0.0: can't add hid device: -71
[  705.447491][ T5919] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  705.464295][ T5919] usb 7-1: USB disconnect, device number 95
[  705.692588][  T981] corsair-psu 0003:1B1C:1C09.005F: unable to initialize device (-110)
[  705.708993][  T981] corsair-psu 0003:1B1C:1C09.005F: probe with driver corsair-psu failed with error -110
[  705.723063][T15632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  705.736576][T15632] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  705.749119][  T981] usb 5-1: USB disconnect, device number 39
[  706.482358][   T24] usb 7-1: new high-speed USB device number 96 using dummy_hcd
[  706.645266][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  706.672084][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  706.704350][   T24] usb 7-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  706.729918][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  706.766569][   T24] usb 7-1: config 0 descriptor??
[  707.407244][   T24] usbhid 7-1:0.0: can't add hid device: -71
[  707.419807][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  707.440676][   T24] usb 7-1: USB disconnect, device number 96
[  708.502534][   T24] usb 7-1: new high-speed USB device number 97 using dummy_hcd
[  708.687240][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  708.721026][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  708.730771][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  708.751599][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  708.764165][   T24] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  708.773562][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.785789][   T24] usb 7-1: Product: syz
[  708.790067][   T24] usb 7-1: Manufacturer: syz
[  708.794872][   T24] usb 7-1: SerialNumber: syz
[  708.806434][   T24] usb 7-1: config 0 descriptor??
[  709.016133][   T24] adutux 7-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  709.215704][T15663] netlink: 'syz.6.2950': attribute type 6 has an invalid length.
[  709.224950][T15663] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  709.232832][T15663] /dev/rnullb0: Can't open blockdev
[  709.620576][   T24] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  709.790640][   T24] usb 5-1: Using ep0 maxpacket: 32
[  709.798587][   T24] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  709.825490][   T24] usb 5-1: config 0 has no interface number 0
[  709.835547][   T24] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  709.845530][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  709.853759][   T24] usb 5-1: Product: syz
[  709.858285][   T24] usb 5-1: Manufacturer: syz
[  709.864761][   T24] usb 5-1: SerialNumber: syz
[  709.876818][   T24] usb 5-1: config 0 descriptor??
[  709.890486][   T24] smsc95xx v2.0.0
[  710.296246][   T24] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  710.310455][   T24] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  711.186234][T15694] /dev/rnullb0: Can't open blockdev
[  711.273469][ T5854] usb 7-1: USB disconnect, device number 97
[  711.356815][T15699] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2964'.
[  711.461371][T15703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  711.475716][T15703] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  711.502793][T15707] FAULT_INJECTION: forcing a failure.
[  711.502793][T15707] name failslab, interval 1, probability 0, space 0, times 0
[  711.522668][T15707] CPU: 1 UID: 0 PID: 15707 Comm: syz.6.2967 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  711.522703][T15707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  711.522717][T15707] Call Trace:
[  711.522725][T15707]  <TASK>
[  711.522735][T15707]  dump_stack_lvl+0x189/0x250
[  711.522768][T15707]  ? __pfx____ratelimit+0x10/0x10
[  711.522796][T15707]  ? __pfx_dump_stack_lvl+0x10/0x10
[  711.522824][T15707]  ? __pfx__printk+0x10/0x10
[  711.522856][T15707]  ? __pfx___might_resched+0x10/0x10
[  711.522880][T15707]  ? fs_reclaim_acquire+0x7d/0x100
[  711.522911][T15707]  should_fail_ex+0x414/0x560
[  711.522952][T15707]  should_failslab+0xa8/0x100
[  711.522979][T15707]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[  711.523005][T15707]  ? ovl_parse_param+0x66f/0xee0
[  711.523039][T15707]  kstrdup+0x42/0x100
[  711.523071][T15707]  ovl_parse_param+0x66f/0xee0
[  711.523106][T15707]  ? __pfx_ovl_parse_param+0x10/0x10
[  711.523144][T15707]  ? static_key_count+0x41/0x70
[  711.523171][T15707]  vfs_parse_fs_param+0x1a6/0x420
[  711.523206][T15707]  vfs_parse_monolithic_sep+0x24d/0x310
[  711.523238][T15707]  ? __pfx_ovl_next_opt+0x10/0x10
[  711.523268][T15707]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[  711.523309][T15707]  ? alloc_fs_context+0x665/0x7d0
[  711.523350][T15707]  do_new_mount+0x273/0x9e0
[  711.523385][T15707]  ? ns_capable+0x8a/0xf0
[  711.523410][T15707]  ? __pfx_do_new_mount+0x10/0x10
[  711.523438][T15707]  ? path_mount+0x61c/0xfe0
[  711.523466][T15707]  ? user_path_at+0x44/0x60
[  711.523500][T15707]  __se_sys_mount+0x317/0x410
[  711.523537][T15707]  ? __pfx___se_sys_mount+0x10/0x10
[  711.523566][T15707]  ? rcu_is_watching+0x15/0xb0
[  711.523599][T15707]  ? do_syscall_64+0xbe/0x3b0
[  711.523628][T15707]  ? __x64_sys_mount+0x20/0xc0
[  711.523661][T15707]  do_syscall_64+0xfa/0x3b0
[  711.523690][T15707]  ? lockdep_hardirqs_on+0x9c/0x150
[  711.523726][T15707]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.523747][T15707]  ? clear_bhb_loop+0x60/0xb0
[  711.523771][T15707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.523792][T15707] RIP: 0033:0x7f29d9d8e9a9
[  711.523811][T15707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  711.523829][T15707] RSP: 002b:00007f29daca3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  711.523852][T15707] RAX: ffffffffffffffda RBX: 00007f29d9fb5fa0 RCX: 00007f29d9d8e9a9
[  711.523868][T15707] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[  711.523883][T15707] RBP: 00007f29daca3090 R08: 0000200000000a00 R09: 0000000000000000
[  711.523897][T15707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  711.523910][T15707] R13: 0000000000000000 R14: 00007f29d9fb5fa0 R15: 00007ffd63b31ff8
[  711.523953][T15707]  </TASK>
[  711.626967][T15710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  711.634601][T13116] Bluetooth: hci4: unexpected Set CIG Parameters response data
[  711.674810][T15710] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  711.678552][T13116] Bluetooth: hci4: unexpected event for opcode 0x2062
[  711.709718][ T5859] Bluetooth: hci2: command 0x0405 tx timeout
[  711.741170][T15710] /dev/rnullb0: Can't open blockdev
[  712.936027][T15719] trusted_key: encrypted_key: insufficient parameters specified
[  712.946979][T15719] /dev/rnullb0: Can't open blockdev
[  712.954921][T15719] trusted_key: encrypted_key: insufficient parameters specified
[  713.308983][ T5940] usb 7-1: new high-speed USB device number 98 using dummy_hcd
[  713.478677][ T5940] usb 7-1: Using ep0 maxpacket: 32
[  713.485876][ T5940] usb 7-1: config 0 has an invalid interface number: 184 but max is 0
[  713.494258][ T5940] usb 7-1: config 0 has no interface number 0
[  713.500473][ T5940] usb 7-1: config 0 interface 184 has no altsetting 0
[  713.510036][ T5940] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  713.519178][ T5940] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.527553][ T5940] usb 7-1: Product: syz
[  713.531812][ T5940] usb 7-1: Manufacturer: syz
[  713.536459][ T5940] usb 7-1: SerialNumber: syz
[  713.544504][ T5940] usb 7-1: config 0 descriptor??
[  713.554749][ T5940] smsc75xx v1.0.0
[  713.731925][T15728] /dev/rnullb0: Can't open blockdev
[  713.753916][   T24] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000024: -61
[  713.767942][   T24] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -61
[  714.137230][T15733] /dev/rnullb0: Can't open blockdev
[  714.244657][ T5940] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  714.260210][ T5940] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  714.274457][ T5940] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  714.289375][ T5940] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -71
[  714.307508][ T5940] usb 7-1: USB disconnect, device number 98
[  714.409084][   T24] usb 5-1: USB disconnect, device number 40
[  714.808237][   T24] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  714.987907][   T24] usb 5-1: Using ep0 maxpacket: 8
[  714.995373][   T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  715.014676][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  715.025364][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  715.050259][   T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  715.067044][   T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  715.078506][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.164968][T15759] /dev/rnullb0: Can't open blockdev
[  715.296565][   T24] usb 5-1: GET_CAPABILITIES returned 0
[  715.303029][   T24] usbtmc 5-1:16.0: can't read capabilities
[  715.412869][T15764] /dev/rnullb0: Can't open blockdev
[  715.513611][ T5919] usb 5-1: USB disconnect, device number 41
[  715.522076][T15771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  715.537424][T15771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  715.687821][ T5859] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  715.698858][ T5859] Bluetooth: hci4: Injecting HCI hardware error event
[  715.707779][T13116] Bluetooth: hci4: hardware error 0x00
[  715.814872][T15780] fuse: Bad value for 'fd'
[  715.920433][T15784] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2993'.
[  716.188709][T15798] fuse: Bad value for 'fd'
[  716.281619][T15799] FAULT_INJECTION: forcing a failure.
[  716.281619][T15799] name failslab, interval 1, probability 0, space 0, times 0
[  716.294752][T15799] CPU: 0 UID: 0 PID: 15799 Comm: syz.5.3000 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  716.294784][T15799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  716.294798][T15799] Call Trace:
[  716.294807][T15799]  <TASK>
[  716.294817][T15799]  dump_stack_lvl+0x189/0x250
[  716.294855][T15799]  ? __pfx____ratelimit+0x10/0x10
[  716.294886][T15799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  716.294916][T15799]  ? __pfx__printk+0x10/0x10
[  716.294948][T15799]  ? __pfx___might_resched+0x10/0x10
[  716.294974][T15799]  ? fs_reclaim_acquire+0x7d/0x100
[  716.295007][T15799]  should_fail_ex+0x414/0x560
[  716.295040][T15799]  should_failslab+0xa8/0x100
[  716.295067][T15799]  __kmalloc_noprof+0xcb/0x4f0
[  716.295089][T15799]  ? security_task_alloc+0x4d/0x360
[  716.295122][T15799]  ? perf_event_init_task+0x12d/0x4b0
[  716.295148][T15799]  security_task_alloc+0x4d/0x360
[  716.295179][T15799]  copy_process+0x1530/0x3c00
[  716.295226][T15799]  ? copy_process+0x97f/0x3c00
[  716.295263][T15799]  ? __pfx_copy_process+0x10/0x10
[  716.295304][T15799]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  716.295344][T15799]  vhost_task_create+0x1c4/0x290
[  716.295376][T15799]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  716.295399][T15799]  ? __pfx_vhost_task_create+0x10/0x10
[  716.295449][T15799]  ? __pfx_vhost_task_fn+0x10/0x10
[  716.295501][T15799]  kvm_mmu_post_init_vm+0x14c/0x300
[  716.295529][T15799]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  716.295568][T15799]  ? __mutex_trylock_common+0x153/0x260
[  716.295601][T15799]  ? __pfx___mutex_trylock_common+0x10/0x10
[  716.295631][T15799]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  716.295665][T15799]  ? rcu_is_watching+0x15/0xb0
[  716.295693][T15799]  ? trace_contention_end+0x39/0x120
[  716.295721][T15799]  ? look_up_lock_class+0x74/0x170
[  716.295754][T15799]  ? register_lock_class+0x51/0x320
[  716.295784][T15799]  ? __lock_acquire+0xab9/0xd20
[  716.295840][T15799]  kvm_vcpu_ioctl+0x95c/0xe90
[  716.295879][T15799]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  716.295907][T15799]  ? __lock_acquire+0xab9/0xd20
[  716.295952][T15799]  ? __fget_files+0x2a/0x420
[  716.295987][T15799]  ? __fget_files+0x2a/0x420
[  716.296016][T15799]  ? __fget_files+0x3a0/0x420
[  716.296070][T15799]  ? __fget_files+0x2a/0x420
[  716.296106][T15799]  ? bpf_lsm_file_ioctl+0x9/0x20
[  716.296128][T15799]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  716.296159][T15799]  __se_sys_ioctl+0xf9/0x170
[  716.296188][T15799]  do_syscall_64+0xfa/0x3b0
[  716.296218][T15799]  ? lockdep_hardirqs_on+0x9c/0x150
[  716.296247][T15799]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.296269][T15799]  ? clear_bhb_loop+0x60/0xb0
[  716.296295][T15799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.296317][T15799] RIP: 0033:0x7fe639d8e9a9
[  716.296336][T15799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  716.296355][T15799] RSP: 002b:00007fe63ac6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  716.296378][T15799] RAX: ffffffffffffffda RBX: 00007fe639fb5fa0 RCX: 00007fe639d8e9a9
[  716.296394][T15799] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  716.296407][T15799] RBP: 00007fe63ac6c090 R08: 0000000000000000 R09: 0000000000000000
[  716.296421][T15799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.296440][T15799] R13: 0000000000000000 R14: 00007fe639fb5fa0 R15: 00007ffff2d42eb8
[  716.296473][T15799]  </TASK>
[  716.632020][    C0] vkms_vblank_simulate: vblank timer overrun
[  716.639482][  T981] usb 7-1: new high-speed USB device number 99 using dummy_hcd
[  716.717387][   T10] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  716.781166][T15803] /dev/rnullb0: Can't open blockdev
[  716.794905][T15805] fuse: Bad value for 'fd'
[  716.804771][  T981] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  716.835756][  T981] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  716.865251][  T981] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  716.867125][   T10] usb 5-1: Using ep0 maxpacket: 8
[  716.884289][   T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13
[  716.894238][  T981] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  716.898155][   T10] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  716.912792][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  716.918222][  T981] usb 7-1: Product: syz
[  716.920957][   T10] usb 5-1: Product: syz
[  716.929320][   T10] usb 5-1: Manufacturer: syz
[  716.934227][   T10] usb 5-1: SerialNumber: syz
[  716.942173][   T10] usb 5-1: config 0 descriptor??
[  716.949572][  T981] usb 7-1: Manufacturer: syz
[  716.952208][   T10] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  716.956106][  T981] usb 7-1: SerialNumber: syz
[  717.009274][  T981] usb 7-1: config 0 descriptor??
[  717.445800][T15817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  717.460582][T15817] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  717.756888][T13116] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  718.026737][T15820] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  718.035585][T15820] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  718.622199][T15822] FAULT_INJECTION: forcing a failure.
[  718.622199][T15822] name failslab, interval 1, probability 0, space 0, times 0
[  718.637792][T15822] CPU: 1 UID: 0 PID: 15822 Comm: syz.5.3010 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  718.637826][T15822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  718.637841][T15822] Call Trace:
[  718.637851][T15822]  <TASK>
[  718.637861][T15822]  dump_stack_lvl+0x189/0x250
[  718.637899][T15822]  ? __pfx____ratelimit+0x10/0x10
[  718.637932][T15822]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.637964][T15822]  ? __pfx__printk+0x10/0x10
[  718.638009][T15822]  ? __pfx___might_resched+0x10/0x10
[  718.638038][T15822]  ? fs_reclaim_acquire+0x7d/0x100
[  718.638072][T15822]  should_fail_ex+0x414/0x560
[  718.638107][T15822]  should_failslab+0xa8/0x100
[  718.638137][T15822]  __kmalloc_noprof+0xcb/0x4f0
[  718.638162][T15822]  ? tomoyo_encode+0x28b/0x550
[  718.638188][T15822]  tomoyo_encode+0x28b/0x550
[  718.638217][T15822]  tomoyo_realpath_from_path+0x58d/0x5d0
[  718.638242][T15822]  ? tomoyo_domain+0xd9/0x130
[  718.638271][T15822]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  718.638302][T15822]  tomoyo_path_number_perm+0x1e8/0x5a0
[  718.638335][T15822]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  718.638386][T15822]  ? __lock_acquire+0xab9/0xd20
[  718.638437][T15822]  ? __fget_files+0x2a/0x420
[  718.638474][T15822]  ? __fget_files+0x2a/0x420
[  718.638506][T15822]  ? __fget_files+0x3a0/0x420
[  718.638538][T15822]  ? __fget_files+0x2a/0x420
[  718.638577][T15822]  security_file_ioctl+0xcb/0x2d0
[  718.638609][T15822]  __se_sys_ioctl+0x47/0x170
[  718.638639][T15822]  do_syscall_64+0xfa/0x3b0
[  718.638672][T15822]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.638705][T15822]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.638727][T15822]  ? clear_bhb_loop+0x60/0xb0
[  718.638755][T15822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.638777][T15822] RIP: 0033:0x7fe639d8e9a9
[  718.638797][T15822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  718.638816][T15822] RSP: 002b:00007fe63ac6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  718.638842][T15822] RAX: ffffffffffffffda RBX: 00007fe639fb5fa0 RCX: 00007fe639d8e9a9
[  718.638860][T15822] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000005
[  718.638874][T15822] RBP: 00007fe63ac6c090 R08: 0000000000000000 R09: 0000000000000000
[  718.638888][T15822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  718.638901][T15822] R13: 0000000000000000 R14: 00007fe639fb5fa0 R15: 00007ffff2d42eb8
[  718.638937][T15822]  </TASK>
[  718.638960][T15822] ERROR: Out of memory at tomoyo_realpath_from_path.
[  719.014917][T15824] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  719.022444][T15824] overlayfs: failed to set xattr on upper
[  719.028282][T15824] overlayfs: ...falling back to redirect_dir=nofollow.
[  719.035162][T15824] overlayfs: ...falling back to uuid=null.
[  719.064532][ T5919] usb 7-1: USB disconnect, device number 99
[  719.490233][T15840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  719.500285][T15840] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  719.523600][T15840] 9pnet_fd: Insufficient options for proto=fd
[  719.766010][   T24] usb 7-1: new high-speed USB device number 100 using dummy_hcd
[  719.777125][   T10] gspca_zc3xx: reg_r err -71
[  719.915707][   T24] usb 7-1: Using ep0 maxpacket: 32
[  719.923031][   T24] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  719.931330][   T24] usb 7-1: config 0 has no interface number 0
[  719.940476][   T24] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  719.949710][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  719.957872][   T24] usb 7-1: Product: syz
[  719.962144][   T24] usb 7-1: Manufacturer: syz
[  719.966819][   T24] usb 7-1: SerialNumber: syz
[  719.974657][   T24] usb 7-1: config 0 descriptor??
[  719.982328][   T24] smsc95xx v2.0.0
[  720.052028][T13116] Bluetooth: hci2: SCO packet for unknown connection handle 0
[  720.159120][T15848] /dev/rnullb0: Can't open blockdev
[  720.293483][T15850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  720.305055][T15850] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  720.365435][   T10] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  720.371939][   T10] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  720.384079][   T10] usb 5-1: USB disconnect, device number 42
[  720.400169][   T24] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  720.414548][   T24] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  720.641089][T15854] /dev/rnullb0: Can't open blockdev
[  720.924410][T15863] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3028'.
[  720.992679][T15866] /dev/rnullb0: Can't open blockdev
[  721.174867][ T5912] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  721.337963][ T5912] usb 5-1: config 2 has an invalid descriptor of length 119, skipping remainder of the config
[  721.348642][ T5912] usb 5-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  721.361794][ T5912] usb 5-1: config 2 interface 0 has no altsetting 0
[  721.371037][ T5912] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  721.380438][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  721.388530][ T5912] usb 5-1: Product: syz
[  721.392837][ T5912] usb 5-1: Manufacturer: syz
[  721.397581][ T5912] usb 5-1: SerialNumber: syz
[  721.620899][T15862] /dev/rnullb0: Can't open blockdev
[  721.636670][ T5912] ims_pcu 5-1:2.0: Zero length descriptor
[  721.643359][ T5912] ims_pcu 5-1:2.0: probe with driver ims_pcu failed with error -22
[  721.654082][ T5912] usb 5-1: USB disconnect, device number 43
[  722.434223][  T981] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  722.584318][  T981] usb 5-1: Using ep0 maxpacket: 16
[  722.591504][  T981] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  722.600694][  T981] usb 5-1: config 0 has no interface number 0
[  722.609461][  T981] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  722.618709][  T981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  722.626819][  T981] usb 5-1: Product: syz
[  722.631503][  T981] usb 5-1: Manufacturer: syz
[  722.636226][  T981] usb 5-1: SerialNumber: syz
[  722.643927][  T981] usb 5-1: config 0 descriptor??
[  722.657328][  T981] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  723.461851][T15873] input: syz0 as /devices/virtual/input/input45
[  723.655610][   T24] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000024: -61
[  723.667779][   T24] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -61
[  723.763730][  T981] gspca_spca1528: reg_w err -110
[  723.793631][  T981] spca1528 5-1:0.1: probe with driver spca1528 failed with error -110
[  723.997872][T15882] FAULT_INJECTION: forcing a failure.
[  723.997872][T15882] name failslab, interval 1, probability 0, space 0, times 0
[  724.022239][T15882] CPU: 0 UID: 0 PID: 15882 Comm: syz.5.3034 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  724.022269][T15882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  724.022283][T15882] Call Trace:
[  724.022291][T15882]  <TASK>
[  724.022301][T15882]  dump_stack_lvl+0x189/0x250
[  724.022331][T15882]  ? __pfx____ratelimit+0x10/0x10
[  724.022357][T15882]  ? __pfx_dump_stack_lvl+0x10/0x10
[  724.022381][T15882]  ? __pfx__printk+0x10/0x10
[  724.022407][T15882]  ? __pfx___might_resched+0x10/0x10
[  724.022429][T15882]  ? fs_reclaim_acquire+0x7d/0x100
[  724.022454][T15882]  should_fail_ex+0x414/0x560
[  724.022480][T15882]  should_failslab+0xa8/0x100
[  724.022502][T15882]  __kmalloc_cache_noprof+0x70/0x3d0
[  724.022521][T15882]  ? madvise_collapse+0x135/0xa40
[  724.022547][T15882]  madvise_collapse+0x135/0xa40
[  724.022584][T15882]  madvise_vma_behavior+0xd26/0x39f0
[  724.022608][T15882]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  724.022631][T15882]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  724.022654][T15882]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  724.022682][T15882]  ? __lock_acquire+0xab9/0xd20
[  724.022706][T15882]  ? __lock_acquire+0xab9/0xd20
[  724.022734][T15882]  ? __lock_acquire+0xab9/0xd20
[  724.022769][T15882]  ? mas_prev_slot+0xb31/0xbb0
[  724.022804][T15882]  ? find_vma_prev+0xfc/0x170
[  724.022828][T15882]  ? __pfx_find_vma_prev+0x10/0x10
[  724.022853][T15882]  ? _parse_integer_limit+0x1ae/0x1f0
[  724.022884][T15882]  madvise_walk_vmas+0x51c/0xa30
[  724.022902][T15882]  ? __lock_acquire+0xab9/0xd20
[  724.022930][T15882]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  724.022953][T15882]  ? blk_start_plug+0x6f/0x1b0
[  724.022979][T15882]  madvise_do_behavior+0x38e/0x550
[  724.023003][T15882]  ? __pfx_madvise_do_behavior+0x10/0x10
[  724.023030][T15882]  ? down_read+0x1ad/0x2e0
[  724.023052][T15882]  do_madvise+0x1bc/0x270
[  724.023072][T15882]  ? __pfx_do_madvise+0x10/0x10
[  724.023115][T15882]  ? __pfx_ksys_write+0x10/0x10
[  724.023134][T15882]  ? rcu_is_watching+0x15/0xb0
[  724.023162][T15882]  __x64_sys_madvise+0xa7/0xc0
[  724.023182][T15882]  do_syscall_64+0xfa/0x3b0
[  724.023206][T15882]  ? lockdep_hardirqs_on+0x9c/0x150
[  724.023229][T15882]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.023246][T15882]  ? clear_bhb_loop+0x60/0xb0
[  724.023266][T15882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.023285][T15882] RIP: 0033:0x7fe639d8e9a9
[  724.023304][T15882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  724.023321][T15882] RSP: 002b:00007fe63ac4b038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  724.023340][T15882] RAX: ffffffffffffffda RBX: 00007fe639fb6080 RCX: 00007fe639d8e9a9
[  724.023353][T15882] RDX: 0000000000000019 RSI: 0000000008000000 RDI: 0000200000000000
[  724.023364][T15882] RBP: 00007fe63ac4b090 R08: 0000000000000000 R09: 0000000000000000
[  724.023375][T15882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  724.023386][T15882] R13: 0000000000000000 R14: 00007fe639fb6080 R15: 00007ffff2d42eb8
[  724.023411][T15882]  </TASK>
[  724.547896][T15889] ./file0: Can't lookup blockdev
[  724.557642][ T5912] usb 7-1: USB disconnect, device number 100
[  724.951915][T15899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  724.987558][T15899] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.243288][ T5912] usb 5-1: USB disconnect, device number 44
[  725.384821][T15905] 8021q: VLANs not supported on ipvlan1
[  725.702860][ T5912] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  725.779196][T15917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.813252][T15917] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.842600][ T5912] usb 5-1: device descriptor read/64, error -71
[  726.022536][   T24] usb 7-1: new high-speed USB device number 101 using dummy_hcd
[  726.086199][ T5912] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  726.192162][T15930] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3051'.
[  726.205400][   T24] usb 7-1: Using ep0 maxpacket: 16
[  726.212981][   T24] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  726.222698][ T5912] usb 5-1: device descriptor read/64, error -71
[  726.226560][   T24] usb 7-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  726.241500][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.256839][   T24] usb 7-1: Product: syz
[  726.264540][   T24] usb 7-1: Manufacturer: syz
[  726.269200][   T24] usb 7-1: SerialNumber: syz
[  726.281916][   T24] usb 7-1: config 0 descriptor??
[  726.290463][   T24] port100 7-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  726.332824][ T5912] usb usb5-port1: attempt power cycle
[  726.539106][   T24] usb 7-1: USB disconnect, device number 101
[  726.659284][T15944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  726.668636][T15944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  726.692507][ T5912] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  726.712811][ T5912] usb 5-1: device descriptor read/8, error -71
[  726.961983][ T5912] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  726.996890][ T5912] usb 5-1: device descriptor read/8, error -71
[  727.120791][ T5912] usb usb5-port1: unable to enumerate USB device
[  727.310218][T15954] /dev/rnullb0: Can't open blockdev
[  727.387206][T15958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  727.404870][T15958] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  727.455983][T15960] /dev/rnullb0: Can't open blockdev
[  727.861508][ T5912] usb 7-1: new high-speed USB device number 102 using dummy_hcd
[  728.013711][T15966] FAULT_INJECTION: forcing a failure.
[  728.013711][T15966] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  728.031411][T15966] CPU: 1 UID: 0 PID: 15966 Comm: syz.6.3063 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  728.031444][T15966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  728.031457][T15966] Call Trace:
[  728.031467][T15966]  <TASK>
[  728.031476][T15966]  dump_stack_lvl+0x189/0x250
[  728.031510][T15966]  ? __pfx____ratelimit+0x10/0x10
[  728.031541][T15966]  ? __pfx_dump_stack_lvl+0x10/0x10
[  728.031571][T15966]  ? __pfx__printk+0x10/0x10
[  728.031601][T15966]  ? __might_fault+0xb0/0x130
[  728.031638][T15966]  should_fail_ex+0x414/0x560
[  728.031671][T15966]  _copy_from_iter+0x3f5/0x16f0
[  728.031694][T15966]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  728.031727][T15966]  ? __pfx__copy_from_iter+0x10/0x10
[  728.031767][T15966]  ? skb_page_frag_refill+0x1be/0x320
[  728.031803][T15966]  tcp_sendmsg_locked+0x1e9d/0x5620
[  728.031893][T15966]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  728.031918][T15966]  ? __local_bh_enable_ip+0x12d/0x1c0
[  728.031949][T15966]  ? __local_bh_enable_ip+0x12d/0x1c0
[  728.031990][T15966]  tcp_sendmsg+0x2f/0x50
[  728.032018][T15966]  __sock_sendmsg+0x19c/0x270
[  728.032051][T15966]  ____sys_sendmsg+0x52d/0x830
[  728.032081][T15966]  ? __pfx_____sys_sendmsg+0x10/0x10
[  728.032115][T15966]  ? import_iovec+0x74/0xa0
[  728.032142][T15966]  ___sys_sendmsg+0x21f/0x2a0
[  728.032168][T15966]  ? __pfx____sys_sendmsg+0x10/0x10
[  728.032233][T15966]  ? __fget_files+0x2a/0x420
[  728.032275][T15966]  ? __fget_files+0x3a0/0x420
[  728.032319][T15966]  __sys_sendmmsg+0x227/0x430
[  728.032349][T15966]  ? __pfx___sys_sendmmsg+0x10/0x10
[  728.032370][T15966]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  728.032431][T15966]  ? ksys_write+0x22a/0x250
[  728.032461][T15966]  ? __pfx_ksys_write+0x10/0x10
[  728.032486][T15966]  ? rcu_is_watching+0x15/0xb0
[  728.032521][T15966]  __x64_sys_sendmmsg+0xa0/0xc0
[  728.032547][T15966]  do_syscall_64+0xfa/0x3b0
[  728.032578][T15966]  ? lockdep_hardirqs_on+0x9c/0x150
[  728.032607][T15966]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.032628][T15966]  ? clear_bhb_loop+0x60/0xb0
[  728.032654][T15966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.032674][T15966] RIP: 0033:0x7f29d9d8e9a9
[  728.032693][T15966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  728.032711][T15966] RSP: 002b:00007f29daca3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  728.032734][T15966] RAX: ffffffffffffffda RBX: 00007f29d9fb5fa0 RCX: 00007f29d9d8e9a9
[  728.032749][T15966] RDX: 0000000000000002 RSI: 0000200000000c80 RDI: 0000000000000003
[  728.032764][T15966] RBP: 00007f29daca3090 R08: 0000000000000000 R09: 0000000000000000
[  728.032777][T15966] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  728.032790][T15966] R13: 0000000000000000 R14: 00007f29d9fb5fa0 R15: 00007ffd63b31ff8
[  728.032823][T15966]  </TASK>
[  728.034939][ T5912] usb 7-1: unable to get BOS descriptor or descriptor too short
[  728.355494][ T5912] usb 7-1: unable to read config index 0 descriptor/start: -71
[  728.371283][ T5912] usb 7-1: can't read configurations, error -71
[  728.853358][T15982] /dev/rnullb0: Can't open blockdev
[  728.861072][ T5854] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  729.028204][ T5854] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  729.054366][ T5854] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  729.066511][ T5854] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  729.078627][ T5854] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  729.087847][ T5854] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.101326][T15978] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  729.410851][ T5912] usb 7-1: new high-speed USB device number 103 using dummy_hcd
[  729.561574][ T5912] usb 7-1: Using ep0 maxpacket: 32
[  729.569722][ T5912] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  729.570255][T15998] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  729.580650][ T5912] usb 7-1: config 0 has no interface number 0
[  729.597534][ T5912] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  729.605050][T15998] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  729.607917][ T5912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.623443][ T5912] usb 7-1: Product: syz
[  729.627666][ T5912] usb 7-1: Manufacturer: syz
[  729.636027][ T5912] usb 7-1: SerialNumber: syz
[  729.651278][ T5912] usb 7-1: config 0 descriptor??
[  729.659962][ T5912] smsc95xx v2.0.0
[  729.923406][ T5854] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  729.938285][ T5854] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input46
[  730.063195][ T5912] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  730.083905][ T5912] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  730.135752][   T24] usb 5-1: USB disconnect, device number 49
[  730.135796][    C0] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  730.955166][T16035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  730.971942][T16035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  731.089392][T16040] /dev/rnullb0: Can't open blockdev
[  731.332465][T16046] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  731.804020][T16067] /dev/rnullb0: Can't open blockdev
[  732.709629][T16074] fuse: Unknown parameter '00000000000000000000004'
[  733.329584][ T5912] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000024: -61
[  733.346569][ T5912] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -61
[  733.603731][T16109] FAULT_INJECTION: forcing a failure.
[  733.603731][T16109] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  733.624755][T16109] CPU: 1 UID: 0 PID: 16109 Comm: syz.5.3113 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  733.624787][T16109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  733.624802][T16109] Call Trace:
[  733.624811][T16109]  <TASK>
[  733.624821][T16109]  dump_stack_lvl+0x189/0x250
[  733.624857][T16109]  ? __pfx____ratelimit+0x10/0x10
[  733.624896][T16109]  ? __pfx_dump_stack_lvl+0x10/0x10
[  733.624926][T16109]  ? __pfx__printk+0x10/0x10
[  733.624955][T16109]  ? __might_fault+0xb0/0x130
[  733.624992][T16109]  should_fail_ex+0x414/0x560
[  733.625033][T16109]  _copy_from_user+0x2d/0xb0
[  733.625056][T16109]  kstrtouint_from_user+0xc4/0x170
[  733.625101][T16109]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  733.625150][T16109]  proc_fail_nth_write+0x88/0x200
[  733.625175][T16109]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  733.625205][T16109]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  733.625229][T16109]  vfs_write+0x27b/0xa90
[  733.625266][T16109]  ? __pfx_vfs_write+0x10/0x10
[  733.625296][T16109]  ? __fget_files+0x2a/0x420
[  733.625332][T16109]  ? __fget_files+0x3a0/0x420
[  733.625361][T16109]  ? __fget_files+0x2a/0x420
[  733.625402][T16109]  ksys_write+0x145/0x250
[  733.625433][T16109]  ? __pfx_ksys_write+0x10/0x10
[  733.625466][T16109]  ? do_syscall_64+0xbe/0x3b0
[  733.625514][T16109]  do_syscall_64+0xfa/0x3b0
[  733.625542][T16109]  ? lockdep_hardirqs_on+0x9c/0x150
[  733.625571][T16109]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.625591][T16109]  ? clear_bhb_loop+0x60/0xb0
[  733.625617][T16109]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.625636][T16109] RIP: 0033:0x7fe639d8d45f
[  733.625656][T16109] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  733.625673][T16109] RSP: 002b:00007fe63ac2a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  733.625804][T16109] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe639d8d45f
[  733.625819][T16109] RDX: 0000000000000001 RSI: 00007fe63ac2a0a0 RDI: 0000000000000008
[  733.625832][T16109] RBP: 00007fe63ac2a090 R08: 0000000000000000 R09: 0000000000000000
[  733.625845][T16109] R10: 0000000000000011 R11: 0000000000000293 R12: 0000000000000001
[  733.625857][T16109] R13: 0000000000000001 R14: 00007fe639fb6160 R15: 00007ffff2d42eb8
[  733.625889][T16109]  </TASK>
[  734.074871][ T5940] usb 7-1: USB disconnect, device number 103
[  734.423407][T16126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  734.434465][T16126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  734.588164][   T24] usb 7-1: new high-speed USB device number 104 using dummy_hcd
[  734.649719][T16126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  734.658760][T16126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  734.748141][   T24] usb 7-1: Using ep0 maxpacket: 8
[  734.758657][   T24] usb 7-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  734.767506][   T24] usb 7-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  734.777866][   T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  734.789411][   T24] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  734.798691][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.806705][   T24] usb 7-1: Product: Ѕ
[  734.811342][   T24] usb 7-1: Manufacturer: 䥔彦忲⸪盟匔ꊾ繸䮸嬗ﴜ᭹懻컳撏瑆讪㔡嫉沥ᪿ㾈▍떆넕ퟴ燶␀棐뾠责䢺䗿䍛밬༮몪࠾盓Bꀤ됽ッ䂤筆㝹눬뛜緊员쯺湿䘔嘗쵘料ꩮ蘔痱籴͜
[  734.833089][   T24] usb 7-1: SerialNumber: syz
[  735.055362][   T24] usb 7-1: 0:2 : does not exist
[  735.072273][   T24] usb 7-1: USB disconnect, device number 104
[  735.111372][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  735.279577][T16131] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  735.289626][    C0] Oops: divide error: 0000 [#1] SMP KASAN PTI
[  735.289691][T16131] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1)
[  735.295814][    C0] CPU: 0 UID: 0 PID: 2979 Comm: kworker/u8:9 Not tainted 6.16.0-rc6-next-20250718-syzkaller #0 PREEMPT(full) 
[  735.307053][T16131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  735.315759][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  735.315781][    C0] Workqueue: bat_events batadv_nc_worker
[  735.315811][    C0] RIP: 0010:comedi_buf_write_free+0x3c8/0x7e0
[  735.315845][    C0] Code: 41 03 45 00 48 8b 4c 24 78 42 0f b6 0c 21 84 c9 4c 8b bc 24 90 00 00 00 44 8b 74 24 54 0f 85 02 01 00 00 31 d2 48 8b 4c 24 30 <f7> 31 41 89 55 00 48 8b 44 24 70 42 0f b6 04 20 84 c0 0f 85 09 01
[  735.328952][T16131] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  735.334258][    C0] RSP: 0018:ffffc90000007bd8 EFLAGS: 00010046
[  735.379366][    C0] RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffff88805b3c5a80
[  735.387357][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880693d1000
[  735.395341][    C0] RBP: 0000000000000002 R08: 0000000000000000 R09: 00000000000000ff
[  735.403325][    C0] R10: dffffc0000000000 R11: ffffffff88f35200 R12: dffffc0000000000
[  735.411301][    C0] R13: ffff88805b3c5a38 R14: 0000000000000000 R15: ffff88805b3c5a00
[  735.419282][    C0] FS:  0000000000000000(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000
[  735.428217][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  735.434805][    C0] CR2: 0000001b2fd1fffc CR3: 000000005f70e000 CR4: 00000000003526f0
[  735.442786][    C0] DR0: 0000000000000002 DR1: 0000000000000002 DR2: 0000000000000008
[  735.450762][    C0] DR3: 1000000100000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  735.458741][    C0] Call Trace:
[  735.462024][    C0]  <IRQ>
[  735.464886][    C0]  ? __pfx_das16m1_ai_munge+0x10/0x10
[  735.470264][    C0]  comedi_buf_write_samples+0x369/0x5a0
[  735.475821][    C0]  das16m1_handler+0x213/0x4b0
[  735.480600][    C0]  das16m1_interrupt+0xaf/0x180
[  735.485466][    C0]  ? __pfx_das16m1_interrupt+0x10/0x10
[  735.490939][    C0]  __handle_irq_event_percpu+0x28c/0x980
[  735.496586][    C0]  ? __pfx___handle_irq_event_percpu+0x10/0x10
[  735.502760][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  735.507975][    C0]  handle_irq_event+0x8b/0x1e0
[  735.512750][    C0]  ? handle_edge_irq+0x25d/0x9e0
[  735.517695][    C0]  handle_edge_irq+0x267/0x9e0
[  735.522473][    C0]  __common_interrupt+0x143/0x250
[  735.527506][    C0]  common_interrupt+0xb6/0xe0
[  735.532201][    C0]  </IRQ>
[  735.535136][    C0]  <TASK>
[  735.538070][    C0]  asm_common_interrupt+0x26/0x40
[  735.543115][    C0] RIP: 0010:batadv_nc_purge_paths+0x97/0x3b0
[  735.549105][    C0] Code: 48 89 4c 24 30 48 89 c1 48 c1 e9 03 48 89 4c 24 28 48 89 44 24 10 4c 89 74 24 40 4c 89 7c 24 38 48 8b 4c 24 30 42 80 3c 29 00 <74> 0d 4c 89 f7 e8 ff d8 d5 f6 48 8b 44 24 10 48 8b 4c 24 18 4c 8d
[  735.568722][    C0] RSP: 0018:ffffc9000b17f988 EFLAGS: 00000246
[  735.574802][    C0] RAX: ffff8880305c3348 RBX: ffffffff8b4d7b40 RCX: 1ffff110060b8668
[  735.582781][    C0] RDX: 0000000000000000 RSI: ffffffff8dc6a0fe RDI: ffffffff8c04d400
[  735.590756][    C0] RBP: 0000000000000000 R08: ffffffff8fe3cf37 R09: 1ffffffff1fc79e6
[  735.598733][    C0] R10: dffffc0000000000 R11: fffffbfff1fc79e7 R12: ffff88802918b8f8
[  735.606709][    C0] R13: dffffc0000000000 R14: ffff8880305c3340 R15: ffff8880305c3350
[  735.614707][    C0]  ? __pfx_batadv_nc_to_purge_nc_path_coding+0x10/0x10
[  735.621582][    C0]  ? batadv_nc_purge_paths+0x34a/0x3b0
[  735.627068][    C0]  batadv_nc_worker+0x328/0x610
[  735.631928][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  735.637661][    C0]  process_scheduled_works+0xade/0x17b0
[  735.643233][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  735.649229][    C0]  worker_thread+0x8a0/0xda0
[  735.653850][    C0]  kthread+0x70e/0x8a0
[  735.657944][    C0]  ? __pfx_worker_thread+0x10/0x10
[  735.663064][    C0]  ? __pfx_kthread+0x10/0x10
[  735.667668][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  735.672877][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  735.678083][    C0]  ? __pfx_kthread+0x10/0x10
[  735.682684][    C0]  ret_from_fork+0x3f9/0x770
[  735.687288][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  735.692412][    C0]  ? __switch_to_asm+0x39/0x70
[  735.697180][    C0]  ? __switch_to_asm+0x33/0x70
[  735.701944][    C0]  ? __pfx_kthread+0x10/0x10
[  735.706544][    C0]  ret_from_fork_asm+0x1a/0x30
[  735.711323][    C0]  </TASK>
[  735.714352][    C0] Modules linked in:
[  735.718268][    C0] ---[ end trace 0000000000000000 ]---
[  735.723730][    C0] RIP: 0010:comedi_buf_write_free+0x3c8/0x7e0
[  735.729812][    C0] Code: 41 03 45 00 48 8b 4c 24 78 42 0f b6 0c 21 84 c9 4c 8b bc 24 90 00 00 00 44 8b 74 24 54 0f 85 02 01 00 00 31 d2 48 8b 4c 24 30 <f7> 31 41 89 55 00 48 8b 44 24 70 42 0f b6 04 20 84 c0 0f 85 09 01
[  735.749427][    C0] RSP: 0018:ffffc90000007bd8 EFLAGS: 00010046
[  735.755509][    C0] RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffff88805b3c5a80
[  735.763490][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8880693d1000
[  735.771496][    C0] RBP: 0000000000000002 R08: 0000000000000000 R09: 00000000000000ff
[  735.779470][    C0] R10: dffffc0000000000 R11: ffffffff88f35200 R12: dffffc0000000000
[  735.787451][    C0] R13: ffff88805b3c5a38 R14: 0000000000000000 R15: ffff88805b3c5a00
[  735.795438][    C0] FS:  0000000000000000(0000) GS:ffff8881257ab000(0000) knlGS:0000000000000000
[  735.804368][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  735.810958][    C0] CR2: 0000001b2fd1fffc CR3: 000000005f70e000 CR4: 00000000003526f0
[  735.818936][    C0] DR0: 0000000000000002 DR1: 0000000000000002 DR2: 0000000000000008
[  735.826911][    C0] DR3: 1000000100000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  735.834890][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[  735.842435][    C0] Kernel Offset: disabled
[  735.846757][    C0] Rebooting in 86400 seconds..