last executing test programs:

18m40.695945684s ago: executing program 1 (id=2):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
socket$inet6(0xa, 0x1, 0x8010000000000084)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0x806000)
ioctl$FS_IOC_RESVSP(r2, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000003, 0x12, r1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
sendto$inet6(r0, &(0x7f0000000200)="cf", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0xfa82, @loopback, 0xffffffff}, 0x1c)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r3, 0x45809000)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={0x0, 0xe7f2}, 0x8)

18m39.776606861s ago: executing program 1 (id=5):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
clock_gettime(0x0, &(0x7f0000000040))
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_user_passkey_notify={{0x3b, 0xa}, {@none, 0x3}}}, 0xd)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{}, {0x77359400}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0})

18m37.956141773s ago: executing program 1 (id=7):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x99)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000bc0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
getpeername$unix(r0, &(0x7f0000000c00)=@abs, &(0x7f0000000c80)=0x6e)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[], 0x57)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x891018, 0x0)
mount$bind(&(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
umount2(&(0x7f0000000480)='./file0\x00', 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000002c0)=0x1)
r4 = syz_usb_connect$hid(0x2, 0x3f, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000020bc20005500000000000109022d00010000"], 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f00000000c0)={@hyper})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r6, 0x7ab, &(0x7f0000000040)={&(0x7f0000000780)={{@host, 0x2000000}, {@hyper=0x2000000}, 0x400, "884fbe2726aa0a32f3e65f908292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d66c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cf8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f303000000a640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d76440204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c607000000000000008e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411da80e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e6579c69e6466bc0cbef1536519ca409876268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c90000000000000100"}, 0x418})
sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, 0x0, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x44084)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000001200010a000000000000000080"], 0x26}}, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0/../file0\x00', &(0x7f0000000080), 0x0)
syz_usb_disconnect(r4)
syz_usb_control_io(r4, &(0x7f0000000440)={0x2c, &(0x7f00000004c0)={0x148a6e35792a5e4c, 0x18, 0x7a, {0x7a, 0x30, "7edd6a0813e2e864081d188cfcdac01841fe1ef4682177bac60cef29172ffc6eea59b41c9fc32f26db511963394d691488e84b75320cc19fa94c63cfe8fac430e1f79c81d314477e817bac89ca196ee3945000ca82505f358812bf4636c29e4c7f4903c5a3b2c99e6b34fd0549ec2d97c75f233209a8ffd9"}}, &(0x7f00000001c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x380a}}, &(0x7f0000000280)={0x0, 0xf, 0x11, {0x5, 0xf, 0x11, 0x1, [@ssp_cap={0xc, 0x10, 0xa, 0x1, 0x0, 0x0, 0xff00, 0x6}]}}, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x4, 0x7, 0x2d, "1bc9a16e", "cbf2564e"}}, &(0x7f00000003c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x3, 0x7f, 0x4, 0x3, 0x101, 0xfff8}}}, &(0x7f0000000a80)={0x84, &(0x7f0000000680)={0x0, 0x3, 0xda, "eedd123358dfd7675008f16b828d2437b13a70aaf1f823810778749e91759991e499d82346bf82348c3cbf1fefb1de79dc4a9666ebc073122b3117cb3be773c80c3b6f452c742551b463534e7e9a7ecc4b27a95bf19e3434f2fab13176af9f15f657637c44e2c551bb09dfa56e29bb8bb8a515433d5b0e0cefa710a1f0815fc226cdc40a1f1f9f4a19d3490affcac48d61343f54b524e2778bb218807d5e1e5d70911b3c612761d860d2108704bb30c74a0ac3d5568ddbf795d97824826c85e139e23626535683404ff185ad89d5b14d164711b6a7129e4572b0"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000580)={0x0, 0x8, 0x1}, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f0000000780)={0x20, 0x0, 0x4, {0x400, 0x8}}, &(0x7f00000007c0)={0x40, 0x7, 0x2, 0x8}, &(0x7f0000000800)={0x40, 0x9, 0x1, 0x7}, &(0x7f0000000840)={0x40, 0xb, 0x2, "deb0"}, &(0x7f0000000880)={0x40, 0xf, 0x2, 0x4}, &(0x7f00000008c0)={0x40, 0x13, 0x6, @random="35163f7bcad0"}, &(0x7f0000000900)={0x40, 0x17, 0x6, @link_local}, &(0x7f0000000940)={0x40, 0x19, 0x2, '(&'}, &(0x7f0000000980)={0x40, 0x1a, 0x2, 0x7f}, &(0x7f00000009c0)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000000a00)={0x40, 0x1e, 0x1, 0x40}, &(0x7f0000000a40)={0x40, 0x21, 0x1, 0x8}})
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000140)=0x10)

18m36.217736145s ago: executing program 1 (id=17):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x407}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x1400037e)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='system.posix_acl_access\x00', 0x0, 0x0, 0x3)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, &(0x7f0000000500)={0x40, 0x1, 0x2, "3aec"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000540)=ANY=[@ANYBLOB="4005bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

18m35.964993311s ago: executing program 1 (id=18):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x6, 0x6, 0x403, 0x0, 0x0, {0x3, 0x0, 0x2}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
r4 = socket(0x8000000010, 0x2, 0x0)
write(r4, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a01000000b8481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$alg(r6, &(0x7f0000003540)={0x0, 0x0, 0x0}, 0x340000c1)
recvmsg$unix(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/46, 0x2e}], 0x1}, 0x40002040)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r3, 0xc08c5334, &(0x7f0000000000)={0x7ff, 0x9, 0x1, 'queue0\x00', 0x6})

18m35.548514683s ago: executing program 32 (id=18):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x6, 0x6, 0x403, 0x0, 0x0, {0x3, 0x0, 0x2}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
r4 = socket(0x8000000010, 0x2, 0x0)
write(r4, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a01000000b8481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$alg(r6, &(0x7f0000003540)={0x0, 0x0, 0x0}, 0x340000c1)
recvmsg$unix(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/46, 0x2e}], 0x1}, 0x40002040)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r3, 0xc08c5334, &(0x7f0000000000)={0x7ff, 0x9, 0x1, 'queue0\x00', 0x6})

5.084728804s ago: executing program 0 (id=5924):
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(0x0, 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x1, [<r5=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})

4.957309241s ago: executing program 2 (id=5926):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{0x2, 0x3}, 0xe}}, {0x0, 0x0, 0x0, 0x6, @tick=0x801, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0xf, 0x3, 0x1, 0x81, 0x2}}, {0x0, 0x0, 0x0, 0x0, @tick=0x800, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xa8)
write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {0xa}, {0x0, 0x5}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x8, 0xf]}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x101]}}, {0x1, 0x0, 0x0, 0x0, @tick, {0x0, 0x40}, {}, @connect}, {0x0, 0x4, 0x3, 0x80, @tick=0xfffffffa, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff85}, {}, {}, @time=@time}], 0xc4)
write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @connect={{0x8}}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4)
write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r0, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54)
write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c)
write$sndseq(r1, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"bfcf9b64bc42ea882d9c04f5"}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x0, 0x0, 0xff}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x4, 0x0, 0x0, 0x0, @time, {}, {}, @quote={{0x5, 0x3}, 0x1000}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x1000000}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r1, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x8, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x6, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x7}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0x6, 0x54, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x2, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0xc, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @result={0x5, 0x6}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x6, 0xb3}, {0x80, 0xd}, @control={0x66, 0x800, 0x3}}], 0xfc)
write$sndseq(r1, &(0x7f0000000400)=[{0xfb, 0xb, 0xc1, 0xfc, @time={0x10, 0xfffffffb}, {0xc, 0x10}, {0x6, 0x40}, @raw32={[0x5, 0x100, 0xa4]}}, {0x7, 0xc, 0x3, 0x1, @tick=0x3, {0x40, 0xf8}, {0xa9, 0x6}, @raw32={[0x6, 0x8, 0x3]}}, {0x3, 0x5b, 0x4, 0x8, @tick=0x6, {0xdb, 0x9}, {0x0, 0x7}, @raw8={"ed88a1d5d8d036872b018577"}}], 0x54)
write$sndseq(r1, &(0x7f0000000800)=[{0x0, 0x0, 0x0, 0x0, @time={0xb, 0x3}, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xe7}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"ce274516c7da5b6da0b16993"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b134b141793d8609365bda4d"}}, {}], 0xfc)
write$sndseq(r1, &(0x7f0000000d00)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"49cbee45cad57a0372831665"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}], 0x8c)
write$sndseq(r1, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x3}, @quote}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0xfffffffc}, {}, {}, @control}], 0x38)
write$sndseq(r1, &(0x7f00000005c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)

4.889850213s ago: executing program 0 (id=5928):
syz_open_procfs(0x0, &(0x7f0000000240)='comm\x00')
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f00000000c0)={0x4, 0x4, {0x8, @usage=0x3ff, 0x0, 0xfffffffffffff156, 0x8000000000000000, 0x0, 0x1, 0x8000000000000001, 0x72, @struct={0x5, 0xf6f}, 0x40, 0x4, [0x3, 0x40, 0x3, 0x9, 0x50b4, 0x6170]}, {0xffffffffffffff81, @usage=0xd9, 0x0, 0x2df01c63, 0x7, 0x8, 0x5, 0xc, 0xc, @usage=0x10001, 0x8, 0x5, [0x80000000, 0x0, 0x1, 0x6, 0x7, 0xfffffffffffffff7]}, {0x0, @usage=0x2, 0x0, 0x806, 0x5, 0x38000000000, 0x90, 0xffffffffffffaaac, 0x86, @usage=0x1, 0x3aae, 0x3ff, [0x7, 0x2, 0x6, 0x3ff, 0x3, 0x1000]}, {0x1, 0x0, 0x2}})
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x2c8000, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, 0xffffffffffffffff, 0x7dfff000)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x200000, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001340)=[{&(0x7f0000000280)=""/4085, 0xff5}, {&(0x7f00000013c0)=""/111, 0x6f}, {&(0x7f0000000140)=""/78, 0x4e}, {&(0x7f0000001280)=""/176, 0xb0}, {&(0x7f00000001c0)=""/97, 0x61}], 0x5, 0x9, 0x8)
syz_open_procfs(0x0, &(0x7f0000000240)='comm\x00') (async)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f00000000c0)={0x4, 0x4, {0x8, @usage=0x3ff, 0x0, 0xfffffffffffff156, 0x8000000000000000, 0x0, 0x1, 0x8000000000000001, 0x72, @struct={0x5, 0xf6f}, 0x40, 0x4, [0x3, 0x40, 0x3, 0x9, 0x50b4, 0x6170]}, {0xffffffffffffff81, @usage=0xd9, 0x0, 0x2df01c63, 0x7, 0x8, 0x5, 0xc, 0xc, @usage=0x10001, 0x8, 0x5, [0x80000000, 0x0, 0x1, 0x6, 0x7, 0xfffffffffffffff7]}, {0x0, @usage=0x2, 0x0, 0x806, 0x5, 0x38000000000, 0x90, 0xffffffffffffaaac, 0x86, @usage=0x1, 0x3aae, 0x3ff, [0x7, 0x2, 0x6, 0x3ff, 0x3, 0x1000]}, {0x1, 0x0, 0x2}}) (async)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) (async)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) (async)
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x2c8000, 0x0) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, 0xffffffffffffffff, 0x7dfff000) (async)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x200000, 0x0) (async)
preadv(0xffffffffffffffff, &(0x7f0000001340)=[{&(0x7f0000000280)=""/4085, 0xff5}, {&(0x7f00000013c0)=""/111, 0x6f}, {&(0x7f0000000140)=""/78, 0x4e}, {&(0x7f0000001280)=""/176, 0xb0}, {&(0x7f00000001c0)=""/97, 0x61}], 0x5, 0x9, 0x8) (async)

4.824295783s ago: executing program 2 (id=5930):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet6(r0, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x2d}, 0xffffffff}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1400000000000000290000000b000000290100000000000058"], 0x70}, 0x4000000)

4.732188236s ago: executing program 2 (id=5931):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="0e0000000600000003047100bc4d322d51231a1c15657a049107cdaf6e0d5caad621513dc8dbc747177f7c19f5d98f85b666db0d57d3c69e7b903b47cd0391e39e5a4b5c7d97f30973a9f9da366f88e889de10235a67b9c76e6a3516e63bcdf33e5b251d0f5533cac3d53fdd225b596508b80832e8f914f6268a666709a1e97a8bf83cc3ba3526970a44a632a34c61da65cd4fcb385b8b0eaaf85c45440d2c6e2335a45a98fc5dedadd4a57dc2c4ad463abd16936fa30554"], 0x7d)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mbind(&(0x7f000078a000/0x2000)=nil, 0x2000, 0xc002, 0x0, 0x908, 0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000)
r2 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dccc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000000000), 0x4)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="1303000054009155090893b31b71a54a07"], 0xfe33)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="500000000b1402002abd7000ffdbdf2508000300020000000800010002000000080001000100000008003f0002000000080003006520b50200f7ff08003f000100000008000100000000000800030000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
modify_ldt$write(0x1, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f00000083c0)={{0x1}})
close(0x3)
r7 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r7, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="18000000420001060000000000000000050000ed"], 0x18}], 0x1}, 0x800)
setrlimit(0x40000000000008, &(0x7f0000000000)={0x20, 0x200000})
r8 = fsopen(&(0x7f00000000c0)='f2fs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
fsmount(r8, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r8, 0x7, 0x0, 0x0, 0x0)
r9 = syz_usb_connect(0x2, 0x36, &(0x7f0000000400)=ANY=[@ANYRES16=r7, @ANYBLOB="f15016d40fb01e5617169fa378e8", @ANYRES16=0x0, @ANYRES16=r5, @ANYRES32=r3, @ANYRESHEX=r2, @ANYRES32=r4, @ANYRESDEC=r5], 0x0)
syz_usb_control_io$hid(r9, 0x0, 0x0)
mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0)

4.731441663s ago: executing program 0 (id=5932):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{0x2, 0x3}, 0xe}}, {0x0, 0x0, 0x0, 0x6, @tick=0x801, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0xf, 0x3, 0x1, 0x81, 0x2}}, {0x0, 0x0, 0x0, 0x0, @tick=0x800, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0x4}, @raw8={"448cc880fe353ca0f2c2e953"}}], 0xa8)
write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {0xa}, {0x0, 0x5}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x8, 0xf]}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x101]}}, {0x1, 0x0, 0x0, 0x0, @tick, {0x0, 0x40}, {}, @connect}, {0x0, 0x4, 0x3, 0x80, @tick=0xfffffffa, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff85}, {}, {}, @time=@time}], 0xc4)
write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @connect={{0x8}}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4)
write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r0, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54)
write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c)
write$sndseq(r1, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"bfcf9b64bc42ea882d9c04f5"}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x0, 0x0, 0xff}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x4, 0x0, 0x0, 0x0, @time, {}, {}, @quote={{0x5, 0x3}, 0x1000}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x1000000}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r1, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x8, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x6, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x7}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0x6, 0x54, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x2, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0xc, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @result={0x5, 0x6}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x6, 0xb3}, {0x80, 0xd}, @control={0x66, 0x800, 0x3}}], 0xfc)
write$sndseq(r1, &(0x7f0000000400)=[{0xfb, 0xb, 0xc1, 0xfc, @time={0x10, 0xfffffffb}, {0xc, 0x10}, {0x6, 0x40}, @raw32={[0x5, 0x100, 0xa4]}}, {0x7, 0xc, 0x3, 0x1, @tick=0x3, {0x40, 0xf8}, {0xa9, 0x6}, @raw32={[0x6, 0x8, 0x3]}}, {0x3, 0x5b, 0x4, 0x8, @tick=0x6, {0xdb, 0x9}, {0x0, 0x7}, @raw8={"ed88a1d5d8d036872b018577"}}], 0x54)
write$sndseq(r1, &(0x7f0000000800)=[{0x0, 0x0, 0x0, 0x0, @time={0xb, 0x3}, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xe7}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"ce274516c7da5b6da0b16993"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b134b141793d8609365bda4d"}}, {}], 0xfc)
write$sndseq(r1, &(0x7f0000000d00)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"49cbee45cad57a0372831665"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}], 0x8c)

4.611732419s ago: executing program 0 (id=5934):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000280)={0x30, 0x30, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
openat$cgroup(r1, &(0x7f0000000140)='syz1\x00', 0x200002, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

4.078759065s ago: executing program 0 (id=5935):
r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000140)={0x1c, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001440)={0x14, &(0x7f0000001380)={0x60, 0x4, 0x5d, {0x5d, 0x3, "41c03317883f50c9814da3bec4eba7de885b4196826544cb2fcebfbd2ee5589c9145c0c1d84f1e7a16334052e357b7fd13b3ccaf2760d740ab1b46f12582d10889fbd009d64e06c798d0f5f624dd787f44921ca674044e00382542"}}, &(0x7f0000001400)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x430}}}, &(0x7f0000001800)={0x44, &(0x7f0000001480)={0x40, 0x1, 0x90, "06ebfc30f8d84817110d1d461800e2f426a551da7f008f62c0538f869684f98135107e86be4b247df78c24ef768a9ba8d4e4f49a8b69d70e42d70aa3ebe738236a3158c399ec2938c3e731e3af90b6d8425875b17f132a47b654bdb6741c3fffc0afe00c9d3e120e59b11205988c438b5f9df1a2c710948e0319b63d6bf6538b64dbfbccbb85f1fb91054f7aee47d105"}, &(0x7f0000001540)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000001580)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000015c0)={0x20, 0x81, 0x1, "cc"}, &(0x7f0000001640)=ANY=[@ANYBLOB="20820200000022b8"], &(0x7f0000001680)={0x20, 0x83, 0x3, "0a07b9"}, &(0x7f00000016c0)={0x20, 0x84, 0x2, "ef49"}, &(0x7f0000001700)={0x20, 0x85, 0x3, "2965d4"}})
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000180)={0x20, 0x6, 0xcb, {0xcb, 0xd, "fb5e6a89652471206de1898404aa795829ec172fbdb206b3267002a0499221eb78a8a1519c18d2d9007d6c36a3d1240194a20fe23d2ed99ce18684b753704f2def69d9259e7ca0ae0e41fd84f62a01da9cf8999384e43adf0e3f7e2cc1a47b12ef724ff64f5d968105ff60baee4c62fa3496a67f1b0b8be601c8f4776c320b78c594d0888633b50f0350f4281383a0c20cd0c3ebcb5f4ecd5304f81fbd5aa7925501e3f8760fc3c0f16bac9a5726738d0c05492b3d3dccfd36b7d1b9f5a3a994b4e852b6d676efadc5"}}, &(0x7f0000000380)={0x0, 0x3, 0xdd, @string={0xdd, 0x3, "facb99a742d94762d71294a04390ed489f50d94646cb8ac6c699e7b3171d6b4ebad734304f47afc0e4b9fd1f5821e90feecfb7ffad76affab459fc241c835838f167b8aa1d7bf2c51886e34b57850d359c0586681f4157c8a7c71c7db705d9265b75c978623ec120998dc9757121a9a46a94571bb3bb55c3a70b81b453330276f3a2761f98cc2ad44c6188895213e8d488d7b1fad6ff2a6aa32b3a9ba3dfe0c5173cf77a9127dd4fcbbeec352b556e9281796525918dbdb67bc5b32599c15786c654ecf5e3b382b80c003e01b80eb18f1083434f67d11562ba1261"}}, &(0x7f00000002c0)={0x0, 0xf, 0x3f, {0x5, 0xf, 0x3f, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x29, 0x7, 0x4}, @ptm_cap={0x3}, @ssp_cap={0xc, 0x10, 0xa, 0x4, 0x0, 0x8, 0xf07, 0x100}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "a4d9ac8af90784f7c4e1823a6d270430"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x76, 0x0, 0xc0}]}}, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x8, 0x3, 0x6, "301dc99b", "7302b08f"}}, &(0x7f00000000c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xd, 0x0, 0x6, 0xe, 0x1, 0x8, 0x2}}}, &(0x7f0000000a80)={0x84, &(0x7f00000004c0)={0x40, 0x3, 0xfe, "42c851e01e7fc3303f68512078aa6bc8dd205793be72e8ccc594681878f27b6b4aaa82746736189cc8a967ec9112b44826d5c0fd7d17d397ce365dac25863c7366b740cd61eb346a2f439950f7b77d354a6b259c26eaf5e4f7e543b1873a6c2186b1c07e733f9dec7e2a6f7dee88886cfa4c9172981b12ea4d4d16407c788a9beb49fde63f555a03f5b2f2d0c4924abd5ec935518b9352eb9aa0f2d2cdb5814c0e1cc48792f6ff2682796ef8c7c1db8a9acdb5491894635aabee991e5c9bc30a23d8059b971b8c5b67b31be30a815c59f8394753421512cc78790847d78d4ed83df341ae7a15739127eb32ce305d9263a2d311a06bde62254829d5569246"}, &(0x7f0000000600)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000000680)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f00000006c0)={0x20, 0x0, 0x8, {0x20, 0x8, [0xff0]}}, &(0x7f0000000700)={0x40, 0x7, 0x2, 0xfff7}, &(0x7f0000000740)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000780)={0x40, 0xb, 0x2, "14cb"}, &(0x7f00000007c0)={0x40, 0xf, 0x2, 0x6}, &(0x7f00000008c0)={0x40, 0x13, 0x6, @random="1186c47d3be9"}, &(0x7f0000000900)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000940)={0x40, 0x19, 0x2, "18ad"}, &(0x7f0000000980)={0x40, 0x1a, 0x2, 0x7}, &(0x7f00000009c0)={0x40, 0x1c, 0x1}, &(0x7f0000000a00)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000a40)={0x40, 0x21, 0x1, 0xfc}})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

1.452255979s ago: executing program 2 (id=5944):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000005, 0x2010, r0, 0x80d1f000)
socket$igmp6(0xa, 0x3, 0x2)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000200), 0xffffffffffffffff, 0x24400)
ioctl$HIDIOCGUCODE(r2, 0xc018480d, &(0x7f0000000240)={0x1, 0x2, 0x2, 0x4, 0x7, 0x9})
connect$llc(r1, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x7, 0x8, 0x1}, 0x10)
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=<r5=>0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r7, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}}, 0x0)
sendmmsg(r1, &(0x7f0000000680)=[{{&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x0, 0x4, 0x4, 0x3, {0xa, 0x4e23, 0x3, @empty, 0xfffff1e7}}}, 0x80, &(0x7f0000000140), 0x0, &(0x7f0000000380)=[{0xb0, 0x116, 0x0, "169e48e8da8341dd362f4c9e2c22612e6df8577adc453498be2e086b4383bc8809dfcca1c745f370ea712498df2e6825eb9392a189ff40363c5a839bf9bdb8c1ed27e0d6d86ed375099a75a146764853723c6193d81de022e04b8459580fb41dcae124fe8a06a5aa7cc311e13339464007b5c1a3e1326220aa13f31fd025b886f81bd563b8c8ac494f0675302d81b09a9e74c401381850cb5f93"}], 0xb0}}, {{&(0x7f0000000440)=@nfc={0x27, r5, 0x1, 0x5}, 0x80, &(0x7f0000000580)=[{&(0x7f00000004c0)="b20572879222b00647dd1fb8922a07f365fb328415f8df4487597092d8707c5ae62a29b96b832a3ac7ea07db5827cb227f9c6011d1ed2cbd45be1ff260afb94fe4175080d9f627cbe1c357183f4c2cedb7595c45aab1f0ab60aa861423b23a8ba68f1cff2e828e30c85b2e529990e38f82d61843ab5d11d5235f9af84a07560ad7784b64c26aa1a390ba6210f57bd2f42a18142122e1e28224cbf9fd02bfb363d9a67c3d0ea1643cdfba9b1d03961eda4d0e9948f60d10cc75d1", 0xba}], 0x1, &(0x7f00000005c0)=[{0x38, 0x108, 0xd3, "e23876691d5922c85cdbc848e77b51c30a71dc25499fd2e897acaaadb937a7ae89"}, {0x30, 0x117, 0x71f, "c72bd31b240fa3034f00f99760484d24581981d71bf9df435543cd897d"}, {0x50, 0x10a, 0x80, "eae34fa3f750f278ec0ceefab93945078613983301922c87c5a8a9882cef5f22c1b2e13266a896687820dadce5083434f058de44f31770ed1d12af"}], 0xb8}}], 0x2, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

1.254782758s ago: executing program 4 (id=5946):
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x8, 0x27, 0x3202, @vifc_lcl_ifindex, @local}, 0x10)

1.108368245s ago: executing program 4 (id=5947):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000ffef0000000900000030000380140002007369743000000000000000000000000006000400ffff00000800030000000000080001"], 0x44}}, 0x0)

962.645617ms ago: executing program 3 (id=5951):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{0x2, 0x3}, 0xe}}, {0x0, 0x0, 0x0, 0x6, @tick=0x801, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0xf, 0x3, 0x1, 0x81, 0x2}}, {0x0, 0x0, 0x0, 0x0, @tick=0x800, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0x4}, @raw8={"448cc880fe353ca0f2c2e953"}}], 0xa8)
write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {0xa}, {0x0, 0x5}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x8, 0xf]}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x101]}}, {0x1, 0x0, 0x0, 0x0, @tick, {0x0, 0x40}, {}, @connect}, {0x0, 0x4, 0x3, 0x80, @tick=0xfffffffa, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff85}, {}, {}, @time=@time}], 0xc4)
write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @connect={{0x8}}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4)
write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r0, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54)
write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c)
write$sndseq(r1, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"bfcf9b64bc42ea882d9c04f5"}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x0, 0x0, 0xff}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x4, 0x0, 0x0, 0x0, @time, {}, {}, @quote={{0x5, 0x3}, 0x1000}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x1000000}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r1, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x8, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x6, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x7}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0x6, 0x54, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x2, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0xc, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @result={0x5, 0x6}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x6, 0xb3}, {0x80, 0xd}, @control={0x66, 0x800, 0x3}}], 0xfc)
write$sndseq(r1, &(0x7f0000000400)=[{0xfb, 0xb, 0xc1, 0xfc, @time={0x10, 0xfffffffb}, {0xc, 0x10}, {0x6, 0x40}, @raw32={[0x5, 0x100, 0xa4]}}, {0x7, 0xc, 0x3, 0x1, @tick=0x3, {0x40, 0xf8}, {0xa9, 0x6}, @raw32={[0x6, 0x8, 0x3]}}, {0x3, 0x5b, 0x4, 0x8, @tick=0x6, {0xdb, 0x9}, {0x0, 0x7}, @raw8={"ed88a1d5d8d036872b018577"}}], 0x54)
write$sndseq(r1, &(0x7f0000000800)=[{0x0, 0x0, 0x0, 0x0, @time={0xb, 0x3}, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xe7}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"ce274516c7da5b6da0b16993"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b134b141793d8609365bda4d"}}, {}], 0xfc)
write$sndseq(r1, &(0x7f0000000d00)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"49cbee45cad57a0372831665"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}], 0x8c)

923.784417ms ago: executing program 3 (id=5952):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200210008000300", @ANYRES32=r2, @ANYBLOB='\b\x00%'], 0x3c}, 0x1, 0x0, 0x0, 0x7000000}, 0x0)

806.863666ms ago: executing program 0 (id=5953):
r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a20102030109022400010000000009040000029233500009050602ff030000000905ba3e79"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="40010400000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000780)={0x1c, &(0x7f0000000600)={0x0, 0x0, 0x1a, "dfb323e8932ccb87be7080c209aebd23e5f31a9898c409f8542a"}, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272})
ioctl$TUNSETLINK(r4, 0x400454cd, 0x10e)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

437.059776ms ago: executing program 3 (id=5954):
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r0, 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, 0x0, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={r3, 0x0, 0x0, 0x0, 0x1, [<r4=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5})

436.547304ms ago: executing program 4 (id=5955):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{0x2, 0x3}, 0xe}}, {0x0, 0x0, 0x0, 0x6, @tick=0x801, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0xf, 0x3, 0x1, 0x81, 0x2}}, {0x0, 0x0, 0x0, 0x0, @tick=0x800, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0x4}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xc4)
write$sndseq(r1, 0x0, 0x0)
write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @connect={{0x8}}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4)
write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r0, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54)
write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c)
write$sndseq(r1, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"bfcf9b64bc42ea882d9c04f5"}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x0, 0x0, 0xff}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x4, 0x0, 0x0, 0x0, @time, {}, {}, @quote={{0x5, 0x3}, 0x1000}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x1000000}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r1, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x8, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x6, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x7}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0x6, 0x54, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x2, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0xc, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @result={0x5, 0x6}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x6, 0xb3}, {0x80, 0xd}, @control={0x66, 0x800, 0x3}}], 0xfc)
write$sndseq(r1, &(0x7f0000000400)=[{0xfb, 0xb, 0xc1, 0xfc, @time={0x10, 0xfffffffb}, {0xc, 0x10}, {0x6, 0x40}, @raw32={[0x5, 0x100, 0xa4]}}, {0x7, 0xc, 0x3, 0x1, @tick=0x3, {0x40, 0xf8}, {0xa9, 0x6}, @raw32={[0x6, 0x8, 0x3]}}, {0x3, 0x5b, 0x4, 0x8, @tick=0x6, {0xdb, 0x9}, {0x0, 0x7}, @raw8={"ed88a1d5d8d036872b018577"}}], 0x54)
write$sndseq(r1, &(0x7f0000000800)=[{0x0, 0x0, 0x0, 0x0, @time={0xb, 0x3}, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xe7}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"ce274516c7da5b6da0b16993"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b134b141793d8609365bda4d"}}, {}], 0xfc)

432.599071ms ago: executing program 2 (id=5956):
socket$inet6_mptcp(0xa, 0x1, 0x106)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x8, 0x27, 0x3202, @vifc_lcl_ifindex, @local}, 0x10)

381.836355ms ago: executing program 3 (id=5957):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{0x2, 0x3}, 0xe}}, {0x0, 0x0, 0x0, 0x6, @tick=0x801, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0xf, 0x3, 0x1, 0x81, 0x2}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0x4}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xa8)
write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {0xa}, {0x0, 0x5}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x8, 0xf]}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x101]}}, {0x1, 0x0, 0x0, 0x0, @tick, {0x0, 0x40}, {}, @connect}, {0x0, 0x4, 0x3, 0x80, @tick=0xfffffffa, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff85}, {}, {}, @time=@time}], 0xc4)
write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @connect={{0x8}}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4)
write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r0, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54)
write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c)
write$sndseq(r1, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"bfcf9b64bc42ea882d9c04f5"}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x0, 0x0, 0xff}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x4, 0x0, 0x0, 0x0, @time, {}, {}, @quote={{0x5, 0x3}, 0x1000}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x1000000}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r1, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x8, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x6, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x7}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0x6, 0x54, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x2, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0xc, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @result={0x5, 0x6}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x6, 0xb3}, {0x80, 0xd}, @control={0x66, 0x800, 0x3}}], 0xfc)
write$sndseq(r1, &(0x7f0000000400)=[{0xfb, 0xb, 0xc1, 0xfc, @time={0x10, 0xfffffffb}, {0xc, 0x10}, {0x6, 0x40}, @raw32={[0x5, 0x100, 0xa4]}}, {0x7, 0xc, 0x3, 0x1, @tick=0x3, {0x40, 0xf8}, {0xa9, 0x6}, @raw32={[0x6, 0x8, 0x3]}}, {0x3, 0x5b, 0x4, 0x8, @tick=0x6, {0xdb, 0x9}, {0x0, 0x7}, @raw8={"ed88a1d5d8d036872b018577"}}], 0x54)
write$sndseq(r1, &(0x7f0000000800)=[{0x0, 0x0, 0x0, 0x0, @time={0xb, 0x3}, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xe7}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"ce274516c7da5b6da0b16993"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b134b141793d8609365bda4d"}}, {}], 0xfc)
write$sndseq(r1, &(0x7f0000000d00)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"49cbee45cad57a0372831665"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}], 0x8c)
write$sndseq(r1, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x3}, @quote}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0xfffffffc}, {}, {}, @control}], 0x38)
write$sndseq(r1, &(0x7f00000005c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)

344.828767ms ago: executing program 4 (id=5958):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="020b0700fc67", 0x6}], 0x1}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

320.922273ms ago: executing program 2 (id=5959):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000cf8bed20d90f25001f29000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000700)=ANY=[@ANYBLOB="20ab01"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000140)={0x0, 0x1, 0x5, &(0x7f0000000040)={0x19, "78b3060abe61f6304382447c087935e141a6349f941d4dc197ce000000000000c0"}})

244.872792ms ago: executing program 3 (id=5960):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{0x2, 0x3}, 0xe}}, {0x0, 0x0, 0x0, 0x6, @tick=0x801, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0xf, 0x3, 0x1, 0x81, 0x2}}, {0x0, 0x0, 0x0, 0x0, @tick=0x800, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0x4}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xa8)
write$sndseq(r1, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {0xa}, {0x0, 0x5}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x8, 0xf]}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32={[0x0, 0x101]}}, {0x1, 0x0, 0x0, 0x0, @tick, {0x0, 0x40}, {}, @connect}, {0x0, 0x4, 0x3, 0x80, @tick=0xfffffffa, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff85}, {}, {}, @time=@time}], 0xc4)
write$sndseq(r1, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r1, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @tick=0x6, {}, {}, @connect={{0x8}}}, {0x0, 0x0, 0x0, 0x0, @tick=0xfffffffc, {0x6}, {}, @control}], 0xc4)
write$sndseq(r1, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time, {0x0, 0x8}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x20}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
write$sndseq(r0, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, @time={0x9, 0xefa}, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x800]}}, {0x0, 0x0, 0x2, 0x6, @time, {}, {}, @control}], 0x54)
write$sndseq(r1, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {0x3}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4)
write$sndseq(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c)
write$sndseq(r1, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"bfcf9b64bc42ea882d9c04f5"}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @note={0x0, 0x0, 0xff}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x4, 0x0, 0x0, 0x0, @time, {}, {}, @quote={{0x5, 0x3}, 0x1000}}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0x1000000}, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r1, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x8, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x6, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x7}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0x6, 0x54, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x2, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0xc, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @result={0x5, 0x6}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x6, 0xb3}, {0x80, 0xd}, @control={0x66, 0x800, 0x3}}], 0xfc)
write$sndseq(r1, &(0x7f0000000400)=[{0xfb, 0xb, 0xc1, 0xfc, @time={0x10, 0xfffffffb}, {0xc, 0x10}, {0x6, 0x40}, @raw32={[0x5, 0x100, 0xa4]}}, {0x7, 0xc, 0x3, 0x1, @tick=0x3, {0x40, 0xf8}, {0xa9, 0x6}, @raw32={[0x6, 0x8, 0x3]}}, {0x3, 0x5b, 0x4, 0x8, @tick=0x6, {0xdb, 0x9}, {0x0, 0x7}, @raw8={"ed88a1d5d8d036872b018577"}}], 0x54)
write$sndseq(r1, &(0x7f0000000800)=[{0x0, 0x0, 0x0, 0x0, @time={0xb, 0x3}, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xe7}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"ce274516c7da5b6da0b16993"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b134b141793d8609365bda4d"}}, {}], 0xfc)
write$sndseq(r1, &(0x7f0000000d00)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"49cbee45cad57a0372831665"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}], 0x8c)
write$sndseq(r1, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x0, 0x3}, @quote}, {0x0, 0x0, 0x0, 0x0, @time={0x0, 0xfffffffc}, {}, {}, @control}], 0x38)

160.317906ms ago: executing program 3 (id=5961):
r0 = syz_usb_connect(0x1, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "b3f0"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000140)={0x1c, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001440)={0x14, &(0x7f0000001380)={0x60, 0x4, 0x5d, {0x5d, 0x3, "41c03317883f50c9814da3bec4eba7de885b4196826544cb2fcebfbd2ee5589c9145c0c1d84f1e7a16334052e357b7fd13b3ccaf2760d740ab1b46f12582d10889fbd009d64e06c798d0f5f624dd787f44921ca674044e00382542"}}, &(0x7f0000001400)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x430}}}, &(0x7f0000001800)={0x44, &(0x7f0000001480)={0x40, 0x1, 0x90, "06ebfc30f8d84817110d1d461800e2f426a551da7f008f62c0538f869684f98135107e86be4b247df78c24ef768a9ba8d4e4f49a8b69d70e42d70aa3ebe738236a3158c399ec2938c3e731e3af90b6d8425875b17f132a47b654bdb6741c3fffc0afe00c9d3e120e59b11205988c438b5f9df1a2c710948e0319b63d6bf6538b64dbfbccbb85f1fb91054f7aee47d105"}, &(0x7f0000001540)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000001580)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000015c0)={0x20, 0x81, 0x1, "cc"}, &(0x7f0000001640)=ANY=[@ANYBLOB="20820200000022b8"], &(0x7f0000001680)={0x20, 0x83, 0x3, "0a07b9"}, &(0x7f00000016c0)={0x20, 0x84, 0x2, "ef49"}, &(0x7f0000001700)={0x20, 0x85, 0x3, "2965d4"}})
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f0000000180)={0x20, 0x6, 0xcb, {0xcb, 0xd, "fb5e6a89652471206de1898404aa795829ec172fbdb206b3267002a0499221eb78a8a1519c18d2d9007d6c36a3d1240194a20fe23d2ed99ce18684b753704f2def69d9259e7ca0ae0e41fd84f62a01da9cf8999384e43adf0e3f7e2cc1a47b12ef724ff64f5d968105ff60baee4c62fa3496a67f1b0b8be601c8f4776c320b78c594d0888633b50f0350f4281383a0c20cd0c3ebcb5f4ecd5304f81fbd5aa7925501e3f8760fc3c0f16bac9a5726738d0c05492b3d3dccfd36b7d1b9f5a3a994b4e852b6d676efadc5"}}, &(0x7f0000000380)={0x0, 0x3, 0xdd, @string={0xdd, 0x3, "facb99a742d94762d71294a04390ed489f50d94646cb8ac6c699e7b3171d6b4ebad734304f47afc0e4b9fd1f5821e90feecfb7ffad76affab459fc241c835838f167b8aa1d7bf2c51886e34b57850d359c0586681f4157c8a7c71c7db705d9265b75c978623ec120998dc9757121a9a46a94571bb3bb55c3a70b81b453330276f3a2761f98cc2ad44c6188895213e8d488d7b1fad6ff2a6aa32b3a9ba3dfe0c5173cf77a9127dd4fcbbeec352b556e9281796525918dbdb67bc5b32599c15786c654ecf5e3b382b80c003e01b80eb18f1083434f67d11562ba1261"}}, &(0x7f00000002c0)={0x0, 0xf, 0x3f, {0x5, 0xf, 0x3f, 0x6, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x29, 0x7, 0x4}, @ptm_cap={0x3}, @ssp_cap={0xc, 0x10, 0xa, 0x4, 0x0, 0x8, 0xf07, 0x100}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "a4d9ac8af90784f7c4e1823a6d270430"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x76, 0x0, 0xc0}]}}, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x8, 0x3, 0x6, "301dc99b", "7302b08f"}}, &(0x7f00000000c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xd, 0x0, 0x6, 0xe, 0x1, 0x8, 0x2}}}, &(0x7f0000000a80)={0x84, &(0x7f00000004c0)={0x40, 0x3, 0xfe, "42c851e01e7fc3303f68512078aa6bc8dd205793be72e8ccc594681878f27b6b4aaa82746736189cc8a967ec9112b44826d5c0fd7d17d397ce365dac25863c7366b740cd61eb346a2f439950f7b77d354a6b259c26eaf5e4f7e543b1873a6c2186b1c07e733f9dec7e2a6f7dee88886cfa4c9172981b12ea4d4d16407c788a9beb49fde63f555a03f5b2f2d0c4924abd5ec935518b9352eb9aa0f2d2cdb5814c0e1cc48792f6ff2682796ef8c7c1db8a9acdb5491894635aabee991e5c9bc30a23d8059b971b8c5b67b31be30a815c59f8394753421512cc78790847d78d4ed83df341ae7a15739127eb32ce305d9263a2d311a06bde62254829d5569246"}, &(0x7f0000000600)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x81}, &(0x7f0000000680)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f00000006c0)={0x20, 0x0, 0x8, {0x20, 0x8, [0xff0]}}, &(0x7f0000000700)={0x40, 0x7, 0x2, 0xfff7}, &(0x7f0000000740)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000780)={0x40, 0xb, 0x2, "14cb"}, &(0x7f00000007c0)={0x40, 0xf, 0x2, 0x6}, &(0x7f00000008c0)={0x40, 0x13, 0x6, @random="1186c47d3be9"}, &(0x7f0000000900)={0x40, 0x17, 0x6, @multicast}, &(0x7f0000000940)={0x40, 0x19, 0x2, "18ad"}, &(0x7f0000000980)={0x40, 0x1a, 0x2, 0x7}, &(0x7f00000009c0)={0x40, 0x1c, 0x1}, &(0x7f0000000a00)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000a40)={0x40, 0x21, 0x1, 0xfc}})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

102.217346ms ago: executing program 4 (id=5962):
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='veno\x00', 0x5)

0s ago: executing program 4 (id=5963):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

2 req 02 val 2000
[ 1097.035765][T21687] pwc: recv_control_msg error -32 req 02 val 2100
[ 1097.268663][T21687] pwc: recv_control_msg error -71 req 02 val 2500
[ 1097.282138][T21687] pwc: recv_control_msg error -71 req 02 val 2400
[ 1097.289260][T21687] pwc: recv_control_msg error -71 req 02 val 2600
[ 1097.297708][T21687] pwc: recv_control_msg error -71 req 02 val 2900
[ 1097.305432][T21687] pwc: recv_control_msg error -71 req 02 val 2800
[ 1097.313584][T21687] pwc: recv_control_msg error -71 req 04 val 1100
[ 1097.320631][T21687] pwc: recv_control_msg error -71 req 04 val 1200
[ 1097.330985][T21687] pwc: Registered as video103.
[ 1097.346584][T21687] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input178
[ 1097.370805][T21687] usb 1-1: USB disconnect, device number 101
[ 1098.798545][T21687] usb 3-1: USB disconnect, device number 11
[ 1100.115754][T22372] kvm: pic: non byte write
[ 1100.454707][ T1627] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1100.465601][T21687] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[ 1100.615139][ T1627] usb 4-1: Using ep0 maxpacket: 8
[ 1100.624776][ T1627] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[ 1100.633954][ T1627] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1100.636624][T21687] usb 3-1: Using ep0 maxpacket: 8
[ 1100.642127][ T1627] usb 4-1: Product: syz
[ 1100.651406][ T1627] usb 4-1: Manufacturer: syz
[ 1100.656084][ T1627] usb 4-1: SerialNumber: syz
[ 1100.659848][T21687] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[ 1100.675281][T21687] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1100.676156][ T1627] usb 4-1: config 0 descriptor??
[ 1100.683520][T21687] usb 3-1: Product: syz
[ 1100.698193][T21687] usb 3-1: Manufacturer: syz
[ 1100.698571][ T1627] gspca_main: sonixj-2.14.0 probing 0c45:613a
[ 1100.726598][T21687] usb 3-1: SerialNumber: syz
[ 1100.745889][T21687] usb 3-1: config 0 descriptor??
[ 1100.767759][T21687] gspca_main: sonixj-2.14.0 probing 0c45:613e
[ 1101.267986][ T9808] usb 5-1: new low-speed USB device number 75 using dummy_hcd
[ 1101.331470][ T5867] usb 1-1: new full-speed USB device number 102 using dummy_hcd
[ 1101.440384][ T9808] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1101.450777][ T9808] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1101.460671][ T9808] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1101.469752][ T9808] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1101.481054][ T9808] usb 5-1: config 0 descriptor??
[ 1101.495524][ T5867] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1101.505118][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1101.520252][ T5867] usb 1-1: config 0 descriptor??
[ 1102.389262][ T5867] pegasus 1-1:0.0: probe with driver pegasus failed with error -32
[ 1102.418672][ T5867] usb 1-1: USB disconnect, device number 102
[ 1103.149562][T21687] gspca_sonixj: reg_w1 err -71
[ 1103.160911][T21687] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[ 1103.182358][T21687] usb 3-1: USB disconnect, device number 12
[ 1103.747504][ T1627] gspca_sonixj: i2c_w8 err -71
[ 1103.802132][ T1627] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[ 1103.826189][ T1627] usb 4-1: USB disconnect, device number 46
[ 1104.238518][T21687] usb 5-1: USB disconnect, device number 75
[ 1104.538970][T22416] kvm: pic: non byte write
[ 1104.701895][T21687] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[ 1104.885414][T21687] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1104.923692][T21687] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1104.932784][T21687] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1104.956615][T21687] usb 5-1: config 0 descriptor??
[ 1104.993863][T21687] pwc: Askey VC010 type 2 USB webcam detected.
[ 1105.244136][ T5867] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[ 1105.417311][ T5867] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1105.429368][T21687] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1105.436404][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1105.448939][T21687] pwc: recv_control_msg error -32 req 02 val 2700
[ 1105.457149][T21687] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1105.465697][T21687] pwc: recv_control_msg error -32 req 04 val 1000
[ 1105.478075][T21687] pwc: recv_control_msg error -32 req 04 val 1300
[ 1105.493871][ T5867] usb 3-1: config 0 descriptor??
[ 1105.506654][T21687] pwc: recv_control_msg error -32 req 04 val 1400
[ 1105.521922][T21687] pwc: recv_control_msg error -32 req 02 val 2000
[ 1105.534800][T21687] pwc: recv_control_msg error -32 req 02 val 2100
[ 1105.757187][T21687] pwc: recv_control_msg error -71 req 02 val 2500
[ 1105.768686][T21687] pwc: recv_control_msg error -71 req 02 val 2400
[ 1105.775745][T21687] pwc: recv_control_msg error -71 req 02 val 2600
[ 1105.789634][T21687] pwc: recv_control_msg error -71 req 02 val 2900
[ 1105.796885][T21687] pwc: recv_control_msg error -71 req 02 val 2800
[ 1105.810425][T21687] pwc: recv_control_msg error -71 req 04 val 1100
[ 1105.820226][T21687] pwc: recv_control_msg error -71 req 04 val 1200
[ 1105.839003][T21687] pwc: Registered as video103.
[ 1105.848149][T21687] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input179
[ 1105.875078][ T1627] usb 4-1: new low-speed USB device number 47 using dummy_hcd
[ 1105.913422][T21687] usb 5-1: USB disconnect, device number 76
[ 1106.061469][ T1627] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1106.072418][ T1627] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1106.081645][ T1627] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1106.090903][ T1627] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1106.102510][ T1627] usb 4-1: config 0 descriptor??
[ 1106.110847][T22436] 9pnet_fd: Insufficient options for proto=fd
[ 1106.119023][T22436] /dev/rnullb0: Can't open blockdev
[ 1106.363392][ T5867] pegasus 3-1:0.0: probe with driver pegasus failed with error -32
[ 1106.377927][ T5867] usb 3-1: USB disconnect, device number 13
[ 1106.689854][T21687] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 1106.869265][T21687] usb 5-1: Using ep0 maxpacket: 8
[ 1106.878095][T21687] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[ 1106.887293][T21687] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.895447][T21687] usb 5-1: Product: syz
[ 1106.899704][T21687] usb 5-1: Manufacturer: syz
[ 1106.911798][T21687] usb 5-1: SerialNumber: syz
[ 1106.918444][T21687] usb 5-1: config 0 descriptor??
[ 1106.935480][T21687] gspca_main: sonixj-2.14.0 probing 0c45:613a
[ 1107.000120][T22443] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5278'.
[ 1107.336082][T22457] binder: 22456:22457 ioctl 4018620d 0 returned -22
[ 1107.391337][T22457] kvm: pic: single mode not supported
[ 1107.391361][T22457] kvm: pic: level sensitive irq not supported
[ 1108.611710][ T1627] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[ 1108.787785][ T1627] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1108.798487][ T1627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1108.810482][ T1627] usb 3-1: config 0 descriptor??
[ 1108.886000][   T44] usb 4-1: USB disconnect, device number 47
[ 1109.654018][T22485] binder: 22484:22485 ioctl 4018620d 0 returned -22
[ 1109.708225][T22485] kvm: pic: single mode not supported
[ 1109.708250][T22485] kvm: pic: level sensitive irq not supported
[ 1109.711280][ T1627] pegasus 3-1:0.0: probe with driver pegasus failed with error -32
[ 1109.740989][ T1627] usb 3-1: USB disconnect, device number 14
[ 1109.990718][T21687] gspca_sonixj: i2c_w8 err -71
[ 1110.033664][T21687] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[ 1110.057539][T21687] usb 5-1: USB disconnect, device number 77
[ 1110.835335][ T5867] usb 3-1: new low-speed USB device number 15 using dummy_hcd
[ 1111.008346][ T5867] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1111.032513][ T5867] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1111.052770][ T5867] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1111.071700][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1111.093448][ T5867] usb 3-1: config 0 descriptor??
[ 1112.587873][T22530] FAULT_INJECTION: forcing a failure.
[ 1112.587873][T22530] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1112.608253][T22530] CPU: 1 UID: 0 PID: 22530 Comm: syz.3.5310 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1112.608283][T22530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1112.608297][T22530] Call Trace:
[ 1112.608305][T22530]  <TASK>
[ 1112.608312][T22530]  dump_stack_lvl+0x189/0x250
[ 1112.608339][T22530]  ? __pfx____ratelimit+0x10/0x10
[ 1112.608360][T22530]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1112.608382][T22530]  ? __pfx__printk+0x10/0x10
[ 1112.608405][T22530]  ? __might_fault+0xb0/0x130
[ 1112.608436][T22530]  should_fail_ex+0x414/0x560
[ 1112.608472][T22530]  _copy_from_user+0x2d/0xb0
[ 1112.608493][T22530]  input_event_from_user+0xb2/0x280
[ 1112.608520][T22530]  ? __pfx_input_event_from_user+0x10/0x10
[ 1112.608549][T22530]  ? input_inject_event+0xbc/0x320
[ 1112.608583][T22530]  evdev_write+0x2a6/0x480
[ 1112.608612][T22530]  ? __pfx_evdev_write+0x10/0x10
[ 1112.608641][T22530]  ? bpf_lsm_file_permission+0x9/0x20
[ 1112.608669][T22530]  ? security_file_permission+0x75/0x290
[ 1112.608700][T22530]  ? rw_verify_area+0x258/0x650
[ 1112.608721][T22530]  ? __pfx_evdev_write+0x10/0x10
[ 1112.608749][T22530]  vfs_write+0x27b/0xa90
[ 1112.608780][T22530]  ? __pfx_vfs_write+0x10/0x10
[ 1112.608803][T22530]  ? __fget_files+0x2a/0x420
[ 1112.608831][T22530]  ? __fget_files+0x2a/0x420
[ 1112.608854][T22530]  ? __fget_files+0x3a0/0x420
[ 1112.608877][T22530]  ? __fget_files+0x2a/0x420
[ 1112.608911][T22530]  ksys_write+0x145/0x250
[ 1112.608935][T22530]  ? __pfx_ksys_write+0x10/0x10
[ 1112.608954][T22530]  ? rcu_is_watching+0x15/0xb0
[ 1112.608979][T22530]  ? do_syscall_64+0xbe/0x3b0
[ 1112.609005][T22530]  do_syscall_64+0xfa/0x3b0
[ 1112.609026][T22530]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1112.609047][T22530]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.609067][T22530]  ? clear_bhb_loop+0x60/0xb0
[ 1112.609091][T22530]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.609111][T22530] RIP: 0033:0x7fcc11d8e929
[ 1112.609129][T22530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1112.609147][T22530] RSP: 002b:00007fcc12b6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1112.609168][T22530] RAX: ffffffffffffffda RBX: 00007fcc11fb5fa0 RCX: 00007fcc11d8e929
[ 1112.609184][T22530] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000004
[ 1112.609196][T22530] RBP: 00007fcc12b6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1112.609208][T22530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1112.609221][T22530] R13: 0000000000000000 R14: 00007fcc11fb5fa0 R15: 00007fffd6c8a148
[ 1112.609254][T22530]  </TASK>
[ 1112.781106][ T5867] usb 1-1: new full-speed USB device number 104 using dummy_hcd
[ 1113.049908][ T5867] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1113.069657][ T1627] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[ 1113.073860][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1113.102554][ T5867] usb 1-1: config 0 descriptor??
[ 1113.237253][ T1627] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1113.247851][ T1627] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1113.260588][ T1627] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1113.282526][ T1627] usb 5-1: New USB device found, idVendor=0525, idProduct=85a1, bcdDevice= 0.40
[ 1113.292291][ T1627] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1113.305848][ T1627] usb 5-1: Product: syz
[ 1113.310125][ T1627] usb 5-1: Manufacturer: syz
[ 1113.314961][ T1627] usb 5-1: SerialNumber: syz
[ 1113.629056][T22540] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:20000
[ 1113.853192][   T44] usb 3-1: USB disconnect, device number 15
[ 1113.994376][ T5867] pegasus 1-1:0.0: probe with driver pegasus failed with error -32
[ 1114.091196][ T5867] usb 1-1: USB disconnect, device number 104
[ 1115.327127][ T5867] usb 4-1: new low-speed USB device number 48 using dummy_hcd
[ 1115.421601][T21687] usb 1-1: new low-speed USB device number 105 using dummy_hcd
[ 1115.487582][ T5867] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1115.497452][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1115.508002][ T5867] usb 4-1: config 0 descriptor??
[ 1115.584143][T21687] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1115.593541][T21687] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1115.602651][T21687] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1115.613731][T21687] usb 1-1: config 0 descriptor??
[ 1116.139572][ T1627] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[ 1116.146437][ T1627] cdc_ncm 5-1:1.0: bind() failure
[ 1116.165228][ T1627] usb 5-1: USB disconnect, device number 78
[ 1116.576379][   T44] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[ 1116.778151][   T44] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1116.807777][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1116.877875][   T44] usb 3-1: config 0 descriptor??
[ 1117.639342][T22585] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5332'.
[ 1117.818980][   T44] pegasus 3-1:0.0: probe with driver pegasus failed with error -32
[ 1117.853553][   T44] usb 3-1: USB disconnect, device number 16
[ 1118.202838][ T5867] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1118.282831][ T5867] asix 4-1:0.0: probe with driver asix failed with error -71
[ 1118.460345][ T5867] usb 4-1: USB disconnect, device number 48
[ 1118.992083][   T44] usb 1-1: USB disconnect, device number 105
[ 1119.072233][T22601] FAULT_INJECTION: forcing a failure.
[ 1119.072233][T22601] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1119.085614][T22601] CPU: 1 UID: 0 PID: 22601 Comm: syz.4.5337 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1119.085643][T22601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1119.085657][T22601] Call Trace:
[ 1119.085666][T22601]  <TASK>
[ 1119.085674][T22601]  dump_stack_lvl+0x189/0x250
[ 1119.085702][T22601]  ? __pfx____ratelimit+0x10/0x10
[ 1119.085724][T22601]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1119.085747][T22601]  ? __pfx__printk+0x10/0x10
[ 1119.085770][T22601]  ? __might_fault+0xb0/0x130
[ 1119.085802][T22601]  should_fail_ex+0x414/0x560
[ 1119.085838][T22601]  _copy_from_iter+0x1db/0x16f0
[ 1119.085880][T22601]  ? __pfx__copy_from_iter+0x10/0x10
[ 1119.085905][T22601]  ? sock_alloc_send_pskb+0x875/0x990
[ 1119.085941][T22601]  ? __pfx__copy_from_iter+0x10/0x10
[ 1119.085972][T22601]  ? page_copy_sane+0x16a/0x280
[ 1119.086003][T22601]  copy_page_from_iter+0xdd/0x170
[ 1119.086036][T22601]  skb_copy_datagram_from_iter+0x306/0x720
[ 1119.086080][T22601]  tun_get_user+0x15c3/0x3ce0
[ 1119.086118][T22601]  ? aa_file_perm+0x13e/0x11b0
[ 1119.086145][T22601]  ? aa_file_perm+0x13e/0x11b0
[ 1119.086170][T22601]  ? aa_file_perm+0x3ed/0x11b0
[ 1119.086198][T22601]  ? __pfx_tun_get_user+0x10/0x10
[ 1119.086234][T22601]  ? __lock_acquire+0xab9/0xd20
[ 1119.086269][T22601]  ? ref_tracker_alloc+0x318/0x460
[ 1119.086287][T22601]  ? __lock_acquire+0xab9/0xd20
[ 1119.086317][T22601]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1119.086344][T22601]  ? tun_get+0x1c/0x2f0
[ 1119.086376][T22601]  ? tun_get+0x1c/0x2f0
[ 1119.086402][T22601]  ? tun_get+0x1c/0x2f0
[ 1119.086434][T22601]  tun_chr_write_iter+0x113/0x200
[ 1119.086463][T22601]  vfs_write+0x548/0xa90
[ 1119.086489][T22601]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1119.086517][T22601]  ? __pfx_vfs_write+0x10/0x10
[ 1119.086555][T22601]  ? __fget_files+0x2a/0x420
[ 1119.086588][T22601]  ksys_write+0x145/0x250
[ 1119.086612][T22601]  ? __pfx_ksys_write+0x10/0x10
[ 1119.086630][T22601]  ? rcu_is_watching+0x15/0xb0
[ 1119.086655][T22601]  ? do_syscall_64+0xbe/0x3b0
[ 1119.086682][T22601]  do_syscall_64+0xfa/0x3b0
[ 1119.086702][T22601]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1119.086723][T22601]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.086742][T22601]  ? clear_bhb_loop+0x60/0xb0
[ 1119.086767][T22601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1119.086787][T22601] RIP: 0033:0x7f345618e929
[ 1119.086804][T22601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1119.086822][T22601] RSP: 002b:00007f3456f26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1119.086844][T22601] RAX: ffffffffffffffda RBX: 00007f34563b5fa0 RCX: 00007f345618e929
[ 1119.086860][T22601] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003
[ 1119.086874][T22601] RBP: 00007f3456f26090 R08: 0000000000000000 R09: 0000000000000000
[ 1119.086887][T22601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1119.086899][T22601] R13: 0000000000000000 R14: 00007f34563b5fa0 R15: 00007ffed03b7748
[ 1119.086930][T22601]  </TASK>
[ 1120.622671][T22629] input: syz0 as /devices/virtual/input/input180
[ 1120.641192][T22629] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1120.773991][T22636] NILFS (rnullb0): couldn't find nilfs on the device
[ 1120.788341][   T44] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 1120.831358][ T5867] usb 4-1: new low-speed USB device number 49 using dummy_hcd
[ 1120.884909][T21687] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[ 1120.927267][   T44] usb 5-1: device descriptor read/64, error -71
[ 1121.006710][ T5867] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1121.017337][ T5867] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1121.031158][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.045594][ T5867] usb 4-1: config 0 descriptor??
[ 1121.078752][T21687] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1121.092926][T21687] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.114762][T21687] usb 3-1: config 0 descriptor??
[ 1121.183850][   T44] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 1121.558666][T20034] Bluetooth: hci0: command 0x0406 tx timeout
[ 1122.073889][T21687] pegasus 3-1:0.0: probe with driver pegasus failed with error -32
[ 1122.109494][T21687] usb 3-1: USB disconnect, device number 17
[ 1122.188833][   T44] usb 5-1: device descriptor read/64, error -71
[ 1122.306866][   T44] usb usb5-port1: attempt power cycle
[ 1122.370483][ T1627] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1122.531074][ T1627] usb 1-1: Using ep0 maxpacket: 32
[ 1122.537973][ T1627] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f
[ 1122.547143][ T1627] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.557789][ T1627] usb 1-1: config 0 descriptor??
[ 1122.671154][   T44] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[ 1122.692149][   T44] usb 5-1: device descriptor read/8, error -71
[ 1122.783402][ T1627] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1122.807039][ T1627] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1122.836995][ T1627] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1122.847018][ T1627] usb 1-1: media controller created
[ 1122.871439][ T1627] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1122.926658][T21687] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[ 1123.008312][ T1627] az6027: usb out operation failed. (-71)
[ 1123.025895][ T1627] az6027: usb out operation failed. (-71)
[ 1123.031659][ T1627] stb0899_attach: Driver disabled by Kconfig
[ 1123.039098][ T1627] az6027: no front-end attached
[ 1123.039098][ T1627] 
[ 1123.047361][ T1627] az6027: usb out operation failed. (-71)
[ 1123.053113][ T1627] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1123.065615][ T1627] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input181
[ 1123.107435][ T1627] dvb-usb: schedule remote query interval to 400 msecs.
[ 1123.115450][ T1627] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1123.118890][T21687] usb 3-1: Using ep0 maxpacket: 32
[ 1123.132931][ T1627] usb 1-1: USB disconnect, device number 106
[ 1123.146730][T21687] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1123.172093][T21687] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1123.197511][T21687] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1123.225858][T21687] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1123.229335][ T1627] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1123.246346][T21687] usb 3-1: config 0 descriptor??
[ 1123.274015][T21687] hub 3-1:0.0: USB hub found
[ 1123.493070][   T44] usb 5-1: new full-speed USB device number 82 using dummy_hcd
[ 1123.517011][   T44] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1123.525721][   T44] usb 5-1: not running at top speed; connect to a high speed hub
[ 1123.534560][   T44] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1123.544743][   T44] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1123.556019][   T44] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1123.565136][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.573270][   T44] usb 5-1: Product: syz
[ 1123.577446][   T44] usb 5-1: Manufacturer: syz
[ 1123.582224][   T44] usb 5-1: SerialNumber: syz
[ 1123.648305][T22669] overlayfs: cannot append lower layer
[ 1123.702705][T21687] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[ 1123.718098][T21687] usbhid 3-1:0.0: can't add hid device: -71
[ 1123.724233][T21687] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1123.750884][T21687] usb 3-1: USB disconnect, device number 18
[ 1123.793801][ T5867] usb 4-1: USB disconnect, device number 49
[ 1124.749292][   T44] usb 5-1: 0:2 : does not exist
[ 1124.754339][   T44] usb 5-1: unit 6 not found!
[ 1124.902050][   T44] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1124.915152][   T44] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1124.927542][   T44] usb 5-1: 5:0: cannot get min/max values for control 5 (id 5)
[ 1124.951793][   T44] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1124.965563][   T44] usb 5-1: 5:0: cannot get min/max values for control 5 (id 5)
[ 1124.983720][   T44] usb 5-1: USB disconnect, device number 82
[ 1125.292084][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.305787][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.315409][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.373800][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.384059][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.398542][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.480187][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.491116][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.503046][T22699] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5373'.
[ 1125.517758][ T5867] usb 4-1: new low-speed USB device number 50 using dummy_hcd
[ 1125.638596][T22711] tmpfs: Unknown parameter 'indo64'
[ 1125.652280][T22711] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5377'.
[ 1125.689483][T22711] gfs2: not a GFS2 filesystem
[ 1125.704450][ T5867] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1125.768145][ T5867] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1125.828680][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1125.974603][ T5867] usb 4-1: config 0 descriptor??
[ 1127.309972][ T5867] usb 5-1: new full-speed USB device number 83 using dummy_hcd
[ 1127.568847][ T5867] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1127.664014][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1127.892939][ T5867] usb 5-1: config 0 descriptor??
[ 1128.892180][ T5867] pegasus 5-1:0.0: probe with driver pegasus failed with error -121
[ 1129.200997][ T5867] usb 5-1: USB disconnect, device number 83
[ 1129.439760][ T9808] usb 4-1: USB disconnect, device number 50
[ 1130.260156][ T9808] usb 5-1: new low-speed USB device number 84 using dummy_hcd
[ 1130.356897][   T44] usb 4-1: new low-speed USB device number 51 using dummy_hcd
[ 1130.596438][   T44] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1130.651593][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1130.804894][   T44] usb 4-1: config 0 descriptor??
[ 1131.073716][   T44] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1131.114111][   T44] asix 4-1:0.0: probe with driver asix failed with error -32
[ 1131.219413][T22799] FAULT_INJECTION: forcing a failure.
[ 1131.219413][T22799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1131.235118][ T9808] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1131.244358][T22799] CPU: 1 UID: 0 PID: 22799 Comm: syz.0.5411 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1131.244384][T22799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1131.244397][T22799] Call Trace:
[ 1131.244404][T22799]  <TASK>
[ 1131.244413][T22799]  dump_stack_lvl+0x189/0x250
[ 1131.244440][T22799]  ? __pfx____ratelimit+0x10/0x10
[ 1131.244462][T22799]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1131.244481][T22799]  ? __pfx__printk+0x10/0x10
[ 1131.244515][T22799]  should_fail_ex+0x414/0x560
[ 1131.244549][T22799]  _copy_to_user+0x31/0xb0
[ 1131.244572][T22799]  simple_read_from_buffer+0xe1/0x170
[ 1131.244600][T22799]  proc_fail_nth_read+0x1df/0x250
[ 1131.244629][T22799]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1131.244657][T22799]  ? rw_verify_area+0x258/0x650
[ 1131.244674][T22799]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1131.244700][T22799]  vfs_read+0x1fd/0x980
[ 1131.244726][T22799]  ? __pfx___mutex_lock+0x10/0x10
[ 1131.244755][T22799]  ? __pfx_vfs_read+0x10/0x10
[ 1131.244775][T22799]  ? __fget_files+0x2a/0x420
[ 1131.244804][T22799]  ? __fget_files+0x3a0/0x420
[ 1131.244826][T22799]  ? __fget_files+0x2a/0x420
[ 1131.244859][T22799]  ksys_read+0x145/0x250
[ 1131.244881][T22799]  ? __pfx_ksys_read+0x10/0x10
[ 1131.244906][T22799]  ? do_syscall_64+0xbe/0x3b0
[ 1131.244933][T22799]  do_syscall_64+0xfa/0x3b0
[ 1131.244953][T22799]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1131.244972][T22799]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1131.244991][T22799]  ? clear_bhb_loop+0x60/0xb0
[ 1131.245015][T22799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1131.245034][T22799] RIP: 0033:0x7fac8998d33c
[ 1131.245051][T22799] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1131.245068][T22799] RSP: 002b:00007fac8a855030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1131.245088][T22799] RAX: ffffffffffffffda RBX: 00007fac89bb5fa0 RCX: 00007fac8998d33c
[ 1131.245104][T22799] RDX: 000000000000000f RSI: 00007fac8a8550a0 RDI: 0000000000000003
[ 1131.245116][T22799] RBP: 00007fac8a855090 R08: 0000000000000000 R09: 0000000000000000
[ 1131.245128][T22799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1131.245140][T22799] R13: 0000000000000000 R14: 00007fac89bb5fa0 R15: 00007fff3ea58b18
[ 1131.245169][T22799]  </TASK>
[ 1131.479704][T22804] FAT-fs (rnullb0): bogus number of reserved sectors
[ 1131.486388][T22804] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[ 1131.494068][ T9808] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1131.512060][ T9808] usb 5-1: config 0 descriptor??
[ 1131.639424][ T5867] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[ 1131.802587][ T5867] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1132.628299][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1132.657855][ T5867] usb 3-1: config 0 descriptor??
[ 1133.139859][   T30] audit: type=1800 audit(1750999595.925:58): pid=22833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5422" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[ 1133.336167][   T44] usb 4-1: USB disconnect, device number 51
[ 1133.392133][   T30] audit: type=1326 audit(1750999596.149:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22837 comm="syz.3.5424" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fcc11d8e929 code=0x0
[ 1133.478270][T21687] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[ 1133.526715][ T5867] pegasus 3-1:0.0: probe with driver pegasus failed with error -121
[ 1133.649273][T21687] usb 1-1: Using ep0 maxpacket: 32
[ 1133.656279][T21687] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f
[ 1133.665471][T21687] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1133.676800][T21687] usb 1-1: config 0 descriptor??
[ 1133.751429][ T5867] usb 3-1: USB disconnect, device number 19
[ 1133.900662][T21687] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1133.909716][T21687] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1133.922555][T21687] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1133.929984][T21687] usb 1-1: media controller created
[ 1133.951279][T21687] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1134.115848][T21687] az6027: usb out operation failed. (-71)
[ 1134.126937][T21687] az6027: usb out operation failed. (-71)
[ 1134.132774][T21687] stb0899_attach: Driver disabled by Kconfig
[ 1134.138772][T21687] az6027: no front-end attached
[ 1134.138772][T21687] 
[ 1134.146568][T21687] az6027: usb out operation failed. (-71)
[ 1134.152400][T21687] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1134.161976][T21687] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input182
[ 1134.177695][T21687] dvb-usb: schedule remote query interval to 400 msecs.
[ 1134.185628][T21687] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1134.201006][T21687] usb 1-1: USB disconnect, device number 107
[ 1134.251447][T21687] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1134.515711][ T9808] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1134.579520][ T9808] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[ 1134.691057][ T9808] asix 5-1:0.0: probe with driver asix failed with error -71
[ 1134.814691][ T9808] usb 5-1: USB disconnect, device number 84
[ 1135.424148][T22848] fuse: Unknown parameter 'permit_directio'
[ 1135.546332][T22857] netlink: 'syz.2.5433': attribute type 3 has an invalid length.
[ 1135.686920][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1135.693573][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1135.797990][   T44] usb 1-1: new low-speed USB device number 108 using dummy_hcd
[ 1135.969284][ T1627] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[ 1135.989681][   T44] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1136.025289][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1136.185305][   T44] usb 1-1: config 0 descriptor??
[ 1136.215123][ T1627] usb 3-1: Using ep0 maxpacket: 16
[ 1136.240093][ T1627] usb 3-1: config 67 has an invalid interface number: 2 but max is 1
[ 1136.304536][ T1627] usb 3-1: config 67 has an invalid interface number: 188 but max is 1
[ 1136.403808][ T1627] usb 3-1: config 67 has no interface number 0
[ 1136.472997][ T1627] usb 3-1: config 67 has no interface number 1
[ 1136.559418][ T1627] usb 3-1: config 67 interface 2 altsetting 2 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 1136.642842][   T44] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1136.691546][ T1627] usb 3-1: config 67 interface 2 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[ 1136.744706][   T44] asix 1-1:0.0: probe with driver asix failed with error -32
[ 1136.786294][ T1627] usb 3-1: config 67 interface 2 has no altsetting 0
[ 1136.847206][ T1627] usb 3-1: config 67 interface 188 has no altsetting 0
[ 1136.918356][ T1627] usb 3-1: New USB device found, idVendor=05c6, idProduct=900b, bcdDevice=49.f0
[ 1136.934660][T22871] FAULT_INJECTION: forcing a failure.
[ 1136.934660][T22871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1136.935419][ T1627] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1136.956928][T22871] CPU: 0 UID: 0 PID: 22871 Comm: syz.3.5438 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1136.956957][T22871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1136.956971][T22871] Call Trace:
[ 1136.956978][T22871]  <TASK>
[ 1136.956987][T22871]  dump_stack_lvl+0x189/0x250
[ 1136.957014][T22871]  ? __pfx____ratelimit+0x10/0x10
[ 1136.957035][T22871]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1136.957055][T22871]  ? __pfx__printk+0x10/0x10
[ 1136.957077][T22871]  ? __might_fault+0xb0/0x130
[ 1136.957112][T22871]  should_fail_ex+0x414/0x560
[ 1136.957146][T22871]  _copy_from_user+0x2d/0xb0
[ 1136.957164][T22871]  input_event_from_user+0xb2/0x280
[ 1136.957184][T22871]  ? __pfx_input_event_from_user+0x10/0x10
[ 1136.957207][T22871]  ? input_inject_event+0xbc/0x320
[ 1136.957237][T22871]  evdev_write+0x2a6/0x480
[ 1136.957264][T22871]  ? __pfx_evdev_write+0x10/0x10
[ 1136.957288][T22871]  ? bpf_lsm_file_permission+0x9/0x20
[ 1136.957315][T22871]  ? security_file_permission+0x75/0x290
[ 1136.957346][T22871]  ? rw_verify_area+0x258/0x650
[ 1136.957367][T22871]  ? __pfx_evdev_write+0x10/0x10
[ 1136.957391][T22871]  vfs_write+0x27b/0xa90
[ 1136.957421][T22871]  ? __pfx_vfs_write+0x10/0x10
[ 1136.957444][T22871]  ? __fget_files+0x2a/0x420
[ 1136.957473][T22871]  ? __fget_files+0x2a/0x420
[ 1136.957495][T22871]  ? __fget_files+0x3a0/0x420
[ 1136.957519][T22871]  ? __fget_files+0x2a/0x420
[ 1136.957563][T22871]  ksys_write+0x145/0x250
[ 1136.957587][T22871]  ? __pfx_ksys_write+0x10/0x10
[ 1136.957605][T22871]  ? rcu_is_watching+0x15/0xb0
[ 1136.957631][T22871]  ? do_syscall_64+0xbe/0x3b0
[ 1136.957659][T22871]  do_syscall_64+0xfa/0x3b0
[ 1136.957679][T22871]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1136.957700][T22871]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1136.957719][T22871]  ? clear_bhb_loop+0x60/0xb0
[ 1136.957743][T22871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1136.957763][T22871] RIP: 0033:0x7fcc11d8e929
[ 1136.957780][T22871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1136.957798][T22871] RSP: 002b:00007fcc12b6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1136.957819][T22871] RAX: ffffffffffffffda RBX: 00007fcc11fb5fa0 RCX: 00007fcc11d8e929
[ 1136.957835][T22871] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000004
[ 1136.957849][T22871] RBP: 00007fcc12b6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1136.957862][T22871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1136.957874][T22871] R13: 0000000000000000 R14: 00007fcc11fb5fa0 R15: 00007fffd6c8a148
[ 1136.957906][T22871]  </TASK>
[ 1136.965799][ T1627] usb 3-1: Product: ј
[ 1137.226882][ T1627] usb 3-1: Manufacturer: ј
[ 1137.241589][ T1627] usb 3-1: SerialNumber: ш
[ 1137.311641][T22882] __nla_validate_parse: 1 callbacks suppressed
[ 1137.311653][T22882] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5442'.
[ 1137.558314][   T44] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[ 1137.828795][   T44] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1137.860969][   T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1137.927025][   T44] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1137.984428][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.019838][   T44] usb 5-1: Product: syz
[ 1138.036989][   T44] usb 5-1: Manufacturer: syz
[ 1138.055088][   T44] usb 5-1: SerialNumber: syz
[ 1138.127877][ T1627] usb 3-1: USB disconnect, device number 20
[ 1138.804966][T21687] usb 1-1: USB disconnect, device number 108
[ 1138.907347][T22904] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5450'.
[ 1139.188326][T22913] netlink: 'syz.2.5453': attribute type 10 has an invalid length.
[ 1139.196453][T22913] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5453'.
[ 1139.338614][T22920] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5456'.
[ 1139.348287][   T44] cdc_mbim 5-1:1.0: bind() failure
[ 1139.357308][T22921] exFAT-fs (rnullb0): invalid boot record signature
[ 1139.376407][T22921] exFAT-fs (rnullb0): failed to read boot sector
[ 1139.378272][   T44] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1139.398074][   T44] cdc_ncm 5-1:1.1: bind() failure
[ 1139.400967][T22921] exFAT-fs (rnullb0): failed to recognize exfat type
[ 1139.565172][T22929] 9pnet_fd: Insufficient options for proto=fd
[ 1139.656343][T22932] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1139.797089][T21687] usb 4-1: new low-speed USB device number 53 using dummy_hcd
[ 1139.983659][T21687] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1139.993535][T21687] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1140.022281][T22946] input: syz0 as /devices/virtual/input/input183
[ 1140.045285][T21687] usb 4-1: config 0 descriptor??
[ 1140.243348][ T5867] usb 5-1: USB disconnect, device number 85
[ 1140.381978][T21687] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1140.393037][T21687] asix 4-1:0.0: probe with driver asix failed with error -32
[ 1140.399512][T22953] 9pnet_fd: Insufficient options for proto=fd
[ 1140.484109][T22957] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1141.224242][T22977] 9pnet_fd: Insufficient options for proto=fd
[ 1141.711508][T22983] netlink: 'syz.0.5480': attribute type 27 has an invalid length.
[ 1141.798989][T22983] CUSE: info not properly terminated
[ 1141.945373][ T5867] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[ 1141.962082][T22995] /dev/sg0: Can't lookup blockdev
[ 1142.027426][T22997] netlink: 416 bytes leftover after parsing attributes in process `syz.0.5486'.
[ 1142.030552][   T44] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[ 1142.094658][ T5867] usb 5-1: device descriptor read/64, error -71
[ 1142.212372][   T44] usb 3-1: Using ep0 maxpacket: 32
[ 1142.362190][ T5867] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[ 1142.533653][ T5867] usb 5-1: device descriptor read/64, error -71
[ 1142.662446][ T5867] usb usb5-port1: attempt power cycle
[ 1143.079814][ T5867] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[ 1143.099404][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1143.110497][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1143.110937][ T9808] usb 4-1: USB disconnect, device number 53
[ 1143.120275][   T44] usb 3-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00
[ 1143.135427][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1143.163127][ T5867] usb 5-1: device descriptor read/8, error -71
[ 1143.173180][   T44] usb 3-1: config 0 descriptor??
[ 1143.298007][T23015] binder: 23014:23015 ioctl 4018620d 0 returned -22
[ 1143.393579][T23015] kvm: pic: single mode not supported
[ 1143.393602][T23015] kvm: pic: level sensitive irq not supported
[ 1143.409326][T23015] kvm: pic: level sensitive irq not supported
[ 1143.436160][ T5867] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[ 1143.463970][ T5867] usb 5-1: device descriptor read/8, error -71
[ 1143.584269][ T5867] usb usb5-port1: unable to enumerate USB device
[ 1143.628835][   T44] smartjoyplus 0003:0925:8866.0017: item fetching failed at offset 4/5
[ 1143.639321][   T44] smartjoyplus 0003:0925:8866.0017: parse failed
[ 1143.651830][   T44] smartjoyplus 0003:0925:8866.0017: probe with driver smartjoyplus failed with error -22
[ 1144.920900][ T1627] usb 3-1: USB disconnect, device number 21
[ 1145.013515][   T44] usb 4-1: new low-speed USB device number 54 using dummy_hcd
[ 1145.187717][   T44] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1145.212851][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1145.255729][   T44] usb 4-1: config 0 descriptor??
[ 1145.637105][   T44] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1145.732187][   T44] asix 4-1:0.0: probe with driver asix failed with error -32
[ 1145.767796][T23059] binder: 23058:23059 ioctl 4018620d 0 returned -22
[ 1146.821919][ T1627] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[ 1147.001742][ T5867] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[ 1147.001777][ T1627] usb 5-1: Using ep0 maxpacket: 32
[ 1147.029543][ T1627] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f
[ 1147.044624][ T1627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1147.067316][ T1627] usb 5-1: config 0 descriptor??
[ 1147.183458][ T5867] usb 1-1: Using ep0 maxpacket: 8
[ 1147.206743][ T5867] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1147.220438][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1147.240361][ T5867] usb 1-1: config 0 descriptor??
[ 1147.298763][ T1627] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1147.312822][ T1627] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1147.349947][ T1627] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1147.357887][ T1627] usb 5-1: media controller created
[ 1147.411086][ T1627] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1147.616029][ T1627] az6027: usb out operation failed. (-71)
[ 1147.658566][ T1627] az6027: usb out operation failed. (-71)
[ 1147.704487][ T1627] stb0899_attach: Driver disabled by Kconfig
[ 1147.747385][ T1627] az6027: no front-end attached
[ 1147.747385][ T1627] 
[ 1147.785609][ T1627] az6027: usb out operation failed. (-71)
[ 1147.801114][ T1627] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1147.863115][ T1627] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input184
[ 1147.933189][ T1627] dvb-usb: schedule remote query interval to 400 msecs.
[ 1147.972796][ T1627] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1148.095682][ T1627] usb 5-1: USB disconnect, device number 90
[ 1148.349030][T21687] usb 4-1: USB disconnect, device number 54
[ 1148.460634][T23092] binder: 23091:23092 ioctl 4018620d 0 returned -22
[ 1148.495778][ T1627] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1148.513671][T23092] kvm: pic: single mode not supported
[ 1148.513693][T23092] kvm: pic: level sensitive irq not supported
[ 1148.522026][T23092] kvm: pic: single mode not supported
[ 1148.534770][T23092] kvm: pic: level sensitive irq not supported
[ 1148.542154][T23092] kvm: pic: level sensitive irq not supported
[ 1148.551354][T23092] kvm: pic: single mode not supported
[ 1148.558007][T23092] kvm: pic: level sensitive irq not supported
[ 1148.567076][T23092] kvm: pic: single mode not supported
[ 1148.573442][T23092] kvm: pic: level sensitive irq not supported
[ 1149.813456][ T1627] usb 3-1: new low-speed USB device number 22 using dummy_hcd
[ 1150.030769][ T1627] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1150.048727][ T1627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.078361][T23120] FAULT_INJECTION: forcing a failure.
[ 1150.078361][T23120] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1150.092383][T23120] CPU: 0 UID: 0 PID: 23120 Comm: syz.4.5530 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1150.092410][T23120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1150.092422][T23120] Call Trace:
[ 1150.092432][T23120]  <TASK>
[ 1150.092441][T23120]  dump_stack_lvl+0x189/0x250
[ 1150.092467][T23120]  ? __pfx____ratelimit+0x10/0x10
[ 1150.092488][T23120]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1150.092509][T23120]  ? __pfx__printk+0x10/0x10
[ 1150.092530][T23120]  ? __might_fault+0xb0/0x130
[ 1150.092558][T23120]  should_fail_ex+0x414/0x560
[ 1150.092592][T23120]  _copy_from_user+0x2d/0xb0
[ 1150.092612][T23120]  input_event_from_user+0xb2/0x280
[ 1150.092637][T23120]  ? __pfx_input_event_from_user+0x10/0x10
[ 1150.092666][T23120]  ? input_inject_event+0xbc/0x320
[ 1150.092685][ T1627] usb 3-1: config 0 descriptor??
[ 1150.092697][T23120]  evdev_write+0x2a6/0x480
[ 1150.092723][T23120]  ? __pfx_evdev_write+0x10/0x10
[ 1150.092742][T23120]  ? bpf_lsm_file_permission+0x9/0x20
[ 1150.092768][T23120]  ? security_file_permission+0x75/0x290
[ 1150.092799][T23120]  ? rw_verify_area+0x258/0x650
[ 1150.092819][T23120]  ? __pfx_evdev_write+0x10/0x10
[ 1150.092842][T23120]  vfs_write+0x27b/0xa90
[ 1150.092870][T23120]  ? __pfx_vfs_write+0x10/0x10
[ 1150.092892][T23120]  ? __fget_files+0x2a/0x420
[ 1150.092918][T23120]  ? __fget_files+0x2a/0x420
[ 1150.092940][T23120]  ? __fget_files+0x3a0/0x420
[ 1150.092962][T23120]  ? __fget_files+0x2a/0x420
[ 1150.092994][T23120]  ksys_write+0x145/0x250
[ 1150.093017][T23120]  ? __pfx_ksys_write+0x10/0x10
[ 1150.093035][T23120]  ? rcu_is_watching+0x15/0xb0
[ 1150.093059][T23120]  ? do_syscall_64+0xbe/0x3b0
[ 1150.093084][T23120]  do_syscall_64+0xfa/0x3b0
[ 1150.093104][T23120]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1150.093124][T23120]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.093151][T23120]  ? clear_bhb_loop+0x60/0xb0
[ 1150.093174][T23120]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1150.093192][T23120] RIP: 0033:0x7f345618e929
[ 1150.093209][T23120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1150.093227][T23120] RSP: 002b:00007f3456f26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1150.093247][T23120] RAX: ffffffffffffffda RBX: 00007f34563b5fa0 RCX: 00007f345618e929
[ 1150.093262][T23120] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000004
[ 1150.093275][T23120] RBP: 00007f3456f26090 R08: 0000000000000000 R09: 0000000000000000
[ 1150.093287][T23120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1150.093299][T23120] R13: 0000000000000000 R14: 00007f34563b5fa0 R15: 00007ffed03b7748
[ 1150.093329][T23120]  </TASK>
[ 1150.207242][ T5867] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1150.365802][ T5867] asix 1-1:0.0: probe with driver asix failed with error -71
[ 1150.376990][ T5867] usb 1-1: USB disconnect, device number 109
[ 1150.443596][ T1627] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1150.464751][ T1627] asix 3-1:0.0: probe with driver asix failed with error -32
[ 1150.487873][T23123] 9pnet_fd: Insufficient options for proto=fd
[ 1150.515240][T23125] netlink: 'syz.3.5532': attribute type 3 has an invalid length.
[ 1150.587868][T23127] Mount JFS Failure: -22
[ 1150.717849][T23135] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5537'.
[ 1150.926658][ T1627] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 1151.096985][ T1627] usb 4-1: Using ep0 maxpacket: 16
[ 1151.115382][ T1627] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1151.136595][ T1627] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1151.149015][ T1627] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[ 1151.159707][ T1627] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1151.167921][ T1627] usb 4-1: Product: syz
[ 1151.172554][ T1627] usb 4-1: Manufacturer: syz
[ 1151.177282][ T1627] usb 4-1: SerialNumber: syz
[ 1151.183296][T23146] 9pnet_fd: Insufficient options for proto=fd
[ 1151.185790][ T1627] usb 4-1: config 0 descriptor??
[ 1151.284301][T23149] netlink: 'syz.0.5542': attribute type 10 has an invalid length.
[ 1151.293142][T23149] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5542'.
[ 1151.311077][T23149] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[ 1151.412135][T23151] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[ 1151.426846][T23151] VFS: Can't find a romfs filesystem on dev rnullb0.
[ 1151.426846][T23151] 
[ 1151.437122][T23132] /dev/rnullb0: Can't open blockdev
[ 1151.449949][ T1627] usb 4-1: USB disconnect, device number 55
[ 1151.704961][T23156] binder: 23155:23156 ioctl 4018620d 0 returned -22
[ 1151.761317][T23156] kvm: pic: single mode not supported
[ 1151.762362][T23156] kvm: pic: single mode not supported
[ 1151.767771][T23156] kvm: pic: level sensitive irq not supported
[ 1152.194798][T23170] 9pnet_fd: Insufficient options for proto=fd
[ 1152.391709][T23175] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[ 1152.481021][T23180] binder: 23179:23180 ioctl 4018620d 0 returned -22
[ 1152.640465][T23186] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5556'.
[ 1152.848307][ T1627] usb 3-1: USB disconnect, device number 22
[ 1153.421771][T23204] program syz.0.5562 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1153.493209][T23206] FAULT_INJECTION: forcing a failure.
[ 1153.493209][T23206] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1153.540251][T23206] CPU: 0 UID: 0 PID: 23206 Comm: syz.2.5563 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1153.540280][T23206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1153.540294][T23206] Call Trace:
[ 1153.540302][T23206]  <TASK>
[ 1153.540310][T23206]  dump_stack_lvl+0x189/0x250
[ 1153.540338][T23206]  ? __pfx____ratelimit+0x10/0x10
[ 1153.540360][T23206]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1153.540381][T23206]  ? __pfx__printk+0x10/0x10
[ 1153.540403][T23206]  ? __might_fault+0xb0/0x130
[ 1153.540432][T23206]  should_fail_ex+0x414/0x560
[ 1153.540467][T23206]  _copy_from_iter+0x1db/0x16f0
[ 1153.540508][T23206]  ? __pfx__copy_from_iter+0x10/0x10
[ 1153.540532][T23206]  ? sock_alloc_send_pskb+0x875/0x990
[ 1153.540568][T23206]  ? __pfx__copy_from_iter+0x10/0x10
[ 1153.540597][T23206]  ? page_copy_sane+0x16a/0x280
[ 1153.540625][T23206]  copy_page_from_iter+0xdd/0x170
[ 1153.540657][T23206]  skb_copy_datagram_from_iter+0x306/0x720
[ 1153.540698][T23206]  tun_get_user+0x15c3/0x3ce0
[ 1153.540736][T23206]  ? aa_file_perm+0x13e/0x11b0
[ 1153.540762][T23206]  ? aa_file_perm+0x13e/0x11b0
[ 1153.540786][T23206]  ? aa_file_perm+0x3ed/0x11b0
[ 1153.540813][T23206]  ? __pfx_tun_get_user+0x10/0x10
[ 1153.540848][T23206]  ? __lock_acquire+0xab9/0xd20
[ 1153.540883][T23206]  ? ref_tracker_alloc+0x318/0x460
[ 1153.540901][T23206]  ? __lock_acquire+0xab9/0xd20
[ 1153.540929][T23206]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1153.540956][T23206]  ? tun_get+0x1c/0x2f0
[ 1153.540988][T23206]  ? tun_get+0x1c/0x2f0
[ 1153.541014][T23206]  ? tun_get+0x1c/0x2f0
[ 1153.541045][T23206]  tun_chr_write_iter+0x113/0x200
[ 1153.541076][T23206]  vfs_write+0x548/0xa90
[ 1153.541103][T23206]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1153.541131][T23206]  ? __pfx_vfs_write+0x10/0x10
[ 1153.541162][T23206]  ? __fget_files+0x2a/0x420
[ 1153.541195][T23206]  ksys_write+0x145/0x250
[ 1153.541225][T23206]  ? __pfx_ksys_write+0x10/0x10
[ 1153.541243][T23206]  ? rcu_is_watching+0x15/0xb0
[ 1153.541269][T23206]  ? do_syscall_64+0xbe/0x3b0
[ 1153.541295][T23206]  do_syscall_64+0xfa/0x3b0
[ 1153.541316][T23206]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1153.541337][T23206]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1153.541357][T23206]  ? clear_bhb_loop+0x60/0xb0
[ 1153.541381][T23206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1153.541400][T23206] RIP: 0033:0x7f809798e929
[ 1153.541418][T23206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1153.541436][T23206] RSP: 002b:00007f809887c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1153.541458][T23206] RAX: ffffffffffffffda RBX: 00007f8097bb5fa0 RCX: 00007f809798e929
[ 1153.541473][T23206] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003
[ 1153.541487][T23206] RBP: 00007f809887c090 R08: 0000000000000000 R09: 0000000000000000
[ 1153.541500][T23206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1153.541512][T23206] R13: 0000000000000000 R14: 00007f8097bb5fa0 R15: 00007ffc072b51b8
[ 1153.541542][T23206]  </TASK>
[ 1153.837240][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1153.995150][T23210] binder: 23209:23210 ioctl 4018620d 0 returned -22
[ 1154.504168][T23229] netlink: 'syz.0.5572': attribute type 27 has an invalid length.
[ 1154.522280][   T44] usb 5-1: new low-speed USB device number 91 using dummy_hcd
[ 1154.529203][T23229] FAULT_INJECTION: forcing a failure.
[ 1154.529203][T23229] name failslab, interval 1, probability 0, space 0, times 0
[ 1154.564461][T23229] CPU: 0 UID: 0 PID: 23229 Comm: syz.0.5572 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1154.564490][T23229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1154.564503][T23229] Call Trace:
[ 1154.564511][T23229]  <TASK>
[ 1154.564520][T23229]  dump_stack_lvl+0x189/0x250
[ 1154.564548][T23229]  ? __pfx____ratelimit+0x10/0x10
[ 1154.564571][T23229]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1154.564593][T23229]  ? __pfx__printk+0x10/0x10
[ 1154.564621][T23229]  ? __pfx___might_resched+0x10/0x10
[ 1154.564640][T23229]  ? fs_reclaim_acquire+0x7d/0x100
[ 1154.564667][T23229]  should_fail_ex+0x414/0x560
[ 1154.564701][T23229]  should_failslab+0xa8/0x100
[ 1154.564723][T23229]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1154.564741][T23229]  ? nf_tables_newtable+0x435/0x1890
[ 1154.564765][T23229]  ? nla_strcmp+0x106/0x140
[ 1154.564790][T23229]  nf_tables_newtable+0x435/0x1890
[ 1154.564837][T23229]  nfnetlink_rcv+0x112f/0x2520
[ 1154.564900][T23229]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1154.564945][T23229]  ? __lock_acquire+0xab9/0xd20
[ 1154.565018][T23229]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1154.565039][T23229]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1154.565066][T23229]  netlink_unicast+0x758/0x8d0
[ 1154.565097][T23229]  netlink_sendmsg+0x805/0xb30
[ 1154.565129][T23229]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1154.565162][T23229]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1154.565187][T23229]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1154.565212][T23229]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1154.565236][T23229]  __sock_sendmsg+0x219/0x270
[ 1154.565260][T23229]  ____sys_sendmsg+0x505/0x830
[ 1154.565293][T23229]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1154.565329][T23229]  ? import_iovec+0x74/0xa0
[ 1154.565353][T23229]  ___sys_sendmsg+0x21f/0x2a0
[ 1154.565382][T23229]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1154.565447][T23229]  ? __fget_files+0x2a/0x420
[ 1154.565471][T23229]  ? __fget_files+0x3a0/0x420
[ 1154.565506][T23229]  __x64_sys_sendmsg+0x19b/0x260
[ 1154.565536][T23229]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1154.565573][T23229]  ? __pfx_ksys_write+0x10/0x10
[ 1154.565592][T23229]  ? rcu_is_watching+0x15/0xb0
[ 1154.565617][T23229]  ? do_syscall_64+0xbe/0x3b0
[ 1154.565644][T23229]  do_syscall_64+0xfa/0x3b0
[ 1154.565664][T23229]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1154.565685][T23229]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.565705][T23229]  ? clear_bhb_loop+0x60/0xb0
[ 1154.565729][T23229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.565748][T23229] RIP: 0033:0x7fac8998e929
[ 1154.565766][T23229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1154.565783][T23229] RSP: 002b:00007fac8a855038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1154.565805][T23229] RAX: ffffffffffffffda RBX: 00007fac89bb5fa0 RCX: 00007fac8998e929
[ 1154.565820][T23229] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000004
[ 1154.565833][T23229] RBP: 00007fac8a855090 R08: 0000000000000000 R09: 0000000000000000
[ 1154.565845][T23229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1154.565857][T23229] R13: 0000000000000000 R14: 00007fac89bb5fa0 R15: 00007fff3ea58b18
[ 1154.565888][T23229]  </TASK>
[ 1154.580525][T23232] binder: 23230:23232 ioctl 4018620d 0 returned -22
[ 1154.681700][T23229] CUSE: info not properly terminated
[ 1154.765102][   T44] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1154.907343][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1154.934509][   T44] usb 5-1: config 0 descriptor??
[ 1155.175059][   T44] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1155.192133][   T44] asix 5-1:0.0: probe with driver asix failed with error -32
[ 1155.378718][T23250] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5578'.
[ 1155.647169][T23255] binder: 23254:23255 ioctl 4018620d 0 returned -22
[ 1155.714657][   T44] usb 1-1: new full-speed USB device number 110 using dummy_hcd
[ 1155.738133][T23255] kvm: pic: single mode not supported
[ 1155.740576][T23255] kvm: pic: single mode not supported
[ 1155.746026][T23255] kvm: pic: level sensitive irq not supported
[ 1155.878408][   T44] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1155.915445][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1155.940235][   T44] usb 1-1: config 0 descriptor??
[ 1157.029448][ T5867] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[ 1157.032427][   T44] pegasus 1-1:0.0: probe with driver pegasus failed with error -71
[ 1157.052234][   T44] usb 1-1: USB disconnect, device number 110
[ 1157.202414][ T5867] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1157.214068][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1157.225413][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1157.235198][ T5867] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1157.248201][ T5867] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1157.257415][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1157.267688][ T5867] usb 3-1: config 0 descriptor??
[ 1157.506791][   T44] usb 5-1: USB disconnect, device number 91
[ 1157.538040][T23286] binder: 23285:23286 ioctl 4018620d 0 returned -22
[ 1157.718952][ T5867] usbhid 3-1:0.0: can't add hid device: -71
[ 1157.742851][ T5867] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1157.769257][ T5867] usb 3-1: USB disconnect, device number 23
[ 1158.174726][T23298] binder: 23297:23298 ioctl 4018620d 0 returned -22
[ 1158.348046][T23298] kvm: pic: single mode not supported
[ 1158.348068][T23298] kvm: pic: level sensitive irq not supported
[ 1158.385279][T23298] kvm: pic: single mode not supported
[ 1158.435519][T23298] kvm: pic: level sensitive irq not supported
[ 1158.462480][T23298] kvm: pic: level sensitive irq not supported
[ 1158.500958][T23298] kvm: pic: single mode not supported
[ 1158.507711][T23298] kvm: pic: level sensitive irq not supported
[ 1158.514335][T23298] kvm: pic: single mode not supported
[ 1158.520867][T23298] kvm: pic: level sensitive irq not supported
[ 1158.753276][T23309] syzkaller1: entered promiscuous mode
[ 1158.782776][T23309] syzkaller1: entered allmulticast mode
[ 1159.060685][ T5867] usb 3-1: new low-speed USB device number 24 using dummy_hcd
[ 1159.060778][   T44] usb 1-1: new full-speed USB device number 111 using dummy_hcd
[ 1159.177243][T23329] hfs: can't find a HFS filesystem on dev rnullb0
[ 1159.235774][ T5867] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1159.248235][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.265953][   T44] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1159.285513][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.285995][ T5867] usb 3-1: config 0 descriptor??
[ 1159.308777][   T44] usb 1-1: config 0 descriptor??
[ 1159.339734][T23333] binder: 23332:23333 ioctl 4018620d 0 returned -22
[ 1159.759475][ T5867] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1159.769751][ T5867] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[ 1159.785157][ T5867] asix 3-1:0.0: probe with driver asix failed with error -32
[ 1159.798695][T20034] Bluetooth: hci3: command 0x0406 tx timeout
[ 1160.155653][T23342] kvm: pic: single mode not supported
[ 1160.155677][T23342] kvm: pic: level sensitive irq not supported
[ 1160.164873][T23342] kvm: pic: single mode not supported
[ 1160.175738][T23342] kvm: pic: level sensitive irq not supported
[ 1160.181257][T23342] kvm: pic: level sensitive irq not supported
[ 1160.194257][T23342] kvm: pic: single mode not supported
[ 1160.200375][T23342] kvm: pic: level sensitive irq not supported
[ 1160.207170][T23342] kvm: pic: single mode not supported
[ 1160.213260][T23342] kvm: pic: level sensitive irq not supported
[ 1160.238664][T23346] syzkaller1: entered promiscuous mode
[ 1160.250343][T23346] syzkaller1: entered allmulticast mode
[ 1160.407248][   T44] pegasus 1-1:0.0: probe with driver pegasus failed with error -71
[ 1160.442420][   T44] usb 1-1: USB disconnect, device number 111
[ 1160.551807][T23357] batadv0: entered allmulticast mode
[ 1160.801833][T23367] binder: 23366:23367 ioctl 4018620d 0 returned -22
[ 1161.174680][T23373] netlink: 'syz.0.5617': attribute type 10 has an invalid length.
[ 1161.194917][T23373] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 1161.894559][T23384] syzkaller1: entered promiscuous mode
[ 1161.904058][T23384] syzkaller1: entered allmulticast mode
[ 1161.917983][T23388] batadv0: entered allmulticast mode
[ 1162.055642][ T5867] usb 3-1: USB disconnect, device number 24
[ 1162.144747][T23398] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5626'.
[ 1162.266677][T23404] netlink: 'syz.0.5629': attribute type 10 has an invalid length.
[ 1162.278800][T23404] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5629'.
[ 1162.288003][T23404] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[ 1162.374746][ T1627] usb 5-1: new full-speed USB device number 93 using dummy_hcd
[ 1162.497268][T23415] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5633'.
[ 1162.551222][ T1627] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1162.573019][ T1627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1162.588607][ T5867] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1162.597369][ T1627] usb 5-1: config 0 descriptor??
[ 1162.759705][ T5867] usb 3-1: Using ep0 maxpacket: 8
[ 1162.776146][ T5867] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1162.790484][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1162.802881][ T5867] usb 3-1: config 0 descriptor??
[ 1162.961814][   T44] usb 4-1: new low-speed USB device number 56 using dummy_hcd
[ 1163.870079][ T1627] pegasus 5-1:0.0: probe with driver pegasus failed with error -71
[ 1163.881711][ T1627] usb 5-1: USB disconnect, device number 93
[ 1163.905593][   T44] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1163.914728][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1163.927165][   T44] usb 4-1: config 0 descriptor??
[ 1164.368613][   T44] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1164.378678][   T44] asix 4-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[ 1164.389636][   T44] asix 4-1:0.0: probe with driver asix failed with error -32
[ 1164.618164][ T5867] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1164.652964][ T5867] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[ 1164.677091][ T5867] asix 3-1:0.0: probe with driver asix failed with error -71
[ 1164.723960][ T5867] usb 3-1: USB disconnect, device number 25
[ 1165.035168][T23453] input: syz0 as /devices/virtual/input/input185
[ 1165.214374][T23459] vxfs: WRONG superblock magic 00000000 at 1
[ 1165.222190][T23459] vxfs: WRONG superblock magic 00000000 at 8
[ 1165.228219][T23459] vxfs: can't find superblock.
[ 1165.265591][T20034] Bluetooth: hci4: command 0x0406 tx timeout
[ 1165.454490][T23471] netlink: 'syz.2.5652': attribute type 27 has an invalid length.
[ 1165.509742][ T5867] usb 1-1: new full-speed USB device number 112 using dummy_hcd
[ 1165.562321][T23471] CUSE: info not properly terminated
[ 1165.597258][T23476] FAULT_INJECTION: forcing a failure.
[ 1165.597258][T23476] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1165.620343][T23476] CPU: 0 UID: 0 PID: 23476 Comm: syz.4.5654 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1165.620372][T23476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1165.620385][T23476] Call Trace:
[ 1165.620393][T23476]  <TASK>
[ 1165.620402][T23476]  dump_stack_lvl+0x189/0x250
[ 1165.620429][T23476]  ? __pfx____ratelimit+0x10/0x10
[ 1165.620451][T23476]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1165.620473][T23476]  ? __pfx__printk+0x10/0x10
[ 1165.620494][T23476]  ? __might_fault+0xb0/0x130
[ 1165.620525][T23476]  should_fail_ex+0x414/0x560
[ 1165.620561][T23476]  _copy_from_iter+0x1db/0x16f0
[ 1165.620601][T23476]  ? __pfx__copy_from_iter+0x10/0x10
[ 1165.620626][T23476]  ? sock_alloc_send_pskb+0x875/0x990
[ 1165.620662][T23476]  ? __pfx__copy_from_iter+0x10/0x10
[ 1165.620692][T23476]  ? page_copy_sane+0x16a/0x280
[ 1165.620718][T23476]  copy_page_from_iter+0xdd/0x170
[ 1165.620749][T23476]  skb_copy_datagram_from_iter+0x306/0x720
[ 1165.620791][T23476]  tun_get_user+0x15c3/0x3ce0
[ 1165.620827][T23476]  ? aa_file_perm+0x13e/0x11b0
[ 1165.620853][T23476]  ? aa_file_perm+0x13e/0x11b0
[ 1165.620876][T23476]  ? aa_file_perm+0x3ed/0x11b0
[ 1165.620902][T23476]  ? __pfx_tun_get_user+0x10/0x10
[ 1165.620935][T23476]  ? __lock_acquire+0xab9/0xd20
[ 1165.620968][T23476]  ? ref_tracker_alloc+0x318/0x460
[ 1165.620986][T23476]  ? __lock_acquire+0xab9/0xd20
[ 1165.621013][T23476]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1165.621039][T23476]  ? tun_get+0x1c/0x2f0
[ 1165.621069][T23476]  ? tun_get+0x1c/0x2f0
[ 1165.621093][T23476]  ? tun_get+0x1c/0x2f0
[ 1165.621123][T23476]  tun_chr_write_iter+0x113/0x200
[ 1165.621153][T23476]  vfs_write+0x548/0xa90
[ 1165.621178][T23476]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1165.621206][T23476]  ? __pfx_vfs_write+0x10/0x10
[ 1165.621237][T23476]  ? __fget_files+0x2a/0x420
[ 1165.621269][T23476]  ksys_write+0x145/0x250
[ 1165.621292][T23476]  ? __pfx_ksys_write+0x10/0x10
[ 1165.621319][T23476]  ? do_syscall_64+0xbe/0x3b0
[ 1165.621351][T23476]  do_syscall_64+0xfa/0x3b0
[ 1165.621372][T23476]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1165.621392][T23476]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.621412][T23476]  ? clear_bhb_loop+0x60/0xb0
[ 1165.621436][T23476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1165.621455][T23476] RIP: 0033:0x7f345618e929
[ 1165.621473][T23476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1165.621491][T23476] RSP: 002b:00007f3456f26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1165.621511][T23476] RAX: ffffffffffffffda RBX: 00007f34563b5fa0 RCX: 00007f345618e929
[ 1165.621526][T23476] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003
[ 1165.621539][T23476] RBP: 00007f3456f26090 R08: 0000000000000000 R09: 0000000000000000
[ 1165.621551][T23476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1165.621563][T23476] R13: 0000000000000000 R14: 00007f34563b5fa0 R15: 00007ffed03b7748
[ 1165.621593][T23476]  </TASK>
[ 1165.913052][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1165.939283][ T5867] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1165.948540][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1165.960787][ T5867] usb 1-1: config 0 descriptor??
[ 1165.999218][T21687] usb 4-1: USB disconnect, device number 56
[ 1166.141656][T23487] netlink: 'syz.4.5658': attribute type 27 has an invalid length.
[ 1166.157018][T23487] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5658'.
[ 1166.273762][T23495] CUSE: info not properly terminated
[ 1166.649505][T23508] kvm: pic: single mode not supported
[ 1166.649529][T23508] kvm: pic: level sensitive irq not supported
[ 1166.886222][T21687] usb 3-1: new low-speed USB device number 26 using dummy_hcd
[ 1167.010234][T23519] netlink: 'syz.3.5669': attribute type 27 has an invalid length.
[ 1167.047521][ T5867] pegasus 1-1:0.0: probe with driver pegasus failed with error -71
[ 1167.055939][T23519] FAULT_INJECTION: forcing a failure.
[ 1167.055939][T23519] name failslab, interval 1, probability 0, space 0, times 0
[ 1167.074345][ T5867] usb 1-1: USB disconnect, device number 112
[ 1167.089497][T23519] CPU: 1 UID: 0 PID: 23519 Comm: syz.3.5669 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1167.089523][T23519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1167.089535][T23519] Call Trace:
[ 1167.089543][T23519]  <TASK>
[ 1167.089552][T23519]  dump_stack_lvl+0x189/0x250
[ 1167.089579][T23519]  ? __pfx____ratelimit+0x10/0x10
[ 1167.089601][T23519]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1167.089623][T23519]  ? __pfx__printk+0x10/0x10
[ 1167.089651][T23519]  ? __pfx___might_resched+0x10/0x10
[ 1167.089674][T23519]  should_fail_ex+0x414/0x560
[ 1167.089710][T23519]  should_failslab+0xa8/0x100
[ 1167.089732][T23519]  __kmalloc_noprof+0xcb/0x4f0
[ 1167.089748][T23519]  ? __kasan_kmalloc+0x93/0xb0
[ 1167.089764][T23519]  ? nla_strdup+0x9d/0x140
[ 1167.089790][T23519]  nla_strdup+0x9d/0x140
[ 1167.089815][T23519]  nf_tables_newtable+0x491/0x1890
[ 1167.089840][T23519]  ? nfnetlink_subsys_unregister+0x172/0x1b0
[ 1167.089887][T23519]  nfnetlink_rcv+0x112f/0x2520
[ 1167.089949][T23519]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1167.090040][T23519]  ? __lock_acquire+0xab9/0xd20
[ 1167.090115][T23519]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1167.090137][T23519]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1167.090165][T23519]  netlink_unicast+0x758/0x8d0
[ 1167.090197][T23519]  netlink_sendmsg+0x805/0xb30
[ 1167.090230][T23519]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1167.090254][T23519]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1167.090278][T23519]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1167.090300][T23519]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1167.090324][T23519]  __sock_sendmsg+0x219/0x270
[ 1167.090344][T23519]  ____sys_sendmsg+0x505/0x830
[ 1167.090376][T23519]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1167.090410][T23519]  ? import_iovec+0x74/0xa0
[ 1167.090433][T23519]  ___sys_sendmsg+0x21f/0x2a0
[ 1167.090461][T23519]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1167.090518][T23519]  ? __fget_files+0x2a/0x420
[ 1167.090541][T23519]  ? __fget_files+0x3a0/0x420
[ 1167.090575][T23519]  __x64_sys_sendmsg+0x19b/0x260
[ 1167.090605][T23519]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1167.090639][T23519]  ? __pfx_ksys_write+0x10/0x10
[ 1167.090657][T23519]  ? rcu_is_watching+0x15/0xb0
[ 1167.090680][T23519]  ? do_syscall_64+0xbe/0x3b0
[ 1167.090705][T23519]  do_syscall_64+0xfa/0x3b0
[ 1167.090724][T23519]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1167.090744][T23519]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.090763][T23519]  ? clear_bhb_loop+0x60/0xb0
[ 1167.090785][T23519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1167.090801][T23519] RIP: 0033:0x7fcc11d8e929
[ 1167.090818][T23519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1167.090833][T23519] RSP: 002b:00007fcc12b6e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1167.090853][T23519] RAX: ffffffffffffffda RBX: 00007fcc11fb5fa0 RCX: 00007fcc11d8e929
[ 1167.090867][T23519] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000004
[ 1167.090880][T23519] RBP: 00007fcc12b6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1167.090893][T23519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1167.090905][T23519] R13: 0000000000000000 R14: 00007fcc11fb5fa0 R15: 00007fffd6c8a148
[ 1167.090938][T23519]  </TASK>
[ 1167.092154][T21687] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1167.214626][T23519] CUSE: info not properly terminated
[ 1167.303071][T21687] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.436161][T21687] usb 3-1: config 0 descriptor??
[ 1167.578179][T23527] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5671'.
[ 1167.887589][T21687] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1167.916470][T21687] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[ 1167.929614][T21687] asix 3-1:0.0: probe with driver asix failed with error -32
[ 1168.072974][   T44] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 1168.232213][T23556] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1168.244675][   T44] usb 4-1: Using ep0 maxpacket: 16
[ 1168.251997][   T44] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9
[ 1168.275952][   T44] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1168.285878][   T44] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1168.291387][T23561] /dev/rnullb0: Can't open blockdev
[ 1168.299365][   T44] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1168.311101][   T44] usb 4-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[ 1168.323416][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1168.329379][T23556] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1168.344252][   T44] usb 4-1: config 0 descriptor??
[ 1168.703639][ T1627] usb 1-1: new full-speed USB device number 113 using dummy_hcd
[ 1168.791028][   T44] asus 0003:0B05:17E0.0018: item fetching failed at offset 0/1
[ 1168.799412][   T44] asus 0003:0B05:17E0.0018: Asus hid parse failed: -22
[ 1168.806464][   T44] asus 0003:0B05:17E0.0018: probe with driver asus failed with error -22
[ 1168.868408][ T1627] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1168.877590][ T1627] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1168.888864][ T1627] usb 1-1: config 0 descriptor??
[ 1169.005455][T23537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1169.014603][T23537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1169.028602][T23537] /dev/sg0: Can't lookup blockdev
[ 1169.035558][T21687] usb 4-1: USB disconnect, device number 57
[ 1169.806762][T23575] FAULT_INJECTION: forcing a failure.
[ 1169.806762][T23575] name failslab, interval 1, probability 0, space 0, times 0
[ 1169.825808][T23575] CPU: 0 UID: 0 PID: 23575 Comm: syz.3.5685 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1169.825844][T23575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1169.825857][T23575] Call Trace:
[ 1169.825866][T23575]  <TASK>
[ 1169.825874][T23575]  dump_stack_lvl+0x189/0x250
[ 1169.825900][T23575]  ? __pfx____ratelimit+0x10/0x10
[ 1169.825922][T23575]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1169.825944][T23575]  ? __pfx__printk+0x10/0x10
[ 1169.825975][T23575]  ? __pfx___might_resched+0x10/0x10
[ 1169.825993][T23575]  ? fs_reclaim_acquire+0x7d/0x100
[ 1169.826018][T23575]  should_fail_ex+0x414/0x560
[ 1169.826052][T23575]  ? seq_read_iter+0x1fd/0xe10
[ 1169.826068][T23575]  should_failslab+0xa8/0x100
[ 1169.826090][T23575]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1169.826111][T23575]  ? seq_read_iter+0x1fd/0xe10
[ 1169.826135][T23575]  seq_read_iter+0x1fd/0xe10
[ 1169.826157][T23575]  ? end_current_label_crit_section+0x152/0x180
[ 1169.826197][T23575]  proc_reg_read_iter+0x1b4/0x280
[ 1169.826230][T23575]  vfs_read+0x4cd/0x980
[ 1169.826260][T23575]  ? __pfx_vfs_read+0x10/0x10
[ 1169.826292][T23575]  ? __fget_files+0x2a/0x420
[ 1169.826324][T23575]  ksys_read+0x145/0x250
[ 1169.826347][T23575]  ? __pfx_ksys_read+0x10/0x10
[ 1169.826364][T23575]  ? rcu_is_watching+0x15/0xb0
[ 1169.826389][T23575]  ? do_syscall_64+0xbe/0x3b0
[ 1169.826415][T23575]  do_syscall_64+0xfa/0x3b0
[ 1169.826436][T23575]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1169.826456][T23575]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1169.826476][T23575]  ? clear_bhb_loop+0x60/0xb0
[ 1169.826499][T23575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1169.826519][T23575] RIP: 0033:0x7fcc11d8e929
[ 1169.826536][T23575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1169.826553][T23575] RSP: 002b:00007fcc12b6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1169.826574][T23575] RAX: ffffffffffffffda RBX: 00007fcc11fb5fa0 RCX: 00007fcc11d8e929
[ 1169.826589][T23575] RDX: 0000000000002020 RSI: 0000200000008480 RDI: 0000000000000003
[ 1169.826602][T23575] RBP: 00007fcc12b6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1169.826615][T23575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1169.826627][T23575] R13: 0000000000000000 R14: 00007fcc11fb5fa0 R15: 00007fffd6c8a148
[ 1169.826658][T23575]  </TASK>
[ 1170.119930][T21687] usb 3-1: USB disconnect, device number 26
[ 1170.138047][ T1627] pegasus 1-1:0.0: probe with driver pegasus failed with error -71
[ 1170.150655][ T1627] usb 1-1: USB disconnect, device number 113
[ 1170.560883][T23596] kvm: pic: single mode not supported
[ 1170.560907][T23596] kvm: pic: level sensitive irq not supported
[ 1170.670833][T21687] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1170.877709][T21687] usb 3-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[ 1170.895105][T21687] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1170.903224][T21687] usb 3-1: Product: syz
[ 1170.927185][T21687] usb 3-1: Manufacturer: syz
[ 1170.931814][T21687] usb 3-1: SerialNumber: syz
[ 1170.949599][T21687] usb 3-1: config 0 descriptor??
[ 1170.959471][ T1627] usb 5-1: new high-speed USB device number 94 using dummy_hcd
[ 1170.977134][ T5155] Bluetooth: hci1: urb ffff888068d33d00 submission failed (2)
[ 1170.994498][   T44] usb 1-1: new low-speed USB device number 114 using dummy_hcd
[ 1171.130450][ T1627] usb 5-1: Using ep0 maxpacket: 32
[ 1171.140899][ T1627] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f
[ 1171.156410][ T1627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1171.170831][ T1627] usb 5-1: config 0 descriptor??
[ 1171.185662][   T44] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1171.196828][   T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1171.210668][   T44] usb 1-1: config 0 descriptor??
[ 1171.257909][T23590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1171.269844][T23590] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1171.396307][ T1627] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1171.407806][ T1627] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1171.440755][ T1627] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1171.448710][T21687] usb 3-1: USB disconnect, device number 27
[ 1171.451169][ T1627] usb 5-1: media controller created
[ 1171.499897][ T1627] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1171.618761][ T1627] az6027: usb out operation failed. (-71)
[ 1171.632659][ T1627] az6027: usb out operation failed. (-71)
[ 1171.641813][ T1627] stb0899_attach: Driver disabled by Kconfig
[ 1171.648311][ T1627] az6027: no front-end attached
[ 1171.648311][ T1627] 
[ 1171.656119][ T1627] az6027: usb out operation failed. (-71)
[ 1171.661889][ T1627] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1171.678060][ T1627] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input186
[ 1171.699567][   T44] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1171.723295][ T1627] dvb-usb: schedule remote query interval to 400 msecs.
[ 1171.733641][   T44] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[ 1171.748607][ T1627] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1171.857384][   T44] asix 1-1:0.0: probe with driver asix failed with error -32
[ 1171.899263][ T1627] usb 5-1: USB disconnect, device number 94
[ 1171.952060][T23611] devtmpfs: Unknown parameter '.T'
[ 1171.959223][T23611] vxfs: WRONG superblock magic 00000000 at 1
[ 1171.970489][T23611] vxfs: WRONG superblock magic 00000000 at 8
[ 1171.980635][T23611] vxfs: can't find superblock.
[ 1171.998356][ T1627] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1172.321034][T23628] binder: 23627:23628 ioctl c0306201 0 returned -14
[ 1172.365239][T23628] kvm: pic: single mode not supported
[ 1172.365994][T23628] kvm: pic: single mode not supported
[ 1172.371477][T23628] kvm: pic: level sensitive irq not supported
[ 1172.376902][T21687] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 1172.520204][ T1627] usb 5-1: new full-speed USB device number 95 using dummy_hcd
[ 1172.562863][T21687] usb 4-1: Using ep0 maxpacket: 32
[ 1172.575203][T21687] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f
[ 1172.594950][T21687] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1172.617400][T21687] usb 4-1: config 0 descriptor??
[ 1172.682878][ T1627] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1172.696317][ T1627] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1172.711317][ T1627] usb 5-1: config 0 descriptor??
[ 1172.842591][T21687] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1172.853472][T21687] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1172.864035][T21687] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1172.871208][T21687] usb 4-1: media controller created
[ 1172.904327][T21687] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1172.986071][T23633] FAULT_INJECTION: forcing a failure.
[ 1172.986071][T23633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1172.999422][T23633] CPU: 1 UID: 0 PID: 23633 Comm: syz.2.5705 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1172.999453][T23633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1172.999466][T23633] Call Trace:
[ 1172.999475][T23633]  <TASK>
[ 1172.999483][T23633]  dump_stack_lvl+0x189/0x250
[ 1172.999510][T23633]  ? __pfx____ratelimit+0x10/0x10
[ 1172.999531][T23633]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1172.999544][T23633]  ? __pfx__printk+0x10/0x10
[ 1172.999556][T23633]  ? __might_fault+0xb0/0x130
[ 1172.999572][T23633]  should_fail_ex+0x414/0x560
[ 1172.999594][T23633]  _copy_from_user+0x2d/0xb0
[ 1172.999620][T23633]  input_event_from_user+0xb2/0x280
[ 1172.999646][T23633]  ? __pfx_input_event_from_user+0x10/0x10
[ 1172.999675][T23633]  ? input_inject_event+0xbc/0x320
[ 1172.999697][T23633]  evdev_write+0x2a6/0x480
[ 1172.999713][T23633]  ? __pfx_evdev_write+0x10/0x10
[ 1172.999725][T23633]  ? bpf_lsm_file_permission+0x9/0x20
[ 1172.999740][T23633]  ? security_file_permission+0x75/0x290
[ 1172.999770][T23633]  ? rw_verify_area+0x258/0x650
[ 1172.999790][T23633]  ? __pfx_evdev_write+0x10/0x10
[ 1172.999814][T23633]  vfs_write+0x27b/0xa90
[ 1172.999838][T23633]  ? __pfx_vfs_write+0x10/0x10
[ 1172.999850][T23633]  ? __fget_files+0x2a/0x420
[ 1172.999866][T23633]  ? __fget_files+0x2a/0x420
[ 1172.999878][T23633]  ? __fget_files+0x3a0/0x420
[ 1172.999890][T23633]  ? __fget_files+0x2a/0x420
[ 1172.999922][T23633]  ksys_write+0x145/0x250
[ 1172.999945][T23633]  ? __pfx_ksys_write+0x10/0x10
[ 1172.999972][T23633]  ? do_syscall_64+0xbe/0x3b0
[ 1172.999990][T23633]  do_syscall_64+0xfa/0x3b0
[ 1173.000001][T23633]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1173.000011][T23633]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.000021][T23633]  ? clear_bhb_loop+0x60/0xb0
[ 1173.000035][T23633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1173.000049][T23633] RIP: 0033:0x7f809798e929
[ 1173.000067][T23633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1173.000083][T23633] RSP: 002b:00007f809887c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1173.000104][T23633] RAX: ffffffffffffffda RBX: 00007f8097bb5fa0 RCX: 00007f809798e929
[ 1173.000119][T23633] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000004
[ 1173.000131][T23633] RBP: 00007f809887c090 R08: 0000000000000000 R09: 0000000000000000
[ 1173.000137][T23633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1173.000143][T23633] R13: 0000000000000000 R14: 00007f8097bb5fa0 R15: 00007ffc072b51b8
[ 1173.000159][T23633]  </TASK>
[ 1173.289381][T21687] az6027: usb out operation failed. (-71)
[ 1173.296448][T21687] az6027: usb out operation failed. (-71)
[ 1173.305432][T21687] stb0899_attach: Driver disabled by Kconfig
[ 1173.313144][T21687] az6027: no front-end attached
[ 1173.313144][T21687] 
[ 1173.321323][T21687] az6027: usb out operation failed. (-71)
[ 1173.329918][T21687] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1173.517438][T21687] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input187
[ 1173.553371][T21687] dvb-usb: schedule remote query interval to 400 msecs.
[ 1173.578500][T21687] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1173.606022][T21687] usb 4-1: USB disconnect, device number 58
[ 1173.692593][T21687] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1173.814530][T23645] 9pnet_fd: Insufficient options for proto=fd
[ 1173.910534][ T1627] pegasus 5-1:0.0: probe with driver pegasus failed with error -71
[ 1173.924961][ T1627] usb 5-1: USB disconnect, device number 95
[ 1173.949876][T23649] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5711'.
[ 1173.995202][   T44] usb 1-1: USB disconnect, device number 114
[ 1174.073777][T23653] binder: 23652:23653 ioctl c0306201 0 returned -14
[ 1174.168737][T23653] kvm: pic: single mode not supported
[ 1174.169932][T23653] kvm: pic: single mode not supported
[ 1174.175367][T23653] kvm: pic: level sensitive irq not supported
[ 1174.715648][T23667] 9pnet_fd: Insufficient options for proto=fd
[ 1174.733123][   T44] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[ 1174.862417][T23671] netlink: 'syz.4.5720': attribute type 10 has an invalid length.
[ 1174.876767][T23671] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5720'.
[ 1174.887687][T23671] bridge0: port 3(dummy0) entered blocking state
[ 1174.898035][T23671] bridge0: port 3(dummy0) entered disabled state
[ 1174.914835][   T44] usb 3-1: Using ep0 maxpacket: 16
[ 1174.917779][T23671] dummy0: entered allmulticast mode
[ 1174.927249][   T44] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9
[ 1174.937966][T23671] dummy0: entered promiscuous mode
[ 1174.950892][   T44] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1174.961518][   T44] usb 3-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1174.974807][   T44] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1174.996091][   T44] usb 3-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[ 1175.010551][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.057696][   T44] usb 3-1: config 0 descriptor??
[ 1175.111097][T23676] binder: 23675:23676 ioctl 4018620d 0 returned -22
[ 1175.303230][T21687] usb 1-1: new low-speed USB device number 115 using dummy_hcd
[ 1175.508146][T21687] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1175.521153][T21687] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.528020][   T44] asus 0003:0B05:17E0.0019: item fetching failed at offset 0/1
[ 1175.539991][   T44] asus 0003:0B05:17E0.0019: Asus hid parse failed: -22
[ 1175.547212][   T44] asus 0003:0B05:17E0.0019: probe with driver asus failed with error -22
[ 1175.550343][T21687] usb 1-1: config 0 descriptor??
[ 1175.631402][ T5867] usb 5-1: new full-speed USB device number 96 using dummy_hcd
[ 1175.691277][T23688] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1175.738470][T23663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1175.748177][T23663] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1175.758478][T23663] /dev/sg0: Can't lookup blockdev
[ 1175.765803][   T44] usb 3-1: USB disconnect, device number 28
[ 1175.816253][ T5867] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 1175.825802][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1175.836615][ T5867] usb 5-1: config 0 descriptor??
[ 1176.013276][T21687] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1176.023357][T21687] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[ 1176.033893][T21687] asix 1-1:0.0: probe with driver asix failed with error -32
[ 1176.359967][T23693] 9pnet_fd: Insufficient options for proto=fd
[ 1176.658034][ T1627] usb 3-1: new low-speed USB device number 29 using dummy_hcd
[ 1176.807434][ T1627] usb 3-1: device descriptor read/64, error -71
[ 1176.921997][ T5867] pegasus 5-1:0.0: probe with driver pegasus failed with error -71
[ 1176.948208][ T5867] usb 5-1: USB disconnect, device number 96
[ 1176.999764][T23709] input: syz0 as /devices/virtual/input/input188
[ 1177.074498][ T1627] usb 3-1: new low-speed USB device number 30 using dummy_hcd
[ 1177.239115][ T1627] usb 3-1: device descriptor read/64, error -71
[ 1177.535402][T23718] binder: 23716:23718 ioctl 4018620d 0 returned -22
[ 1177.588121][ T1627] usb usb3-port1: attempt power cycle
[ 1177.594759][T23720] FAULT_INJECTION: forcing a failure.
[ 1177.594759][T23720] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1177.608892][T23720] CPU: 1 UID: 0 PID: 23720 Comm: syz.3.5736 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1177.608918][T23720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1177.608931][T23720] Call Trace:
[ 1177.608939][T23720]  <TASK>
[ 1177.608948][T23720]  dump_stack_lvl+0x189/0x250
[ 1177.608976][T23720]  ? __pfx____ratelimit+0x10/0x10
[ 1177.608997][T23720]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1177.609017][T23720]  ? __pfx__printk+0x10/0x10
[ 1177.609038][T23720]  ? __might_fault+0xb0/0x130
[ 1177.609068][T23720]  should_fail_ex+0x414/0x560
[ 1177.609104][T23720]  _copy_from_iter+0x1db/0x16f0
[ 1177.609145][T23720]  ? __pfx__copy_from_iter+0x10/0x10
[ 1177.609170][T23720]  ? sock_alloc_send_pskb+0x875/0x990
[ 1177.609206][T23720]  ? __pfx__copy_from_iter+0x10/0x10
[ 1177.609236][T23720]  ? page_copy_sane+0x16a/0x280
[ 1177.609267][T23720]  copy_page_from_iter+0xdd/0x170
[ 1177.609298][T23720]  skb_copy_datagram_from_iter+0x306/0x720
[ 1177.609342][T23720]  tun_get_user+0x15c3/0x3ce0
[ 1177.609380][T23720]  ? aa_file_perm+0x13e/0x11b0
[ 1177.609407][T23720]  ? aa_file_perm+0x13e/0x11b0
[ 1177.609432][T23720]  ? aa_file_perm+0x3ed/0x11b0
[ 1177.609459][T23720]  ? __pfx_tun_get_user+0x10/0x10
[ 1177.609494][T23720]  ? __lock_acquire+0xab9/0xd20
[ 1177.609540][T23720]  ? ref_tracker_alloc+0x318/0x460
[ 1177.609559][T23720]  ? __lock_acquire+0xab9/0xd20
[ 1177.609588][T23720]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1177.609614][T23720]  ? tun_get+0x1c/0x2f0
[ 1177.609646][T23720]  ? tun_get+0x1c/0x2f0
[ 1177.609672][T23720]  ? tun_get+0x1c/0x2f0
[ 1177.609703][T23720]  tun_chr_write_iter+0x113/0x200
[ 1177.609734][T23720]  vfs_write+0x548/0xa90
[ 1177.609760][T23720]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1177.609788][T23720]  ? __pfx_vfs_write+0x10/0x10
[ 1177.609820][T23720]  ? __fget_files+0x2a/0x420
[ 1177.609854][T23720]  ksys_write+0x145/0x250
[ 1177.609878][T23720]  ? __pfx_ksys_write+0x10/0x10
[ 1177.609897][T23720]  ? rcu_is_watching+0x15/0xb0
[ 1177.609922][T23720]  ? do_syscall_64+0xbe/0x3b0
[ 1177.609949][T23720]  do_syscall_64+0xfa/0x3b0
[ 1177.609970][T23720]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1177.609996][T23720]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.610016][T23720]  ? clear_bhb_loop+0x60/0xb0
[ 1177.610041][T23720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1177.610060][T23720] RIP: 0033:0x7fcc11d8e929
[ 1177.610078][T23720] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1177.610096][T23720] RSP: 002b:00007fcc12b6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1177.610117][T23720] RAX: ffffffffffffffda RBX: 00007fcc11fb5fa0 RCX: 00007fcc11d8e929
[ 1177.610132][T23720] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003
[ 1177.610146][T23720] RBP: 00007fcc12b6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1177.610159][T23720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1177.610171][T23720] R13: 0000000000000000 R14: 00007fcc11fb5fa0 R15: 00007fffd6c8a148
[ 1177.610201][T23720]  </TASK>
[ 1178.218258][ T1627] usb 3-1: new low-speed USB device number 31 using dummy_hcd
[ 1178.253861][ T1627] usb 3-1: device descriptor read/8, error -71
[ 1178.327874][ T5867] usb 1-1: USB disconnect, device number 115
[ 1178.517981][ T1627] usb 3-1: new low-speed USB device number 32 using dummy_hcd
[ 1178.555717][ T1627] usb 3-1: device descriptor read/8, error -71
[ 1178.687030][ T1627] usb usb3-port1: unable to enumerate USB device
[ 1178.963602][T23750] binder: 23749:23750 ioctl 4018620d 0 returned -22
[ 1179.695650][T23759] /dev/rnullb0: Can't open blockdev
[ 1180.111250][ T1627] usb 3-1: new low-speed USB device number 33 using dummy_hcd
[ 1180.283389][ T1627] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1180.302994][ T1627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1180.327146][ T1627] usb 3-1: config 0 descriptor??
[ 1180.608588][T23780] binder: 23778:23780 ioctl 4018620d 0 returned -22
[ 1180.799200][ T1627] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1180.814253][ T1627] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[ 1180.826029][ T1627] asix 3-1:0.0: probe with driver asix failed with error -32
[ 1181.282239][T23799] block nbd0: Cannot use ioctl interface on a netlink controlled device.
[ 1181.462463][T23805] binder: 23804:23805 ioctl 4018620d 0 returned -22
[ 1182.252176][T23824] binder: 23822:23824 ioctl 4018620d 0 returned -22
[ 1183.160792][ T1627] usb 3-1: USB disconnect, device number 33
[ 1183.205758][T23842] binder: 23841:23842 ioctl 4018620d 0 returned -22
[ 1183.358928][T23847] misc userio: Invalid payload size
[ 1183.699259][T23859] kvm: pic: single mode not supported
[ 1183.700274][T23859] kvm: pic: level sensitive irq not supported
[ 1183.736520][T23859] kvm: pic: level sensitive irq not supported
[ 1183.752065][T23859] kvm: pic: single mode not supported
[ 1183.786947][T23869] binder: 23867:23869 ioctl 4018620d 0 returned -22
[ 1183.795935][T23870] binder: 23868:23870 ioctl 4018620d 0 returned -22
[ 1183.993366][ T1627] usb 3-1: new low-speed USB device number 34 using dummy_hcd
[ 1184.014177][T23875] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5789'.
[ 1184.175579][ T1627] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1184.188995][ T1627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1184.200574][ T1627] usb 3-1: config 0 descriptor??
[ 1184.413389][T23896] binder: 23895:23896 ioctl 4018620d 0 returned -22
[ 1184.563130][T23901] kvm: pic: single mode not supported
[ 1184.564296][T23901] kvm: pic: level sensitive irq not supported
[ 1184.577375][T23901] kvm: pic: level sensitive irq not supported
[ 1184.585054][T23901] kvm: pic: single mode not supported
[ 1184.849687][T16126] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[ 1184.864057][ T1627] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1184.885867][ T1627] asix 3-1:0.0: probe with driver asix failed with error -32
[ 1185.038878][T16126] usb 5-1: Using ep0 maxpacket: 32
[ 1185.046201][T16126] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1185.057390][T16126] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1185.067293][T16126] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1185.079172][T16126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1185.090867][T16126] usb 5-1: config 0 descriptor??
[ 1185.099359][T16126] hub 5-1:0.0: USB hub found
[ 1185.177844][ T5867] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[ 1185.313229][T16126] hub 5-1:0.0: 1 port detected
[ 1185.359681][ T5867] usb 1-1: Using ep0 maxpacket: 32
[ 1185.374101][ T5867] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f
[ 1185.387673][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1185.405725][ T5867] usb 1-1: config 0 descriptor??
[ 1185.449640][T23926] binder: 23925:23926 ioctl 4018620d 0 returned -22
[ 1185.539491][T16126] hub 5-1:0.0: hub_hub_status failed (err = -71)
[ 1185.547902][T16126] hub 5-1:0.0: config failed, can't get hub status (err -71)
[ 1185.565964][T16126] usbhid 5-1:0.0: can't add hid device: -71
[ 1185.572000][T16126] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1185.595628][T16126] usb 5-1: USB disconnect, device number 97
[ 1185.602602][T23928] kvm: pic: single mode not supported
[ 1185.603891][T23928] kvm: pic: level sensitive irq not supported
[ 1185.612982][T23928] kvm: pic: level sensitive irq not supported
[ 1185.621151][T23928] kvm: pic: single mode not supported
[ 1185.635821][ T5867] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1185.652050][ T5867] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1185.668475][ T5867] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1185.676128][ T5867] usb 1-1: media controller created
[ 1185.717504][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1185.853765][ T5867] az6027: usb out operation failed. (-71)
[ 1185.873024][ T5867] az6027: usb out operation failed. (-71)
[ 1185.878792][ T5867] stb0899_attach: Driver disabled by Kconfig
[ 1185.885423][ T5867] az6027: no front-end attached
[ 1185.885423][ T5867] 
[ 1185.892894][ T5867] az6027: usb out operation failed. (-71)
[ 1185.899003][ T5867] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1185.910199][ T5867] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input189
[ 1185.927040][ T5867] dvb-usb: schedule remote query interval to 400 msecs.
[ 1185.934120][ T5867] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1185.965992][ T5867] usb 1-1: USB disconnect, device number 116
[ 1186.042371][ T5867] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1186.375929][T23951] ntfs3(rnullb0): Primary boot signature is not NTFS.
[ 1186.383200][T23951] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[ 1186.484861][T23956] binder: 23955:23956 ioctl 4018620d 0 returned -22
[ 1186.565185][T23958] kvm: pic: single mode not supported
[ 1186.565208][T23958] kvm: pic: level sensitive irq not supported
[ 1186.572833][T23958] kvm: pic: single mode not supported
[ 1186.582084][T23958] kvm: pic: level sensitive irq not supported
[ 1186.587602][T23958] kvm: pic: level sensitive irq not supported
[ 1186.594963][T23958] kvm: pic: single mode not supported
[ 1186.601409][T23958] kvm: pic: level sensitive irq not supported
[ 1186.607550][T23958] kvm: pic: single mode not supported
[ 1186.968516][T23974] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5824'.
[ 1187.017908][T23976] binder: 23975:23976 ioctl 4018620d 0 returned -22
[ 1187.032484][ T5867] usb 3-1: USB disconnect, device number 34
[ 1187.168683][T23980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5827'.
[ 1187.412606][T23995] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5834'.
[ 1187.470789][T23997] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1187.588143][T24004] binder: 24003:24004 ioctl 4018620d 0 returned -22
[ 1187.625500][T23997] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1188.400580][T24015] netlink: 'syz.2.5839': attribute type 10 has an invalid length.
[ 1188.412242][T24015] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5839'.
[ 1188.705358][T24029] binder: 24028:24029 ioctl 4018620d 0 returned -22
[ 1189.460383][T24062] input: syz0 as /devices/virtual/input/input190
[ 1189.638118][T24067] binder: 24066:24067 ioctl 4018620d 0 returned -22
[ 1189.791601][T24073] pic_ioport_write: 5 callbacks suppressed
[ 1189.791621][T24073] kvm: pic: single mode not supported
[ 1189.798094][T24073] pic_ioport_write: 8 callbacks suppressed
[ 1189.798111][T24073] kvm: pic: level sensitive irq not supported
[ 1189.816352][T24073] kvm: pic: single mode not supported
[ 1189.826140][T24073] kvm: pic: level sensitive irq not supported
[ 1189.839060][T24073] kvm: pic: level sensitive irq not supported
[ 1189.846320][T24073] kvm: pic: single mode not supported
[ 1189.852520][T24073] kvm: pic: level sensitive irq not supported
[ 1189.860101][T24073] kvm: pic: single mode not supported
[ 1189.866906][T24073] kvm: pic: level sensitive irq not supported
[ 1189.913787][T16126] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 1189.988062][T24081] FAULT_INJECTION: forcing a failure.
[ 1189.988062][T24081] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1190.017057][T24081] CPU: 1 UID: 0 PID: 24081 Comm: syz.4.5863 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1190.017087][T24081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1190.017100][T24081] Call Trace:
[ 1190.017108][T24081]  <TASK>
[ 1190.017117][T24081]  dump_stack_lvl+0x189/0x250
[ 1190.017146][T24081]  ? __pfx____ratelimit+0x10/0x10
[ 1190.017168][T24081]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1190.017192][T24081]  ? __pfx__printk+0x10/0x10
[ 1190.017214][T24081]  ? __might_fault+0xb0/0x130
[ 1190.017245][T24081]  should_fail_ex+0x414/0x560
[ 1190.017280][T24081]  _copy_from_iter+0x1db/0x16f0
[ 1190.017320][T24081]  ? __pfx__copy_from_iter+0x10/0x10
[ 1190.017345][T24081]  ? sock_alloc_send_pskb+0x875/0x990
[ 1190.017380][T24081]  ? __pfx__copy_from_iter+0x10/0x10
[ 1190.017410][T24081]  ? page_copy_sane+0x16a/0x280
[ 1190.017439][T24081]  copy_page_from_iter+0xdd/0x170
[ 1190.017481][T24081]  skb_copy_datagram_from_iter+0x306/0x720
[ 1190.017522][T24081]  tun_get_user+0x15c3/0x3ce0
[ 1190.017560][T24081]  ? aa_file_perm+0x13e/0x11b0
[ 1190.017586][T24081]  ? aa_file_perm+0x13e/0x11b0
[ 1190.017610][T24081]  ? aa_file_perm+0x3ed/0x11b0
[ 1190.017636][T24081]  ? __pfx_tun_get_user+0x10/0x10
[ 1190.017671][T24081]  ? __lock_acquire+0xab9/0xd20
[ 1190.017705][T24081]  ? ref_tracker_alloc+0x318/0x460
[ 1190.017723][T24081]  ? __lock_acquire+0xab9/0xd20
[ 1190.017752][T24081]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1190.017778][T24081]  ? tun_get+0x1c/0x2f0
[ 1190.017810][T24081]  ? tun_get+0x1c/0x2f0
[ 1190.017835][T24081]  ? tun_get+0x1c/0x2f0
[ 1190.017865][T24081]  tun_chr_write_iter+0x113/0x200
[ 1190.017894][T24081]  vfs_write+0x548/0xa90
[ 1190.017920][T24081]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1190.017948][T24081]  ? __pfx_vfs_write+0x10/0x10
[ 1190.017979][T24081]  ? __fget_files+0x2a/0x420
[ 1190.018011][T24081]  ksys_write+0x145/0x250
[ 1190.018034][T24081]  ? __pfx_ksys_write+0x10/0x10
[ 1190.018053][T24081]  ? rcu_is_watching+0x15/0xb0
[ 1190.018077][T24081]  ? do_syscall_64+0xbe/0x3b0
[ 1190.018103][T24081]  do_syscall_64+0xfa/0x3b0
[ 1190.018124][T24081]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1190.018144][T24081]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1190.018163][T24081]  ? clear_bhb_loop+0x60/0xb0
[ 1190.018188][T24081]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1190.018207][T24081] RIP: 0033:0x7f345618e929
[ 1190.018225][T24081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1190.018243][T24081] RSP: 002b:00007f3456f26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1190.018264][T24081] RAX: ffffffffffffffda RBX: 00007f34563b5fa0 RCX: 00007f345618e929
[ 1190.018279][T24081] RDX: 000000000000fdef RSI: 0000200000000240 RDI: 0000000000000003
[ 1190.018292][T24081] RBP: 00007f3456f26090 R08: 0000000000000000 R09: 0000000000000000
[ 1190.018305][T24081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1190.018317][T24081] R13: 0000000000000000 R14: 00007f34563b5fa0 R15: 00007ffed03b7748
[ 1190.018347][T24081]  </TASK>
[ 1190.428889][T16126] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1190.437033][T16126] usb 4-1: config 0 has no interface number 0
[ 1190.444241][T16126] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1190.455189][T16126] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1190.465227][T16126] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[ 1190.474324][T16126] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1190.492977][T16126] usb 4-1: config 0 descriptor??
[ 1190.593940][T24095] binder: 24094:24095 ioctl 4018620d 0 returned -22
[ 1190.666567][T24095] kvm: pic: single mode not supported
[ 1190.666590][T24095] kvm: pic: level sensitive irq not supported
[ 1190.683771][T24095] kvm: pic: level sensitive irq not supported
[ 1190.987709][T16126] prodikeys 0003:041E:2801.001A: unknown main item tag 0x0
[ 1191.013575][T24105] binder: 24104:24105 ioctl 4018620d 0 returned -22
[ 1191.040498][T16126] prodikeys 0003:041E:2801.001A: unknown main item tag 0x0
[ 1191.062938][T16126] prodikeys 0003:041E:2801.001A: unknown main item tag 0x0
[ 1191.085455][T16126] prodikeys 0003:041E:2801.001A: unknown main item tag 0x0
[ 1191.103643][T16126] prodikeys 0003:041E:2801.001A: unknown main item tag 0x0
[ 1191.119106][T16126] prodikeys 0003:041E:2801.001A: unknown main item tag 0x0
[ 1191.135074][T16126] prodikeys 0003:041E:2801.001A: unknown main item tag 0x0
[ 1191.163286][T16126] prodikeys 0003:041E:2801.001A: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.3-1/input1
[ 1191.186549][T24069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1191.195447][T24069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1191.198649][T16126] hid_prodikeys: hid-prodikeys: failed to find output report
[ 1191.198649][T16126] 
[ 1191.301757][T16126] usb 4-1: USB disconnect, device number 59
[ 1191.436117][T24108] fido_id[24108]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[ 1191.945142][T16126] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1192.090994][T24130] binder: 24129:24130 ioctl 4018620d 0 returned -22
[ 1192.127593][T16126] usb 3-1: Using ep0 maxpacket: 16
[ 1192.149562][T16126] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9
[ 1192.192670][T16126] usb 3-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1192.213777][T16126] usb 3-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1192.244984][T16126] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1192.262477][T16126] usb 3-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[ 1192.280939][T16126] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.303802][T16126] usb 3-1: config 0 descriptor??
[ 1192.759301][T16126] usbhid 3-1:0.0: can't add hid device: -71
[ 1192.778669][T16126] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1192.806951][T16126] usb 3-1: USB disconnect, device number 35
[ 1192.853780][ T1627] usb 1-1: new low-speed USB device number 117 using dummy_hcd
[ 1193.017044][ T1627] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1193.034763][ T1627] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1193.075765][ T1627] usb 1-1: config 0 descriptor??
[ 1193.568419][T24158] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5894'.
[ 1193.908211][T24165] binder: 24164:24165 ioctl 4018620d 0 returned -22
[ 1194.564165][T21687] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[ 1194.746644][T21687] usb 4-1: Using ep0 maxpacket: 16
[ 1194.764899][T21687] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 32, changing to 9
[ 1194.803869][T21687] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1194.833658][T21687] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1194.868420][T21687] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1194.885028][T21687] usb 4-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[ 1194.905438][T21687] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1194.955572][T21687] usb 4-1: config 0 descriptor??
[ 1195.088092][ T1627] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1195.098143][ T1627] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[ 1195.143575][ T1627] asix 1-1:0.0: probe with driver asix failed with error -71
[ 1195.163696][ T1627] usb 1-1: USB disconnect, device number 117
[ 1195.413073][T21687] usbhid 4-1:0.0: can't add hid device: -71
[ 1195.422807][T21687] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1195.454630][T21687] usb 4-1: USB disconnect, device number 60
[ 1195.489317][T24190] binder: 24189:24190 ioctl 4018620d 0 returned -22
[ 1196.050333][ T1627] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[ 1196.232055][ T1627] usb 5-1: Using ep0 maxpacket: 8
[ 1196.261819][ T1627] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[ 1196.278789][ T1627] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[ 1196.301339][ T1627] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1196.317467][ T1627] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1196.336464][ T1627] usb 5-1: Product: syz
[ 1196.343165][ T1627] usb 5-1: Manufacturer: syz
[ 1196.349762][T21687] usb 4-1: new low-speed USB device number 61 using dummy_hcd
[ 1196.352612][ T1627] usb 5-1: SerialNumber: syz
[ 1196.378997][ T1627] usb 5-1: rejected 1 configuration due to insufficient available bus power
[ 1196.397051][ T1627] usb 5-1: no configuration chosen from 1 choice
[ 1196.537904][T21687] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1196.551711][T21687] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1196.570832][T21687] usb 4-1: config 0 descriptor??
[ 1196.991159][ T5867] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1197.151358][ T1627] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[ 1197.172762][ T5867] usb 3-1: Using ep0 maxpacket: 8
[ 1197.179893][ T5867] usb 3-1: config 5 has an invalid interface number: 72 but max is 0
[ 1197.191184][ T5867] usb 3-1: config 5 has no interface number 0
[ 1197.201943][ T5867] usb 3-1: config 5 interface 72 altsetting 64 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[ 1197.215921][ T5867] usb 3-1: config 5 interface 72 has no altsetting 0
[ 1197.224867][ T5867] usb 3-1: New USB device found, idVendor=12b8, idProduct=ec60, bcdDevice=ab.24
[ 1197.235905][ T5867] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1197.244338][ T5867] usb 3-1: Product: syz
[ 1197.248834][ T5867] usb 3-1: Manufacturer: syz
[ 1197.253452][ T5867] usb 3-1: SerialNumber: syz
[ 1197.258270][T21687] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1197.270105][T21687] asix 4-1:0.0: probe with driver asix failed with error -32
[ 1197.316672][ T1627] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1197.326032][ T1627] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1197.334752][ T1627] usb 1-1: Product: syz
[ 1197.339015][ T1627] usb 1-1: Manufacturer: syz
[ 1197.343700][ T1627] usb 1-1: SerialNumber: syz
[ 1197.354620][ T1627] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1197.382062][T16126] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1197.515689][ T5867] cp210x 3-1:5.72: cp210x converter detected
[ 1197.522297][ T5867] cp210x 3-1:5.72: failed to get vendor val 0x370b size 1: -71
[ 1197.530230][ T5867] cp210x 3-1:5.72: querying part number failed
[ 1197.541571][ T5867] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1197.557808][ T5867] usb 3-1: USB disconnect, device number 36
[ 1197.573073][ T5867] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1197.583055][ T5867] cp210x 3-1:5.72: device disconnected
[ 1198.054501][ T1627] usb 1-1: USB disconnect, device number 118
[ 1198.203482][T24223] binder: 24222:24223 ioctl 4018620d 0 returned -22
[ 1198.530521][T16126] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[ 1198.537613][T16126] ath9k_htc: Failed to initialize the device
[ 1198.562971][ T1627] usb 1-1: ath9k_htc: USB layer deinitialized
[ 1198.750197][T24232] FAULT_INJECTION: forcing a failure.
[ 1198.750197][T24232] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1198.767851][T24232] CPU: 1 UID: 0 PID: 24232 Comm: syz.0.5923 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1198.767880][T24232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1198.767892][T24232] Call Trace:
[ 1198.767900][T24232]  <TASK>
[ 1198.767907][T24232]  dump_stack_lvl+0x189/0x250
[ 1198.767932][T24232]  ? __pfx____ratelimit+0x10/0x10
[ 1198.767954][T24232]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1198.767975][T24232]  ? __pfx__printk+0x10/0x10
[ 1198.767998][T24232]  ? fs_reclaim_acquire+0x7d/0x100
[ 1198.768031][T24232]  should_fail_ex+0x414/0x560
[ 1198.768067][T24232]  prepare_alloc_pages+0x213/0x610
[ 1198.768098][T24232]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1198.768128][T24232]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1198.768163][T24232]  ? policy_nodemask+0x27c/0x720
[ 1198.768181][T24232]  ? __lock_acquire+0xab9/0xd20
[ 1198.768215][T24232]  alloc_pages_mpol+0x232/0x4a0
[ 1198.768243][T24232]  vma_alloc_folio_noprof+0xe4/0x200
[ 1198.768268][T24232]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1198.768304][T24232]  folio_prealloc+0x30/0x180
[ 1198.768326][T24232]  __handle_mm_fault+0x2ab9/0x5440
[ 1198.768372][T24232]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1198.768424][T24232]  ? find_vma+0xe7/0x160
[ 1198.768440][T24232]  ? __pfx_find_vma+0x10/0x10
[ 1198.768459][T24232]  handle_mm_fault+0x40a/0x8e0
[ 1198.768497][T24232]  do_user_addr_fault+0x764/0x1390
[ 1198.768542][T24232]  exc_page_fault+0x76/0xf0
[ 1198.768566][T24232]  asm_exc_page_fault+0x26/0x30
[ 1198.768585][T24232] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 1198.768614][T24232] Code: ff 03 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 1198.768632][T24232] RSP: 0018:ffffc900043bfa18 EFLAGS: 00050206
[ 1198.768651][T24232] RAX: ffffffff84caff01 RBX: ffff88804c69c000 RCX: 000000000000085b
[ 1198.768667][T24232] RDX: 0000000000000000 RSI: ffff88804c69c000 RDI: 0000200000008480
[ 1198.768681][T24232] RBP: ffffc900043bfb78 R08: ffff88804c69c85a R09: 1ffff110098d390b
[ 1198.768697][T24232] R10: dffffc0000000000 R11: ffffed10098d390c R12: 1ffff92000877faf
[ 1198.768712][T24232] R13: 0000200000008480 R14: ffffc900043bfd88 R15: 000000000000085b
[ 1198.768736][T24232]  ? _copy_to_iter+0x191/0x16f0
[ 1198.768772][T24232]  _copy_to_iter+0x24c/0x16f0
[ 1198.768802][T24232]  ? __pfx_proc_keys_show+0x10/0x10
[ 1198.768842][T24232]  ? __pfx__copy_to_iter+0x10/0x10
[ 1198.768881][T24232]  ? do_raw_spin_unlock+0x122/0x240
[ 1198.768911][T24232]  seq_read_iter+0xbeb/0xe10
[ 1198.768953][T24232]  proc_reg_read_iter+0x1b4/0x280
[ 1198.768986][T24232]  vfs_read+0x4cd/0x980
[ 1198.769018][T24232]  ? __pfx_vfs_read+0x10/0x10
[ 1198.769050][T24232]  ? __fget_files+0x2a/0x420
[ 1198.769084][T24232]  ksys_read+0x145/0x250
[ 1198.769108][T24232]  ? __pfx_ksys_read+0x10/0x10
[ 1198.769126][T24232]  ? rcu_is_watching+0x15/0xb0
[ 1198.769152][T24232]  ? do_syscall_64+0xbe/0x3b0
[ 1198.769179][T24232]  do_syscall_64+0xfa/0x3b0
[ 1198.769199][T24232]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1198.769220][T24232]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.769240][T24232]  ? clear_bhb_loop+0x60/0xb0
[ 1198.769264][T24232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1198.769284][T24232] RIP: 0033:0x7fac8998e929
[ 1198.769301][T24232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1198.769318][T24232] RSP: 002b:00007fac8a855038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1198.769337][T24232] RAX: ffffffffffffffda RBX: 00007fac89bb5fa0 RCX: 00007fac8998e929
[ 1198.769352][T24232] RDX: 0000000000002020 RSI: 0000200000008480 RDI: 0000000000000003
[ 1198.769365][T24232] RBP: 00007fac8a855090 R08: 0000000000000000 R09: 0000000000000000
[ 1198.769378][T24232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1198.769390][T24232] R13: 0000000000000000 R14: 00007fac89bb5fa0 R15: 00007fff3ea58b18
[ 1198.769423][T24232]  </TASK>
[ 1199.203878][ T1627] usb 5-1: USB disconnect, device number 99
[ 1199.351901][ T5867] usb 4-1: USB disconnect, device number 61
[ 1199.541529][T24243] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1199.554208][T24245] /dev/rnullb0: Can't open blockdev
[ 1199.757545][T24265] binder: 24264:24265 ioctl 4018620d 0 returned -22
[ 1199.973856][T21687] usb 3-1: new full-speed USB device number 37 using dummy_hcd
[ 1199.984395][ T5867] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[ 1200.134345][T21687] usb 3-1: device descriptor read/64, error -71
[ 1200.166326][ T5867] usb 5-1: Using ep0 maxpacket: 32
[ 1200.176405][ T5867] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1200.190208][ T5867] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1200.200822][ T5867] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1200.212549][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1200.223910][ T5867] usb 5-1: config 0 descriptor??
[ 1200.237816][ T5867] hub 5-1:0.0: USB hub found
[ 1200.390580][T21687] usb 3-1: new full-speed USB device number 38 using dummy_hcd
[ 1200.511855][ T5867] hub 5-1:0.0: 1 port detected
[ 1200.529547][T21687] usb 3-1: device descriptor read/64, error -71
[ 1200.550932][ T1627] usb 1-1: new low-speed USB device number 119 using dummy_hcd
[ 1200.648007][T21687] usb usb3-port1: attempt power cycle
[ 1200.716845][ T1627] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1200.726226][ T1627] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1200.740540][ T1627] usb 1-1: config 0 descriptor??
[ 1200.950478][T13983] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[ 1201.032218][T21687] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[ 1201.059089][T21687] usb 3-1: device descriptor read/8, error -71
[ 1201.128184][T13983] usb 4-1: Using ep0 maxpacket: 32
[ 1201.135857][T13983] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f
[ 1201.145347][T13983] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1201.157156][T13983] usb 4-1: config 0 descriptor??
[ 1201.320943][T21687] usb 3-1: new full-speed USB device number 40 using dummy_hcd
[ 1201.342929][T21687] usb 3-1: device descriptor read/8, error -71
[ 1201.357620][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1201.364211][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1201.382832][T13983] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1201.393699][T13983] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1201.404563][T13983] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1201.413413][T13983] usb 4-1: media controller created
[ 1201.414229][ T1627] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1201.434193][ T1627] asix 1-1:0.0: probe with driver asix failed with error -32
[ 1201.443903][T13983] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1201.470597][T21687] usb usb3-port1: unable to enumerate USB device
[ 1201.598208][T13983] az6027: usb out operation failed. (-71)
[ 1201.606627][T13983] az6027: usb out operation failed. (-71)
[ 1201.613623][T13983] stb0899_attach: Driver disabled by Kconfig
[ 1201.619731][T13983] az6027: no front-end attached
[ 1201.619731][T13983] 
[ 1201.627363][T13983] az6027: usb out operation failed. (-71)
[ 1201.633190][T13983] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1201.642663][T13983] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input191
[ 1201.663584][T13983] dvb-usb: schedule remote query interval to 400 msecs.
[ 1201.670677][T13983] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1201.683366][T13983] usb 4-1: USB disconnect, device number 62
[ 1201.734822][T13983] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1201.867285][ T5867] hub 5-1:0.0: hub_hub_status failed (err = -32)
[ 1201.873760][ T5867] hub 5-1:0.0: config failed, can't get hub status (err -32)
[ 1201.884097][ T5867] usbhid 5-1:0.0: can't add hid device: -32
[ 1201.890184][ T5867] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[ 1202.301440][T24287] kvm: pic: single mode not supported
[ 1202.301460][T24287] kvm: pic: level sensitive irq not supported
[ 1202.935041][T24291] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1203.032039][T16126] usb 5-1: USB disconnect, device number 100
[ 1203.315791][T24307] /dev/rnullb0: Can't open blockdev
[ 1203.517168][T13983] usb 1-1: USB disconnect, device number 119
[ 1203.897236][T13983] usb 1-1: new full-speed USB device number 120 using dummy_hcd
[ 1204.103069][T13983] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 1204.114642][T13983] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 1204.142372][T13983] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[ 1204.161166][T13983] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1204.173146][T13983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1204.185467][T13983] usb 1-1: Product: syz
[ 1204.191768][T13983] usb 1-1: Manufacturer: syz
[ 1204.196567][T13983] usb 1-1: SerialNumber: syz
[ 1204.218693][T13983] usb 1-1: config 0 descriptor??
[ 1204.224503][T24317] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1204.245108][T24317] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1204.265735][T13983] usb 1-1: ucan: probing device on interface #0
[ 1204.314081][ T5867] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[ 1204.485097][ T5867] usb 3-1: Using ep0 maxpacket: 32
[ 1204.490389][T21687] usb 4-1: new low-speed USB device number 63 using dummy_hcd
[ 1204.500993][ T5867] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.1f
[ 1204.510727][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.526374][ T5867] usb 3-1: config 0 descriptor??
[ 1204.680352][T21687] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1204.695519][T21687] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.710738][T21687] usb 4-1: config 0 descriptor??
[ 1204.757439][ T5867] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1204.774142][   T31] INFO: task kworker/u8:10:4565 blocked for more than 144 seconds.
[ 1204.776375][ T5867] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1204.782078][   T31]       Not tainted 6.16.0-rc3-next-20250626-syzkaller #0
[ 1204.782097][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1204.782108][   T31] task:kworker/u8:10   state:D stack:19448 pid:4565  tgid:4565  ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1204.832397][ T5867] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1204.842905][ T5867] usb 3-1: media controller created
[ 1204.866772][   T31] Workqueue: netns cleanup_net
[ 1204.876530][   T31] Call Trace:
[ 1204.883435][   T31]  <TASK>
[ 1204.889996][   T31]  __schedule+0x16f5/0x4d00
[ 1204.890137][ T5867] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1204.900656][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1204.912727][   T31]  ? schedule+0x165/0x360
[ 1204.923408][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1204.931823][   T31]  ? __pfx___schedule+0x10/0x10
[ 1204.942847][   T31]  ? schedule+0x91/0x360
[ 1204.953206][   T31]  schedule+0x165/0x360
[ 1204.964647][   T31]  afs_cell_purge+0x3d9/0x540
[ 1204.979484][T13983] ucan 1-1:0.0 can0: registered device
[ 1204.982535][   T31]  ? __pfx_afs_cell_purge+0x10/0x10
[ 1204.993194][    C0] raw-gadget.1 gadget.2: ignoring, device is not running
[ 1205.003964][   T31]  ? __pfx_var_wake_function+0x10/0x10
[ 1205.011119][ T5867] az6027: usb out operation failed. (-32)
[ 1205.016820][   T31]  ? afs_net+0x45/0x270
[ 1205.025444][ T5867] az6027: usb out operation failed. (-71)
[ 1205.031131][   T31]  ? afs_net+0x45/0x270
[ 1205.032583][ T5867] stb0899_attach: Driver disabled by Kconfig
[ 1205.042590][ T5867] az6027: no front-end attached
[ 1205.042590][ T5867] 
[ 1205.046107][   T31]  afs_net_exit+0x50/0x100
[ 1205.050276][ T5867] az6027: usb out operation failed. (-71)
[ 1205.060671][ T5867] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1205.067213][   T31]  ops_undo_list+0x49a/0x990
[ 1205.080743][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[ 1205.082065][ T5867] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input192
[ 1205.093198][   T31]  cleanup_net+0x4c5/0x800
[ 1205.108948][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1205.117123][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1205.122359][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1205.126900][ T5867] dvb-usb: schedule remote query interval to 400 msecs.
[ 1205.139584][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1205.152334][ T5867] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1205.161987][   T31]  process_scheduled_works+0xade/0x17b0
[ 1205.167651][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1205.178831][ T5867] usb 3-1: USB disconnect, device number 41
[ 1205.193460][   T31]  worker_thread+0x8a0/0xda0
[ 1205.198116][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1205.222758][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1205.228048][   T31]  kthread+0x711/0x8a0
[ 1205.232161][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1205.244136][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.270171][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1205.286889][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1205.292510][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.297211][   T31]  ret_from_fork+0x3fc/0x770
[ 1205.302223][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1205.307469][   T31]  ? __switch_to_asm+0x39/0x70
[ 1205.312718][   T31]  ? __switch_to_asm+0x33/0x70
[ 1205.317618][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.322523][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1205.327316][   T31]  </TASK>
[ 1205.330754][   T31] 
[ 1205.330754][   T31] Showing all locks held in the system:
[ 1205.338545][   T31] 1 lock held by khungtaskd/31:
[ 1205.344558][   T31]  #0: ffffffff8e33bf20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1205.354743][   T31] 3 locks held by kworker/u8:10/4565:
[ 1205.360215][   T31]  #0: ffff88801b6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1205.371558][   T31]  #1: ffffc9000eacfbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1205.382398][   T31]  #2: ffffffff8f71da50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1205.391995][   T31] 1 lock held by syslogd/5187:
[ 1205.398364][   T31]  #0: ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1205.408905][   T31] 2 locks held by getty/5591:
[ 1205.409125][T21687] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[ 1205.413659][   T31]  #0: ffff8880303c10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1205.429995][T21687] asix 4-1:0.0: probe with driver asix failed with error -32
[ 1205.434149][   T31]  #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1205.451669][   T31] 7 locks held by kworker/0:3/5867:
[ 1205.457009][   T31]  #0: ffff88801e297148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1205.468750][   T31]  #1: ffffc900042f7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1205.480904][   T31]  #2: ffff888028575198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[ 1205.489840][   T31]  #3: ffff88807c696198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950
[ 1205.499248][   T31]  #4: ffff88805e428160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0
[ 1205.509879][   T31]  #5: ffffffff8f1ac4c8 (input_mutex){+.+.}-{4:4}, at: __input_unregister_device+0x2d8/0x5e0
[ 1205.520701][   T31]  #6: ffffffff8e341a38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[ 1205.535270][   T31] 5 locks held by kworker/0:6/13983:
[ 1205.540583][   T31]  #0: ffff88801e297148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1205.552726][   T31]  #1: ffffc9000bac7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1205.568082][   T31]  #2: ffff8880284a5198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[ 1205.577106][   T31]  #3: ffff88807c697198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[ 1205.586655][   T31]  #4: ffff88807c695160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[ 1205.595970][   T31] 4 locks held by udevd/21955:
[ 1205.600808][   T31]  #0: ffff88805ff77540 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[ 1205.609689][   T31]  #1: ffff888028dc4488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0
[ 1205.619214][   T31]  #2: ffff8880665e2e18 (kn->active#24){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0
[ 1205.628751][   T31]  #3: ffff88807c697198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[ 1205.638299][   T31] 2 locks held by syz.0.5953/24316:
[ 1205.643589][   T31]  #0: ffffffff8f72a708 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[ 1205.652683][   T31]  #1: ffffffff8e341a38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[ 1205.664936][   T31] 1 lock held by syz.4.5963/24338:
[ 1205.670067][   T31]  #0: ffffffff8e341900 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1205.680470][   T31] 
[ 1205.683121][   T31] =============================================
[ 1205.683121][   T31] 
[ 1205.693482][   T31] NMI backtrace for cpu 1
[ 1205.693498][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1205.693519][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1205.693531][   T31] Call Trace:
[ 1205.693539][   T31]  <TASK>
[ 1205.693547][   T31]  dump_stack_lvl+0x189/0x250
[ 1205.693570][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1205.693595][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1205.693617][   T31]  ? __pfx__printk+0x10/0x10
[ 1205.693649][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1205.693680][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1205.693703][   T31]  ? _printk+0xcf/0x120
[ 1205.693728][   T31]  ? __pfx__printk+0x10/0x10
[ 1205.693751][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1205.693780][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1205.693810][   T31]  watchdog+0xfee/0x1030
[ 1205.693836][   T31]  ? watchdog+0x1de/0x1030
[ 1205.693866][   T31]  kthread+0x711/0x8a0
[ 1205.693891][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1205.693916][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.693940][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1205.693958][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1205.693976][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.693998][   T31]  ret_from_fork+0x3fc/0x770
[ 1205.694030][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1205.694065][   T31]  ? __switch_to_asm+0x39/0x70
[ 1205.694087][   T31]  ? __switch_to_asm+0x33/0x70
[ 1205.694109][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.694133][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1205.694171][   T31]  </TASK>
[ 1205.694180][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1205.782693][ T5867] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1205.783018][    C0] NMI backtrace for cpu 0
[ 1205.783032][    C0] CPU: 0 UID: 0 PID: 5867 Comm: kworker/0:3 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1205.783054][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1205.783067][    C0] Workqueue: usb_hub_wq hub_event
[ 1205.783098][    C0] RIP: 0010:kvm_sched_clock_read+0xc/0x20
[ 1205.783120][    C0] Code: 00 65 c6 05 6f 9f 4d 07 00 eb 9a cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 3d 24 da 4d 07 <e8> 4f 00 00 00 48 2b 05 a0 80 52 02 c3 cc cc cc cc cc cc cc 90 90
[ 1205.783136][    C0] RSP: 0018:ffffc90000007e20 EFLAGS: 00000082
[ 1205.783150][    C0] RAX: ffffffff8167b56b RBX: ffff8880b8623e58 RCX: ffff88802f66da00
[ 1205.783165][    C0] RDX: 0000000000010000 RSI: ffffffff8be4abe0 RDI: ffffffff92c9d000
[ 1205.783179][    C0] RBP: ffffc90000007f18 R08: ffffffff8fc2b637 R09: 1ffffffff1f856c6
[ 1205.783193][    C0] R10: dffffc0000000000 R11: fffffbfff1f856c7 R12: dffffc0000000000
[ 1205.783207][    C0] R13: dffffc0000000000 R14: ffffc90000007ea0 R15: 1ffff92000000fd0
[ 1205.783222][    C0] FS:  0000000000000000(0000) GS:ffff8881259e6000(0000) knlGS:0000000000000000
[ 1205.783237][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1205.783250][    C0] CR2: 00007f8097b7e2d8 CR3: 000000006d990000 CR4: 00000000003526f0
[ 1205.783266][    C0] Call Trace:
[ 1205.783274][    C0]  <IRQ>
[ 1205.783281][    C0]  sched_clock+0x17/0x60
[ 1205.783306][    C0]  sched_clock_cpu+0x74/0x430
[ 1205.783322][    C0]  ? lapic_next_event+0x11/0x20
[ 1205.783338][    C0]  ? clockevents_program_event+0x24d/0x360
[ 1205.783363][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[ 1205.783378][    C0]  ? hrtimer_interrupt+0x889/0xaa0
[ 1205.783400][    C0]  irqtime_account_irq+0x6e/0x1c0
[ 1205.783424][    C0]  __irq_exit_rcu+0x8d/0x1f0
[ 1205.783441][    C0]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1205.783461][    C0]  irq_exit_rcu+0x9/0x30
[ 1205.783476][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1205.783494][    C0]  </IRQ>
[ 1205.783500][    C0]  <TASK>
[ 1205.783507][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1205.783526][    C0] RIP: 0010:vprintk_emit+0x58f/0x7a0
[ 1205.783546][    C0] Code: 85 32 01 00 00 e8 11 59 1f 00 41 89 df 4d 85 f6 48 8b 1c 24 75 07 e8 00 59 1f 00 eb 06 e8 f9 58 1f 00 fb 48 c7 c7 c0 01 33 8e <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 a9 36
[ 1205.783561][    C0] RSP: 0018:ffffc900042f7120 EFLAGS: 00000283
[ 1205.783585][    C0] RAX: ffffffff81a0b387 RBX: ffffffff81a0b244 RCX: 0000000000100000
[ 1205.783598][    C0] RDX: ffffc900169b0000 RSI: 000000000001796f RDI: ffffffff8e3301c0
[ 1205.783612][    C0] RBP: ffffc900042f7230 R08: ffffffff8fc2b637 R09: 1ffffffff1f856c6
[ 1205.783626][    C0] R10: dffffc0000000000 R11: fffffbfff1f856c7 R12: dffffc0000000000
[ 1205.783640][    C0] R13: 1ffff9200085ee28 R14: 0000000000000200 R15: 0000000000000046
[ 1205.783654][    C0]  ? vprintk_emit+0x444/0x7a0
[ 1205.783673][    C0]  ? vprintk_emit+0x587/0x7a0
[ 1205.783694][    C0]  ? vprintk_emit+0x444/0x7a0
[ 1205.783713][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[ 1205.783740][    C0]  _printk+0xcf/0x120
[ 1205.783758][    C0]  ? do_raw_spin_unlock+0x122/0x240
[ 1205.783782][    C0]  ? __pfx__printk+0x10/0x10
[ 1205.783803][    C0]  ? free_large_kmalloc+0x13a/0x1f0
[ 1205.783826][    C0]  dvb_usb_device_exit+0x29b/0x350
[ 1205.783850][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1205.783868][    C0]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[ 1205.783894][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1205.783918][    C0]  ? usb_disable_interface+0x31d/0x350
[ 1205.783949][    C0]  usb_unbind_interface+0x26b/0x910
[ 1205.783971][    C0]  ? __pfx_usb_unbind_interface+0x10/0x10
[ 1205.783989][    C0]  device_release_driver_internal+0x4d6/0x7c0
[ 1205.784020][    C0]  bus_remove_device+0x34d/0x410
[ 1205.784044][    C0]  device_del+0x511/0x8e0
[ 1205.784069][    C0]  ? __pm_runtime_barrier+0x212/0x460
[ 1205.784097][    C0]  ? __pfx_device_del+0x10/0x10
[ 1205.784121][    C0]  ? __pfx___mutex_lock+0x10/0x10
[ 1205.784144][    C0]  usb_disable_device+0x3e9/0x8a0
[ 1205.784175][    C0]  usb_disconnect+0x330/0x950
[ 1205.784201][    C0]  hub_event+0x1cdb/0x4a00
[ 1205.784239][    C0]  ? do_raw_spin_lock+0x121/0x290
[ 1205.784261][    C0]  ? register_lock_class+0x51/0x320
[ 1205.784293][    C0]  ? __pfx_hub_event+0x10/0x10
[ 1205.784317][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1205.784346][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1205.784362][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1205.784387][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1205.784415][    C0]  process_scheduled_works+0xade/0x17b0
[ 1205.784455][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1205.784489][    C0]  worker_thread+0x8a0/0xda0
[ 1205.784518][    C0]  kthread+0x711/0x8a0
[ 1205.784540][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1205.784556][    C0]  ? __pfx_kthread+0x10/0x10
[ 1205.784587][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1205.784604][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1205.784620][    C0]  ? __pfx_kthread+0x10/0x10
[ 1205.784641][    C0]  ret_from_fork+0x3fc/0x770
[ 1205.784668][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1205.784697][    C0]  ? __switch_to_asm+0x39/0x70
[ 1205.784719][    C0]  ? __switch_to_asm+0x33/0x70
[ 1205.784739][    C0]  ? __pfx_kthread+0x10/0x10
[ 1205.784760][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1205.784789][    C0]  </TASK>
[ 1205.788378][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1205.788398][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[ 1205.788422][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1205.788435][   T31] Call Trace:
[ 1205.788445][   T31]  <TASK>
[ 1205.788454][   T31]  dump_stack_lvl+0x99/0x250
[ 1205.788480][   T31]  ? __asan_memcpy+0x40/0x70
[ 1205.788508][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1205.788535][   T31]  ? __pfx__printk+0x10/0x10
[ 1205.788569][   T31]  panic+0x2db/0x790
[ 1205.788591][   T31]  ? __pfx_panic+0x10/0x10
[ 1205.788609][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1205.788635][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1205.788666][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1205.788702][   T31]  watchdog+0x102d/0x1030
[ 1205.788731][   T31]  ? watchdog+0x1de/0x1030
[ 1205.788764][   T31]  kthread+0x711/0x8a0
[ 1205.788790][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1205.788815][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.788840][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1205.788859][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1205.788878][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.788902][   T31]  ret_from_fork+0x3fc/0x770
[ 1205.788934][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1205.788969][   T31]  ? __switch_to_asm+0x39/0x70
[ 1205.788992][   T31]  ? __switch_to_asm+0x33/0x70
[ 1205.789014][   T31]  ? __pfx_kthread+0x10/0x10
[ 1205.789039][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1205.789076][   T31]  </TASK>
[ 1205.789405][   T31] Kernel Offset: disabled