last executing test programs:

4m38.746931314s ago: executing program 3 (id=8862):
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x0, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
mq_open(&(0x7f0000000800)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18J\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00\";a~\n\x15\xaf.\x82\xe4\xefa\\\xdd\x93\x81G\xb4\x1d_\xb7b\xb8\x06`\xcf\xefci#zd\x01\xb2j\x05\x13\x8f\x92\x01\x8aB\xc3\xf1\x9d\xc2\xee\xd3\xad\x84\xb5\x1e[R\xff\b\x86NC\xff\xc5\xd8 \xa8 \f`\xa4\x8a\xc1b\xc9q\xe8\xb0\tZ\x00\x00\x00', 0x40, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x4, 0x69, &(0x7f0000000600)=ANY=[@ANYBLOB="120110a8020000ff2505a1a440000102030109025700010101d0090904000802020600060a2406000053b3ace9080524c7e68f7c5b8467462ea7383054143a0009000d240f0101000100b20b0f00060424020d07240a0e0401000c2407080000001017ef0004090582022000038104090503020800020138d0f0448a422f952353b61d1d1de9e4f520c6d791c5505dfc19b455a8989e472856b406c1ece65829074d6a54322ffe270084160b86aca49e30c8bd757cc2f020127ec14bc8cd4cad86c74a3171bd1a11be419ba3cd5c6cf97a3e419e6153b7215183b873b437bd7643a1987c7b7ee0badc4906fd03569becb3cb36b4a986d15dc634ed30341b2b8f313c5493a90ec8921b6c6f10d74d9f3c67e3e1f78b3f1505026513915a1f0709114a24f462f24c61cf7e2f5439c94f9e1861d0e69366652be1308ba60537f15733a4e9593b5530ea2d348641474c16fdc14e6608d3825be46896891e64cf01553ee0"], &(0x7f0000000200)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0xb5, 0x2, 0x44, 0x40, 0x9}, 0x26, &(0x7f0000000080)=ANY=[@ANYBLOB="050f260003fb5b0a40a1000000030001009f3fff000710021038f9000a100302010053090200"], 0x1, [{0x102, &(0x7f0000000380)=ANY=[@ANYBLOB="020361ed079f0000134608af4f497c8f62180f96300a2546d92001a225eeb8b568daea568f5a948d879464b8352273918925cc78159b67807147f59a18bc53222146c79c327d54e7c96e78e8448f58d862544d6a294dad16c9e7b352ef4111fb929785d6d0458e88f09f4aea80bc9e0a923d1a5c80856b5f2851396f97a0d251690d4314c63da2319577f6fc0ee428497b4a1dee95e663ac1ef82b27523508bb1fe3a0c4e4a8b01273e31e9108819c2f169f850bc9f84f45ffd61ddf648265d21d50168180656380d21765c12c08390ccbababd8c8084509d305c77e8aedd5f01d31bb1955f020e45a17fe334d1cf22483c646d1ec7d0f175f602042acd78d86466f"]}]})
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100020000004043553130000000000001090224000100002ef9676bf5ac827300030009210000000122080009058103100000fe09"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r4, 0x4048aecb, &(0x7f0000001440)={{0x1, 0x0, 0x80, {0xffffffffffffffff, 0x8080000, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9e7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff597235191548567a030000000000002fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175a8b7d1435e84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc0b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf2805372a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e502424977ebce910bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64ffff5208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab77ff8898d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77030094543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bbd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2dbed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3ad34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\"\b'], 0x0}, 0x0)
listen(0xffffffffffffffff, 0x89)
syz_usb_connect(0x5, 0x48, &(0x7f0000000580)={{0x12, 0x1, 0x310, 0x35, 0xfe, 0x65, 0x10, 0x1aca, 0xb28e, 0x9232, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x36, 0x1, 0xd, 0x1, 0x90, 0x2, [{{0x9, 0x4, 0x32, 0xa7, 0x2, 0x1, 0x3, 0x9e, 0x8, [], [{{0x9, 0x5, 0x8, 0x6, 0x10, 0x6, 0x4, 0x8, [@generic={0x4, 0x23, "87ac"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x5, 0x4f8}]}}, {{0x9, 0x5, 0x7, 0x2, 0x200, 0x4, 0x2, 0x66, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x3}]}}]}}]}}]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})
ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x5000940b, &(0x7f00000012c0)={{}, "4fbc6a8738892c55a56d281bcf1aab57190ee3d7e3d710500c214266ac55b6894c93dc9330e684ea928108c50bf8ed808b695fea1ca7c71b113589478cc96f79760609d55613b7657262d7a23a6467382de75a47ab49f4e8a15b88d0448813c8d59346466438674b740f2648afc90329b2b29f9b10de0d9878628b360832e7071e77a0c386075d0a68f44307fd19afe17d0cdb042d55492a6254221e6cc910acbd4c19c3cb91537d1c26a4f867a353279aa47f471ae75080f93782ca5f3245b521424d070cf423ca9a4c71defe4f8dc1fda6d08938c9ef98d5b7cc3e5d4e80111a92272d66ac753b1b72fe49fdc4f3897c7a9880886d1cab75d63010579291afeb76a86ec046de0b2c346c62945c350b1e28dc6b295d78e40b0d4713715e7540e5a1a3479018f983e195460edec2f01e09bddad12e48a3d70db3cfd0623e76426755d80ec666d51ff47389c98ced2f7f38caccbc274554c8b6e646cb790ba9f5c11d87a5322c0592f23499a22cc40e7e27fde57fb5fbd9399cde1d695c7507a65b482a96981fc235e2f3aca8259d194ab33c6fcbebd83d66c687d8e3cbe2c15ff4f1f0f99535d6e55a79f4a72935c260f1bc2237a33013b9503977bb7a1373933ae4830c50fe8df2942ec2abe6853bc61a93c3201e71b550d3d3593c89a92755ca43b04519a06414452619ea701868d6013a76814564e0c2570d97810f4396e0078b92f7e0a8afc883035c77804b7a54ba3c81c3fb00b95a759b8419f1ad0b9ef0bfb538d2b4d71a49aa7e97e93bb45f26dbe23a0821e26301bcacd8bb807d0b31841a0276a4ecd4e6bc1d5ac27e21d9a3cd65cfa35502a6744771b5f472c57f3ca2510446549af935df0116e62563c303a4f56a7c437c12b4359a46f8e34d5a110390156539e66bbaa5a328624af5920fba32463d5f3ad46a6b3a397294178f50bc11c5dfa23db0c89e2a1347331bef474e399c428a1e7841e24938303dfd97f33702876f0a7b88c9768126847d3d2546d98093ea5d9605542065cadecd8c593dba5649287c7b1d4516db5755398ba562a547dd9b63cbc769674485b481c425231bfd411399e1fde9fc06fe25626b308587d3acde3029a90006cebba9c6009b9608438db71fca54a6e67a82687e6f0845c148ed02c14dacd116e9dbe6694ccef24d0948e77d5cfdd60005aa9dae09f986ca04a370924f62aa17cd75ec542d0c4f4b3c261581612fdbe0aa0511297de4a8190e7b62be39a6077df273745b654864a7ec868376c75ea7fa447908e8015718ecd5be5d0810f41e8a750666d88c5ce7e8c9f9ac137f2e47f435c626a2144f5a1d79390b346bf4960e69a41ef128dc0ccef36cc8481d10adda8576fc3ebb2595d8b6b78348431766e6dfde9b8c24986d717018b3ad9279f801c98a68f7184096ac86412165e241a51df9a73917997f96529edc13724825405d0f6ebb77e2b6e14552a1712753323760b7801298f6a515089423aa6b23bed7c3b1b441e58c1a2e5a2862fe6d709e27ff22042b90d43a4bf606628e67d692d3ea005af44e404e0968cf4facc840b40b6d8114ee338f118518c1e44c205ad265078e4dc067a8e848d00f3826cfdbd6cb5ffa9bb31cc86ea35d51e12f39d882508515dcae29bb8c2446e1f4a766d9c91a54d3fff986f333db33ef4b6349ddf7b03ce4388587b1302a4db76c4fafb9f376b8aa2938ec2150f2ab22c08ea62ea0d3982450c981b42c8102386faf455bd14547217d594a98cd2826ed1cf06ab3fdbd0a0f4228901e3452a0b8ae77ed81fce5333b3b1f7f8769fca87266e35f15aadfd03041da5506e0cdcfefe16731ea8a088a953fabb80ed5eee3cdc1abecaf1ca8b9863cfe4fbe3c7f969c7e81417178de3d8d9082ce3ec9d584a350de7a8bb5b40356783db73537df93d3a2c6592f3ffa1770b4dbb873636907aae2e98dc529b0116ba7775964149859c4a01575ca5bd834c33713c0023ff08b5ec657f12382bc45e1621a23250d2fec4a54a37ce6aa983961fb45fbf8add92d8ec9710464afc920ff70ad038079fde0d65fddb2ac880e7db1d18cb294017c6774ccedb0df95d320bebb53b6d0c96a0127847ec74c361ec60b99ac2fca18d46d88bce676a303cc89c029665aa2b1b9fde54b25015ed2873311761ab5ed061c1c9a64c1f61cc8f11afa61dd33cfe18676e17d9a4e53acb949744e32033213aec13cb72a844298648e00917d67dea4aea49a510aee041602889721c822e82baeefae4f2b13ba6a7aa7c7f6879b0ed4755cc6c4b5c0bc31d2aeaa9090d636cb8a7e70e7140f7f709c09862b2bbd6f54a9bba81c0a3cbffd8a67927d3f6efe7a1c2c7d6f0c3933a21e8ae9041c9fdb319918ed5c34c78f4a81df4a0df3ef5d7103364fd8bb790fb9959993554985490116a97d3a91b1b86f1c4b35eda33d140692bec522803885118f9dca7238359bdcd28b9f9b9bc987aaf4cebc72d81b257427bce256be564a9cbb33a2bac367bbee5eb5622f22bf40bd579f89bab0598e7ee4a949489402f90f0e6c6b96fecbe51854d388e9147be992819b44334eff84c28da8367024c9ef2645de9a3dd0e630b315e731ebfc865688df850c5adc163406ca9cc18bbbbdecc22011cac0b2e7563bcc669d253cad109f9db5e2e6760f040b7ce8c2a923cb6b9c0103ef85e596b7049b7960d719ff9988fa314931e43a935d38767d5308b95868b610a390cdfdaa7e10b8abfeb07db111dfac1a6bd35b69b1b53c69cbd7bf7d444ed85888c428263d04d7d81532eab809d1054d6f0ebde9b208c18c66c857db688188f2ac460851ad60575fdb984a935e4653d4de323a748b673052f78cbe4b43f0d631d796fe285460711085d3a401e2d61d2ee8b5bb15951ced7ed434866e09de570f36bd31d38b5eba0826fb418a078cc03df84892cd627fc8a0769af310bdb3405797ea1ec9eec3b42db53770ff0dec5178466d9aff04219da31762a0892212a0af72b57ec7ee04afe8e68d199074f53188e475a0ed735766ca5e1c587601ba9817c01945f18b825e655df8767724e67552218818aa65c5d7308b5c5c97fe17fbc3c698c2de4202d2c787420dd05bf04d326cb3b629596dbe07d7126be72bb9a7a2a207e230de0d7c011e8c93f050f2f869e85efbf4b0bc74bfec24b25b54125731792d7d11926eb0dd96a2885465d01305321a45826edadec66b14cbedb2e92f58f17d0e6c0ea4558d86bf1c09cd233ae324c6f4702c8ab04accfee25d967c6a72786effbd2b3e99281086edf68b541344b374d237654a23dd895f81531aa55732762de46e9fee1f633b3f229e048c6fb330b20f92f0aaa50beb0c820dbb408f0b3bad28895dba84cdc5d6a25de1c29b5b60cc43fcab974ef87de986289ee061c786b05bb84146df50dfd906ebf89dfecb65c09e077f34b9cf8927e79dbc0380b32208b9ccbf4cf6c32d11b2e476842356a0dccdc9a9dfc35e83452ed0f16dba0ee5530af1f6bf0be44484220a85e09c8d18b20beeadc7d02624eaf72ff153e27d4f7f16ff90291d4cd8ebbd3a55865c8815b3c0da4a09eb04e650faf00a7674a4d330c5c3922686dc77e8c5ddcc5e049a2b4de6bf214b0d2064463c6057a57bc2a84cec31750463c57cb7b7eb2e9bc9d9813557b1c6eccafff0676156771346bf8bbbc58098bda9fe75d4f2e0996d7a3665b0a270d5cf4016f0fa8b658edbbd46492edb64f362ba2bde8f0d65e3d86f77c1f7c3bda64b3958014c45ac3b38d2d21891a0ce5b66a074f3be748eb55f1e5a10187dbd380ae755ebd3eac49e39f496b5838a8cca34616e07fa26f5890e7bc620bd07bdee5cef0e26cd9ad5f71733960b1ea4bcce59c7aaec9cd5a3c622f59f8385417d485d896a009dfb24c51df75da75ea397700c2c2e1e9b611c1567a6030667297bc5675aa8a83482bc51514a2220d89203dc1cd07346f32056e158a8e058895a1e31512e5defe2cff0967300a7a10e7ec5cd9e4c2cadf7378c53500e6421a3419ceee9c34fea2e120cfe85cd4306fe47e92077ca61a279bbc7268b1878dad13e335a7683141341c1a4c9c8c56cb3731cb0142a5cc7d50c045889c9bee10c3e9f08efa3ac8729c0eda3e14d4be7e5c0b4eefc3f7349deee42d0004f7c8546ebc906197f442ad474118e330d919487f5861cab576d22950d71ef500dec2548c4157b36703f4d7a8907e2361819b67449466578722ab5e4c92b7c97937293624e1b4f541c51449372c5748327ea7b4fde3d82c428ae69440688f3c2c4e85c1d456623cb29dbb65606381e1f951bc80cbf33e8c7bc2b88ba5a19f94075a7eaffeea23ce2a07b53b875c411c39c668e34627b50dd3d3572e212ed54d132011959adfc2b8c9ec47116a42728e035cd5ee337a3d1c60b369b3ba86967925a0ee2f7c7d891f20b7bb0b19d6ac63d9a30eca8a095d05ae153fbfcd81e8d03ce63f1b99a333efb224bc00e126d5bfe058b672ef970140c5269293ee1ac1c3fab26cc1c3c727bdbc73f64b14044bae3470f08410c6b61c3c27db9fec755aafcad43f7452a655cecec6e5e1d207300ca0d543654242909ddf19b1edd88eeebbba590dbae3706ecb0b1ca2b022a7567b469658b25031d76b6f591450207017bd4a281fb93cd9c758dab7e993c2ecb262cb75a9ee0a8d231572d98e3b17dfcc22c9a5c3b85137c2145b7ca515555301011730bb208a3aa7095aa4a67f08e188a34b83bea1375e0c4ae67a7360fdd37b372c990a978fd446c38b9cde30c78c13c908639d3c50cb2693920b4decfbe64bbb8dd7d2fbb89cab5adc37ec1a4d2f34b1fe67b887602bfc622883e42ddccc9b501047505ff376001dd484ff8b8459fc1ac0d69ad0a70955efecfa2545850edaaa20cee2dca632692f2a628e1dd6c076b45fcc0e9d97f3fc6d747d691fbc06b1e72c119f76b62da798749b4436a2179fdc989ef6174f32c18ac8a78c5deca2bcf38068c759c6326032c24fba91a44fa75b631efac77ee0936f5fa1f65ba13963589653609f019ea47cdfbce13a7ae1e1b3419dca363f62308a1967a136cb85f32db4651d084cc78f4946f6caf1a81d1c7a384076e0124f3fe8de7efdedab6039bb11f338bc850f8a4ec5cd1ec3d98d1f9775a25adeede211096147023e94597e0d2ab4f4593f8f57a2664a86f39e9b7a43060c77c1d5dc6ad562917373668e3b6e78574afebf1539d0457fb2154cb219be8021dcfb2fb63ed9fa1b9669ddf6e7ff7796b4ce4ae415b6a346addfcc1b88005b0efe5f4a3f4189e6d56da7e4733450675e8688a6e5099a72a42d369194e6fedd5b3d3929ea1d69cd209c256d87d770255f01e5ae407386a16b3b6a68be76a7a5fd3a9b20fde02ca6b88ace95ffeddbcc53930b8e24fccf973b41e2c0fbe92e3cd5c7c335576d6343b59eb341bafe829884f30c78cff00fa3db4579b5aa31ad86b21ff078bb929a65f9b6fd98fe8853109102c711f9aaaf41f2cf1e5dc32d73e331ac75964c685506bf60e1b08befdb0d1f80556c00f783d2ff721a0e508c47a2ee7d5590f1a3b31f1b6fec469f9c9183c12d020c8ce5b58a09108c54ef2186f236f8724cbb50105ac8e0bff8c7e936478ac96cdf7689ca66c84c6de5e1cfe06314d305997187a7c1f133a9c617c715d82e0aa6fbf59a2dc1c2ffaac7293522b82fd5f6b49357222e66c209f33ce4f7362dab20bf2a07e1eebcbc208f59929846b02fb8eef4305070c6a0c0793358977698c9e0cd8a1d0a8f34d6619f1cb44d9"})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
r6 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r6, &(0x7f0000000000)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e23, 0x20040, @mcast1, 0x10001}}, 0x24)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
r7 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x6, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r8 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r8, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x9}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
setsockopt$inet6_group_source_req(r8, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108)
setsockopt$inet6_group_source_req(r8, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
close(r7)
sendmsg(r6, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x10)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000500)={&(0x7f0000000280), 0xc, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="7c000000000801020000000000000000020000023c0004800800014000007b930800014000000007080001402f5952d54df216b2b1c265f1516d00000005080001400000000008000140000000ff0800014000000001080001400000000c0500030021000000050003008400000014f1038008000240000000f50800"], 0x7c}, 0x1, 0x0, 0x0, 0x4090}, 0x40000)
write$sndseq(r5, &(0x7f0000000780)=[{0x6, 0x0, 0x0, 0xfd, @time={0xe44, 0xb}, {0x5}, {0xe}, @connect={{}, {0x1, 0x47}}}, {0x3, 0x2, 0x7, 0x62, @time={0x6b4, 0x9}, {0x3, 0x7e}, {0x4, 0x4}, @result={0x4, 0x101}}, {0x0, 0x5, 0x91, 0x4, @time={0x5, 0x4}, {0x8, 0xfa}, {0x1, 0x81}, @raw8={"639b256375243ba386ebb5f5"}}, {0x24, 0x8, 0x9, 0x3, @time={0xe9a6, 0x7e}, {0x6, 0x7f}, {0xcf, 0x27}, @raw8={"4b82782a8670e9253a0f4eca"}}], 0x70)
connect$rose(0xffffffffffffffff, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, 0x0, [@null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @default]}, 0x40)

4m37.973554889s ago: executing program 3 (id=8868):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x980, 0x0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000100)={0x4, 0x6, 0x10001, 0x636b, 0x4, "1dc53b8d0b6debcdb5200a08af6f237f8da520"})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r2, 0x400455c8, 0x4)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000040)=0x32)
r3 = dup(r0)
ioctl$MEDIA_IOC_ENUM_LINKS(r3, 0xc0287c02, &(0x7f0000000180)={0x80000000, 0x0, 0x0})

4m37.590114094s ago: executing program 3 (id=8869):
syz_usb_connect$cdc_ncm(0x3, 0x0, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2a, &(0x7f0000000200)=@string={0x2a, 0x3, "95d05e4f69bce94948cc1451b618fd8700dd82f899df88ad21d563a471f203e844e821a4babafd4f"}}]})
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x204, 0x0, 0x0, 0x0, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

4m36.799939386s ago: executing program 3 (id=8875):
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = syz_clone(0x904000, 0x0, 0x5f, 0x0, 0x0, 0x0)
setpgid(r1, 0x0)
r2 = getpgid(r1)
setpgid(0x0, r2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000ec0)=[{{0x0, 0x33fe0, 0x0}}, {{&(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0}}], 0x2, 0x0)

4m36.688700745s ago: executing program 3 (id=8876):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ppoll(&(0x7f00000002c0)=[{r0, 0xa100}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x10, 0x200000000000000, &(0x7f0000000340)=[@request_death], 0x0, 0x1000000, 0x0})

4m36.429559634s ago: executing program 3 (id=8878):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2001000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0200ffff", 0x4, 0x0, 0x0, 0x2}])

4m36.073516164s ago: executing program 32 (id=8878):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2001000000, 0x4, 0x0, 0x1, 0x0, r0, &(0x7f0000000040)="0200ffff", 0x4, 0x0, 0x0, 0x2}])

2m35.300725956s ago: executing program 0 (id=9602):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f0000000080)=0xffffffff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000014d564b"])
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r5 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x3)
ftruncate(r5, 0xffff)
fcntl$addseals(r5, 0x409, 0x7)
r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000})
r7 = getpid()
r8 = syz_pidfd_open(r7, 0x0)
setns(r8, 0x24020000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x2}, [@NFT_MSG_NEWSET={0x80, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2c}, @NFTA_SET_DESC={0x44, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x40, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x3}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xa}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x9}]}]}]}]}], {0x14, 0x10}}, 0xa8}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001a80)={0x14, 0x2, 0x6, 0x401, 0x0, 0x0, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000010)
r11 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r11, 0x1a)
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000020601020000000a00000000000000000c00078008000640000000030500010006000000050005000a00000005000400000000000900020073797a310000000014000300686173683a69702c706f72742c6970003606598b3001de1a2d0f44b998fa82c2f231203452d33e3684855651854f4d4033f10ede772ca47500911b7f0629b6a9e3f6e64657ef039dd5b94ec0ad9a008beaf25dde838575e8d791ef13aadcf67d6c2b60dd4cbe72046c19fa5ea2530ca3a5"], 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
lseek(r6, 0x0, 0x2)
ppoll(&(0x7f00000000c0)=[{r0, 0x1000}, {r3, 0x4110}, {r0, 0x10}, {r0, 0x1}, {r0, 0x2}], 0x5, &(0x7f0000000100), &(0x7f0000000140)={[0x8010000007]}, 0x8)
r13 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/comedi4\x00', 0x8000, 0x0)
r14 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r14, 0x45809000)
ioctl$COMEDI_CHANINFO(r13, 0x80306403, &(0x7f0000000040)={0x1000, 0x0, 0x0, 0x0})

2m35.204647972s ago: executing program 0 (id=9603):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a1c000000120a0101000000000000000005000005080003400000000964"], 0xcc}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
r3 = add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r3, 0x0, 0x0)
r4 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x800, 0x7f, @private2, 0x5ba3}, {0xa, 0xfffd, 0xfffffffc, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}, 0x1000, {[0x2, 0x20000, 0x9, 0xffffffff, 0x1, 0x9, 0xffffffff]}}, 0x5c)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="f78d9ca38fff48f3be52163448412ba8f8ac98e8eeb568efc65a2404f6dc59b953bf0000000000000000", 0x2a}, {&(0x7f0000000140)="ebe3a0e9794bfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000540)=[@op={0x18}], 0x18, 0x24004855}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000780)=""/190, 0xbe}, {&(0x7f0000000940)=""/180, 0xb4}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000000a00)=""/177, 0xb1}, {&(0x7f0000000ac0)=""/144, 0x90}, {&(0x7f0000000880)=""/133, 0x85}, {&(0x7f0000000640)=""/93, 0x5d}], 0x7}, 0x10000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/custom0\x00', 0x7e8ccae4d30fc1f9, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff})
sendmmsg$inet(r8, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000000200)=[@acquire], 0x0, 0x0, 0x0})
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r9=>0x0})
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000840), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000700)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="0100000000001000000065f79e362c412abdf052413ef11200000008000300", @ANYRES32=r9, @ANYBLOB="0a00060008021100000100000500e4000100000006001000b9060000"], 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000780)=ANY=[], 0x6f4}, 0x1, 0x0, 0x0, 0x20000080}, 0x20040001)

2m34.853650575s ago: executing program 0 (id=9607):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
r4 = dup3(r2, r0, 0x80000)
ioctl$NBD_DO_IT(r4, 0xab03)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20000004)

2m33.667903361s ago: executing program 0 (id=9617):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000180)={0x20003, 0x0, [0x1, 0xe0e0, 0x2, 0xc, 0x0, 0x7, 0x0, 0x8000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m32.839629002s ago: executing program 0 (id=9622):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
fadvise64(r0, 0x65f, 0x2, 0x5) (async)
fadvise64(r0, 0x65f, 0x2, 0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45819000)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0xb8240, 0x0)
openat(r1, &(0x7f0000000040)='./file0\x00', 0x2001, 0xe9) (async)
openat(r1, &(0x7f0000000040)='./file0\x00', 0x2001, 0xe9)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)

2m32.765757807s ago: executing program 0 (id=9625):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
r4 = dup3(r2, r0, 0x80000)
ioctl$NBD_DO_IT(r4, 0xab03)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x20000004)

2m17.732389949s ago: executing program 33 (id=9625):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x200)
ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
r4 = dup3(r2, r0, 0x80000)
ioctl$NBD_DO_IT(r4, 0xab03)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x20000004)

7.418497587s ago: executing program 5 (id=10436):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="380000002d000100000000000000000003"], 0x38}], 0x1}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000240)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @private1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f00000009c0)=ANY=[@ANYBLOB="08000000000000000a004e2100000000ff01000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000004"], 0x290)
recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0}, 0x92}, {{0x0, 0x0, 0x0}, 0x7ff}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=""/216, 0xd8}, {&(0x7f0000000b80)=""/4133, 0x1025}, {&(0x7f00000000c0)=""/99, 0x63}, {&(0x7f0000000640)=""/216, 0xd8}, {&(0x7f0000000440)=""/194, 0xc2}], 0x5}, 0xfffffffe}], 0x4, 0x20, 0x0)

7.099280022s ago: executing program 5 (id=10437):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000011401e827bd7000fedbdf25080001"], 0x18}, 0x1, 0x0, 0x0, 0x40001}, 0x10) (fail_nth: 7)

6.485497477s ago: executing program 5 (id=10441):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES32], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f0000000100)={0x2, 0x100, 0x0, 0x1947, 0x7, 0xf})

5.395268804s ago: executing program 2 (id=10447):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0001, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105704da0700000000000109022400010000ba0009040000090300000009"], 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r0, 0x40384708, &(0x7f0000000040)={0x8, 0x321d, 0xd8, 0x7f35, 0x1, "3eccd25569e20900"})
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x112, &(0x7f0000000280)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x100, 0x2, 0x1, 0x6, 0xc0, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x3ff}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x2, 0x8000}, {0x6, 0x24, 0x1a, 0x8, 0xc}, [@mdlm_detail={0x79, 0x24, 0x13, 0x33, "b4a28b021f564e7e716520e17b23c8097ac5181ffd23062f6b8d0ca87212686794ff11cc21226f4ff9dbe7aa3ff457c64df972516a5038522c99d35b2f22215c8bb33307e0ebe8e8bb4d502e6b94e27890ce67c682893891d6dbd2930b966d06a199b85006c0c8def243e869c38441ca8fa9c681c3"}, @country_functional={0x12, 0x24, 0x7, 0x3c, 0x8, [0x400, 0x200, 0x9, 0x8, 0xc000, 0x1]}, @mbim={0xc, 0x24, 0x1b, 0x7f, 0x6, 0x34, 0xf, 0x1, 0x8}, @obex={0x5, 0x24, 0x15, 0x2}, @mbim_extended={0x8, 0x24, 0x1c, 0x7f, 0x4, 0x200}]}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0x2, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x1b7, 0xff, 0x87, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x2, 0xd8, 0x1a}}}}}}}]}}, &(0x7f0000000780)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x7, 0xc, 0x10, 0x40}, 0xb5, &(0x7f0000000540)={0x5, 0xf, 0xb5, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0xc3, "0a0bc1d54b559a0d51968b51e6e17c90"}, @generic={0x9c, 0x10, 0x1, "890cf696b17a8eb7890042a7de002af397d2cc73750df4673ff72b870fd772172377c1553f1e76a488a3fd16decfe7b285b7280a62aaf6195d1890d82a76116a472a8da0bc2f97f8299c0548d469c997c5ffc94d87a1cde2a10a6aeef8178d82bd42e2795c8497cf18614a96007e67e62b28ab6253c6a90f202a992e274e6ad645f7b87fb84048f261522c5d69d1b5a03a6db7e298ca40cae0"}]}, 0x6, [{0xfb, &(0x7f0000000600)=@string={0xfb, 0x3, "7989431fbe048c8eb62957efbff9a116f39fa1e3bcd08c5934accf20cc5ed9b9d3e72e66fce4610b0e48c192a8533d149e3715af2d5e6a78ed777602a971731bdf11483b522fda4ab9f2fb95727a780fd90f73bf2548d018a359189f0ad2a26d77095d4a7273fb26d5d357fac5b3d1b997679db6a5c9f1e19daf1314b475aebeeb12dc53201ca2e1a1d7e0cfc5924e9160aba9fa5294e84bb5e4aa293db567e58faf9078fa1073252f37e4ecc2575aedaa4ba622dc7ffd2fb656e51ce17a8c9878e08759eae0170069b41c5d38a0d93c0e4089e0298fe76dc50ed7bc1e387c45ecfee33da79c314e905475908dffaa2355ce9c5ab76fc3310f"}}, {0xda, &(0x7f0000000f80)=@string={0xda, 0x3, "4644d8ea0fe515f75d68a7b82345a9d9c0bfb278c0cc72709795e02b129b70ad1bf7f8e32a42d7747138ad24bcdb83b64efaedd585469ffab78f7e4a040d21f051ffefba68c329111527b69976b7f1e441f753a5a8cf3c40039b2ace2085fec45805721bdb3d49d0f76e0065e46710205f829d3241aef2f613feca126e354997fdc5fcbd046b8dadad765d55c849955dec934fe8aca79595986dac86748912e0363d204035bb7ae8f42abb9bd356dba425586a1bfe5f73e609d172687a34d201f5c8d6ac33e3de3dc153249674f163af6038eecd37439a8f"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2409}}, {0x2a, &(0x7f0000000200)=@string={0x2a, 0x3, "95d05e4f69bce94948cc1451b618fd8700dd82f899df88ad21d563a471f203e844e821a4babafd4f"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x410}}, {0x74, &(0x7f0000000e00)=ANY=[@ANYBLOB="74031e97fc53922ab9416d7470b10749ab4881a38ca0951b19cb67dd67e5afaa91911621572e61bae1947e4e9979ff1e5e0b55597fec7a61e8ece0aac6efb7680643a5a8a2e90cf0f0348700772cfbeb0c0a7feab6f984b0fe7188b5ffea4ceeb2ccd3bb844227d74857d5b443e422f825d9fcc03cc084e812d58c8f7919d862d94d7105ac91578bf8b4e8c2aa73426ed97fbe9dd5baae0ece08bee11824a54f7b13436bab8c4822822dc536d357c8fe554d5fb6624b6d8dbe29ef929c23f11ec2e21549f2eb3f26547754b22d30c5447d9eaa6cecbeb5bdaf70e5f699ff1ae6f8146a017da9ed02dad95d1a38ddb1613587c38e5ce25658f9e8c630824dd301e48acf8ae66c2312fa5dcf844fbdc041cc3613184cbc26c68ecdfbdb29ac4015c8af3dd15fd5116ace48e88a5d8e7def9705cc7f26571bcc78282ab8315cbb3f9cfcc3f9340c467bf3cbe395b935528fad15188e4b1c11e34f95b5f4ba762a9b3f79eedcc75f8a8b"]}]})
pipe2$9p(&(0x7f0000000240), 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)="180c4552", 0x4)
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000400)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x204, 0x0, 0x0, 0x0, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

4.092510724s ago: executing program 5 (id=10452):
unlinkat(0xffffffffffffff9c, 0x0, 0x8c)
r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000080)={0x1, @capture={0x0, 0x0, {0x8, 0x6f0}, 0xb8d9, 0x101}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200080, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000780)={0x2, 0x12, 0x0, 0x0, 0x2, 0x0, 0x70bd29}, 0x10}}, 0x20000)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_disconnect(r5)
r6 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, 0x0, 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r6, 0x0, 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$printer(r6, 0x0, 0x0)
syz_usb_control_io$uac1(r6, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000240)={0x20, 0xf, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r5, 0x0, &(0x7f0000000080)={0x1c, &(0x7f00000000c0)={0x20, 0x11}, 0x0, 0x0})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r4, 0x4068aea3, &(0x7f0000000040)={0xc7, 0x0, 0x1})
r7 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x103200, 0x0)
accept4$vsock_stream(r7, &(0x7f0000000100)={0x28, 0x0, 0x2711, @my=0x1}, 0x10, 0x0)
r8 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x12b6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0)

3.71408332s ago: executing program 2 (id=10453):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000140))
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000180)={0xff80, 0x2, 0x10000, 0x7}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000001140))
sendmmsg$inet6(r0, &(0x7f0000000780)=[{{&(0x7f0000000200)={0xa, 0x0, 0x80, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}, 0x1c, &(0x7f0000000a00)=[{&(0x7f0000000280)=':', 0x1}], 0x1}}], 0x1, 0x40488d5)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x20008084}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xa3}, @hci_ev_le_ext_adv_report={{}, {0x2, [{0x15, 0x0, @any, 0x4, 0xf, 0xe1, 0xfd, 0x0, 0x4, 0x4, @none, 0x48, "f72e09cd091ecf65bba19dce402fa9b37fd0a7cb2265fe827c39fda75f101697a22f2c399587155607ca3fc441aaa1c0941b7efce9335f7d3b3809c480b67f3c73f20dcd13d58434"}, {0x1, 0x0, @none, 0x0, 0xf, 0x8, 0x4, 0xb, 0x5, 0x7, @none, 0x29, "65c3fa36c57b5378b053bd4817d0511f6a960302794d999e00cfa12779da8928265e25b3949ff65407"}]}}}}, 0xa6)

3.573309594s ago: executing program 4 (id=10454):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f0000000040))
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
r6 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
fcntl$addseals(r6, 0x409, 0x8)
close_range(r0, 0xffffffffffffffff, 0x0)

3.572928328s ago: executing program 2 (id=10455):
r0 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000240)={<r1=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0)
keyctl$invalidate(0x15, r0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, &(0x7f0000000280)=@arm64={0xf, 0x1d, 0x5})

3.387099266s ago: executing program 2 (id=10456):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{0x0}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd", 0x73}, {0x0}], 0x3}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870", 0x3}], 0x1}}], 0x2, 0xc0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$inet(r0, &(0x7f0000005280)=[{{&(0x7f0000000240)={0x2, 0x4e24, @multicast1}, 0x10, &(0x7f00000005c0)=[{&(0x7f00000007c0)="eafd465f86e3375a102db0dd886e5bbd07d90d42d01c34c54b61037874bc82085bd6b8f8d7bab092ce997487752084a97cb20d8208f17408fd518c768af537ff17b0d09235fa6cde6f82c2c8f8", 0x4d}], 0x1, &(0x7f00000008c0)}}, {{&(0x7f0000000700)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000c00)}}, {{&(0x7f0000000c80)={0x2, 0x4e21, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000003280)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private=0xa010100, @private=0xa010100}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xff}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}], 0x50}}, {{0x0, 0x0, &(0x7f0000003ec0)=[{&(0x7f0000003cc0)}, {0x0}, {0x0}], 0x3}}, {{&(0x7f0000004040)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10, 0x0}}], 0x5, 0x20008005)

3.386906635s ago: executing program 4 (id=10457):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000004300)={&(0x7f0000000240)={0x24, r1, 0x1, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x404c804}, 0x20004000) (fail_nth: 11)

2.769513903s ago: executing program 4 (id=10459):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x103}, {{0x0, 0x0, 0x0}, 0x6f92}, {{0x0, 0x0, 0x0}, 0x400003}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/230, 0xe6}, {&(0x7f0000000640)=""/80, 0x50}, {&(0x7f0000000d80)=""/4102, 0x1006}, {&(0x7f0000004f80)=""/226, 0xe2}, {&(0x7f00000008c0)=""/47, 0x2f}, {&(0x7f0000000340)=""/202, 0xca}], 0x6}, 0x401}], 0x4, 0x20, 0x0)

2.769103571s ago: executing program 1 (id=10460):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES32], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f0000000100)={0x2, 0x100, 0x0, 0x1947, 0x7, 0xf})

1.931480523s ago: executing program 2 (id=10461):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0xdc39c000) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x37, 0x2, 0x70bd2b, 0x25dfdbfd, {0x1}, [@typed={0x8, 0x131, 0x0, 0x0, @u32=0x10000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x34000090)

1.794970746s ago: executing program 2 (id=10462):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB="001704000000abe7ffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000013c0)={0x44, &(0x7f00000011c0)={0x20, 0x14, 0x4, "0426fd98"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000c80)={0x20, 0x0, 0x4, "f670e000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, &(0x7f0000000f00)={0x0, 0x14, 0x4, "42467af9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x1c, 0x0, &(0x7f0000000100)=[@increfs, @increfs, @increfs={0x40046304, 0x2}, @enter_looper], 0x0, 0x0, 0x0})

1.794785758s ago: executing program 4 (id=10463):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(0xffffffffffffffff, 0xc0285628, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x40}})

640.983622ms ago: executing program 1 (id=10464):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000140))
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000180)={0xff80, 0x2, 0x10000, 0x7}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000001140))
sendmmsg$inet6(r0, &(0x7f0000000780)=[{{&(0x7f0000000200)={0xa, 0x0, 0x80, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}, 0x1c, &(0x7f0000000a00)=[{&(0x7f0000000280)=':', 0x1}], 0x1}}], 0x1, 0x40488d5)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000001e00010a0300000000000000070000006e3ac4"], 0x28}, 0x1, 0x0, 0x0, 0x20008084}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xa3}, @hci_ev_le_ext_adv_report={{}, {0x2, [{0x15, 0x0, @any, 0x4, 0xf, 0xe1, 0xfd, 0x0, 0x4, 0x4, @none, 0x48, "f72e09cd091ecf65bba19dce402fa9b37fd0a7cb2265fe827c39fda75f101697a22f2c399587155607ca3fc441aaa1c0941b7efce9335f7d3b3809c480b67f3c73f20dcd13d58434"}, {0x1, 0x0, @none, 0x0, 0xf, 0x8, 0x4, 0xb, 0x5, 0x7, @none, 0x29, "65c3fa36c57b5378b053bd4817d0511f6a960302794d999e00cfa12779da8928265e25b3949ff65407"}]}}}}, 0xa6)

588.734335ms ago: executing program 4 (id=10465):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f0000000040))
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
close_range(r0, 0xffffffffffffffff, 0x0)

588.252911ms ago: executing program 1 (id=10466):
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SG_BLKTRACETEARDOWN(r0, 0x5385, 0x1000000000000)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b78", 0x22, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x28}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a1c000000120a0101000000000000000005000005080003400000000964000000090a03000000000000000000030000090900010001007a300000000008000440000000000900020073797a"], 0xcc}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_DISABLE(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x14, r8, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_int(r9, 0x29, 0x5, 0x0, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r11=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=r10, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r11, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x40000)

505.072627ms ago: executing program 4 (id=10467):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x400000, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4ea1, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000300)={{0x12, 0x1, 0x201, 0x14, 0x3d, 0xc0, 0x20, 0x84f, 0x1, 0x6c05, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x7, 0x0, 0x6, [{{0x9, 0x4, 0x5b, 0x0, 0x0, 0x98, 0xc7, 0xa2, 0xff}}]}}]}}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746ccb492175fc9e", 0xf3}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3d", 0xe7}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365", 0xa4}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0", 0x68}], 0x4}}], 0x1, 0xc0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_usb_connect$uac1(0x2, 0x99, &(0x7f00000006c0)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109028700030100700409040000000101"], 0x0)
ioctl$KVM_SET_NESTED_STATE(r4, 0x4048aecb, &(0x7f0000001440)={{0x7, 0x0, 0x80, {0xffffffffffffffff, 0xd000, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9e7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf2805372a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64ffff5208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab77ff8898d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77030094543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2dbed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3ad34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r5, 0x0, 0x4000)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

441.443754ms ago: executing program 1 (id=10468):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-384-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x800)
recvfrom$inet(r2, 0x0, 0x30, 0x40000020, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010400000000000000000500fffe0900010073797a30000000002c000000030a01020000000000000000050000000900010073797a30000000000900030073797a3200000000e4040000060a010400000000000000000500000008000b40000000000900010073797a300000000008000940000000020c0005800800014000000000c4000f40ab487b1b512f33a8dbd67a8b84040000000000001ea13e31d5810f85eae8f528c938c24abb1b1abbda2e7fa6e0758629bb09ed64a8ba5b2ef3c3591fd06d7e10d93c0857ecac854ac51ad69639d98adb2c1464e444cc1a6a2e7ee244622433b51f58606b063f4938101a7e764c957eba2e913b2ac10435471fa769740a1275cb467e5264b71bc8727fc12e9aba46e4a8aff3dda91e0da608d6a0a35573d5524fb25451cc23051887de4df85c8e771260c4943e78905aa1e7493027366ed1bea0d80304804800018008000100667764003c0002800800"], 0x558}, 0x1, 0x0, 0x0, 0xa6975b0d20b3dc1e}, 0x40)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x6000)
quotactl_fd$Q_SETQUOTA(r3, 0xffffffff80000801, r4, &(0x7f0000000100)={0xc8ad, 0x2, 0x5, 0x89, 0xff, 0x7, 0x1000000000000, 0x7, 0xa})
statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x400, 0x6fa73a2921869813, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
ioctl$F2FS_IOC_GET_PIN_FILE(r1, 0x8004f50e, &(0x7f0000000640))
sendmsg$nl_netfilter(r2, &(0x7f0000000400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000003c0)={&(0x7f00000001c0)={0x1e0, 0x6, 0x5, 0x101, 0x70bd25, 0x25dfdbfc, {0x2, 0x0, 0x7}, [@nested={0x8, 0x106, 0x0, 0x1, [@nested={0x4, 0xb6}]}, @generic="5b10298434eda217400a9c0c3507feb08a2d6bfb6dbc4ef797ab56841a804dd0f2c0", @nested={0x59, 0x13d, 0x0, 0x1, [@nested={0x4, 0x121}, @generic="760a7f66391c0ba88eb77727919f13e6aa32324dec97d8a4c97b61419823684b2ee8acf9c8b21caf78502ee82d46b89fea40205a9725b985b5a20d163a777cc3f55e7e506cd62ab2283c28ddb3508c66b5"]}, @generic="124d0d3538cb00e23d3889c0b63aa4fd4c0d921a436332461ae5d08ce32fa9d71d62228b3796d06a2c1ec6ec0f40832f939d7381418e27af4ac5dd030b2e17dd95dcb8d90aa3702c731c6f08", @nested={0x91, 0x9e, 0x0, 0x1, [@typed={0x6, 0xd, 0x0, 0x0, @str=']\x00'}, @generic="55da2f2ad0a4f34a8186dcebb7070adcfd896896d8281aaed429781679d2e1cb722c07591baaca7991d0a89a7522016ce89a64f7fb624055b4992ae3020da9d780e8ab5adf", @typed={0x14, 0x121, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x35}}, @nested={0x4, 0x73}, @typed={0x5, 0x6d, 0x0, 0x0, @str='\x00'}, @nested={0x4, 0xea}, @typed={0x8, 0x143, 0x0, 0x0, @uid=r4}, @typed={0x11, 0x97, 0x0, 0x0, @str='/dev/rnullb0\x00'}]}, @generic="f09b7a8e0a46e04dc423088981a9daa39d70b151ee118655c90f7c28595936b17a302d627d149da2ac4f0423342bf776c06043b8d708ffdf888bd7ea03d855428f62339f0d1cdbbff7b6ec96ae59ae1e11e5c7b51ad41160589325", @typed={0x8, 0x73, 0x0, 0x0, @uid=r5}]}, 0x1e0}, 0x1, 0x0, 0x0, 0x4004}, 0x8000)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$nci(r6, 0x0, 0x4)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000180))
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r7, 0x400455c8, 0x4)
ioctl$TCFLSH(r7, 0x800455ca, 0x2)
ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000000))
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000480), 0x36d000, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f00000004c0)={0x48, 0x2, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r8, 0x3ba0, &(0x7f00000005c0)={0x48, 0x3, r9, 0x0, 0xfffffffffffffffa, 0x63, &(0x7f0000000540)="c848d9aede5e9ee75f6c43a65fa583e90e27e59053a77e9898e6bd986bada75a8202566dceb2d60f857cc0d18d51a7f199665ed8216463fbe7ae44a0272f513f411e2957755936112e478c1e6f2ed7466f7dfa3356a2f79a5310b43cfb23a3e4071e80"})

382.968813ms ago: executing program 1 (id=10469):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000200"]) (fail_nth: 2)

369.188753ms ago: executing program 5 (id=10470):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(0xffffffffffffffff, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x103}, {{0x0, 0x0, 0x0}, 0x6f92}, {{0x0, 0x0, 0x0}, 0x400003}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000004c0)=""/230, 0xe6}, {&(0x7f0000000640)=""/80, 0x50}, {&(0x7f0000000d80)=""/4102, 0x1006}, {&(0x7f0000004f80)=""/226, 0xe2}, {&(0x7f00000008c0)=""/47, 0x2f}, {&(0x7f0000000340)=""/202, 0xca}], 0x6}, 0x401}], 0x4, 0x20, 0x0)

177.51045ms ago: executing program 5 (id=10471):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f00000001c0)={0x70003, 0x0, [0x7, 0x9b, 0x40000ffffffff, 0x9, 0xfffffffffffffff7, 0x6, 0x3000000002, 0xd]})
r6 = socket$inet6(0xa, 0x3, 0xff)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x80000000, @empty}, 0x1c)
r7 = socket$tipc(0x1e, 0x5, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f00000001040000030b08000009058d00"/39, @ANYBLOB="92f8bb2822"], 0x0)
bind$tipc(r7, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x2, 0xfffffffc}}, 0x10)
bind$tipc(r7, &(0x7f0000000140)=@name={0x1e, 0x2, 0xfffffffffffffffe, {{0x42, 0x2}}}, 0x10)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSNPMODE(r8, 0x4008744b, &(0x7f0000000080)={0x283, 0x1})
r9 = dup2(r8, r0)
sendto$phonet(r9, &(0x7f0000000040)="5f93b183958128b74ece7ed720d297b7998430d8379ead4fdf520966db7ae4e5941d507e39221495", 0x28, 0x90, 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r9, 0xc0189373, &(0x7f0000000080)={{0x1, 0x1, 0x18, r7, {0x6}}, './file0\x00'})
r11 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001500010000000000000000000a00000004000000140001"], 0x44}}, 0x0)
ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000200"])

0s ago: executing program 1 (id=10472):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES32], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0x501c4814, &(0x7f0000000100)={0x2, 0x100, 0x0, 0x1947, 0x7, 0xf})

kernel console output (not intermixed with test programs):

interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[ 1754.984956][ T5921] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1754.998363][ T5921] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1755.007638][ T5921] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1755.019372][ T5921] usb 6-1: config 0 descriptor??
[ 1755.032680][T32556] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1755.040702][T32556] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1755.070833][ T5921] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1755.228940][T32568] Can't find a SQUASHFS superblock on rnullb0
[ 1755.268238][ T5921] usb 6-1: USB disconnect, device number 24
[ 1755.289464][ T5921] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[ 1755.329827][T32570] input: syz1 as /devices/virtual/input/input153
[ 1755.692098][T31989] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1755.853111][ T5921] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[ 1755.860804][T31989] usb 3-1: Using ep0 maxpacket: 8
[ 1755.867409][T32585] program syz.5.10158 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1755.874488][T31989] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1755.898175][T31989] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1755.911015][T32585] program syz.5.10158 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1755.924742][T31989] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[ 1755.958184][T31989] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00
[ 1755.979920][T31989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1756.019958][T31989] usb 3-1: config 0 descriptor??
[ 1756.053754][ T5921] usb 2-1: Using ep0 maxpacket: 16
[ 1756.081701][ T5921] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1756.107983][ T5921] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1756.120147][ T5921] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[ 1756.132064][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1756.140188][ T5921] usb 2-1: Product: syz
[ 1756.151976][ T5921] usb 2-1: Manufacturer: syz
[ 1756.162326][ T5921] usb 2-1: SerialNumber: syz
[ 1756.182977][ T5921] usb 2-1: config 0 descriptor??
[ 1756.379970][T32595] sp0: Synchronizing with TNC
[ 1756.468547][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.489976][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.497980][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.505224][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.513402][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.520296][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.528703][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.535944][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.543258][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.550087][T31989] sony 0003:054C:0268.0041: unknown main item tag 0x0
[ 1756.578053][T31989] sony 0003:054C:0268.0041: hiddev0,hidraw0: USB HID v80.00 Device [HID 054c:0268] on usb-dummy_hcd.2-1/input0
[ 1756.600257][T31989] sony 0003:054C:0268.0041: failed to claim input
[ 1756.620939][ T5921] usb 2-1: USB disconnect, device number 72
[ 1756.652231][T31209] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[ 1756.701170][T31989] usb 3-1: USB disconnect, device number 54
[ 1756.748318][T32600] fido_id[32600]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1756.822194][T31209] usb 5-1: Using ep0 maxpacket: 8
[ 1756.831220][T31209] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1756.840656][T31209] usb 5-1: config 7 has an invalid interface number: 169 but max is 0
[ 1756.849831][T31209] usb 5-1: config 7 has no interface number 0
[ 1756.859013][T31209] usb 5-1: New USB device found, idVendor=04c5, idProduct=1330, bcdDevice=79.99
[ 1756.868588][T31209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1756.876863][T31209] usb 5-1: Product: syz
[ 1756.881154][T31209] usb 5-1: Manufacturer: syz
[ 1756.887625][T31209] usb 5-1: SerialNumber: syz
[ 1757.103808][T32595] netlink: 763 bytes leftover after parsing attributes in process `syz.4.10162'.
[ 1757.118428][T32594] [U] è
[ 1757.129443][T31209] usb 5-1: USB disconnect, device number 57
[ 1757.281823][T31989] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1757.303408][T32609] FAULT_INJECTION: forcing a failure.
[ 1757.303408][T32609] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1757.316856][T32609] CPU: 0 UID: 0 PID: 32609 Comm: syz.2.10168 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1757.316886][T32609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1757.316899][T32609] Call Trace:
[ 1757.316908][T32609]  <TASK>
[ 1757.316916][T32609]  dump_stack_lvl+0x189/0x250
[ 1757.316951][T32609]  ? __pfx____ratelimit+0x10/0x10
[ 1757.316978][T32609]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1757.317008][T32609]  ? __pfx__printk+0x10/0x10
[ 1757.317037][T32609]  ? __might_fault+0xb0/0x130
[ 1757.317078][T32609]  should_fail_ex+0x414/0x560
[ 1757.317114][T32609]  _copy_from_iter+0x1db/0x16f0
[ 1757.317146][T32609]  ? rcu_is_watching+0x15/0xb0
[ 1757.317174][T32609]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1757.317206][T32609]  ? __pfx__copy_from_iter+0x10/0x10
[ 1757.317235][T32609]  ? __build_skb_around+0x257/0x3e0
[ 1757.317267][T32609]  ? netlink_sendmsg+0x642/0xb30
[ 1757.317293][T32609]  ? skb_put+0x11b/0x210
[ 1757.317325][T32609]  netlink_sendmsg+0x6b2/0xb30
[ 1757.317362][T32609]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1757.317394][T32609]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1757.317427][T32609]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1757.317451][T32609]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1757.317480][T32609]  __sock_sendmsg+0x219/0x270
[ 1757.317507][T32609]  ____sys_sendmsg+0x505/0x830
[ 1757.317561][T32609]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1757.317603][T32609]  ? import_iovec+0x74/0xa0
[ 1757.317644][T32609]  ___sys_sendmsg+0x21f/0x2a0
[ 1757.317665][T32609]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1757.317724][T32609]  ? __fget_files+0x2a/0x420
[ 1757.317748][T32609]  ? __fget_files+0x3a0/0x420
[ 1757.317783][T32609]  __x64_sys_sendmsg+0x19b/0x260
[ 1757.317866][T32609]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1757.317897][T32609]  ? __pfx_ksys_write+0x10/0x10
[ 1757.317915][T32609]  ? rcu_is_watching+0x15/0xb0
[ 1757.317947][T32609]  ? do_syscall_64+0xbe/0x3b0
[ 1757.317981][T32609]  do_syscall_64+0xfa/0x3b0
[ 1757.318008][T32609]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1757.318035][T32609]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1757.318056][T32609]  ? clear_bhb_loop+0x60/0xb0
[ 1757.318081][T32609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1757.318102][T32609] RIP: 0033:0x7ff6b718e929
[ 1757.318120][T32609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1757.318139][T32609] RSP: 002b:00007ff6b7fb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1757.318161][T32609] RAX: ffffffffffffffda RBX: 00007ff6b73b5fa0 RCX: 00007ff6b718e929
[ 1757.318176][T32609] RDX: 0000000000004800 RSI: 0000200000000300 RDI: 0000000000000003
[ 1757.318190][T32609] RBP: 00007ff6b7fb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1757.318203][T32609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1757.318214][T32609] R13: 0000000000000000 R14: 00007ff6b73b5fa0 R15: 00007ffd14bb8858
[ 1757.318246][T32609]  </TASK>
[ 1757.723449][T31989] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1757.736759][T31989] usb 6-1: config 0 has no interfaces?
[ 1757.745709][T31989] usb 6-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[ 1757.754872][T31989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1757.763057][T31989] usb 6-1: Product: syz
[ 1757.767245][T31989] usb 6-1: Manufacturer: syz
[ 1757.771946][T31989] usb 6-1: SerialNumber: syz
[ 1757.779510][T31989] usb 6-1: config 0 descriptor??
[ 1757.803920][T32618] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1758.416440][T32645] Can't find a SQUASHFS superblock on rnullb0
[ 1758.549684][T32654] vxfs: WRONG superblock magic 00000000 at 1
[ 1758.561141][T32654] vxfs: WRONG superblock magic 00000000 at 8
[ 1758.575005][T32654] vxfs: can't find superblock.
[ 1758.791663][T31209] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[ 1758.926253][T32667] afs: Unknown parameter 'dyninderfs/binder0'
[ 1758.959061][T31209] usb 5-1: config 160 has an invalid interface number: 69 but max is 0
[ 1758.967736][T31209] usb 5-1: config 160 has no interface number 0
[ 1758.980238][T31209] usb 5-1: config 160 interface 69 has no altsetting 0
[ 1758.990020][T31209] usb 5-1: New USB device found, idVendor=0403, idProduct=fa03, bcdDevice=f0.a9
[ 1759.005278][T31209] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1759.015030][T31209] usb 5-1: Product: syz
[ 1759.019230][T31209] usb 5-1: Manufacturer: syz
[ 1759.027827][T31209] usb 5-1: SerialNumber: syz
[ 1759.201737][   T24] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1759.243802][T31209] ftdi_sio 5-1:160.69: FTDI USB Serial Device converter detected
[ 1759.253189][T31209] ftdi_sio ttyUSB0: unknown device type: 0xf0a9
[ 1759.275470][T31209] usb 5-1: USB disconnect, device number 58
[ 1759.290505][T31209] ftdi_sio 5-1:160.69: device disconnected
[ 1759.361607][   T24] usb 2-1: Using ep0 maxpacket: 16
[ 1759.369112][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1759.378529][   T24] usb 2-1: config 106 has an invalid interface number: 79 but max is 0
[ 1759.386930][   T24] usb 2-1: config 106 has no interface number 0
[ 1759.393323][   T24] usb 2-1: config 106 interface 79 has no altsetting 0
[ 1759.409674][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=2888, bcdDevice=56.45
[ 1759.419199][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1759.427294][   T24] usb 2-1: Product: syz
[ 1759.431692][T21375] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1759.439817][   T24] usb 2-1: Manufacturer: syz
[ 1759.445407][   T24] usb 2-1: SerialNumber: syz
[ 1759.581445][T21375] usb 3-1: Using ep0 maxpacket: 32
[ 1759.588336][T21375] usb 3-1: config 0 has an invalid interface number: 230 but max is 0
[ 1759.596726][T21375] usb 3-1: config 0 has no interface number 0
[ 1759.603066][T21375] usb 3-1: too many endpoints for config 0 interface 230 altsetting 2: 248, using maximum allowed: 30
[ 1759.614332][T21375] usb 3-1: config 0 interface 230 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 248
[ 1759.627712][T21375] usb 3-1: config 0 interface 230 has no altsetting 0
[ 1759.636989][T21375] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[ 1759.646419][T21375] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1759.654615][T21375] usb 3-1: Product: syz
[ 1759.658869][T21375] usb 3-1: Manufacturer: syz
[ 1759.665272][T21375] usb 3-1: SerialNumber: syz
[ 1759.673727][   T24] cdc_subset 2-1:106.79: probe with driver cdc_subset failed with error -71
[ 1759.684693][T21375] usb 3-1: config 0 descriptor??
[ 1759.696238][T21375] ums-usbat 3-1:0.230: USB Mass Storage device detected
[ 1759.710114][   T24] usb 2-1: USB disconnect, device number 73
[ 1759.726896][T21375] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1
[ 1760.079317][   T24] usb 6-1: USB disconnect, device number 25
[ 1760.441353][   T24] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1760.496206][T32695] comedi comedi2: pcl724: a I/O base address must be specified
[ 1760.591285][   T24] usb 6-1: device descriptor read/64, error -71
[ 1760.741276][   T44] usb 2-1: new full-speed USB device number 74 using dummy_hcd
[ 1760.841487][   T24] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1760.912973][   T44] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1760.929421][   T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1760.949457][   T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1760.960187][   T44] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1760.980981][   T44] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1760.990975][   T24] usb 6-1: device descriptor read/64, error -71
[ 1761.003654][   T44] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1761.012099][   T44] usb 2-1: Manufacturer: syz
[ 1761.019080][   T44] usb 2-1: config 0 descriptor??
[ 1761.121611][   T24] usb usb6-port1: attempt power cycle
[ 1761.236889][ T5921] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[ 1761.291527][   T44] rc_core: IR keymap rc-hauppauge not found
[ 1761.297641][   T44] Registered IR keymap rc-empty
[ 1761.303218][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.322545][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.342881][   T44] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 1761.357615][   T44] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input154
[ 1761.372165][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.381329][ T5921] usb 5-1: device descriptor read/64, error -71
[ 1761.391282][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.411225][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.431205][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.451253][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.461131][   T24] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1761.471155][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.481765][   T24] usb 6-1: device descriptor read/8, error -71
[ 1761.491160][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.511195][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.531250][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.551173][   T44] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[ 1761.572872][   T44] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[ 1761.581071][   T44] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1761.594754][   T44] usb 2-1: USB disconnect, device number 74
[ 1761.622017][ T5921] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[ 1761.724646][   T24] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1761.751919][   T24] usb 6-1: device descriptor read/8, error -71
[ 1761.771061][ T5921] usb 5-1: device descriptor read/64, error -71
[ 1761.871522][   T24] usb usb6-port1: unable to enumerate USB device
[ 1761.895652][ T5921] usb usb5-port1: attempt power cycle
[ 1761.955231][T32716] netlink: 'syz.1.10209': attribute type 4 has an invalid length.
[ 1761.964267][T32716] netlink: 'syz.1.10209': attribute type 2 has an invalid length.
[ 1762.210977][T25464] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 1762.244876][ T5921] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[ 1762.272374][ T5921] usb 5-1: device descriptor read/8, error -71
[ 1762.361143][T25464] usb 2-1: Using ep0 maxpacket: 32
[ 1762.368112][T25464] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid maxpacket 1025, setting to 64
[ 1762.379587][T25464] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1762.387514][T25464] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[ 1762.399655][T25464] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1762.410718][T25464] usb 2-1: config 0 descriptor??
[ 1762.511178][ T5921] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1762.531806][ T5921] usb 5-1: device descriptor read/8, error -71
[ 1762.641388][ T5921] usb usb5-port1: unable to enumerate USB device
[ 1762.683343][T32718] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10209'.
[ 1762.746936][T25464] usbhid 2-1:0.0: can't add hid device: -71
[ 1762.756473][T25464] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1762.778946][T25464] usb 2-1: USB disconnect, device number 75
[ 1763.417750][T21375] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5
[ 1763.447140][T21375] usb 3-1: USB disconnect, device number 55
[ 1763.911599][   T30] audit: type=1326 audit(1752161352.269:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff6b712ab19 code=0x7ffc0000
[ 1763.939234][   T30] audit: type=1326 audit(1752161352.269:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b718e929 code=0x7ffc0000
[ 1763.972118][   T30] audit: type=1326 audit(1752161352.269:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff6b712ab19 code=0x7ffc0000
[ 1764.015667][   T30] audit: type=1326 audit(1752161352.299:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b718e929 code=0x7ffc0000
[ 1764.070305][   T30] audit: type=1326 audit(1752161352.299:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff6b712ab19 code=0x7ffc0000
[ 1764.104719][T21375] usb 2-1: new full-speed USB device number 76 using dummy_hcd
[ 1764.151478][   T30] audit: type=1326 audit(1752161352.299:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff6b712ab19 code=0x7ffc0000
[ 1764.198794][   T30] audit: type=1326 audit(1752161352.299:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b718e929 code=0x7ffc0000
[ 1764.228158][   T30] audit: type=1326 audit(1752161352.299:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b718e929 code=0x7ffc0000
[ 1764.257426][   T30] audit: type=1326 audit(1752161352.299:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6b718e929 code=0x7ffc0000
[ 1764.292165][   T30] audit: type=1326 audit(1752161352.299:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32745 comm="syz.2.10220" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff6b712ab19 code=0x7ffc0000
[ 1764.333541][T21375] usb 2-1: config index 0 descriptor too short (expected 13649, got 18)
[ 1764.345306][T21375] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=a3.c0
[ 1764.390567][T21375] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1764.410215][T21375] usb 2-1: Product: syz
[ 1764.424418][T21375] usb 2-1: Manufacturer: syz
[ 1764.429075][T21375] usb 2-1: SerialNumber: syz
[ 1764.615418][  T300] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10230'.
[ 1764.650794][   T44] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 1764.680347][T32743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1764.709984][T32743] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1764.800572][   T44] usb 5-1: device descriptor read/64, error -71
[ 1765.014401][T21375] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[ 1765.048379][T21375] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1765.061078][   T44] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1765.087926][T21375] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[ 1765.118521][T21375] usb 2-1: USB disconnect, device number 76
[ 1765.227598][   T44] usb 5-1: device descriptor read/64, error -71
[ 1765.351902][   T44] usb usb5-port1: attempt power cycle
[ 1765.489843][  T321] FAULT_INJECTION: forcing a failure.
[ 1765.489843][  T321] name failslab, interval 1, probability 0, space 0, times 0
[ 1765.503038][  T321] CPU: 1 UID: 0 PID: 321 Comm: syz.2.10238 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1765.503067][  T321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1765.503081][  T321] Call Trace:
[ 1765.503089][  T321]  <TASK>
[ 1765.503098][  T321]  dump_stack_lvl+0x189/0x250
[ 1765.503133][  T321]  ? __pfx____ratelimit+0x10/0x10
[ 1765.503161][  T321]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1765.503191][  T321]  ? __pfx__printk+0x10/0x10
[ 1765.503226][  T321]  ? __pfx___might_resched+0x10/0x10
[ 1765.503258][  T321]  should_fail_ex+0x414/0x560
[ 1765.503296][  T321]  should_failslab+0xa8/0x100
[ 1765.503318][  T321]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1765.503349][  T321]  ? getname_flags+0xb8/0x540
[ 1765.503379][  T321]  getname_flags+0xb8/0x540
[ 1765.503404][  T321]  ? security_capable+0x7e/0x2e0
[ 1765.503437][  T321]  user_path_at+0x24/0x60
[ 1765.503467][  T321]  __se_sys_pivot_root+0x18f/0xc20
[ 1765.503498][  T321]  ? __fget_files+0x3a0/0x420
[ 1765.503521][  T321]  ? __pfx___se_sys_pivot_root+0x10/0x10
[ 1765.503540][  T321]  ? fput+0xa0/0xd0
[ 1765.503560][  T321]  ? ksys_write+0x22a/0x250
[ 1765.503577][  T321]  ? rcu_is_watching+0x15/0xb0
[ 1765.503601][  T321]  ? do_syscall_64+0xbe/0x3b0
[ 1765.503625][  T321]  do_syscall_64+0xfa/0x3b0
[ 1765.503645][  T321]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1765.503664][  T321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1765.503679][  T321]  ? clear_bhb_loop+0x60/0xb0
[ 1765.503697][  T321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1765.503712][  T321] RIP: 0033:0x7ff6b718e929
[ 1765.503725][  T321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1765.503738][  T321] RSP: 002b:00007ff6b7fb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000009b
[ 1765.503755][  T321] RAX: ffffffffffffffda RBX: 00007ff6b73b5fa0 RCX: 00007ff6b718e929
[ 1765.503766][  T321] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000200000000240
[ 1765.503776][  T321] RBP: 00007ff6b7fb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1765.503785][  T321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1765.503794][  T321] R13: 0000000000000000 R14: 00007ff6b73b5fa0 R15: 00007ffd14bb8858
[ 1765.503817][  T321]  </TASK>
[ 1765.731380][T25464] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[ 1765.810416][   T44] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 1765.831083][   T44] usb 5-1: device descriptor read/8, error -71
[ 1765.881919][T25464] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1765.896585][T25464] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1765.906410][T25464] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1765.913351][T25464] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[ 1765.922465][T25464] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1765.933718][T25464] usb 6-1: config 0 descriptor??
[ 1766.070550][   T44] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1766.091009][   T44] usb 5-1: device descriptor read/8, error -71
[ 1766.201446][   T44] usb usb5-port1: unable to enumerate USB device
[ 1766.266147][  T325] tipc: Started in network mode
[ 1766.275902][  T325] tipc: Node identity 4, cluster identity 4711
[ 1766.288202][  T325] tipc: Node number set to 4
[ 1766.348138][T25464] hid_parser_main: 60 callbacks suppressed
[ 1766.348163][T25464] hid-steam 0003:28DE:1102.0042: unknown main item tag 0x0
[ 1766.370387][T25464] hid-steam 0003:28DE:1102.0042: unknown main item tag 0x0
[ 1766.379215][T25464] hid-steam 0003:28DE:1102.0042: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[ 1766.463726][T25464] hid-steam 0003:28DE:1102.0042: Steam Controller 'XXXXXXXXXX' connected
[ 1766.483267][T25464] input: Steam Controller as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28DE:1102.0042/input/input155
[ 1766.536420][T25464] hid-steam 0003:28DE:1102.0043: unknown main item tag 0x0
[ 1766.563100][T25464] hid-steam 0003:28DE:1102.0043: unknown main item tag 0x0
[ 1766.573220][  T317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1766.583995][  T317] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1766.612140][  T317] exFAT-fs (rnullb0): invalid boot record signature
[ 1766.619358][  T317] exFAT-fs (rnullb0): failed to read boot sector
[ 1766.642281][T25464] hid-steam 0003:28DE:1102.0043: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.5-1/input0
[ 1766.654805][  T317] exFAT-fs (rnullb0): failed to recognize exfat type
[ 1766.694836][T25464] usb 6-1: USB disconnect, device number 30
[ 1766.783780][T25464] hid-steam 0003:28DE:1102.0042: Steam Controller 'XXXXXXXXXX' disconnected
[ 1766.813780][  T333] fido_id[333]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[ 1767.328240][T29615] bridge_slave_1: left allmulticast mode
[ 1767.345129][T29615] bridge_slave_1: left promiscuous mode
[ 1767.360469][T29615] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1767.395272][T29615] bridge_slave_0: left allmulticast mode
[ 1767.411467][T29615] bridge_slave_0: left promiscuous mode
[ 1767.421805][T29615] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1767.521721][  T349] FAULT_INJECTION: forcing a failure.
[ 1767.521721][  T349] name failslab, interval 1, probability 0, space 0, times 0
[ 1767.552240][  T349] CPU: 0 UID: 0 PID: 349 Comm: syz.4.10248 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1767.552271][  T349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1767.552286][  T349] Call Trace:
[ 1767.552295][  T349]  <TASK>
[ 1767.552305][  T349]  dump_stack_lvl+0x189/0x250
[ 1767.552341][  T349]  ? __pfx____ratelimit+0x10/0x10
[ 1767.552371][  T349]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1767.552398][  T349]  ? __pfx__printk+0x10/0x10
[ 1767.552434][  T349]  ? __pfx___might_resched+0x10/0x10
[ 1767.552465][  T349]  should_fail_ex+0x414/0x560
[ 1767.552502][  T349]  should_failslab+0xa8/0x100
[ 1767.552525][  T349]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1767.552556][  T349]  ? __alloc_skb+0x112/0x2d0
[ 1767.552589][  T349]  __alloc_skb+0x112/0x2d0
[ 1767.552620][  T349]  netlink_dump+0x1ab/0xe90
[ 1767.552659][  T349]  ? ip_set_dump_start+0x158/0x410
[ 1767.552695][  T349]  ? __pfx_netlink_dump+0x10/0x10
[ 1767.552736][  T349]  ? netlink_lookup+0x30/0x200
[ 1767.552773][  T349]  ? netlink_lookup+0x30/0x200
[ 1767.552796][  T349]  ? netlink_lookup+0x30/0x200
[ 1767.552827][  T349]  __netlink_dump_start+0x5cb/0x7e0
[ 1767.552863][  T349]  ip_set_dump+0x13e/0x1c0
[ 1767.552884][  T349]  ? __pfx_ip_set_dump+0x10/0x10
[ 1767.552904][  T349]  ? __pfx_ip_set_dump_start+0x10/0x10
[ 1767.552924][  T349]  ? __pfx_ip_set_dump_do+0x10/0x10
[ 1767.552945][  T349]  ? __pfx_ip_set_dump_done+0x10/0x10
[ 1767.552983][  T349]  nfnetlink_rcv_msg+0xb4d/0x1130
[ 1767.553006][  T349]  ? nfnetlink_rcv_msg+0x20d/0x1130
[ 1767.553047][  T349]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1767.553067][  T349]  ? kasan_save_free_info+0x46/0x50
[ 1767.553140][  T349]  netlink_rcv_skb+0x205/0x470
[ 1767.553168][  T349]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1767.553193][  T349]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1767.553230][  T349]  ? bpf_lsm_capable+0x9/0x20
[ 1767.553247][  T349]  ? security_capable+0x7e/0x2e0
[ 1767.553283][  T349]  nfnetlink_rcv+0x26a/0x2520
[ 1767.553319][  T349]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1767.553351][  T349]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1767.553372][  T349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1767.553403][  T349]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1767.553424][  T349]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1767.553460][  T349]  ? ref_tracker_free+0x63a/0x7d0
[ 1767.553479][  T349]  ? __copy_skb_header+0xa7/0x550
[ 1767.553500][  T349]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1767.553520][  T349]  ? __skb_clone+0x63/0x7a0
[ 1767.553543][  T349]  ? __skb_clone+0x483/0x7a0
[ 1767.553569][  T349]  ? skb_clone+0x246/0x3a0
[ 1767.553592][  T349]  ? __netlink_deliver_tap+0x807/0x850
[ 1767.553618][  T349]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1767.553651][  T349]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1767.553683][  T349]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1767.553715][  T349]  netlink_unicast+0x759/0x8e0
[ 1767.553750][  T349]  netlink_sendmsg+0x805/0xb30
[ 1767.553788][  T349]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1767.553819][  T349]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1767.553851][  T349]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1767.553873][  T349]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1767.553901][  T349]  __sock_sendmsg+0x219/0x270
[ 1767.553928][  T349]  ____sys_sendmsg+0x505/0x830
[ 1767.553966][  T349]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1767.554007][  T349]  ? import_iovec+0x74/0xa0
[ 1767.554039][  T349]  ___sys_sendmsg+0x21f/0x2a0
[ 1767.554061][  T349]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1767.554118][  T349]  ? __fget_files+0x2a/0x420
[ 1767.554140][  T349]  ? __fget_files+0x3a0/0x420
[ 1767.554175][  T349]  __x64_sys_sendmsg+0x19b/0x260
[ 1767.554197][  T349]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1767.554226][  T349]  ? __pfx_ksys_write+0x10/0x10
[ 1767.554243][  T349]  ? rcu_is_watching+0x15/0xb0
[ 1767.554275][  T349]  ? do_syscall_64+0xbe/0x3b0
[ 1767.554306][  T349]  do_syscall_64+0xfa/0x3b0
[ 1767.554331][  T349]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1767.554357][  T349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1767.554376][  T349]  ? clear_bhb_loop+0x60/0xb0
[ 1767.554401][  T349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1767.554419][  T349] RIP: 0033:0x7fe3f0f8e929
[ 1767.554437][  T349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1767.554456][  T349] RSP: 002b:00007fe3f1d69038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1767.554477][  T349] RAX: ffffffffffffffda RBX: 00007fe3f11b5fa0 RCX: 00007fe3f0f8e929
[ 1767.554492][  T349] RDX: 0000000004000080 RSI: 0000200000000200 RDI: 0000000000000003
[ 1767.554505][  T349] RBP: 00007fe3f1d69090 R08: 0000000000000000 R09: 0000000000000000
[ 1767.554518][  T349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1767.554529][  T349] R13: 0000000000000000 R14: 00007fe3f11b5fa0 R15: 00007ffdb9cefaf8
[ 1767.554560][  T349]  </TASK>
[ 1768.054692][  T353] netlink: 68 bytes leftover after parsing attributes in process `syz.2.10250'.
[ 1768.080313][T21375] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[ 1768.252209][T21375] usb 2-1: Using ep0 maxpacket: 32
[ 1768.259595][T21375] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1768.298067][T21375] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1768.319263][T21375] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1768.339312][T21375] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1768.395921][T21375] usb 2-1: config 0 descriptor??
[ 1768.683853][T29615] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1768.694669][T29615] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1768.707646][T29615] bond0 (unregistering): Released all slaves
[ 1768.858363][T21375] savu 0003:1E7D:2D5A.0044: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[ 1769.012337][  T369] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10254'.
[ 1769.034917][  T344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1769.057715][  T344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1769.085951][  T369] FAULT_INJECTION: forcing a failure.
[ 1769.085951][  T369] name failslab, interval 1, probability 0, space 0, times 0
[ 1769.118021][  T369] CPU: 1 UID: 0 PID: 369 Comm: syz.2.10254 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1769.118051][  T369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1769.118065][  T369] Call Trace:
[ 1769.118073][  T369]  <TASK>
[ 1769.118084][  T369]  dump_stack_lvl+0x189/0x250
[ 1769.118118][  T369]  ? __pfx____ratelimit+0x10/0x10
[ 1769.118146][  T369]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1769.118174][  T369]  ? __pfx__printk+0x10/0x10
[ 1769.118209][  T369]  ? __pfx___might_resched+0x10/0x10
[ 1769.118235][  T369]  ? fs_reclaim_acquire+0x7d/0x100
[ 1769.118261][  T369]  should_fail_ex+0x414/0x560
[ 1769.118297][  T369]  should_failslab+0xa8/0x100
[ 1769.118319][  T369]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1769.118351][  T369]  ? __alloc_skb+0x112/0x2d0
[ 1769.118385][  T369]  __alloc_skb+0x112/0x2d0
[ 1769.118419][  T369]  netlink_ack+0x146/0xa50
[ 1769.118444][  T369]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1769.118465][  T369]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 1769.118487][  T369]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 1769.118525][  T369]  netlink_rcv_skb+0x28c/0x470
[ 1769.118554][  T369]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1769.118577][  T369]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1769.118625][  T369]  ? down_read+0x1ad/0x2e0
[ 1769.118659][  T369]  genl_rcv+0x28/0x40
[ 1769.118678][  T369]  netlink_unicast+0x759/0x8e0
[ 1769.118716][  T369]  netlink_sendmsg+0x805/0xb30
[ 1769.118755][  T369]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1769.118788][  T369]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1769.118848][  T369]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1769.118873][  T369]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1769.118902][  T369]  __sock_sendmsg+0x219/0x270
[ 1769.118930][  T369]  ____sys_sendmsg+0x505/0x830
[ 1769.118968][  T369]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1769.119009][  T369]  ? import_iovec+0x74/0xa0
[ 1769.119048][  T369]  ___sys_sendmsg+0x21f/0x2a0
[ 1769.119070][  T369]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1769.119128][  T369]  ? __fget_files+0x2a/0x420
[ 1769.119150][  T369]  ? __fget_files+0x3a0/0x420
[ 1769.119185][  T369]  __x64_sys_sendmsg+0x19b/0x260
[ 1769.119208][  T369]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1769.119239][  T369]  ? __pfx_ksys_write+0x10/0x10
[ 1769.119257][  T369]  ? rcu_is_watching+0x15/0xb0
[ 1769.119290][  T369]  ? do_syscall_64+0xbe/0x3b0
[ 1769.119321][  T369]  do_syscall_64+0xfa/0x3b0
[ 1769.119347][  T369]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1769.119373][  T369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1769.119394][  T369]  ? clear_bhb_loop+0x60/0xb0
[ 1769.119418][  T369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1769.119438][  T369] RIP: 0033:0x7ff6b718e929
[ 1769.119456][  T369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1769.119473][  T369] RSP: 002b:00007ff6b7fb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1769.119495][  T369] RAX: ffffffffffffffda RBX: 00007ff6b73b5fa0 RCX: 00007ff6b718e929
[ 1769.119510][  T369] RDX: 0000000000000004 RSI: 0000200000000c40 RDI: 0000000000000004
[ 1769.119524][  T369] RBP: 00007ff6b7fb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1769.119536][  T369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1769.119549][  T369] R13: 0000000000000000 R14: 00007ff6b73b5fa0 R15: 00007ffd14bb8858
[ 1769.119581][  T369]  </TASK>
[ 1769.482857][T21375] usb 2-1: USB disconnect, device number 77
[ 1769.725196][T29615] hsr_slave_0: left promiscuous mode
[ 1769.737910][T29615] hsr_slave_1: left promiscuous mode
[ 1769.747711][T29615] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1769.780693][T29615] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1770.167666][  T391] qnx4: no qnx4 filesystem (no root dir).
[ 1770.712427][  T407] netlink: 'syz.1.10263': attribute type 10 has an invalid length.
[ 1770.867438][  T411] hfs: can't find a HFS filesystem on dev rnullb0
[ 1771.026317][T29615] team0 (unregistering): Port device team_slave_1 removed
[ 1771.143055][T29615] team0 (unregistering): Port device team_slave_0 removed
[ 1771.968707][  T407] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets).
[ 1772.227928][  T426] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10271'.
[ 1772.452166][ T8953] block nbd0: Possible stuck request ffff8880256dd900: control (read@0,4096B). Runtime 120 seconds
[ 1772.740740][   T44] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[ 1772.911507][   T44] usb 5-1: Using ep0 maxpacket: 16
[ 1772.926228][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1772.943443][   T44] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1772.957138][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1772.985673][   T44] usb 5-1: Product: syz
[ 1772.993473][   T44] usb 5-1: Manufacturer: syz
[ 1773.006706][   T44] usb 5-1: SerialNumber: syz
[ 1773.026231][   T44] usb 5-1: config 0 descriptor??
[ 1773.053296][   T44] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1773.078912][   T44] em28xx 5-1:0.0: DVB interface 0 found: bulk
[ 1773.519220][  T462] block nbd5: NBD_DISCONNECT
[ 1773.523958][  T462] block nbd5: Disconnected due to user request.
[ 1773.557540][  T462] block nbd5: shutting down sockets
[ 1773.591702][  T465] qnx4: no qnx4 filesystem (no root dir).
[ 1773.654707][   T44] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[ 1774.081953][  T435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1774.095049][  T435] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1774.115687][  T435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1774.142254][  T435] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1774.235708][  T491] qnx4: no qnx4 filesystem (no root dir).
[ 1774.550168][   T44] em28xx 5-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[ 1774.570708][   T44] em28xx 5-1:0.0: board has no eeprom
[ 1774.689166][   T44] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1774.730595][   T44] em28xx 5-1:0.0: dvb set to bulk mode.
[ 1774.736260][T21375] em28xx 5-1:0.0: Binding DVB extension
[ 1774.789307][   T44] usb 5-1: USB disconnect, device number 67
[ 1774.828711][   T44] em28xx 5-1:0.0: Disconnecting em28xx
[ 1774.896890][T21375] em28xx 5-1:0.0: Registering input extension
[ 1774.923515][   T44] em28xx 5-1:0.0: Closing input extension
[ 1774.966214][   T44] em28xx 5-1:0.0: Freeing device
[ 1775.003347][  T500] FAULT_INJECTION: forcing a failure.
[ 1775.003347][  T500] name failslab, interval 1, probability 0, space 0, times 0
[ 1775.064471][  T500] CPU: 1 UID: 0 PID: 500 Comm: syz.2.10289 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1775.064502][  T500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1775.064516][  T500] Call Trace:
[ 1775.064525][  T500]  <TASK>
[ 1775.064535][  T500]  dump_stack_lvl+0x189/0x250
[ 1775.064570][  T500]  ? __pfx____ratelimit+0x10/0x10
[ 1775.064598][  T500]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1775.064627][  T500]  ? __pfx__printk+0x10/0x10
[ 1775.064661][  T500]  ? __pfx___might_resched+0x10/0x10
[ 1775.064693][  T500]  should_fail_ex+0x414/0x560
[ 1775.064737][  T500]  should_failslab+0xa8/0x100
[ 1775.064760][  T500]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1775.064805][  T500]  ? __alloc_skb+0x112/0x2d0
[ 1775.064838][  T500]  __alloc_skb+0x112/0x2d0
[ 1775.064870][  T500]  netlink_sendmsg+0x5c6/0xb30
[ 1775.064916][  T500]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1775.064948][  T500]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1775.064982][  T500]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1775.065006][  T500]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1775.065035][  T500]  __sock_sendmsg+0x219/0x270
[ 1775.065063][  T500]  ____sys_sendmsg+0x505/0x830
[ 1775.065099][  T500]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1775.065140][  T500]  ? import_iovec+0x74/0xa0
[ 1775.065174][  T500]  ___sys_sendmsg+0x21f/0x2a0
[ 1775.065195][  T500]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1775.065250][  T500]  ? __fget_files+0x2a/0x420
[ 1775.065272][  T500]  ? __fget_files+0x3a0/0x420
[ 1775.065307][  T500]  __x64_sys_sendmsg+0x19b/0x260
[ 1775.065330][  T500]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1775.065359][  T500]  ? __pfx_ksys_write+0x10/0x10
[ 1775.065378][  T500]  ? rcu_is_watching+0x15/0xb0
[ 1775.065410][  T500]  ? do_syscall_64+0xbe/0x3b0
[ 1775.065441][  T500]  do_syscall_64+0xfa/0x3b0
[ 1775.065467][  T500]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1775.065493][  T500]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1775.065531][  T500]  ? clear_bhb_loop+0x60/0xb0
[ 1775.065556][  T500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1775.065577][  T500] RIP: 0033:0x7ff6b718e929
[ 1775.065597][  T500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1775.065614][  T500] RSP: 002b:00007ff6b7fb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1775.065638][  T500] RAX: ffffffffffffffda RBX: 00007ff6b73b5fa0 RCX: 00007ff6b718e929
[ 1775.065653][  T500] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000004
[ 1775.065667][  T500] RBP: 00007ff6b7fb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1775.065680][  T500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1775.065692][  T500] R13: 0000000000000000 R14: 00007ff6b73b5fa0 R15: 00007ffd14bb8858
[ 1775.065724][  T500]  </TASK>
[ 1776.118824][T25464] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1776.163308][  T534] netlink: 'syz.1.10296': attribute type 1 has an invalid length.
[ 1776.188752][  T534] netlink: 224 bytes leftover after parsing attributes in process `syz.1.10296'.
[ 1776.280569][T25464] usb 6-1: Using ep0 maxpacket: 8
[ 1776.290577][T25464] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1776.314975][T25464] usb 6-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00
[ 1776.341317][T25464] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1776.365220][T25464] usb 6-1: config 0 descriptor??
[ 1776.459097][ T5852] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[ 1776.520867][ T5921] IPVS: starting estimator thread 0...
[ 1776.533800][  T540] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10297'.
[ 1776.560910][  T540] netlink: 92 bytes leftover after parsing attributes in process `syz.4.10297'.
[ 1776.608646][  T541] IPVS: using max 26 ests per chain, 62400 per kthread
[ 1776.641061][ T5852] usb 2-1: config 0 has an invalid descriptor of length 122, skipping remainder of the config
[ 1776.660306][ T5852] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1776.669772][ T5852] usb 2-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[ 1776.678911][ T5852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1776.698877][ T5852] usb 2-1: config 0 descriptor??
[ 1776.805052][  T521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1776.815363][  T521] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1776.816409][  T552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1776.843684][  T552] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1776.882863][T25464] cypress 0003:04B4:0001.0045: hidraw0: USB HID v0.00 Device [HID 04b4:0001] on usb-dummy_hcd.5-1/input0
[ 1776.938687][ T5921] usb 3-1: new full-speed USB device number 56 using dummy_hcd
[ 1777.032202][T31989] usb 2-1: USB disconnect, device number 78
[ 1777.044716][  T530] block nbd1: shutting down sockets
[ 1777.090487][ T5921] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1777.109803][ T5921] usb 3-1: not running at top speed; connect to a high speed hub
[ 1777.114766][ T5852] usb 6-1: USB disconnect, device number 31
[ 1777.126604][ T5921] usb 3-1: config index 0 descriptor too short (expected 8704, got 18)
[ 1777.136119][ T5921] usb 3-1: config 134 has too many interfaces: 224, using maximum allowed: 32
[ 1777.172319][ T5921] usb 3-1: config 134 has an invalid descriptor of length 0, skipping remainder of the config
[ 1777.198769][ T5921] usb 3-1: config 134 has 0 interfaces, different from the descriptor's value: 224
[ 1777.221375][T25464] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1777.244531][ T5921] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=a8.ed
[ 1777.255623][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1777.264035][ T5921] usb 3-1: Product: syz
[ 1777.268238][ T5921] usb 3-1: Manufacturer: syz
[ 1777.275921][ T5921] usb 3-1: SerialNumber: syz
[ 1777.391108][T25464] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1777.403779][T25464] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1777.416409][T25464] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1777.428287][T25464] usb 5-1: config 0 descriptor??
[ 1777.439847][T25464] pwc: Askey VC010 type 2 USB webcam detected.
[ 1777.487120][  T544] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[ 1777.499749][  T544] UDF-fs: Scanning with blocksize 4096 failed
[ 1777.523927][ T5921] usb 3-1: USB disconnect, device number 56
[ 1777.637228][T25464] pwc: send_video_command error -71
[ 1777.656345][T25464] pwc: Failed to set video mode CIF@30 fps; return code = -71
[ 1777.664892][T25464] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[ 1777.699134][T25464] usb 5-1: USB disconnect, device number 68
[ 1777.851186][  T573] block nbd1: NBD_DISCONNECT
[ 1777.862579][  T573] block nbd1: Disconnected due to user request.
[ 1777.872791][  T573] block nbd1: shutting down sockets
[ 1778.074072][  T585] NILFS (rnullb0): couldn't find nilfs on the device
[ 1778.180963][  T590] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1778.196694][T25464] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[ 1778.360710][T25464] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1778.381410][T25464] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1778.410622][T25464] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1778.443038][T25464] usb 5-1: config 0 descriptor??
[ 1778.461727][T25464] pwc: Askey VC010 type 2 USB webcam detected.
[ 1778.747785][  T600] could not allocate digest TFM handle sha256-mb
[ 1778.867795][T25464] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1778.889928][T25464] pwc: recv_control_msg error -32 req 02 val 2700
[ 1778.905428][T25464] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1778.923630][T25464] pwc: recv_control_msg error -32 req 04 val 1000
[ 1778.950936][T25464] pwc: recv_control_msg error -32 req 04 val 1300
[ 1778.962050][T25464] pwc: recv_control_msg error -32 req 04 val 1400
[ 1778.969965][T25464] pwc: recv_control_msg error -32 req 02 val 2000
[ 1778.977271][T25464] pwc: recv_control_msg error -32 req 02 val 2100
[ 1778.989009][T25464] pwc: recv_control_msg error -32 req 04 val 1500
[ 1779.197020][T25464] pwc: recv_control_msg error -32 req 02 val 2400
[ 1779.307466][  T611] ubi: mtd0 is already attached to ubi0
[ 1779.405863][  T555] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1779.414846][  T555] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1779.429408][T25464] pwc: recv_control_msg error -71 req 02 val 2900
[ 1779.436409][T25464] pwc: recv_control_msg error -71 req 02 val 2800
[ 1779.469466][T25464] pwc: recv_control_msg error -71 req 04 val 1100
[ 1779.506069][T25464] pwc: recv_control_msg error -71 req 04 val 1200
[ 1779.558610][T25464] pwc: Registered as video103.
[ 1779.586077][T25464] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input157
[ 1779.586869][  T630] netlink: 32 bytes leftover after parsing attributes in process `syz.1.10315'.
[ 1779.656879][  T630] tipc: Invalid UDP bearer configuration
[ 1779.656945][  T630] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1779.666681][T25464] usb 5-1: USB disconnect, device number 69
[ 1779.875591][  T639] FAULT_INJECTION: forcing a failure.
[ 1779.875591][  T639] name failslab, interval 1, probability 0, space 0, times 0
[ 1779.896148][  T639] CPU: 0 UID: 0 PID: 639 Comm: syz.5.10317 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1779.896181][  T639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1779.896195][  T639] Call Trace:
[ 1779.896204][  T639]  <TASK>
[ 1779.896213][  T639]  dump_stack_lvl+0x189/0x250
[ 1779.896249][  T639]  ? __pfx____ratelimit+0x10/0x10
[ 1779.896277][  T639]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1779.896306][  T639]  ? __pfx__printk+0x10/0x10
[ 1779.896347][  T639]  ? __pfx___might_resched+0x10/0x10
[ 1779.896374][  T639]  ? fs_reclaim_acquire+0x7d/0x100
[ 1779.896403][  T639]  should_fail_ex+0x414/0x560
[ 1779.896441][  T639]  should_failslab+0xa8/0x100
[ 1779.896465][  T639]  __kmalloc_noprof+0xcb/0x4f0
[ 1779.896495][  T639]  ? tomoyo_encode+0x28b/0x550
[ 1779.896521][  T639]  tomoyo_encode+0x28b/0x550
[ 1779.896549][  T639]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1779.896582][  T639]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1779.896610][  T639]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1779.896642][  T639]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1779.896688][  T639]  ? __lock_acquire+0xab9/0xd20
[ 1779.896734][  T639]  ? __fget_files+0x2a/0x420
[ 1779.896762][  T639]  ? __fget_files+0x2a/0x420
[ 1779.896786][  T639]  ? __fget_files+0x3a0/0x420
[ 1779.896809][  T639]  ? __fget_files+0x2a/0x420
[ 1779.896838][  T639]  security_file_ioctl+0xcb/0x2d0
[ 1779.896868][  T639]  __se_sys_ioctl+0x47/0x170
[ 1779.896900][  T639]  do_syscall_64+0xfa/0x3b0
[ 1779.896929][  T639]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1779.896957][  T639]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1779.896977][  T639]  ? clear_bhb_loop+0x60/0xb0
[ 1779.897004][  T639]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1779.897024][  T639] RIP: 0033:0x7fef77b8e929
[ 1779.897043][  T639] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1779.897061][  T639] RSP: 002b:00007fef789c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1779.897084][  T639] RAX: ffffffffffffffda RBX: 00007fef77db5fa0 RCX: 00007fef77b8e929
[ 1779.897101][  T639] RDX: 00002000000007c0 RSI: 0000000040184152 RDI: 0000000000000005
[ 1779.897115][  T639] RBP: 00007fef789c4090 R08: 0000000000000000 R09: 0000000000000000
[ 1779.897134][  T639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1779.897147][  T639] R13: 0000000000000000 R14: 00007fef77db5fa0 R15: 00007fffbca2dd48
[ 1779.897181][  T639]  </TASK>
[ 1779.897271][  T639] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1780.275393][  T648] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.10319'.
[ 1780.311387][  T648] hpfs: Bad magic ... probably not HPFS
[ 1780.830613][  T671] FAULT_INJECTION: forcing a failure.
[ 1780.830613][  T671] name failslab, interval 1, probability 0, space 0, times 0
[ 1780.874452][  T671] CPU: 1 UID: 0 PID: 671 Comm: syz.2.10325 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1780.874483][  T671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1780.874498][  T671] Call Trace:
[ 1780.874507][  T671]  <TASK>
[ 1780.874517][  T671]  dump_stack_lvl+0x189/0x250
[ 1780.874550][  T671]  ? __pfx____ratelimit+0x10/0x10
[ 1780.874577][  T671]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1780.874606][  T671]  ? __pfx__printk+0x10/0x10
[ 1780.874641][  T671]  ? __pfx___might_resched+0x10/0x10
[ 1780.874666][  T671]  ? fs_reclaim_acquire+0x7d/0x100
[ 1780.874694][  T671]  should_fail_ex+0x414/0x560
[ 1780.874730][  T671]  should_failslab+0xa8/0x100
[ 1780.874752][  T671]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 1780.874782][  T671]  ? __d_alloc+0x36/0x7a0
[ 1780.874807][  T671]  ? kasan_save_track+0x3e/0x80
[ 1780.874838][  T671]  __d_alloc+0x36/0x7a0
[ 1780.874861][  T671]  ? do_filp_open+0x1fa/0x410
[ 1780.874889][  T671]  ? do_sys_openat2+0x121/0x1c0
[ 1780.874913][  T671]  ? __x64_sys_open+0x11e/0x150
[ 1780.874943][  T671]  d_alloc_parallel+0xe5/0x15e0
[ 1780.874989][  T671]  ? __lock_acquire+0xab9/0xd20
[ 1780.875018][  T671]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 1780.875053][  T671]  ? __raw_spin_lock_init+0x45/0x100
[ 1780.875086][  T671]  ? __init_waitqueue_head+0xa9/0x150
[ 1780.875110][  T671]  __lookup_slow+0x116/0x3d0
[ 1780.875142][  T671]  ? __pfx___lookup_slow+0x10/0x10
[ 1780.875183][  T671]  ? d_lookup+0x8a/0xa0
[ 1780.875211][  T671]  ? lookup_one+0x163/0x280
[ 1780.875242][  T671]  ovl_create_or_link+0x544/0x1440
[ 1780.875289][  T671]  ? __pfx_ovl_create_or_link+0x10/0x10
[ 1780.875318][  T671]  ? __lock_acquire+0xab9/0xd20
[ 1780.875363][  T671]  ? inode_init_owner+0x1ee/0x3a0
[ 1780.875400][  T671]  ovl_create_object+0x234/0x310
[ 1780.875439][  T671]  ? __pfx_ovl_create_object+0x10/0x10
[ 1780.875460][  T671]  ? make_vfsgid+0x49/0xa0
[ 1780.875489][  T671]  ? HAS_UNMAPPED_ID+0x11a/0x180
[ 1780.875518][  T671]  ? inode_permission+0x149/0x470
[ 1780.875542][  T671]  ? __pfx_ovl_permission+0x10/0x10
[ 1780.875568][  T671]  ? bpf_lsm_inode_create+0x9/0x20
[ 1780.875593][  T671]  ? __pfx_ovl_create+0x10/0x10
[ 1780.875614][  T671]  path_openat+0x14f4/0x3830
[ 1780.875640][  T671]  ? arch_stack_walk+0xfc/0x150
[ 1780.875705][  T671]  ? __pfx_path_openat+0x10/0x10
[ 1780.875732][  T671]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1780.875773][  T671]  do_filp_open+0x1fa/0x410
[ 1780.875800][  T671]  ? __lock_acquire+0xab9/0xd20
[ 1780.875824][  T671]  ? __pfx_do_filp_open+0x10/0x10
[ 1780.875880][  T671]  ? _raw_spin_unlock+0x28/0x50
[ 1780.875913][  T671]  ? alloc_fd+0x64c/0x6c0
[ 1780.875946][  T671]  do_sys_openat2+0x121/0x1c0
[ 1780.875989][  T671]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1780.876035][  T671]  ? ksys_write+0x22a/0x250
[ 1780.876057][  T671]  ? __pfx_ksys_write+0x10/0x10
[ 1780.876074][  T671]  ? rcu_is_watching+0x15/0xb0
[ 1780.876106][  T671]  __x64_sys_open+0x11e/0x150
[ 1780.876138][  T671]  do_syscall_64+0xfa/0x3b0
[ 1780.876164][  T671]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1780.876191][  T671]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1780.876211][  T671]  ? clear_bhb_loop+0x60/0xb0
[ 1780.876236][  T671]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1780.876256][  T671] RIP: 0033:0x7ff6b718e929
[ 1780.876276][  T671] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1780.876293][  T671] RSP: 002b:00007ff6b7fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1780.876315][  T671] RAX: ffffffffffffffda RBX: 00007ff6b73b5fa0 RCX: 00007ff6b718e929
[ 1780.876330][  T671] RDX: 0000000000000113 RSI: 0000000000189a7c RDI: 0000200000000180
[ 1780.876344][  T671] RBP: 00007ff6b7fb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1780.876357][  T671] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1780.876369][  T671] R13: 0000000000000000 R14: 00007ff6b73b5fa0 R15: 00007ffd14bb8858
[ 1780.876402][  T671]  </TASK>
[ 1781.439445][ T5852] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1781.597790][ T5852] usb 6-1: Using ep0 maxpacket: 16
[ 1781.604882][ T5852] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1781.618176][ T5852] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1781.627280][ T5852] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1781.635378][ T5852] usb 6-1: Product: syz
[ 1781.639687][ T5852] usb 6-1: Manufacturer: syz
[ 1781.644315][ T5852] usb 6-1: SerialNumber: syz
[ 1781.652483][ T5852] usb 6-1: config 0 descriptor??
[ 1781.664668][ T5852] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1781.687809][ T5852] em28xx 6-1:0.0: DVB interface 0 found: bulk
[ 1782.263875][ T5852] em28xx 6-1:0.0: chip ID is em2800
[ 1782.300980][  T697] FAULT_INJECTION: forcing a failure.
[ 1782.300980][  T697] name failslab, interval 1, probability 0, space 0, times 0
[ 1782.357890][  T697] CPU: 0 UID: 0 PID: 697 Comm: syz.2.10331 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1782.357922][  T697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1782.357937][  T697] Call Trace:
[ 1782.357945][  T697]  <TASK>
[ 1782.357955][  T697]  dump_stack_lvl+0x189/0x250
[ 1782.357991][  T697]  ? __pfx____ratelimit+0x10/0x10
[ 1782.358019][  T697]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1782.358049][  T697]  ? __pfx__printk+0x10/0x10
[ 1782.358081][  T697]  ? __pfx___might_resched+0x10/0x10
[ 1782.358107][  T697]  ? fs_reclaim_acquire+0x7d/0x100
[ 1782.358133][  T697]  should_fail_ex+0x414/0x560
[ 1782.358169][  T697]  should_failslab+0xa8/0x100
[ 1782.358191][  T697]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1782.358223][  T697]  ? dup_task_struct+0x52/0x860
[ 1782.358263][  T697]  dup_task_struct+0x52/0x860
[ 1782.358291][  T697]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1782.358322][  T697]  copy_process+0x544/0x3b80
[ 1782.358383][  T697]  ? __pfx_copy_process+0x10/0x10
[ 1782.358424][  T697]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[ 1782.358457][  T697]  vhost_task_create+0x1c4/0x290
[ 1782.358490][  T697]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[ 1782.358524][  T697]  ? __pfx_vhost_task_create+0x10/0x10
[ 1782.358564][  T697]  ? __pfx_vhost_task_fn+0x10/0x10
[ 1782.358607][  T697]  ? kasan_save_track+0x4f/0x80
[ 1782.358634][  T697]  ? kasan_save_track+0x3e/0x80
[ 1782.358669][  T697]  kvm_mmu_post_init_vm+0x147/0x2b0
[ 1782.358696][  T697]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[ 1782.358738][  T697]  ? __mutex_trylock_common+0x153/0x260
[ 1782.358771][  T697]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1782.358809][  T697]  ? rcu_is_watching+0x15/0xb0
[ 1782.358836][  T697]  ? look_up_lock_class+0x74/0x170
[ 1782.358866][  T697]  ? register_lock_class+0x51/0x320
[ 1782.358909][  T697]  ? __lock_acquire+0xab9/0xd20
[ 1782.358964][  T697]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1782.359001][  T697]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1782.359028][  T697]  ? __lock_acquire+0xab9/0xd20
[ 1782.359073][  T697]  ? __fget_files+0x2a/0x420
[ 1782.359101][  T697]  ? __fget_files+0x2a/0x420
[ 1782.359123][  T697]  ? __fget_files+0x3a0/0x420
[ 1782.359146][  T697]  ? __fget_files+0x2a/0x420
[ 1782.359173][  T697]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1782.359201][  T697]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1782.359230][  T697]  __se_sys_ioctl+0xfc/0x170
[ 1782.359270][  T697]  do_syscall_64+0xfa/0x3b0
[ 1782.359299][  T697]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1782.359318][  T697]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1782.359338][  T697]  ? clear_bhb_loop+0x60/0xb0
[ 1782.359363][  T697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1782.359382][  T697] RIP: 0033:0x7ff6b718e929
[ 1782.359401][  T697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1782.359419][  T697] RSP: 002b:00007ff6b7f93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1782.359440][  T697] RAX: ffffffffffffffda RBX: 00007ff6b73b6080 RCX: 00007ff6b718e929
[ 1782.359456][  T697] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 1782.359468][  T697] RBP: 00007ff6b7f93090 R08: 0000000000000000 R09: 0000000000000000
[ 1782.359481][  T697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1782.359493][  T697] R13: 0000000000000000 R14: 00007ff6b73b6080 R15: 00007ffd14bb8858
[ 1782.359526][  T697]  </TASK>
[ 1782.724278][  T668] netlink: 'syz.5.10324': attribute type 1 has an invalid length.
[ 1782.736868][  T668] netlink: 224 bytes leftover after parsing attributes in process `syz.5.10324'.
[ 1782.831750][ T5852] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1782.848705][ T5852] em28xx 6-1:0.0: board has no eeprom
[ 1782.957784][ T5852] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1782.983201][ T5852] em28xx 6-1:0.0: dvb set to bulk mode.
[ 1783.033326][   T44] em28xx 6-1:0.0: Binding DVB extension
[ 1783.076549][ T5852] usb 6-1: USB disconnect, device number 32
[ 1783.121043][ T5852] em28xx 6-1:0.0: Disconnecting em28xx
[ 1783.174805][  T712] mkiss: ax0: crc mode is auto.
[ 1783.219066][   T44] em28xx 6-1:0.0: Registering input extension
[ 1783.242822][ T5852] em28xx 6-1:0.0: Closing input extension
[ 1783.300883][ T5852] em28xx 6-1:0.0: Freeing device
[ 1783.506659][  T723] fuse: Bad value for 'fd'
[ 1783.533239][  T723] Can't find a SQUASHFS superblock on rnullb0
[ 1783.542101][  T725] nbd: must specify at least one socket
[ 1784.123292][  T762] netlink: 'syz.1.10346': attribute type 1 has an invalid length.
[ 1784.137511][   T30] kauditd_printk_skb: 45 callbacks suppressed
[ 1784.137532][   T30] audit: type=1800 audit(1752161372.483:435): pid=757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.10347" name="bus" dev="overlay" ino=818 res=0 errno=0
[ 1784.168832][  T762] netlink: 224 bytes leftover after parsing attributes in process `syz.1.10346'.
[ 1784.333064][  T767] FAULT_INJECTION: forcing a failure.
[ 1784.333064][  T767] name failslab, interval 1, probability 0, space 0, times 0
[ 1784.345985][  T767] CPU: 1 UID: 0 PID: 767 Comm: syz.5.10349 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1784.346014][  T767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1784.346027][  T767] Call Trace:
[ 1784.346036][  T767]  <TASK>
[ 1784.346046][  T767]  dump_stack_lvl+0x189/0x250
[ 1784.346080][  T767]  ? __pfx____ratelimit+0x10/0x10
[ 1784.346107][  T767]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1784.346135][  T767]  ? __pfx__printk+0x10/0x10
[ 1784.346166][  T767]  ? __pfx___might_resched+0x10/0x10
[ 1784.346192][  T767]  ? fs_reclaim_acquire+0x7d/0x100
[ 1784.346218][  T767]  should_fail_ex+0x414/0x560
[ 1784.346255][  T767]  should_failslab+0xa8/0x100
[ 1784.346276][  T767]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[ 1784.346308][  T767]  ? ovl_lookup+0x52d/0x1bc0
[ 1784.346344][  T767]  kstrdup+0x42/0x100
[ 1784.346370][  T767]  ovl_lookup+0x52d/0x1bc0
[ 1784.346401][  T767]  ? security_capable+0x7e/0x2e0
[ 1784.346433][  T767]  ? capable_wrt_inode_uidgid+0x1e7/0x290
[ 1784.346465][  T767]  ? generic_permission+0x359/0x690
[ 1784.346524][  T767]  ? __pfx_ovl_lookup+0x10/0x10
[ 1784.346552][  T767]  ? ovl_permission+0x182/0x2c0
[ 1784.346583][  T767]  ? __pfx_ovl_permission+0x10/0x10
[ 1784.346609][  T767]  ? from_kgid+0x1b0/0x650
[ 1784.346629][  T767]  ? make_vfsgid+0x49/0xa0
[ 1784.346659][  T767]  ? HAS_UNMAPPED_ID+0x11a/0x180
[ 1784.346689][  T767]  ? inode_permission+0x149/0x470
[ 1784.346713][  T767]  ? __pfx_ovl_permission+0x10/0x10
[ 1784.346740][  T767]  ? bpf_lsm_inode_create+0x9/0x20
[ 1784.346768][  T767]  path_openat+0x1101/0x3830
[ 1784.346797][  T767]  ? arch_stack_walk+0xfc/0x150
[ 1784.346873][  T767]  ? __pfx_path_openat+0x10/0x10
[ 1784.346902][  T767]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1784.346950][  T767]  do_filp_open+0x1fa/0x410
[ 1784.346980][  T767]  ? __lock_acquire+0xab9/0xd20
[ 1784.347007][  T767]  ? __pfx_do_filp_open+0x10/0x10
[ 1784.347064][  T767]  ? _raw_spin_unlock+0x28/0x50
[ 1784.347089][  T767]  ? alloc_fd+0x64c/0x6c0
[ 1784.347126][  T767]  do_sys_openat2+0x121/0x1c0
[ 1784.347159][  T767]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1784.347189][  T767]  ? ksys_write+0x22a/0x250
[ 1784.347212][  T767]  ? __pfx_ksys_write+0x10/0x10
[ 1784.347229][  T767]  ? rcu_is_watching+0x15/0xb0
[ 1784.347261][  T767]  __x64_sys_open+0x11e/0x150
[ 1784.347293][  T767]  do_syscall_64+0xfa/0x3b0
[ 1784.347321][  T767]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1784.347348][  T767]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1784.347368][  T767]  ? clear_bhb_loop+0x60/0xb0
[ 1784.347393][  T767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1784.347412][  T767] RIP: 0033:0x7fef77b8e929
[ 1784.347431][  T767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1784.347450][  T767] RSP: 002b:00007fef789c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1784.347472][  T767] RAX: ffffffffffffffda RBX: 00007fef77db5fa0 RCX: 00007fef77b8e929
[ 1784.347487][  T767] RDX: 0000000000000000 RSI: 0000000000066843 RDI: 00002000000005c0
[ 1784.347502][  T767] RBP: 00007fef789c4090 R08: 0000000000000000 R09: 0000000000000000
[ 1784.347515][  T767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1784.347528][  T767] R13: 0000000000000000 R14: 00007fef77db5fa0 R15: 00007fffbca2dd48
[ 1784.347562][  T767]  </TASK>
[ 1785.015574][  T783] FAULT_INJECTION: forcing a failure.
[ 1785.015574][  T783] name failslab, interval 1, probability 0, space 0, times 0
[ 1785.035930][  T783] CPU: 0 UID: 0 PID: 783 Comm: syz.5.10353 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1785.035962][  T783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1785.035976][  T783] Call Trace:
[ 1785.035985][  T783]  <TASK>
[ 1785.036007][  T783]  dump_stack_lvl+0x189/0x250
[ 1785.036042][  T783]  ? __pfx____ratelimit+0x10/0x10
[ 1785.036070][  T783]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1785.036098][  T783]  ? __pfx__printk+0x10/0x10
[ 1785.036135][  T783]  ? __pfx___might_resched+0x10/0x10
[ 1785.036160][  T783]  ? fs_reclaim_acquire+0x7d/0x100
[ 1785.036187][  T783]  should_fail_ex+0x414/0x560
[ 1785.036222][  T783]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[ 1785.036240][  T783]  should_failslab+0xa8/0x100
[ 1785.036262][  T783]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[ 1785.036279][  T783]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[ 1785.036308][  T783]  ? alloc_inode+0x6a/0x1b0
[ 1785.036334][  T783]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[ 1785.036352][  T783]  alloc_inode+0x6a/0x1b0
[ 1785.036377][  T783]  new_inode+0x22/0x170
[ 1785.036406][  T783]  __debugfs_create_file+0x14d/0x4f0
[ 1785.036442][  T783]  debugfs_create_file_full+0x3f/0x60
[ 1785.036477][  T783]  nbd_start_device+0x383/0xb10
[ 1785.036512][  T783]  nbd_ioctl+0x636/0xeb0
[ 1785.036541][  T783]  ? __pfx_nbd_ioctl+0x10/0x10
[ 1785.036574][  T783]  ? blkdev_common_ioctl+0xa6c/0xc40
[ 1785.036601][  T783]  ? __pfx_nbd_ioctl+0x10/0x10
[ 1785.036623][  T783]  blkdev_ioctl+0x5a5/0x6d0
[ 1785.036653][  T783]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1785.036677][  T783]  ? __fget_files+0x2a/0x420
[ 1785.036704][  T783]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1785.036739][  T783]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1785.036765][  T783]  __se_sys_ioctl+0xfc/0x170
[ 1785.036799][  T783]  do_syscall_64+0xfa/0x3b0
[ 1785.036826][  T783]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1785.036853][  T783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1785.036873][  T783]  ? clear_bhb_loop+0x60/0xb0
[ 1785.036902][  T783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1785.036922][  T783] RIP: 0033:0x7fef77b8e929
[ 1785.036939][  T783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1785.036957][  T783] RSP: 002b:00007fef789c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1785.036978][  T783] RAX: ffffffffffffffda RBX: 00007fef77db5fa0 RCX: 00007fef77b8e929
[ 1785.036993][  T783] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
[ 1785.037005][  T783] RBP: 00007fef789c4090 R08: 0000000000000000 R09: 0000000000000000
[ 1785.037018][  T783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1785.037029][  T783] R13: 0000000000000000 R14: 00007fef77db5fa0 R15: 00007fffbca2dd48
[ 1785.037061][  T783]  </TASK>
[ 1785.310065][  T783] debugfs: out of free dentries, can not create file 'tasks'
[ 1785.384408][  T789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1785.408974][  T785] block nbd5: NBD_DISCONNECT
[ 1785.432199][  T789] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1785.432606][  T785] block nbd5: Disconnected due to user request.
[ 1785.452978][  T789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1785.472185][  T785] block nbd5: shutting down sockets
[ 1785.517307][  T789] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1785.607745][ T5921] usb 2-1: new full-speed USB device number 79 using dummy_hcd
[ 1785.707487][   T30] audit: type=1800 audit(1752161374.063:436): pid=798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.10358" name="bus" dev="overlay" ino=853 res=0 errno=0
[ 1785.801957][  T800] binder: 799:800 ioctl c00c620f 200000000200 returned -22
[ 1785.815598][  T805] veth0_to_hsr: entered allmulticast mode
[ 1785.832690][  T802] FAULT_INJECTION: forcing a failure.
[ 1785.832690][  T802] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1785.846271][  T803] veth0_to_hsr: left allmulticast mode
[ 1785.851811][  T802] CPU: 1 UID: 0 PID: 802 Comm: syz.4.10360 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1785.851842][  T802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1785.851855][  T802] Call Trace:
[ 1785.851865][  T802]  <TASK>
[ 1785.851874][  T802]  dump_stack_lvl+0x189/0x250
[ 1785.851909][  T802]  ? __pfx____ratelimit+0x10/0x10
[ 1785.851939][  T802]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1785.851969][  T802]  ? __pfx__printk+0x10/0x10
[ 1785.852004][  T802]  ? fs_reclaim_acquire+0x7d/0x100
[ 1785.852044][  T802]  should_fail_ex+0x414/0x560
[ 1785.852090][  T802]  prepare_alloc_pages+0x213/0x610
[ 1785.852127][  T802]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1785.852160][  T802]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1785.852200][  T802]  ? policy_nodemask+0x27c/0x720
[ 1785.852233][  T802]  ? __lock_acquire+0xab9/0xd20
[ 1785.852268][  T802]  alloc_pages_mpol+0x232/0x4a0
[ 1785.852310][  T802]  vma_alloc_folio_noprof+0xe4/0x200
[ 1785.852334][  T802]  ? page_table_check_set+0x18d/0x730
[ 1785.852359][  T802]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1785.852397][  T802]  folio_prealloc+0x30/0x180
[ 1785.852423][  T802]  __handle_mm_fault+0x2ab9/0x5440
[ 1785.852477][  T802]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1785.852532][  T802]  ? follow_page_pte+0x7ef/0x13e0
[ 1785.852577][  T802]  handle_mm_fault+0x40a/0x8e0
[ 1785.852624][  T802]  __get_user_pages+0x1699/0x2ce0
[ 1785.852653][  T802]  ? __lock_acquire+0xab9/0xd20
[ 1785.852737][  T802]  get_user_pages_unlocked+0x1e3/0x720
[ 1785.852785][  T802]  hva_to_pfn+0x313/0xc90
[ 1785.852832][  T802]  ? __pfx_hva_to_pfn+0x10/0x10
[ 1785.852873][  T802]  ? xas_start+0x390/0x770
[ 1785.852906][  T802]  ? xa_load+0x60/0x210
[ 1785.852948][  T802]  ? kvm_follow_pfn+0x21a/0x3c0
[ 1785.852985][  T802]  __kvm_faultin_pfn+0xaa/0x100
[ 1785.853028][  T802]  kvm_mmu_faultin_pfn+0x765/0x1d10
[ 1785.853081][  T802]  ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10
[ 1785.853113][  T802]  ? __pfx_fast_page_fault+0x10/0x10
[ 1785.853142][  T802]  ? __kvm_mmu_topup_memory_cache+0x31a/0x610
[ 1785.853188][  T802]  kvm_tdp_page_fault+0x273/0x370
[ 1785.853226][  T802]  kvm_mmu_do_page_fault+0x2c5/0x640
[ 1785.853269][  T802]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[ 1785.853322][  T802]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[ 1785.853352][  T802]  ? kvm_multiple_exception+0x69a/0xc00
[ 1785.853388][  T802]  kvm_mmu_page_fault+0x22f/0xb70
[ 1785.853431][  T802]  ? __pfx_handle_ept_violation+0x10/0x10
[ 1785.853455][  T802]  vmx_handle_exit+0x1090/0x18a0
[ 1785.853488][  T802]  ? vcpu_run+0x35f2/0x6fa0
[ 1785.853543][  T802]  vcpu_run+0x434f/0x6fa0
[ 1785.853603][  T802]  ? vcpu_run+0x35f2/0x6fa0
[ 1785.853705][  T802]  ? __pfx_vcpu_run+0x10/0x10
[ 1785.853749][  T802]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1785.853794][  T802]  ? rcu_is_watching+0x15/0xb0
[ 1785.853831][  T802]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[ 1785.853880][  T802]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[ 1785.853917][  T802]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[ 1785.853958][  T802]  ? rcu_is_watching+0x15/0xb0
[ 1785.853988][  T802]  ? trace_contention_end+0x39/0x120
[ 1785.854022][  T802]  ? __mutex_lock+0x330/0xe80
[ 1785.854058][  T802]  ? kasan_quarantine_put+0xdd/0x220
[ 1785.854097][  T802]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1785.854134][  T802]  ? __pfx___mutex_lock+0x10/0x10
[ 1785.854168][  T802]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1785.854205][  T802]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1785.854246][  T802]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1785.854286][  T802]  kvm_vcpu_ioctl+0x95c/0xe90
[ 1785.854329][  T802]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1785.854359][  T802]  ? __lock_acquire+0xab9/0xd20
[ 1785.854412][  T802]  ? __fget_files+0x2a/0x420
[ 1785.854444][  T802]  ? __fget_files+0x2a/0x420
[ 1785.854471][  T802]  ? __fget_files+0x3a0/0x420
[ 1785.854496][  T802]  ? __fget_files+0x2a/0x420
[ 1785.854527][  T802]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1785.854560][  T802]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1785.854594][  T802]  __se_sys_ioctl+0xfc/0x170
[ 1785.854632][  T802]  do_syscall_64+0xfa/0x3b0
[ 1785.854663][  T802]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1785.854702][  T802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1785.854724][  T802]  ? clear_bhb_loop+0x60/0xb0
[ 1785.854753][  T802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1785.854776][  T802] RIP: 0033:0x7fe3f0f8e929
[ 1785.854797][  T802] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1785.854819][  T802] RSP: 002b:00007fe3f1d69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1785.854844][  T802] RAX: ffffffffffffffda RBX: 00007fe3f11b5fa0 RCX: 00007fe3f0f8e929
[ 1785.854863][  T802] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1785.854877][  T802] RBP: 00007fe3f1d69090 R08: 0000000000000000 R09: 0000000000000000
[ 1785.854893][  T802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1785.854908][  T802] R13: 0000000000000000 R14: 00007fe3f11b5fa0 R15: 00007ffdb9cefaf8
[ 1785.854946][  T802]  </TASK>
[ 1786.340195][  T809] FAULT_INJECTION: forcing a failure.
[ 1786.340195][  T809] name failslab, interval 1, probability 0, space 0, times 0
[ 1786.356008][  T809] CPU: 1 UID: 0 PID: 809 Comm: syz.1.10363 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1786.356037][  T809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1786.356050][  T809] Call Trace:
[ 1786.356059][  T809]  <TASK>
[ 1786.356069][  T809]  dump_stack_lvl+0x189/0x250
[ 1786.356103][  T809]  ? __pfx____ratelimit+0x10/0x10
[ 1786.356131][  T809]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1786.356160][  T809]  ? __pfx__printk+0x10/0x10
[ 1786.356195][  T809]  ? __pfx___might_resched+0x10/0x10
[ 1786.356227][  T809]  should_fail_ex+0x414/0x560
[ 1786.356264][  T809]  should_failslab+0xa8/0x100
[ 1786.356287][  T809]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1786.356319][  T809]  ? __alloc_skb+0x112/0x2d0
[ 1786.356352][  T809]  __alloc_skb+0x112/0x2d0
[ 1786.356385][  T809]  netlink_dump+0x1ab/0xe90
[ 1786.356425][  T809]  ? __pfx_netlink_dump+0x10/0x10
[ 1786.356467][  T809]  ? kmem_cache_free+0x18f/0x400
[ 1786.356502][  T809]  netlink_recvmsg+0x676/0xa30
[ 1786.356541][  T809]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1786.356573][  T809]  ? __lock_acquire+0xab9/0xd20
[ 1786.356595][  T809]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1786.356640][  T809]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1786.356667][  T809]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1786.356696][  T809]  sock_recvmsg_nosec+0x186/0x1c0
[ 1786.356726][  T809]  ____sys_recvmsg+0x3aa/0x460
[ 1786.356756][  T809]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1786.356794][  T809]  ? import_iovec+0x74/0xa0
[ 1786.356828][  T809]  ___sys_recvmsg+0x1b5/0x510
[ 1786.356855][  T809]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1786.356909][  T809]  ? __might_fault+0xb0/0x130
[ 1786.356942][  T809]  do_recvmmsg+0x307/0x770
[ 1786.356971][  T809]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1786.357004][  T809]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1786.357070][  T809]  __x64_sys_recvmmsg+0x190/0x240
[ 1786.357095][  T809]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1786.357114][  T809]  ? rcu_is_watching+0x15/0xb0
[ 1786.357146][  T809]  ? do_syscall_64+0xbe/0x3b0
[ 1786.357178][  T809]  do_syscall_64+0xfa/0x3b0
[ 1786.357206][  T809]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1786.357233][  T809]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1786.357254][  T809]  ? clear_bhb_loop+0x60/0xb0
[ 1786.357280][  T809]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1786.357300][  T809] RIP: 0033:0x7fcbf698e929
[ 1786.357319][  T809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1786.357337][  T809] RSP: 002b:00007fcbf7823038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1786.357359][  T809] RAX: ffffffffffffffda RBX: 00007fcbf6bb6080 RCX: 00007fcbf698e929
[ 1786.357374][  T809] RDX: 0000000000000008 RSI: 0000200000002c00 RDI: 0000000000000003
[ 1786.357388][  T809] RBP: 00007fcbf7823090 R08: 0000000000000000 R09: 0000000000000000
[ 1786.357401][  T809] R10: 0000000040010020 R11: 0000000000000246 R12: 0000000000000001
[ 1786.357414][  T809] R13: 0000000000000001 R14: 00007fcbf6bb6080 R15: 00007fff53c3de58
[ 1786.357448][  T809]  </TASK>
[ 1786.838781][  T821] program syz.4.10367 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1786.990645][  T828] FAULT_INJECTION: forcing a failure.
[ 1786.990645][  T828] name failslab, interval 1, probability 0, space 0, times 0
[ 1787.026876][  T828] CPU: 0 UID: 0 PID: 828 Comm: syz.5.10371 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1787.026908][  T828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1787.026922][  T828] Call Trace:
[ 1787.026931][  T828]  <TASK>
[ 1787.026941][  T828]  dump_stack_lvl+0x189/0x250
[ 1787.026975][  T828]  ? __pfx____ratelimit+0x10/0x10
[ 1787.027009][  T828]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1787.027038][  T828]  ? __pfx__printk+0x10/0x10
[ 1787.027074][  T828]  ? __pfx___might_resched+0x10/0x10
[ 1787.027117][  T828]  should_fail_ex+0x414/0x560
[ 1787.027154][  T828]  should_failslab+0xa8/0x100
[ 1787.027176][  T828]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1787.027208][  T828]  ? __alloc_skb+0x112/0x2d0
[ 1787.027240][  T828]  __alloc_skb+0x112/0x2d0
[ 1787.027273][  T828]  netlink_sendmsg+0x5c6/0xb30
[ 1787.027311][  T828]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1787.027341][  T828]  ? __lock_acquire+0xab9/0xd20
[ 1787.027363][  T828]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1787.027396][  T828]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1787.027438][  T828]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1787.027467][  T828]  __sock_sendmsg+0x219/0x270
[ 1787.027496][  T828]  sock_write_iter+0x258/0x330
[ 1787.027524][  T828]  ? __pfx_sock_write_iter+0x10/0x10
[ 1787.027559][  T828]  ? bpf_lsm_file_permission+0x9/0x20
[ 1787.027584][  T828]  ? security_file_permission+0x75/0x290
[ 1787.027620][  T828]  vfs_write+0x54b/0xa90
[ 1787.027652][  T828]  ? __pfx_sock_write_iter+0x10/0x10
[ 1787.027676][  T828]  ? __pfx_vfs_write+0x10/0x10
[ 1787.027709][  T828]  ? __fget_files+0x2a/0x420
[ 1787.027743][  T828]  ksys_write+0x145/0x250
[ 1787.027768][  T828]  ? __pfx_ksys_write+0x10/0x10
[ 1787.027810][  T828]  ? rcu_is_watching+0x15/0xb0
[ 1787.027842][  T828]  ? do_syscall_64+0xbe/0x3b0
[ 1787.027875][  T828]  do_syscall_64+0xfa/0x3b0
[ 1787.027902][  T828]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1787.027929][  T828]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1787.027949][  T828]  ? clear_bhb_loop+0x60/0xb0
[ 1787.027974][  T828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1787.027994][  T828] RIP: 0033:0x7fef77b8e929
[ 1787.028014][  T828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1787.028033][  T828] RSP: 002b:00007fef789c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1787.028055][  T828] RAX: ffffffffffffffda RBX: 00007fef77db5fa0 RCX: 00007fef77b8e929
[ 1787.028071][  T828] RDX: 0000000000000002 RSI: 0000200000000000 RDI: 0000000000000004
[ 1787.028084][  T828] RBP: 00007fef789c4090 R08: 0000000000000000 R09: 0000000000000000
[ 1787.028097][  T828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1787.028110][  T828] R13: 0000000000000000 R14: 00007fef77db5fa0 R15: 00007fffbca2dd48
[ 1787.028142][  T828]  </TASK>
[ 1787.423847][  T834] NILFS (rnullb0): couldn't find nilfs on the device
[ 1787.496950][ T5921] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[ 1787.512200][  T836] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10374'.
[ 1787.585566][  T840] dlm: non-version read from control device 2
[ 1787.648982][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1787.660224][ T5921] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1787.671315][ T5921] usb 2-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00
[ 1787.680753][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1787.692952][ T5921] usb 2-1: config 0 descriptor??
[ 1787.776913][ T5941] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1787.903110][  T819] netlink: 'syz.1.10366': attribute type 32 has an invalid length.
[ 1787.942891][ T5941] usb 5-1: Using ep0 maxpacket: 32
[ 1787.951127][ T5941] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[ 1787.957680][  T844] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10377'.
[ 1787.964861][ T5941] usb 5-1: config 0 has no interface number 0
[ 1787.975690][ T5941] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1787.986043][  T844] netlink: 60 bytes leftover after parsing attributes in process `syz.2.10377'.
[ 1788.024002][ T5941] usb 5-1: config 0 interface 85 has no altsetting 0
[ 1788.050280][ T5941] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1788.061109][ T5941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1788.070064][ T5941] usb 5-1: Product: syz
[ 1788.074276][ T5941] usb 5-1: Manufacturer: syz
[ 1788.079388][ T5941] usb 5-1: SerialNumber: syz
[ 1788.096962][ T5941] usb 5-1: config 0 descriptor??
[ 1788.128143][ T5921] uclogic 0003:5543:0005.0046: unknown main item tag 0x0
[ 1788.135307][ T5921] uclogic 0003:5543:0005.0046: unknown main item tag 0x0
[ 1788.156724][ T5921] uclogic 0003:5543:0005.0046: unknown main item tag 0x0
[ 1788.163865][ T5921] uclogic 0003:5543:0005.0046: unknown main item tag 0x0
[ 1788.171663][ T5921] uclogic 0003:5543:0005.0046: unknown main item tag 0x0
[ 1788.179757][ T5921] uclogic 0003:5543:0005.0046: unknown main item tag 0x0
[ 1788.186953][ T5921] uclogic 0003:5543:0005.0046: unknown main item tag 0x0
[ 1788.197589][ T5921] uclogic 0003:5543:0005.0046: hidraw0: USB HID v0.00 Device [HID 5543:0005] on usb-dummy_hcd.1-1/input0
[ 1788.305005][ T5941] appletouch 5-1:0.85: Failed to read mode from device.
[ 1788.320148][  T819] exFAT-fs (rnullb0): invalid boot record signature
[ 1788.329880][ T5941] appletouch 5-1:0.85: probe with driver appletouch failed with error -5
[ 1788.330148][  T819] exFAT-fs (rnullb0): failed to read boot sector
[ 1788.354435][  T819] exFAT-fs (rnullb0): failed to recognize exfat type
[ 1788.370248][ T5921] usb 2-1: USB disconnect, device number 80
[ 1788.433151][  T856] netlink: 'syz.2.10380': attribute type 2 has an invalid length.
[ 1788.589383][ T5941] usb 5-1: USB disconnect, device number 70
[ 1788.591512][  T863] overlayfs: workdir and upperdir must be separate subtrees
[ 1788.625879][  T863] netlink: 'syz.2.10382': attribute type 1 has an invalid length.
[ 1788.634324][  T863] netlink: 'syz.2.10382': attribute type 101 has an invalid length.
[ 1788.647108][  T863] netlink: 564 bytes leftover after parsing attributes in process `syz.2.10382'.
[ 1788.733478][  T867] /dev/rnullb0: Can't open blockdev
[ 1788.796640][T31989] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1788.946602][T31989] usb 6-1: Using ep0 maxpacket: 32
[ 1788.961076][T31989] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[ 1788.976915][T31989] usb 6-1: config 0 has no interface number 0
[ 1788.989065][T31989] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1789.016659][T31989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1789.036642][T31989] usb 6-1: Product: syz
[ 1789.040987][T31989] usb 6-1: Manufacturer: syz
[ 1789.045629][T31989] usb 6-1: SerialNumber: syz
[ 1789.074152][T31989] usb 6-1: config 0 descriptor??
[ 1789.099584][T31989] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1789.318155][T31989] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1789.341257][T31989] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1789.486697][T25464] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1789.656541][T25464] usb 5-1: Using ep0 maxpacket: 16
[ 1789.663619][T25464] usb 5-1: config 1 has an invalid interface number: 214 but max is 0
[ 1789.672022][T25464] usb 5-1: config 1 has no interface number 0
[ 1789.679918][T25464] usb 5-1: config 1 interface 214 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[ 1789.690518][T25464] usb 5-1: config 1 interface 214 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64
[ 1789.700744][T25464] usb 5-1: config 1 interface 214 has no altsetting 0
[ 1789.710990][T25464] usb 5-1: New USB device found, idVendor=47b4, idProduct=010a, bcdDevice= 1.02
[ 1789.727589][T25464] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1789.736873][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1789.745967][ T5921] usb 6-1: USB disconnect, device number 33
[ 1789.757779][T25464] usb 5-1: Product: syz
[ 1789.762009][T25464] usb 5-1: Manufacturer: syz
[ 1789.767897][ T5921] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1789.779361][T25464] usb 5-1: SerialNumber: syz
[ 1789.790568][  T886] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1789.800161][  T886] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[ 1789.806854][ T5941] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[ 1789.833235][ T5921] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1789.849602][ T5921] quatech2 6-1:0.51: device disconnected
[ 1789.969206][ T5941] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD6, changing to 0x86
[ 1789.980883][ T5941] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1789.994209][ T5941] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[ 1790.003363][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1790.011497][ T5941] usb 2-1: Product: syz
[ 1790.015891][ T5941] usb 2-1: Manufacturer: syz
[ 1790.021860][ T5941] usb 2-1: SerialNumber: syz
[ 1790.039524][ T5941] usb 2-1: config 0 descriptor??
[ 1790.082973][  T897] netlink: 48 bytes leftover after parsing attributes in process `syz.4.10387'.
[ 1790.144576][ T5852] usb 5-1: USB disconnect, device number 71
[ 1790.254626][ T5941] powermate: unknown product id 0240
[ 1790.274478][ T5941] powermate: Expected payload of 3--6 bytes, found 255 bytes!
[ 1790.304285][ T5941] input: Griffin SoundKnob as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input160
[ 1790.329492][  T900] exFAT-fs (rnullb0): invalid boot record signature
[ 1790.340426][    C1] powermate: config urb returned -71
[ 1790.340442][  T900] exFAT-fs (rnullb0): failed to read boot sector
[ 1790.340456][  T900] exFAT-fs (rnullb0): failed to recognize exfat type
[ 1790.346377][    C1] powermate: config urb returned -71
[ 1790.366130][    C1] powermate: config urb returned -71
[ 1790.373889][    C1] powermate: config urb returned -71
[ 1790.396163][ T5941] usb 2-1: USB disconnect, device number 81
[ 1790.402235][    C1] powermate 2-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[ 1792.226245][ T5941] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1792.341702][  T972] FAULT_INJECTION: forcing a failure.
[ 1792.341702][  T972] name failslab, interval 1, probability 0, space 0, times 0
[ 1792.359092][  T972] CPU: 1 UID: 0 PID: 972 Comm: syz.1.10405 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1792.359124][  T972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1792.359141][  T972] Call Trace:
[ 1792.359150][  T972]  <TASK>
[ 1792.359159][  T972]  dump_stack_lvl+0x189/0x250
[ 1792.359202][  T972]  ? __pfx____ratelimit+0x10/0x10
[ 1792.359231][  T972]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1792.359262][  T972]  ? __pfx__printk+0x10/0x10
[ 1792.359297][  T972]  ? __pfx___might_resched+0x10/0x10
[ 1792.359330][  T972]  should_fail_ex+0x414/0x560
[ 1792.359369][  T972]  should_failslab+0xa8/0x100
[ 1792.359392][  T972]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1792.359424][  T972]  ? __alloc_skb+0x112/0x2d0
[ 1792.359458][  T972]  __alloc_skb+0x112/0x2d0
[ 1792.359492][  T972]  netlink_dump+0x1ab/0xe90
[ 1792.359533][  T972]  ? __pfx_netlink_dump+0x10/0x10
[ 1792.359575][  T972]  ? kmem_cache_free+0x18f/0x400
[ 1792.359610][  T972]  netlink_recvmsg+0x676/0xa30
[ 1792.359649][  T972]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1792.359682][  T972]  ? __lock_acquire+0xab9/0xd20
[ 1792.359704][  T972]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1792.359738][  T972]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1792.359765][  T972]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1792.359795][  T972]  sock_recvmsg_nosec+0x186/0x1c0
[ 1792.359825][  T972]  ____sys_recvmsg+0x3aa/0x460
[ 1792.359856][  T972]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1792.359895][  T972]  ? import_iovec+0x74/0xa0
[ 1792.359928][  T972]  ___sys_recvmsg+0x1b5/0x510
[ 1792.359955][  T972]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1792.360009][  T972]  ? __might_fault+0xb0/0x130
[ 1792.360042][  T972]  do_recvmmsg+0x307/0x770
[ 1792.360071][  T972]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1792.360106][  T972]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1792.360155][  T972]  __x64_sys_recvmmsg+0x190/0x240
[ 1792.360180][  T972]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1792.360213][  T972]  ? rcu_is_watching+0x15/0xb0
[ 1792.360246][  T972]  ? do_syscall_64+0xbe/0x3b0
[ 1792.360277][  T972]  do_syscall_64+0xfa/0x3b0
[ 1792.360302][  T972]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1792.360326][  T972]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1792.360347][  T972]  ? clear_bhb_loop+0x60/0xb0
[ 1792.360373][  T972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1792.360393][  T972] RIP: 0033:0x7fcbf698e929
[ 1792.360413][  T972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1792.360431][  T972] RSP: 002b:00007fcbf7844038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1792.360453][  T972] RAX: ffffffffffffffda RBX: 00007fcbf6bb5fa0 RCX: 00007fcbf698e929
[ 1792.360467][  T972] RDX: 0000000000000004 RSI: 0000200000000940 RDI: 0000000000000003
[ 1792.360481][  T972] RBP: 00007fcbf7844090 R08: 0000000000000000 R09: 0000000000000000
[ 1792.360493][  T972] R10: 0000000000000020 R11: 0000000000000246 R12: 0000000000000001
[ 1792.360505][  T972] R13: 0000000000000000 R14: 00007fcbf6bb5fa0 R15: 00007fff53c3de58
[ 1792.360538][  T972]  </TASK>
[ 1792.673519][ T5941] usb 3-1: Using ep0 maxpacket: 32
[ 1792.683771][ T5941] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 1792.694409][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1792.708736][ T5941] usb 3-1: config 0 descriptor??
[ 1792.727843][ T5941] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[ 1792.786118][T25464] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1792.935983][T25464] usb 5-1: Using ep0 maxpacket: 8
[ 1792.947809][T25464] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1792.965948][T25464] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1792.976023][T25464] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1792.985986][T25464] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1792.996523][T25464] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1793.009723][T25464] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1793.018866][T25464] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1793.254310][T25464] usb 5-1: usb_control_msg returned -32
[ 1793.276531][T25464] usbtmc 5-1:16.0: can't read capabilities
[ 1793.609571][  T994] usbtmc 5-1:16.0: stb usb_control_msg returned -32
[ 1793.635354][  T974] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[ 1793.643268][  T974] UDF-fs: Scanning with blocksize 4096 failed
[ 1793.651987][ T5852] usb 5-1: USB disconnect, device number 72
[ 1794.281191][ T1002] netlink: 24 bytes leftover after parsing attributes in process `syz.5.10419'.
[ 1794.440472][ T5941] gspca_vc032x: reg_w err -110
[ 1794.445404][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.465375][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.495619][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.525756][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.531121][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.566146][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.572300][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.587068][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.605223][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.620281][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.641985][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.653422][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.665207][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.678083][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.689205][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.718849][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.735782][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.765826][ T5941] gspca_vc032x: I2c Bus Busy Wait 00
[ 1794.781796][ T5941] gspca_vc032x: Unknown sensor...
[ 1794.791965][ T5941] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[ 1794.820361][ T5941] usb 3-1: USB disconnect, device number 57
[ 1795.233363][ T1044] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1795.310144][ T1048] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[ 1795.336820][ T1048] VFS: Can't find a romfs filesystem on dev rnullb0.
[ 1795.336820][ T1048] 
[ 1795.928586][ T5921] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1796.085645][ T5921] usb 3-1: Using ep0 maxpacket: 16
[ 1796.103667][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1796.126152][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 1796.126180][T21375] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1796.161945][ T5921] usb 3-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[ 1796.300897][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1796.312362][ T5921] usb 3-1: config 0 descriptor??
[ 1796.344583][ T5921] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1796.347433][T21375] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[ 1796.390858][T21375] usb 6-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1796.440073][T21375] usb 6-1: config 2 interface 0 has no altsetting 0
[ 1796.460511][T21375] usb 6-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[ 1796.475600][T21375] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1796.494046][T21375] usb 6-1: Product: syz
[ 1796.504813][T21375] usb 6-1: Manufacturer: syz
[ 1796.514404][T21375] usb 6-1: SerialNumber: syz
[ 1796.557886][ T1069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1796.567502][ T1069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1796.585391][ T1069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1796.616359][ T1069] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1796.633078][ T1069] loop3: detected capacity change from 0 to 1
[ 1796.652958][T32285] Dev loop3: unable to read RDB block 1
[ 1796.658988][T32285]  loop3: unable to read partition table
[ 1796.664912][T32285] loop3: partition table beyond EOD, truncated
[ 1796.677073][ T1069] Dev loop3: unable to read RDB block 1
[ 1796.695388][ T1069]  loop3: unable to read partition table
[ 1796.702308][ T1069] loop3: partition table beyond EOD, truncated
[ 1796.717850][ T1069] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1796.737166][ T1082] ieee802154 phy1 wpan1: encryption failed: -22
[ 1796.757550][ T5921] usb 3-1: USB disconnect, device number 58
[ 1796.817035][T21375] ims_pcu 6-1:2.0: Zero length descriptor
[ 1796.822908][T21375] ims_pcu 6-1:2.0: probe with driver ims_pcu failed with error -22
[ 1796.873913][T21375] usb 6-1: USB disconnect, device number 34
[ 1797.421708][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1797.717959][ T1132] FAULT_INJECTION: forcing a failure.
[ 1797.717959][ T1132] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1797.745626][ T1132] CPU: 1 UID: 0 PID: 1132 Comm: syz.5.10437 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1797.745660][ T1132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1797.745673][ T1132] Call Trace:
[ 1797.745682][ T1132]  <TASK>
[ 1797.745692][ T1132]  dump_stack_lvl+0x189/0x250
[ 1797.745738][ T1132]  ? __pfx____ratelimit+0x10/0x10
[ 1797.745776][ T1132]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1797.745804][ T1132]  ? __pfx__printk+0x10/0x10
[ 1797.745850][ T1132]  should_fail_ex+0x414/0x560
[ 1797.745887][ T1132]  _copy_to_user+0x31/0xb0
[ 1797.745920][ T1132]  simple_read_from_buffer+0xe1/0x170
[ 1797.745948][ T1132]  proc_fail_nth_read+0x1df/0x250
[ 1797.745979][ T1132]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1797.746011][ T1132]  ? rw_verify_area+0x2a6/0x4d0
[ 1797.746029][ T1132]  ? __lock_acquire+0xab9/0xd20
[ 1797.746051][ T1132]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1797.746080][ T1132]  vfs_read+0x200/0x980
[ 1797.746106][ T1132]  ? __pfx___mutex_lock+0x10/0x10
[ 1797.746135][ T1132]  ? __pfx_vfs_read+0x10/0x10
[ 1797.746157][ T1132]  ? __fget_files+0x2a/0x420
[ 1797.746185][ T1132]  ? __fget_files+0x3a0/0x420
[ 1797.746208][ T1132]  ? __fget_files+0x2a/0x420
[ 1797.746241][ T1132]  ksys_read+0x145/0x250
[ 1797.746264][ T1132]  ? __pfx_ksys_read+0x10/0x10
[ 1797.746281][ T1132]  ? rcu_is_watching+0x15/0xb0
[ 1797.746321][ T1132]  ? do_syscall_64+0xbe/0x3b0
[ 1797.746354][ T1132]  do_syscall_64+0xfa/0x3b0
[ 1797.746380][ T1132]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1797.746406][ T1132]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1797.746426][ T1132]  ? clear_bhb_loop+0x60/0xb0
[ 1797.746450][ T1132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1797.746470][ T1132] RIP: 0033:0x7fef77b8d33c
[ 1797.746488][ T1132] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1797.746505][ T1132] RSP: 002b:00007fef789c4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1797.746527][ T1132] RAX: ffffffffffffffda RBX: 00007fef77db5fa0 RCX: 00007fef77b8d33c
[ 1797.746542][ T1132] RDX: 000000000000000f RSI: 00007fef789c40a0 RDI: 0000000000000004
[ 1797.746555][ T1132] RBP: 00007fef789c4090 R08: 0000000000000000 R09: 0000000000000000
[ 1797.746567][ T1132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1797.746580][ T1132] R13: 0000000000000000 R14: 00007fef77db5fa0 R15: 00007fffbca2dd48
[ 1797.746611][ T1132]  </TASK>
[ 1797.997811][ T1135] netlink: 88 bytes leftover after parsing attributes in process `syz.2.10439'.
[ 1798.035539][ T1137] FAULT_INJECTION: forcing a failure.
[ 1798.035539][ T1137] name failslab, interval 1, probability 0, space 0, times 0
[ 1798.062512][ T1137] CPU: 0 UID: 0 PID: 1137 Comm: syz.1.10440 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1798.062562][ T1137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1798.062575][ T1137] Call Trace:
[ 1798.062585][ T1137]  <TASK>
[ 1798.062594][ T1137]  dump_stack_lvl+0x189/0x250
[ 1798.062629][ T1137]  ? __pfx____ratelimit+0x10/0x10
[ 1798.062657][ T1137]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1798.062687][ T1137]  ? __pfx__printk+0x10/0x10
[ 1798.062723][ T1137]  ? __pfx___might_resched+0x10/0x10
[ 1798.062750][ T1137]  ? fs_reclaim_acquire+0x7d/0x100
[ 1798.062778][ T1137]  should_fail_ex+0x414/0x560
[ 1798.062816][ T1137]  should_failslab+0xa8/0x100
[ 1798.062840][ T1137]  __kmalloc_noprof+0xcb/0x4f0
[ 1798.062869][ T1137]  ? kfree+0x4d/0x440
[ 1798.062895][ T1137]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1798.062922][ T1137]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1798.062956][ T1137]  ? tomoyo_mount_permission+0x27a/0x970
[ 1798.062988][ T1137]  tomoyo_mount_permission+0x377/0x970
[ 1798.063024][ T1137]  ? tomoyo_mount_permission+0x27a/0x970
[ 1798.063057][ T1137]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[ 1798.063152][ T1137]  security_sb_mount+0xec/0x350
[ 1798.063177][ T1137]  path_mount+0xbc/0xfe0
[ 1798.063199][ T1137]  ? user_path_at+0x44/0x60
[ 1798.063226][ T1137]  ? kmem_cache_free+0x18f/0x400
[ 1798.063267][ T1137]  __se_sys_mount+0x317/0x410
[ 1798.063299][ T1137]  ? __pfx___se_sys_mount+0x10/0x10
[ 1798.063329][ T1137]  ? do_syscall_64+0xbe/0x3b0
[ 1798.063356][ T1137]  ? __x64_sys_mount+0x20/0xc0
[ 1798.063383][ T1137]  do_syscall_64+0xfa/0x3b0
[ 1798.063411][ T1137]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1798.063438][ T1137]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.063459][ T1137]  ? clear_bhb_loop+0x60/0xb0
[ 1798.063492][ T1137]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.063512][ T1137] RIP: 0033:0x7fcbf698e929
[ 1798.063531][ T1137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1798.063548][ T1137] RSP: 002b:00007fcbf7844038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1798.063571][ T1137] RAX: ffffffffffffffda RBX: 00007fcbf6bb5fa0 RCX: 00007fcbf698e929
[ 1798.063587][ T1137] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000200000000000
[ 1798.063602][ T1137] RBP: 00007fcbf7844090 R08: 0000000000000000 R09: 0000000000000000
[ 1798.063615][ T1137] R10: 0000000000200000 R11: 0000000000000246 R12: 0000000000000001
[ 1798.063628][ T1137] R13: 0000000000000001 R14: 00007fcbf6bb5fa0 R15: 00007fff53c3de58
[ 1798.063661][ T1137]  </TASK>
[ 1798.063672][ T1137] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1798.446595][T21375] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1798.578775][ T1150] FAULT_INJECTION: forcing a failure.
[ 1798.578775][ T1150] name failslab, interval 1, probability 0, space 0, times 0
[ 1798.592202][ T1150] CPU: 1 UID: 0 PID: 1150 Comm: syz.2.10444 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1798.592232][ T1150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1798.592246][ T1150] Call Trace:
[ 1798.592256][ T1150]  <TASK>
[ 1798.592265][ T1150]  dump_stack_lvl+0x189/0x250
[ 1798.592301][ T1150]  ? __pfx____ratelimit+0x10/0x10
[ 1798.592329][ T1150]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1798.592359][ T1150]  ? __pfx__printk+0x10/0x10
[ 1798.592390][ T1150]  ? __lock_acquire+0xab9/0xd20
[ 1798.592425][ T1150]  should_fail_ex+0x414/0x560
[ 1798.592463][ T1150]  should_failslab+0xa8/0x100
[ 1798.592486][ T1150]  __kmalloc_noprof+0xcb/0x4f0
[ 1798.592516][ T1150]  ? hash_netnet4_add+0xe40/0x2770
[ 1798.592546][ T1150]  ? hash_netnet4_add+0x7f/0x2770
[ 1798.592571][ T1150]  hash_netnet4_add+0xe40/0x2770
[ 1798.592596][ T1150]  ? hash_netnet4_add+0x7f/0x2770
[ 1798.592627][ T1150]  ? ip_set_get_ipaddr4+0xff/0x2b0
[ 1798.592649][ T1150]  ? __pfx_ip_set_get_extensions+0x10/0x10
[ 1798.592690][ T1150]  hash_netnet4_uadt+0xb0b/0xe40
[ 1798.592723][ T1150]  ? __pfx_hash_netnet4_add+0x10/0x10
[ 1798.592751][ T1150]  ? __pfx_hash_netnet4_uadt+0x10/0x10
[ 1798.592778][ T1150]  ? __nla_validate_parse+0x2400/0x2d40
[ 1798.592828][ T1150]  call_ad+0x175/0xb00
[ 1798.592874][ T1150]  ? __pfx_call_ad+0x10/0x10
[ 1798.592914][ T1150]  ? __nla_parse+0x40/0x60
[ 1798.592942][ T1150]  ip_set_ad+0x791/0x930
[ 1798.592975][ T1150]  ? __pfx_ip_set_ad+0x10/0x10
[ 1798.592996][ T1150]  ? __mutex_lock+0x330/0xe80
[ 1798.593067][ T1150]  nfnetlink_rcv_msg+0xb4d/0x1130
[ 1798.593092][ T1150]  ? nfnetlink_rcv_msg+0x20d/0x1130
[ 1798.593144][ T1150]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1798.593163][ T1150]  ? kasan_save_free_info+0x46/0x50
[ 1798.593242][ T1150]  netlink_rcv_skb+0x205/0x470
[ 1798.593269][ T1150]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1798.593292][ T1150]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1798.593330][ T1150]  ? bpf_lsm_capable+0x9/0x20
[ 1798.593346][ T1150]  ? security_capable+0x7e/0x2e0
[ 1798.593399][ T1150]  nfnetlink_rcv+0x26a/0x2520
[ 1798.593425][ T1150]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1798.593463][ T1150]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1798.593485][ T1150]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.593517][ T1150]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1798.593539][ T1150]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1798.593576][ T1150]  ? ref_tracker_free+0x63a/0x7d0
[ 1798.593596][ T1150]  ? __copy_skb_header+0xa7/0x550
[ 1798.593617][ T1150]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1798.593637][ T1150]  ? __skb_clone+0x63/0x7a0
[ 1798.593661][ T1150]  ? __skb_clone+0x483/0x7a0
[ 1798.593688][ T1150]  ? skb_clone+0x246/0x3a0
[ 1798.593712][ T1150]  ? __netlink_deliver_tap+0x807/0x850
[ 1798.593738][ T1150]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1798.593771][ T1150]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1798.593797][ T1150]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1798.593829][ T1150]  netlink_unicast+0x759/0x8e0
[ 1798.593866][ T1150]  netlink_sendmsg+0x805/0xb30
[ 1798.593903][ T1150]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1798.593934][ T1150]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1798.593967][ T1150]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1798.593990][ T1150]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1798.594018][ T1150]  __sock_sendmsg+0x219/0x270
[ 1798.594046][ T1150]  ____sys_sendmsg+0x505/0x830
[ 1798.594083][ T1150]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1798.594125][ T1150]  ? import_iovec+0x74/0xa0
[ 1798.594159][ T1150]  ___sys_sendmsg+0x21f/0x2a0
[ 1798.594180][ T1150]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1798.594245][ T1150]  ? __fget_files+0x2a/0x420
[ 1798.594269][ T1150]  ? __fget_files+0x3a0/0x420
[ 1798.594303][ T1150]  __x64_sys_sendmsg+0x19b/0x260
[ 1798.594326][ T1150]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1798.594356][ T1150]  ? __pfx_ksys_write+0x10/0x10
[ 1798.594374][ T1150]  ? rcu_is_watching+0x15/0xb0
[ 1798.594407][ T1150]  ? do_syscall_64+0xbe/0x3b0
[ 1798.594439][ T1150]  do_syscall_64+0xfa/0x3b0
[ 1798.594465][ T1150]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1798.594490][ T1150]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.594510][ T1150]  ? clear_bhb_loop+0x60/0xb0
[ 1798.594535][ T1150]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1798.594554][ T1150] RIP: 0033:0x7ff6b718e929
[ 1798.594572][ T1150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1798.594590][ T1150] RSP: 002b:00007ff6b7fb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1798.594613][ T1150] RAX: ffffffffffffffda RBX: 00007ff6b73b5fa0 RCX: 00007ff6b718e929
[ 1798.594628][ T1150] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000006
[ 1798.594641][ T1150] RBP: 00007ff6b7fb4090 R08: 0000000000000000 R09: 0000000000000000
[ 1798.594654][ T1150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1798.594666][ T1150] R13: 0000000000000000 R14: 00007ff6b73b5fa0 R15: 00007ffd14bb8858
[ 1798.594698][ T1150]  </TASK>
[ 1799.106282][ T1157] ntfs3(rnullb0): Primary boot signature is not NTFS.
[ 1799.113770][ T1157] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[ 1799.127801][T21375] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[ 1799.136379][T21375] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1799.148110][T21375] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1799.159064][T21375] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1799.170309][T21375] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1799.183305][T21375] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1799.192532][T21375] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1799.204199][T21375] usb 6-1: config 0 descriptor??
[ 1799.210088][ T1139] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1799.392474][ T1165] syz.4.10449: attempt to access beyond end of device
[ 1799.392474][ T1165] loop4: rw=0, sector=6, nr_sectors = 2 limit=0
[ 1799.425428][ T1165] ADFS-fs (loop4): error: unable to read block 3, try 0
[ 1799.574914][ T5941] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1799.724792][ T5941] usb 3-1: Using ep0 maxpacket: 16
[ 1799.737105][ T5941] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1799.747793][ T5941] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 1799.784766][ T5941] usb 3-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[ 1799.794108][ T5941] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1799.835530][ T5941] usb 3-1: config 0 descriptor??
[ 1799.863661][ T5941] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[ 1799.874615][T21375] usbhid 6-1:0.0: can't add hid device: -71
[ 1799.886012][T21375] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1799.910132][T21375] usb 6-1: USB disconnect, device number 35
[ 1800.049686][ T1160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1800.065369][ T1160] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1800.086773][ T1160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1800.106707][ T1160] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1800.137284][ T1160] loop3: detected capacity change from 0 to 1
[ 1800.145998][ T1160] Dev loop3: unable to read RDB block 1
[ 1800.151661][ T1160]  loop3: unable to read partition table
[ 1800.157655][ T1160] loop3: partition table beyond EOD, truncated
[ 1800.163890][ T1160] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1800.186518][T21375] usb 3-1: USB disconnect, device number 59
[ 1800.784849][T31989] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1800.966739][T31989] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1800.984062][T31989] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1801.009393][T31989] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1801.035721][T31989] usb 6-1: config 0 descriptor??
[ 1801.060557][T31989] pwc: Askey VC010 type 2 USB webcam detected.
[ 1801.223977][ T1209] FAULT_INJECTION: forcing a failure.
[ 1801.223977][ T1209] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1801.260232][T31989] pwc: send_video_command error -71
[ 1801.272978][T31989] pwc: Failed to set video mode CIF@30 fps; return code = -71
[ 1801.295570][ T1209] CPU: 0 UID: 0 PID: 1209 Comm: syz.4.10457 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1801.295601][ T1209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1801.295615][ T1209] Call Trace:
[ 1801.295623][ T1209]  <TASK>
[ 1801.295633][ T1209]  dump_stack_lvl+0x189/0x250
[ 1801.295667][ T1209]  ? __pfx____ratelimit+0x10/0x10
[ 1801.295696][ T1209]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1801.295725][ T1209]  ? __pfx__printk+0x10/0x10
[ 1801.295754][ T1209]  ? __might_fault+0xb0/0x130
[ 1801.295796][ T1209]  should_fail_ex+0x414/0x560
[ 1801.295834][ T1209]  _copy_from_user+0x2d/0xb0
[ 1801.295865][ T1209]  kstrtouint_from_user+0xc4/0x170
[ 1801.295894][ T1209]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1801.295939][ T1209]  proc_fail_nth_write+0x88/0x240
[ 1801.295968][ T1209]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1801.296003][ T1209]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1801.296032][ T1209]  vfs_write+0x27e/0xa90
[ 1801.296063][ T1209]  ? __pfx_vfs_write+0x10/0x10
[ 1801.296086][ T1209]  ? __fget_files+0x2a/0x420
[ 1801.296122][ T1209]  ? __fget_files+0x3a0/0x420
[ 1801.296145][ T1209]  ? __fget_files+0x2a/0x420
[ 1801.296179][ T1209]  ksys_write+0x145/0x250
[ 1801.296202][ T1209]  ? __pfx_ksys_write+0x10/0x10
[ 1801.296220][ T1209]  ? rcu_is_watching+0x15/0xb0
[ 1801.296252][ T1209]  ? do_syscall_64+0xbe/0x3b0
[ 1801.296285][ T1209]  do_syscall_64+0xfa/0x3b0
[ 1801.296312][ T1209]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1801.296349][ T1209]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1801.296368][ T1209]  ? clear_bhb_loop+0x60/0xb0
[ 1801.296391][ T1209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1801.296409][ T1209] RIP: 0033:0x7fe3f0f8d3df
[ 1801.296427][ T1209] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1801.296443][ T1209] RSP: 002b:00007fe3f1d69030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1801.296464][ T1209] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe3f0f8d3df
[ 1801.296477][ T1209] RDX: 0000000000000001 RSI: 00007fe3f1d690a0 RDI: 0000000000000004
[ 1801.296489][ T1209] RBP: 00007fe3f1d69090 R08: 0000000000000000 R09: 0000000000000000
[ 1801.296501][ T1209] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[ 1801.296512][ T1209] R13: 0000000000000000 R14: 00007fe3f11b5fa0 R15: 00007ffdb9cefaf8
[ 1801.296543][ T1209]  </TASK>
[ 1801.296750][T31989] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[ 1801.584252][ T1215] netlink: 'syz.1.10458': attribute type 33 has an invalid length.
[ 1801.604446][ T1215] netlink: 152 bytes leftover after parsing attributes in process `syz.1.10458'.
[ 1801.634835][ T1215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10458'.
[ 1801.780729][T31989] usb 6-1: USB disconnect, device number 36
[ 1802.036906][T21375] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[ 1802.134462][T31989] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1802.204568][T21375] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[ 1802.218121][T21375] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1802.245850][T21375] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1802.276055][T21375] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1802.299870][T31989] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1802.304928][T21375] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1802.403624][T21375] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1802.405978][T31989] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1802.428302][T21375] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1802.463429][T31989] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1802.485804][T21375] usb 2-1: config 0 descriptor??
[ 1802.503236][T31989] usb 6-1: config 0 descriptor??
[ 1802.521580][ T8953] block nbd0: Possible stuck request ffff8880256dd900: control (read@0,4096B). Runtime 150 seconds
[ 1802.531922][ T1220] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1802.539308][T31989] pwc: Askey VC010 type 2 USB webcam detected.
[ 1802.972053][T31989] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1802.987093][T31989] pwc: recv_control_msg error -32 req 02 val 2700
[ 1802.989862][T21375] plantronics 0003:047F:FFFF.0047: unknown main item tag 0x0
[ 1803.011403][T31989] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1803.019223][T31989] pwc: recv_control_msg error -32 req 04 val 1000
[ 1803.034927][T31989] pwc: recv_control_msg error -32 req 04 val 1300
[ 1803.047681][T31989] pwc: recv_control_msg error -32 req 04 val 1400
[ 1803.059158][T31989] pwc: recv_control_msg error -32 req 02 val 2000
[ 1803.070479][T31989] pwc: recv_control_msg error -32 req 02 val 2100
[ 1803.081533][T31989] pwc: recv_control_msg error -32 req 04 val 1500
[ 1803.292492][T31989] pwc: recv_control_msg error -32 req 02 val 2400
[ 1803.376540][   T44] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[ 1803.384693][T21375] plantronics 0003:047F:FFFF.0047: unknown main item tag 0x0
[ 1803.393193][T21375] plantronics 0003:047F:FFFF.0047: unknown main item tag 0x0
[ 1803.401221][T21375] plantronics 0003:047F:FFFF.0047: unknown main item tag 0x0
[ 1803.410768][T21375] plantronics 0003:047F:FFFF.0047: unknown main item tag 0x0
[ 1803.419354][T21375] plantronics 0003:047F:FFFF.0047: unknown main item tag 0x0
[ 1803.444831][T21375] plantronics 0003:047F:FFFF.0047: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1803.478079][T21375] usb 2-1: USB disconnect, device number 82
[ 1803.503945][ T1190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1803.514766][ T1190] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1803.525820][T31989] pwc: recv_control_msg error -71 req 02 val 2900
[ 1803.533676][T31989] pwc: recv_control_msg error -71 req 02 val 2800
[ 1803.544259][   T44] usb 3-1: Using ep0 maxpacket: 32
[ 1803.562162][   T44] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[ 1803.565315][T31989] pwc: recv_control_msg error -71 req 04 val 1100
[ 1803.572494][   T44] usb 3-1: config 0 has no interface number 0
[ 1803.594612][T31989] pwc: recv_control_msg error -71 req 04 val 1200
[ 1803.595611][   T44] usb 3-1: config 0 interface 184 has no altsetting 0
[ 1803.609077][ T1246] fido_id[1246]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 1803.627935][T31989] pwc: Registered as video103.
[ 1803.630211][   T44] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1803.656321][T31989] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input161
[ 1803.661610][   T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1803.696985][   T44] usb 3-1: Product: syz
[ 1803.704335][   T44] usb 3-1: Manufacturer: syz
[ 1803.709118][T31989] usb 6-1: USB disconnect, device number 37
[ 1803.713665][   T44] usb 3-1: SerialNumber: syz
[ 1803.779981][   T44] usb 3-1: config 0 descriptor??
[ 1803.829168][   T44] smsc75xx v1.0.0
[ 1804.175590][ T1260] FAULT_INJECTION: forcing a failure.
[ 1804.175590][ T1260] name failslab, interval 1, probability 0, space 0, times 0
[ 1804.190684][ T1260] CPU: 0 UID: 0 PID: 1260 Comm: syz.1.10469 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1804.190712][ T1260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1804.190725][ T1260] Call Trace:
[ 1804.190733][ T1260]  <TASK>
[ 1804.190741][ T1260]  dump_stack_lvl+0x189/0x250
[ 1804.190774][ T1260]  ? __pfx____ratelimit+0x10/0x10
[ 1804.190800][ T1260]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1804.190836][ T1260]  ? __pfx__printk+0x10/0x10
[ 1804.190866][ T1260]  ? __pfx___might_resched+0x10/0x10
[ 1804.190890][ T1260]  ? fs_reclaim_acquire+0x7d/0x100
[ 1804.190916][ T1260]  should_fail_ex+0x414/0x560
[ 1804.190951][ T1260]  should_failslab+0xa8/0x100
[ 1804.190972][ T1260]  __kmalloc_noprof+0xcb/0x4f0
[ 1804.191000][ T1260]  ? tomoyo_encode+0x28b/0x550
[ 1804.191023][ T1260]  tomoyo_encode+0x28b/0x550
[ 1804.191047][ T1260]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1804.191067][ T1260]  ? tomoyo_domain+0xd9/0x130
[ 1804.191086][ T1260]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1804.191107][ T1260]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1804.191135][ T1260]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1804.191168][ T1260]  ? __lock_acquire+0xab9/0xd20
[ 1804.191201][ T1260]  ? __fget_files+0x2a/0x420
[ 1804.191221][ T1260]  ? __fget_files+0x2a/0x420
[ 1804.191237][ T1260]  ? __fget_files+0x3a0/0x420
[ 1804.191254][ T1260]  ? __fget_files+0x2a/0x420
[ 1804.191279][ T1260]  security_file_ioctl+0xcb/0x2d0
[ 1804.191301][ T1260]  __se_sys_ioctl+0x47/0x170
[ 1804.191326][ T1260]  do_syscall_64+0xfa/0x3b0
[ 1804.191346][ T1260]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1804.191366][ T1260]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1804.191381][ T1260]  ? clear_bhb_loop+0x60/0xb0
[ 1804.191402][ T1260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1804.191418][ T1260] RIP: 0033:0x7fcbf698e929
[ 1804.191432][ T1260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1804.191445][ T1260] RSP: 002b:00007fcbf7844038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1804.191479][ T1260] RAX: ffffffffffffffda RBX: 00007fcbf6bb5fa0 RCX: 00007fcbf698e929
[ 1804.191491][ T1260] RDX: 0000200000000000 RSI: 00000000c008ae88 RDI: 0000000000000005
[ 1804.191502][ T1260] RBP: 00007fcbf7844090 R08: 0000000000000000 R09: 0000000000000000
[ 1804.191513][ T1260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1804.191522][ T1260] R13: 0000000000000000 R14: 00007fcbf6bb5fa0 R15: 00007fff53c3de58
[ 1804.191547][ T1260]  </TASK>
[ 1804.191573][ T1260] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1804.420766][   T44] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1804.462990][   T44] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1804.484046][T31989] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[ 1804.634089][T31989] usb 5-1: Using ep0 maxpacket: 32
[ 1804.641645][T31989] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1804.652875][T31989] usb 5-1: config 4 has an invalid interface number: 91 but max is 0
[ 1804.662883][T31989] usb 5-1: config 4 has no interface number 0
[ 1804.679563][T31989] usb 5-1: New USB device found, idVendor=084f, idProduct=0001, bcdDevice=6c.05
[ 1804.690747][T31989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1804.698997][ T5921] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1804.706766][T31989] usb 5-1: Product: syz
[ 1804.710948][T31989] usb 5-1: Manufacturer: syz
[ 1804.716272][T31989] usb 5-1: SerialNumber: syz
[ 1804.774045][T25464] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[ 1804.874086][ T5921] usb 6-1: Using ep0 maxpacket: 8
[ 1804.883734][ T5921] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1804.891541][ T5921] usb 6-1: can't read configurations, error -61
[ 1804.940029][T25464] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[ 1804.952838][ T1255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1804.961404][T25464] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1804.973687][ T1255] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1804.982144][T25464] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1804.998827][T25464] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1805.010232][T25464] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1805.023241][T25464] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1805.032380][T25464] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1805.040544][ T5921] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1805.052001][T25464] usb 2-1: config 0 descriptor??
[ 1805.058561][ T1267] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[ 1805.203882][ T5921] usb 6-1: Using ep0 maxpacket: 8
[ 1805.211778][ T5921] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1805.221196][ T5921] usb 6-1: can't read configurations, error -61
[ 1805.228933][ T5921] usb usb6-port1: attempt power cycle
[ 1805.482781][T25464] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0
[ 1805.490985][T25464] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0
[ 1805.498860][T25464] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0
[ 1805.506570][T25464] plantronics 0003:047F:FFFF.0048: unknown main item tag 0x0
[ 1805.529946][T25464] plantronics 0003:047F:FFFF.0048: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1805.574040][ T5921] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1805.614521][ T5921] usb 6-1: Using ep0 maxpacket: 8
[ 1805.630777][ T5921] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1805.639079][ T5921] usb 6-1: can't read configurations, error -61
[ 1805.724000][   T31] INFO: task syz.0.9625:31177 blocked for more than 143 seconds.
[ 1805.732071][   T31]       Not tainted 6.16.0-rc5-next-20250710-syzkaller #0
[ 1805.741998][ T5920] usb 2-1: USB disconnect, device number 83
[ 1805.750413][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1805.762152][   T31] task:syz.0.9625      state:D stack:27208 pid:31177 tgid:31176 ppid:25433  task_flags:0x400140 flags:0x00004006
[ 1805.776875][ T5921] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 1805.798342][   T31] Call Trace:
[ 1805.802647][   T31]  <TASK>
[ 1805.806481][   T31]  __schedule+0x16f5/0x4d00
[ 1805.811238][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1805.816864][   T31]  ? schedule+0x165/0x360
[ 1805.817136][ T5921] usb 6-1: Using ep0 maxpacket: 8
[ 1805.821658][   T31]  ? __pfx___schedule+0x10/0x10
[ 1805.832296][   T31]  ? schedule+0x91/0x360
[ 1805.836899][   T31]  schedule+0x165/0x360
[ 1805.841454][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1805.850113][   T31]  __mutex_lock+0x724/0xe80
[ 1805.857660][ T5921] usb 6-1: unable to read config index 0 descriptor/start: -61
[ 1805.863832][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1805.866726][ T5921] usb 6-1: can't read configurations, error -61
[ 1805.870859][   T31]  ? bdev_release+0x1a9/0x650
[ 1805.881374][ T5921] usb usb6-port1: unable to enumerate USB device
[ 1805.882239][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1805.893040][   T31]  ? __asan_memset+0x22/0x50
[ 1805.906672][   T44] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000118: -71
[ 1805.918020][   T31]  ? __pfx___fsnotify_parent+0x10/0x10
[ 1805.923534][   T31]  ? do_raw_spin_lock+0x121/0x290
[ 1805.928885][   T44] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write RX_ADDRH: -71
[ 1805.938839][   T31]  bdev_release+0x1a9/0x650
[ 1805.943487][   T31]  ? __pfx_blkdev_release+0x10/0x10
[ 1805.948857][   T44] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to set mac address
[ 1805.958523][   T31]  blkdev_release+0x15/0x20
[ 1805.963111][   T31]  __fput+0x449/0xa70
[ 1805.967249][   T44] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1805.976808][   T31]  task_work_run+0x1d4/0x260
[ 1805.981471][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1805.987465][   T44] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[ 1805.995804][   T31]  get_signal+0x11ed/0x1340
[ 1806.000373][   T31]  arch_do_signal_or_restart+0x9a/0x750
[ 1806.011700][   T31]  ? __pfx_task_work_add+0x10/0x10
[ 1806.018535][   T44] usb 3-1: USB disconnect, device number 60
[ 1806.025322][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1806.031536][   T31]  ? __pfx_blkdev_ioctl+0x10/0x10
[ 1806.048666][   T31]  ? __fget_files+0x2a/0x420
[ 1806.053328][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1806.059745][   T31]  exit_to_user_mode_loop+0x75/0x110
[ 1806.065161][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1806.069805][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1806.075099][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1806.081204][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1806.086228][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1806.092174][   T31] RIP: 0033:0x7efd34f8e929
[ 1806.096693][   T31] RSP: 002b:00007efd35e9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1806.105187][   T31] RAX: 0000000000000000 RBX: 00007efd351b5fa0 RCX: 00007efd34f8e929
[ 1806.113211][   T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003
[ 1806.128162][   T31] RBP: 00007efd35010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1806.137947][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1806.149051][   T31] R13: 0000000000000000 R14: 00007efd351b5fa0 R15: 00007ffef8a7a0c8
[ 1806.157911][   T31]  </TASK>
[ 1806.161019][   T31] 
[ 1806.161019][   T31] Showing all locks held in the system:
[ 1806.171808][   T31] 1 lock held by khungtaskd/31:
[ 1806.177499][   T31]  #0: ffffffff8e53c4e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1806.190431][   T31] 3 locks held by kworker/1:1/44:
[ 1806.196532][   T31]  #0: ffff8880202a6d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1806.211323][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0
[ 1806.223600][   T31]  #2: ffff8880284c9220 (&dev->power.lock){-.-.}-{3:3}, at: rpm_idle+0x5e9/0x950
[ 1806.233086][   T31] 2 locks held by getty/5614:
[ 1806.239650][   T31]  #0: ffff88814d46e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1806.250528][   T31]  #1: ffffc900036cb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1806.265525][   T31] 1 lock held by udevd/21672:
[ 1806.270327][   T31]  #0: ffff888025637358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[ 1806.282502][   T31] 1 lock held by syz.0.9625/31177:
[ 1806.289534][   T31]  #0: ffff888025637358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650
[ 1806.301694][   T31] 4 locks held by kworker/0:4/31989:
[ 1806.308352][   T31]  #0: ffff8880202a6d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1806.319953][   T31]  #1: ffffc900113afbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1806.331999][   T31]  #2: ffff888028600198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[ 1806.341033][   T31]  #3: ffff888067a71198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[ 1806.350476][   T31] 4 locks held by udevd/32283:
[ 1806.357191][   T31]  #0: ffff88802844e418 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10
[ 1806.366323][   T31]  #1: ffff888063ee8488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0
[ 1806.376823][   T31]  #2: ffff8880531f0e18 (kn->active#22){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0
[ 1806.386499][   T31]  #3: ffff888067a71198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[ 1806.395976][   T31] 
[ 1806.398340][   T31] =============================================
[ 1806.398340][   T31] 
[ 1806.411391][   T31] NMI backtrace for cpu 1
[ 1806.411411][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1806.411437][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1806.411449][   T31] Call Trace:
[ 1806.411458][   T31]  <TASK>
[ 1806.411466][   T31]  dump_stack_lvl+0x189/0x250
[ 1806.411496][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1806.411512][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1806.411532][   T31]  ? __pfx__printk+0x10/0x10
[ 1806.411569][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1806.411597][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1806.411616][   T31]  ? _printk+0xcf/0x120
[ 1806.411647][   T31]  ? __pfx__printk+0x10/0x10
[ 1806.411670][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1806.411689][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1806.411710][   T31]  watchdog+0xfee/0x1030
[ 1806.411733][   T31]  ? watchdog+0x1de/0x1030
[ 1806.411762][   T31]  kthread+0x711/0x8a0
[ 1806.411797][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1806.411816][   T31]  ? __pfx_kthread+0x10/0x10
[ 1806.411848][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1806.411872][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1806.411897][   T31]  ? __pfx_kthread+0x10/0x10
[ 1806.411927][   T31]  ret_from_fork+0x3f9/0x770
[ 1806.411953][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1806.411977][   T31]  ? __switch_to_asm+0x39/0x70
[ 1806.411989][   T31]  ? __switch_to_asm+0x33/0x70
[ 1806.412001][   T31]  ? __pfx_kthread+0x10/0x10
[ 1806.412026][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1806.412061][   T31]  </TASK>
[ 1806.412069][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1806.570218][    C0] NMI backtrace for cpu 0
[ 1806.570238][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1806.570259][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1806.570270][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1806.570298][    C0] Code: d3 de 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d f3 c8 27 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1806.570313][    C0] RSP: 0018:ffffffff8e207d80 EFLAGS: 000002c6
[ 1806.570330][    C0] RAX: 31eefbbd190dee00 RBX: ffffffff81971fd8 RCX: 31eefbbd190dee00
[ 1806.570343][    C0] RDX: 0000000000000001 RSI: ffffffff8dc87615 RDI: ffffffff8c04cb40
[ 1806.570356][    C0] RBP: ffffffff8e207ea8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3
[ 1806.570369][    C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fe48b30
[ 1806.570382][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c52a58
[ 1806.570394][    C0] FS:  0000000000000000(0000) GS:ffff888125798000(0000) knlGS:0000000000000000
[ 1806.570408][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1806.570420][    C0] CR2: 00007ff6b7384338 CR3: 000000003289c000 CR4: 00000000003526f0
[ 1806.570435][    C0] Call Trace:
[ 1806.570442][    C0]  <TASK>
[ 1806.570449][    C0]  default_idle+0x13/0x20
[ 1806.570474][    C0]  default_idle_call+0x74/0xb0
[ 1806.570490][    C0]  do_idle+0x1e8/0x510
[ 1806.570515][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1806.570546][    C0]  cpu_startup_entry+0x44/0x60
[ 1806.570567][    C0]  rest_init+0x2de/0x300
[ 1806.570590][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[ 1806.570612][    C0]  start_kernel+0x47d/0x500
[ 1806.570641][    C0]  x86_64_start_reservations+0x24/0x30
[ 1806.570661][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1806.570680][    C0]  common_startup_64+0x13e/0x147
[ 1806.570705][    C0]  </TASK>
[ 1806.577187][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1806.577211][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc5-next-20250710-syzkaller #0 PREEMPT(full) 
[ 1806.577240][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1806.577256][   T31] Call Trace:
[ 1806.577267][   T31]  <TASK>
[ 1806.577280][   T31]  dump_stack_lvl+0x99/0x250
[ 1806.577317][   T31]  ? __asan_memcpy+0x40/0x70
[ 1806.577356][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1806.577390][   T31]  ? __pfx__printk+0x10/0x10
[ 1806.577438][   T31]  panic+0x2e2/0x7b0
[ 1806.577473][   T31]  ? __pfx_panic+0x10/0x10
[ 1806.577501][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1806.577538][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1806.577569][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1806.577604][   T31]  watchdog+0x102d/0x1030
[ 1806.577631][   T31]  ? watchdog+0x1de/0x1030
[ 1806.577663][   T31]  kthread+0x711/0x8a0
[ 1806.577722][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1806.577746][   T31]  ? __pfx_kthread+0x10/0x10
[ 1806.577784][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1806.577813][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1806.577842][   T31]  ? __pfx_kthread+0x10/0x10
[ 1806.577879][   T31]  ret_from_fork+0x3f9/0x770
[ 1806.577912][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1806.577946][   T31]  ? __switch_to_asm+0x39/0x70
[ 1806.886007][   T31]  ? __switch_to_asm+0x33/0x70
[ 1806.890791][   T31]  ? __pfx_kthread+0x10/0x10
[ 1806.895389][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1806.900167][   T31]  </TASK>
[ 1806.903641][   T31] Kernel Offset: disabled
[ 1806.907980][   T31] Rebooting in 86400 seconds..