last executing test programs:

20.170983208s ago: executing program 1 (id=2180):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000480)='./file0/../file0\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20008080}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x4)

20.146973761s ago: executing program 1 (id=2181):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
write$sndseq(0xffffffffffffffff, &(0x7f00000006c0)=[{0x2e, 0x7e, 0xc, 0xfd, @time={0x40000008, 0x8}, {}, {0xe0, 0xfd}, @connect={{0x81, 0x2}, {0xd, 0x10}}}], 0x1c)
r1 = fanotify_init(0x8, 0x80000)
write$binfmt_elf64(r1, &(0x7f00000006c0)=ANY=[@ANYBLOB="7f454c4622"], 0x18)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = memfd_secret(0x0)
r4 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$apparmor_current(r4, &(0x7f0000000080)=@hat={'changehat ', 0x0, 0x5e, [',%-\\[\x00', '/dev/vhost-net\x00']}, 0x32)
bind$unix(r3, &(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x4008031, 0xffffffffffffffff, 0x0)

19.038802566s ago: executing program 1 (id=2187):
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

18.693781553s ago: executing program 1 (id=2188):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000001ac0)={0x0, 0xfffffffffffffe78, &(0x7f0000000080)=[{&(0x7f0000000200)={0x114, 0x17, 0x301, 0x0, 0x25dfdbfb, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @generic="75ae89b29c2f3f8223c8e01770fdb6a5191e0c02f3f13d44f435d170f667074db0ada56ca8edaabe190cc3797e73b95b90923f585b5c1f66b29d9e32a335fa44ef62a5416cd043404fb693447de85400cdcc6db8071b4b36934d2e94340087b6c398003237a61eec3f56d046e45add06ca2703050b54fe589aee23cf8ead5555fbf60c1750decd341eb215b503507a", @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d", @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x40, 0x0}}]}]}, 0x114}], 0x1}, 0x840)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280)={0x0, <r5=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r4, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)='1', 0x1}], 0x1, &(0x7f0000001480), 0x0, 0x40044}}], 0x1, 0x4)
r6 = getgid()
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001300)='/proc/key-users\x00', 0x0, 0x0)
r8 = getpid()
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7)
read$FUSE(0xffffffffffffffff, &(0x7f0000003b40)={0x2020, 0x0, 0x0, <r9=>0x0}, 0x2020)
statx(r1, &(0x7f0000001340)='./file0\x00', 0x2000, 0x10, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0})
r11 = accept4$inet6(0xffffffffffffffff, &(0x7f0000001480)={0xa, 0x0, 0x0, @initdev}, &(0x7f00000014c0)=0x1c, 0x0)
r12 = fcntl$getown(r0, 0x9)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000001500)={0x80000001, 0x68, {}, {<r13=>0x0}, 0x8, 0x5})
r14 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, <r15=>0x0}, &(0x7f0000000080)=0xc)
setgid(r15)
sendmsg$netlink(r1, &(0x7f0000001640)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfe, 0x100}, 0xc, &(0x7f00000012c0)=[{&(0x7f00000003c0)={0x2a4, 0x20, 0x100, 0x70bd29, 0x25dfdbff, "", [@generic="064ff9094ed8132b6a0534f7fe9b3b8dc7f459855b0a61df8688433cbe1cb041d66c16d5195333f72c650ed308b71136c518aef2ba159c5b952e07a3af0843cbd3cd1e494ee86b585d6dd84caa6081c5d9c88f8cb66b57fa333736c902048daab8af412aff5e3f0140522f674fd7e264f17d752b05d315713c8adec7920ca0fd8dbffd125354156a1db2da8d8a9aec59b76fabae", @nested={0x119, 0x139, 0x0, 0x1, [@generic="0637dcdfc5f086debe15c62b6bc38eb164321735a3de4a9aa83c3aa5a815470dd24972e3501c5e6e2ad175ca204b36d938d61dbaf6331dbe965de70f3cb36b9e8c9039ff64b1f7afff2e127b59556d310f4f10d2791e0edf21e3171c804de047b468965f79e9ee3f29cf36f29437eda5c6e59d337e5cc9eaa90fc6d5c739806a29c9ccde8eb8add14dc78d63a21fc9e2c66ed29525c3aafbf5b979a4ad4ef6d2b85c321457a7afb112db18d7c2c3229bef5246a75055c7e656770fed1d86814fd63f472d1755163f7a9c", @generic="4755055ff9855e6c560f2b3e11007f70fc86174c79ea5c514a4aa3f66e83e9133ed3197a87f7311f16afc7f0884731a77784b13a656e3a71e5ba0c849e6a38eb25e3f1f4df3eeb912e1d6a"]}, @generic="55b3ccb81a3de689ca34523e0a3f79fb3acd81", @typed={0x4, 0x7e}, @generic="683be5e7c09ca0d14de7378a4dbe03629167c3316892ae35ef9348ab629e6c8821c99e8afa698c964399ba1e6a382cc681be4094bee32edadee35b390180ae3a9f1e4babb5c048ae7798feb9100e4fae2d58063a13d2a1a12c698d7898c6618133a2b0e63847c24ec3559c11c6b5665138c7e905034a861dba4d2256ca7294f8a01fba7bc0cc1b4e75ab28ab4e76a95b9b518ff6db9e82b65a92638d1ec11c3512d9916383753a121ab891a6c29ec63e3300f9addf79ab9a1d8b2ddf11a137c3d6df9d77741ca03c33a7b26d50"]}, 0x2a4}, {&(0x7f0000000680)={0x18c, 0x3b, 0x410, 0x70bd25, 0x25dfdbfc, "", [@generic="1ad116e07788faca934952ad88db31112fca99", @nested={0x165, 0x121, 0x0, 0x1, [@typed={0x14, 0x143, 0x0, 0x0, @ipv6=@empty}, @generic="0f27a875615a57d65cc7d083bec5a7e824a3a5c63bebaf022b3c829faad1da9e03e8b5a3a5ff2f92123a56cbf4955269694c1d2fbdb44b6a589d9e88ae9109fdea1200b31c86bffba9", @typed={0x4, 0x34}, @generic="b0b1b1d8442c19bc104f8510fb9158322b1f7b836669dbe1233de4a8167740753a290a3cc82966101afdb12c70e530efca389d3c5f782eb3b7c70687797bfaf9538ba7a95ff154c472df4f507b00f37e6a2735645eca94af2a502e34bc278c89f4332fa8aa938eb901ecb61b9b3d8cb87d4bf43abead819a9ca4f92e6a514b13530f389dfabcc29603e555b3900282c1c568695c50ccb95860721024a01d54b4c74c0bb022b54323cfc9370c824a3334cad38575b4c50acd3c4f6ead89297feac1a44f721d77e2af06b5e6e9cfac328037c8905ad5a529b457392aaf2cf208bf07da7d13050a1e6a16f53e98295b002ff071c372909848f047643121", @nested={0x4, 0x3a}]}]}, 0x18c}, {&(0x7f0000000a80)={0x66c, 0x1d, 0x8, 0x70bd27, 0x25dfdbfd, "", [@typed={0x97, 0x13, 0x0, 0x0, @binary="7aa7754af3d16763917b1ed58322c6f20953d8cc3cdfcc32c03d91aaf3e50f0f11953619c210f9949e25a2f53179180a5b52fc7dab658328da832a0b472d4ae84c6579d4ddb7729f910faf78aff8c09b532d4bbccc31907f134cbd1716a557e02230c56654c7c658a163e0dd79f009ec0013e06172e1e4708d59b724a26503e491955f169eb56912d2f566f4e64ee23ecae4a2"}, @generic="14fb14c63092b4c6e62d6fe499407cd2e4516b8be7d5f34df7270d9e727fe3e5feefadb8bea0fc7c3e8694ec1f3b428648bbd399380ea94b9f3a8ee86a9aeefce4dc5c5fce182b5a23278e4a3725ec70968e4a587116acf7d0fd9bc0e775bf8da4e0347d61ded507c58d4f9355eed5ffd73d4e30101de81939a31ef20944bb10523ae42faefc3136acd032475adb7ce37215d6d70da21f5e96a532ab1a4225b319a8095e0d5a3c4740fb12f4ebdbbd51e5c0f235ad3e64e6fe92e9b90da63cd72e4c0ef0deac776259b5c437c72ae40bbaf61c096b6ac9c0", @nested={0x9f, 0x119, 0x0, 0x1, [@generic="a80ea0333d2f489d89ff6bd9a3bd0162b8301e05d048b0fa532b6de75ec63024a268e87ee2c4130dc4cbc5744c10b2f5d189c7969a1b99bd71665b06e43b", @typed={0xc, 0x72, 0x0, 0x0, @u64=0x8}, @typed={0x8, 0x151, 0x0, 0x0, @uid}, @typed={0x14, 0xe3, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @remote}}, @generic="6ee6227f2a8ec8a67d990ab7e63e9bccf5ca455eb6ab9385df46c349cde77900654d4b5b3c", @typed={0x8, 0x12c, 0x0, 0x0, @uid}, @nested={0x4, 0x135}, @nested={0x4, 0xcb}]}, @generic="f604cf30b6d0b5cb3b26f2a303f9eb219c65ea02197a7b5ff68b435161dbe45622cbf9b8c018fc863aacf4030c27465ccdc8499002196b6a4a1c8db2c6cbfef70e3edf1d62033cab2d80e03e554ad8c10a28c99b2869e9c75f82ed8538befc69c519ba934132414a46c08ea91063b4a1e614517766e0730525cae9bd483226fb7c00a4bd7ae3d02f9b2dcb76d8a52d718e601c2a66f645040eb0f2907bf98a41066c7c4bc57573650d301e9c0eac8b7c89b870a4df9849", @generic="4ad5e6d60b270196e305f6224c0487d943a7cf123d648aa46d314e4a76957d2704bddd74692dfb743a425f8bfe148983de1d52359f387db2c84e974b679aeb8ec90867f058803b0434df78e85af1af7a3b8e00dc818af2db337d2de806629b6d6e4c7f80dd5d37723df7a539d9120529365d94868ffeff2b2a0613fc603d814ca1dfdec9782b1cbffdf6ce67ff69fc34d59b5803a22d431d2fbec9da669560f1b7a769395693b726313505f2295a48a0e935cb693ed33103c1c93375707092e4498e15e90771a249cd82966cb0bbb51f1e152b2f90ed2ca1a20c", @nested={0x1d8, 0x7f, 0x0, 0x1, [@generic="8431a6f2fc90609ecb2258eb81dec582a9a4c18cfbdcd182d55c11c255db7b2b9b1b6c86", @typed={0x8, 0x54, 0x0, 0x0, @ipv4=@private=0xa010100}, @generic="8478afb06c2cb7a3746281753929691d6064bc68cd712093b311a7c3d0cfa9ef63f1641a8c16adf8a2395d8d46371bca08ecade0de35a64cecaf5fce808ac9995610529a9f3e9f1c2125f64516ed073f09bb1cfee8c4c0303b05ac7028230d49ebe4a166e75b9e7334c5bc3887c62f2eec1bfe3786735ab181f0f60c91bb9931124de68e7fa6a2bc5395bba1545af2f9a1284bb0815220e58bf24a11b0bf609f2abb81e130fbaa1c86e755b55b46d43aebd9cf9b01d6fbd843d1", @generic="269f2c0cbe0510e2a5f31523e847e2140efc65ed205a0fdbc3efe38c515a17e8eba3de3d3ce6f4cd45", @generic="7f6c7476f6c2907d12824cf95483c86817", @nested={0x4, 0xbe}, @typed={0xa1, 0x136, 0x0, 0x0, @binary="33e9d7afdfa6f5713a689504dd7aff7b30d599ab2a32db337f51b2501f534f4c58626008d0fc63c0678743772034996d39b2ae0ee2d02ce2bd8090947f710be4156d07885f9d1134bcc720de036bae43e97c7a4b1ba8fcfc4d430e5858e20f61a1bf11397bedce81472c3d3c2cad9108013463cb94e6927823d4ed10f0d28d1cad7464907bce94e141102a9f143c7fb292643699cd84899457491ce987"}, @nested={0x4, 0xdb}, @typed={0x8, 0xfe, 0x0, 0x0, @pid}]}, @generic="777806e5cdca518038a8c6229723254d39360b90ccc11dc356bb1ca6a006705c643dd807da9f94567ce8990b5dffa9eefcb50aa2e77e422f2d3c140abb96d4a43171b26127b4ffb74368c1b81b7da2dc365610068aeef05f58c5fdd97a5b37250facb655adc313752fcb78f37dcc8e205a613fc040ada10c20b153aae2371a23ed333309123c91ab17949f9ae6b738ccc9c9d73029a1533d94186149e137b3e91a1d900155b61c28b2b95005b0755307037c7ae9669aca72e4add30a2011ab721c39c410834cde705c56b50485b62b1a0c34fe623621e42a2987f29b205297b6"]}, 0x66c}, {&(0x7f0000000880)=ANY=[@ANYBLOB="a40100001d00080027bd7000fcdbdf25abf51c5420a3eabba31c887c09415807861935597b896ca6db2aa1684be3d3a79f5a1c978317d3cd83b75a46622163014c80e52d9babc5f88d4d73cc5e6c56cc6820c8c1a6b6492587d5496e9614c63fceafd8758d7ea026399c57e506d94afba43b166150046b323ec7d51a38896bf15cf60600188875dd2aa8d8404af0f58ac9ddd88ca2f693a56850cc7c8ebb494b7d774ac65d2d3d03316d35061b53b8c5edfbf50b698e1d996e4252740a6c750a1bb00e8171b7c704003b8008005600b5990d003538a13c1245a12de821504c2b8edfc8df24b5c6a458639ea999307e4ccad58d1d5c3e21f5568c4d424989419df5a4aafbe2d038d9b8e718a14b4086", @ANYRES32=0x0, @ANYBLOB="410870d58870fac56a280d24d5a769b3f40ae4c10e33ba5dba0c2231c4413af275716d72e5c2c4020924c00a143c96e629036c88b929ba044dae5346dc1155397032f929c9f7e45484a9c0f0d7271665cc3aae9f619e91c726b78f3e4f4f86fb504831eb367a3c99bbe2defb2709c028a49f858193620d2db1a336c591569812a522af8fb47834e01bfa10d61adf842b632e8cbf4fe2e7bdf7f88add4c29cf1ac8db02749e57894d1901a80fbf58c314456a9321d0afbed379279df26169d68c429c86ea340da477e622463a422d000000"], 0x1a4}], 0x4, &(0x7f0000001540)=[@cred={{0x1c, 0x1, 0x2, {0x0, r5, r6}}}, @rights={{0x18, 0x1, 0x1, [r2, r1]}}, @rights={{0x1c, 0x1, 0x1, [r1, r7, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, r3, r3]}}, @cred={{0x1c, 0x1, 0x2, {r8, r9, r10}}}, @rights={{0x18, 0x1, 0x1, [r11, r0]}}, @cred={{0x1c, 0x1, 0x2, {r12, r13, r15}}}], 0xf0, 0x11}, 0x8010)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r16 = syz_open_dev$vim2m(&(0x7f0000000000), 0x100000001, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r16, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x0, 0x0, 0x32314152, 0x0, 0xfffffffd, 0x0, 0x0, 0x7}})
dup(r3)
fanotify_init(0x8, 0x400)

18.316212302s ago: executing program 1 (id=2189):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x19a)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_int(r2, &(0x7f0000000100)='pids.max\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f00000000c0)=0x70, 0x12)
write$cgroup_int(r1, &(0x7f0000000200), 0x12)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x2000001, 0x12, r1, 0x0)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={0x0, 0x8}, &(0x7f0000000000)=0x34)

18.062644945s ago: executing program 1 (id=2191):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x35db, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x5, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0x200000d3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0x7, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x5393, 0x1, 0x1b18]}, 0x45c)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="5c00000012", 0x5}], 0x1, 0x0, 0x1f, 0x1f00c00e}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
r1 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000080)='udf\x00', 0x2008087, 0x0)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x8, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e27, @empty}, 0x10, 0x0}}], 0x1, 0x20004840)
socketpair$tipc(0x1e, 0x5, 0x2000000, &(0x7f0000000080))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = open(&(0x7f0000000780)='./bus\x00', 0x14d0be, 0x48)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r5, 0x800000)
setsockopt$MRT_ASSERT(r5, 0x0, 0xcf, &(0x7f0000000140), 0x4)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
r9 = syz_open_dev$usbmon(&(0x7f0000001100), 0x0, 0x80000)
ioctl$MON_IOCX_MFETCH(r9, 0xc0109207, &(0x7f0000000280)={&(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x3, 0xa})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

3.77453338s ago: executing program 0 (id=2247):
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x45e, 0xf9, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x8, 0x0, [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x6, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xfe, 0x54}}}}}]}}]}}, 0x0)
r0 = socket(0x1d, 0x2, 0x7)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, 0x0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2, 0x1, 0x1}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r1, 0x2, &(0x7f0000000080)={0x0, 0x1}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
mount$9p_rdma(&(0x7f0000000100), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e24,timeout=0x0'])
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@none}}}, 0x9)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x28, 0x3, 0x8, 0x801, 0x0, 0x0, {0x0, 0x0, 0x6}, [@CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8, 0x9, 0x1, 0x0, 0x4b9}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x28}, 0x1, 0x0, 0x0, 0x20044804}, 0x48010)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = eventfd2(0x8, 0x0)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f0000000040)={0x1, r4})
close(0x3)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000900d"])
add_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000a40)="dee7030022cf5c6c95135618fe7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41f020000000000000094f365ae68edf335abf35fc53d6751467ebd2c1874287e", 0x42, r5)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)

3.542584774s ago: executing program 2 (id=2249):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

3.252589022s ago: executing program 2 (id=2250):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
chroot(&(0x7f0000000480)='./file0/../file0\x00')
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010020000900010073797a30000000002c000000032301020000000000000000010000000900010073797a30000000000900030073797a300000000054000000060a010400000000000000000100000008000b40000000002c0004802800018008000100666962001c0002800800034000000001080002400000000008000140000000130900010073797a3000000000140000001100010000000000000000000000000a"], 0xc8}}, 0x20004000)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
setxattr$trusted_overlay_redirect(0x0, &(0x7f00000001c0), 0x0, 0x0, 0x1)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r2, 0x0)
setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000000)=@req3={0xf, 0x677ec255, 0x0, 0x0, 0xc8e, 0xfffffe00, 0x5}, 0x1c)
sendmmsg$unix(r1, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20008080}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x4)

3.098555337s ago: executing program 2 (id=2251):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000001ac0)={0x0, 0xfffffffffffffe78, &(0x7f0000000080)=[{&(0x7f0000000200)={0x114, 0x17, 0x301, 0x0, 0x25dfdbfb, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @generic="75ae89b29c2f3f8223c8e01770fdb6a5191e0c02f3f13d44f435d170f667074db0ada56ca8edaabe190cc3797e73b95b90923f585b5c1f66b29d9e32a335fa44ef62a5416cd043404fb693447de85400cdcc6db8071b4b36934d2e94340087b6c398003237a61eec3f56d046e45add06ca2703050b54fe589aee23cf8ead5555fbf60c1750decd341eb215b503507a", @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d", @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x40, 0x0}}]}]}, 0x114}], 0x1}, 0x840)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280)={<r5=>0x0, <r6=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r4, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)='1', 0x1}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r5, r6}}}], 0x20, 0x40044}}], 0x1, 0x4)
r7 = getgid()
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001300)='/proc/key-users\x00', 0x0, 0x0)
r9 = getpid()
sched_setscheduler(r9, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003b40)={0x2020, 0x0, 0x0, <r10=>0x0}, 0x2020)
statx(r1, &(0x7f0000001340)='./file0\x00', 0x2000, 0x10, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
r12 = accept4$inet6(0xffffffffffffffff, &(0x7f0000001480)={0xa, 0x0, 0x0, @initdev}, &(0x7f00000014c0)=0x1c, 0x0)
r13 = fcntl$getown(r0, 0x9)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000001500)={0x80000001, 0x68, {}, {<r14=>0x0}, 0x8, 0x5})
r15 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$sock_cred(r15, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, <r16=>0x0}, &(0x7f0000000080)=0xc)
setgid(r16)
sendmsg$netlink(r1, &(0x7f0000001640)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfe, 0x100}, 0xc, &(0x7f00000012c0)=[{&(0x7f00000003c0)={0x2a4, 0x20, 0x100, 0x70bd29, 0x25dfdbff, "", [@generic="064ff9094ed8132b6a0534f7fe9b3b8dc7f459855b0a61df8688433cbe1cb041d66c16d5195333f72c650ed308b71136c518aef2ba159c5b952e07a3af0843cbd3cd1e494ee86b585d6dd84caa6081c5d9c88f8cb66b57fa333736c902048daab8af412aff5e3f0140522f674fd7e264f17d752b05d315713c8adec7920ca0fd8dbffd125354156a1db2da8d8a9aec59b76fabae", @nested={0x119, 0x139, 0x0, 0x1, [@generic="0637dcdfc5f086debe15c62b6bc38eb164321735a3de4a9aa83c3aa5a815470dd24972e3501c5e6e2ad175ca204b36d938d61dbaf6331dbe965de70f3cb36b9e8c9039ff64b1f7afff2e127b59556d310f4f10d2791e0edf21e3171c804de047b468965f79e9ee3f29cf36f29437eda5c6e59d337e5cc9eaa90fc6d5c739806a29c9ccde8eb8add14dc78d63a21fc9e2c66ed29525c3aafbf5b979a4ad4ef6d2b85c321457a7afb112db18d7c2c3229bef5246a75055c7e656770fed1d86814fd63f472d1755163f7a9c", @generic="4755055ff9855e6c560f2b3e11007f70fc86174c79ea5c514a4aa3f66e83e9133ed3197a87f7311f16afc7f0884731a77784b13a656e3a71e5ba0c849e6a38eb25e3f1f4df3eeb912e1d6a"]}, @generic="55b3ccb81a3de689ca34523e0a3f79fb3acd81", @typed={0x4, 0x7e}, @generic="683be5e7c09ca0d14de7378a4dbe03629167c3316892ae35ef9348ab629e6c8821c99e8afa698c964399ba1e6a382cc681be4094bee32edadee35b390180ae3a9f1e4babb5c048ae7798feb9100e4fae2d58063a13d2a1a12c698d7898c6618133a2b0e63847c24ec3559c11c6b5665138c7e905034a861dba4d2256ca7294f8a01fba7bc0cc1b4e75ab28ab4e76a95b9b518ff6db9e82b65a92638d1ec11c3512d9916383753a121ab891a6c29ec63e3300f9addf79ab9a1d8b2ddf11a137c3d6df9d77741ca03c33a7b26d50"]}, 0x2a4}, {&(0x7f0000000680)={0x18c, 0x3b, 0x410, 0x70bd25, 0x25dfdbfc, "", [@generic="1ad116e07788faca934952ad88db31112fca99", @nested={0x165, 0x121, 0x0, 0x1, [@typed={0x14, 0x143, 0x0, 0x0, @ipv6=@empty}, @generic="0f27a875615a57d65cc7d083bec5a7e824a3a5c63bebaf022b3c829faad1da9e03e8b5a3a5ff2f92123a56cbf4955269694c1d2fbdb44b6a589d9e88ae9109fdea1200b31c86bffba9", @typed={0x4, 0x34}, @generic="b0b1b1d8442c19bc104f8510fb9158322b1f7b836669dbe1233de4a8167740753a290a3cc82966101afdb12c70e530efca389d3c5f782eb3b7c70687797bfaf9538ba7a95ff154c472df4f507b00f37e6a2735645eca94af2a502e34bc278c89f4332fa8aa938eb901ecb61b9b3d8cb87d4bf43abead819a9ca4f92e6a514b13530f389dfabcc29603e555b3900282c1c568695c50ccb95860721024a01d54b4c74c0bb022b54323cfc9370c824a3334cad38575b4c50acd3c4f6ead89297feac1a44f721d77e2af06b5e6e9cfac328037c8905ad5a529b457392aaf2cf208bf07da7d13050a1e6a16f53e98295b002ff071c372909848f047643121", @nested={0x4, 0x3a}]}]}, 0x18c}, {&(0x7f0000000a80)={0x66c, 0x1d, 0x8, 0x70bd27, 0x25dfdbfd, "", [@typed={0x97, 0x13, 0x0, 0x0, @binary="7aa7754af3d16763917b1ed58322c6f20953d8cc3cdfcc32c03d91aaf3e50f0f11953619c210f9949e25a2f53179180a5b52fc7dab658328da832a0b472d4ae84c6579d4ddb7729f910faf78aff8c09b532d4bbccc31907f134cbd1716a557e02230c56654c7c658a163e0dd79f009ec0013e06172e1e4708d59b724a26503e491955f169eb56912d2f566f4e64ee23ecae4a2"}, @generic="14fb14c63092b4c6e62d6fe499407cd2e4516b8be7d5f34df7270d9e727fe3e5feefadb8bea0fc7c3e8694ec1f3b428648bbd399380ea94b9f3a8ee86a9aeefce4dc5c5fce182b5a23278e4a3725ec70968e4a587116acf7d0fd9bc0e775bf8da4e0347d61ded507c58d4f9355eed5ffd73d4e30101de81939a31ef20944bb10523ae42faefc3136acd032475adb7ce37215d6d70da21f5e96a532ab1a4225b319a8095e0d5a3c4740fb12f4ebdbbd51e5c0f235ad3e64e6fe92e9b90da63cd72e4c0ef0deac776259b5c437c72ae40bbaf61c096b6ac9c0", @nested={0x9f, 0x119, 0x0, 0x1, [@generic="a80ea0333d2f489d89ff6bd9a3bd0162b8301e05d048b0fa532b6de75ec63024a268e87ee2c4130dc4cbc5744c10b2f5d189c7969a1b99bd71665b06e43b", @typed={0xc, 0x72, 0x0, 0x0, @u64=0x8}, @typed={0x8, 0x151, 0x0, 0x0, @uid}, @typed={0x14, 0xe3, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @remote}}, @generic="6ee6227f2a8ec8a67d990ab7e63e9bccf5ca455eb6ab9385df46c349cde77900654d4b5b3c", @typed={0x8, 0x12c, 0x0, 0x0, @uid}, @nested={0x4, 0x135}, @nested={0x4, 0xcb}]}, @generic="f604cf30b6d0b5cb3b26f2a303f9eb219c65ea02197a7b5ff68b435161dbe45622cbf9b8c018fc863aacf4030c27465ccdc8499002196b6a4a1c8db2c6cbfef70e3edf1d62033cab2d80e03e554ad8c10a28c99b2869e9c75f82ed8538befc69c519ba934132414a46c08ea91063b4a1e614517766e0730525cae9bd483226fb7c00a4bd7ae3d02f9b2dcb76d8a52d718e601c2a66f645040eb0f2907bf98a41066c7c4bc57573650d301e9c0eac8b7c89b870a4df9849", @generic="4ad5e6d60b270196e305f6224c0487d943a7cf123d648aa46d314e4a76957d2704bddd74692dfb743a425f8bfe148983de1d52359f387db2c84e974b679aeb8ec90867f058803b0434df78e85af1af7a3b8e00dc818af2db337d2de806629b6d6e4c7f80dd5d37723df7a539d9120529365d94868ffeff2b2a0613fc603d814ca1dfdec9782b1cbffdf6ce67ff69fc34d59b5803a22d431d2fbec9da669560f1b7a769395693b726313505f2295a48a0e935cb693ed33103c1c93375707092e4498e15e90771a249cd82966cb0bbb51f1e152b2f90ed2ca1a20c", @nested={0x1d8, 0x7f, 0x0, 0x1, [@generic="8431a6f2fc90609ecb2258eb81dec582a9a4c18cfbdcd182d55c11c255db7b2b9b1b6c86", @typed={0x8, 0x54, 0x0, 0x0, @ipv4=@private=0xa010100}, @generic="8478afb06c2cb7a3746281753929691d6064bc68cd712093b311a7c3d0cfa9ef63f1641a8c16adf8a2395d8d46371bca08ecade0de35a64cecaf5fce808ac9995610529a9f3e9f1c2125f64516ed073f09bb1cfee8c4c0303b05ac7028230d49ebe4a166e75b9e7334c5bc3887c62f2eec1bfe3786735ab181f0f60c91bb9931124de68e7fa6a2bc5395bba1545af2f9a1284bb0815220e58bf24a11b0bf609f2abb81e130fbaa1c86e755b55b46d43aebd9cf9b01d6fbd843d1", @generic="269f2c0cbe0510e2a5f31523e847e2140efc65ed205a0fdbc3efe38c515a17e8eba3de3d3ce6f4cd45", @generic="7f6c7476f6c2907d12824cf95483c86817", @nested={0x4, 0xbe}, @typed={0xa1, 0x136, 0x0, 0x0, @binary="33e9d7afdfa6f5713a689504dd7aff7b30d599ab2a32db337f51b2501f534f4c58626008d0fc63c0678743772034996d39b2ae0ee2d02ce2bd8090947f710be4156d07885f9d1134bcc720de036bae43e97c7a4b1ba8fcfc4d430e5858e20f61a1bf11397bedce81472c3d3c2cad9108013463cb94e6927823d4ed10f0d28d1cad7464907bce94e141102a9f143c7fb292643699cd84899457491ce987"}, @nested={0x4, 0xdb}, @typed={0x8, 0xfe, 0x0, 0x0, @pid}]}, @generic="777806e5cdca518038a8c6229723254d39360b90ccc11dc356bb1ca6a006705c643dd807da9f94567ce8990b5dffa9eefcb50aa2e77e422f2d3c140abb96d4a43171b26127b4ffb74368c1b81b7da2dc365610068aeef05f58c5fdd97a5b37250facb655adc313752fcb78f37dcc8e205a613fc040ada10c20b153aae2371a23ed333309123c91ab17949f9ae6b738ccc9c9d73029a1533d94186149e137b3e91a1d900155b61c28b2b95005b0755307037c7ae9669aca72e4add30a2011ab721c39c410834cde705c56b50485b62b1a0c34fe623621e42a2987f29b205297b6"]}, 0x66c}, {&(0x7f0000000880)=ANY=[@ANYBLOB="a40100001d00080027bd7000fcdbdf25abf51c5420a3eabba31c887c09415807861935597b896ca6db2aa1684be3d3a79f5a1c978317d3cd83b75a46622163014c80e52d9babc5f88d4d73cc5e6c56cc6820c8c1a6b6492587d5496e9614c63fceafd8758d7ea026399c57e506d94afba43b166150046b323ec7d51a38896bf15cf60600188875dd2aa8d8404af0f58ac9ddd88ca2f693a56850cc7c8ebb494b7d774ac65d2d3d03316d35061b53b8c5edfbf50b698e1d996e4252740a6c750a1bb00e8171b7c704003b8008005600b5990d003538a13c1245a12de821504c2b8edfc8df24b5c6a458639ea999307e4ccad58d1d5c3e21f5568c4d424989419df5a4aafbe2d038d9b8e718a14b4086", @ANYRES32=0x0, @ANYBLOB="410870d58870fac56a280d24d5a769b3f40ae4c10e33ba5dba0c2231c4413af275716d72e5c2c4020924c00a143c96e629036c88b929ba044dae5346dc1155397032f929c9f7e45484a9c0f0d7271665cc3aae9f619e91c726b78f3e4f4f86fb504831eb367a3c99bbe2defb2709c028a49f858193620d2db1a336c591569812a522af8fb47834e01bfa10d61adf842b632e8cbf4fe2e7bdf7f88add4c29cf1ac8db02749e57894d1901a80fbf58c314456a9321d0afbed379279df26169d68c429c86ea340da477e622463a422d000000"], 0x1a4}], 0x4, &(0x7f0000001540)=[@cred={{0x1c, 0x1, 0x2, {0x0, r6, r7}}}, @rights={{0x18, 0x1, 0x1, [r2, r1]}}, @rights={{0x1c, 0x1, 0x1, [r1, r8, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, r3, r3]}}, @cred={{0x1c, 0x1, 0x2, {r9, r10, r11}}}, @rights={{0x18, 0x1, 0x1, [r12, r0]}}, @cred={{0x1c, 0x1, 0x2, {r13, r14, r16}}}], 0xf0, 0x11}, 0x8010)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r17 = syz_open_dev$vim2m(&(0x7f0000000000), 0x100000001, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r17, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x0, 0x0, 0x32314152, 0x0, 0xfffffffd, 0x0, 0x0, 0x7}})
dup(r3)
fanotify_init(0x8, 0x400)

3.053558382s ago: executing program 32 (id=2191):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x35db, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x5, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0x200000d3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0x7, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x5393, 0x1, 0x1b18]}, 0x45c)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="5c00000012", 0x5}], 0x1, 0x0, 0x1f, 0x1f00c00e}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0)
r1 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x80000)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000080)='udf\x00', 0x2008087, 0x0)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x8, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000bc0)=[{{&(0x7f0000000180)={0x2, 0x4e27, @empty}, 0x10, 0x0}}], 0x1, 0x20004840)
socketpair$tipc(0x1e, 0x5, 0x2000000, &(0x7f0000000080))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r5 = open(&(0x7f0000000780)='./bus\x00', 0x14d0be, 0x48)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600402, 0x7ffffe, 0x4002011, r5, 0x800000)
setsockopt$MRT_ASSERT(r5, 0x0, 0xcf, &(0x7f0000000140), 0x4)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
r9 = syz_open_dev$usbmon(&(0x7f0000001100), 0x0, 0x80000)
ioctl$MON_IOCX_MFETCH(r9, 0xc0109207, &(0x7f0000000280)={&(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x3, 0xa})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

3.039957467s ago: executing program 0 (id=2253):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x17ef, 0x6047, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socket$can_bcm(0x1d, 0x2, 0x2) (async)
syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x4000, 0x13580}, 0x0, 0x0)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000180)={0x0, 0x40000000002, 0x8000000000000000, 0x8000f, 0x7fff, 0xfffffffffffffffe, 0x100, 0x10001000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x9, 0x4, 0x2, 0x0, 0x2, 0x7}, 0x0, 0x0) (async)
syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)={0x20, 0x23, 0x1f, {0x1f, 0xa, "a7ea3163fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3027c59ccb7"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.921285538s ago: executing program 2 (id=2254):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_clone(0x78503ef09497f070, &(0x7f0000000c80)="8cbfa05d74d17fdc01b9e9b4abdd52f56c4a4cf26c57cdd5376cd3d3eb596a3a2bf21c0e3c78da7a222655d60e30c5dd8eccfe180f07633536afbf79ccab16ca6ff8b09846b11e0aa39633343c2b4cb48c459345188f1d3f452f269f9b602f4779151137b6c526b6c13f495d2d987aae989fa1f8dc6c4d81e5807351a91a89153470cdaefc349cb37ad934263ff5201323517a5b5ef07148a17e581b7dda1ea832754121819cd5c1ced51794059fd55b0ecd9a5d25437c7dd1d6aff882c0e4c581906293c7a27be37e1b28fdfa11e5adb8c186fbc84ecb8a0628a892afda23132e1d6d5d58c6a672ee9251ea72084f1be24136c524ba0c7049aefd7637b50d387cb9f5c17bfa9cc40a6d53d03da772fb8348a89101ffd5ea356fd68a34bfa1c3f42001d95590918a46d569343ad17f317d46b235cdf715ee01e280500c6ceb060de893cd7ce3fbc7a5224249bb37acc06566ebb73cc60d24e71ab6864f2cdcc69d90cc0fcd217c8d14a2233327d3e7beb20b0acfd33a67922f48ce83600ba4e22581105e10fe10e078a39bbdbc38e82aff57984e9107113767db238e189bc93f50109f1267ba47ce7e189346c500913a655df909209e0deafe3b28a4d61ca11bc2eb18d95e44021b95bed93771c73abd61df8bd4579cd09294cf93566f1ad9ec55c6482a11f967e01c54d8d3ddfbf46710b11aa6cc15681624e6869fa5f0c5d485862595ef4d7645b2c9aa6666f7fc43e3d4203b453dff3bd2681c0f342329dedde688a99b25ca470b31cf27fe210b273867f7c09201be94c377dd3f4bd6c2514d0a0541c71328de928680cea08779c572ef3292f49b2093eb4d126f657393387f06c35f89bca30fddd1cf6264a2224810ea8238669af7b3f9e8750e8d920e13b1ce1a4748aeb58ab8851eddb325e832af249a1f6673344690381c6768d2035823aff0deffb012b5ce9b0f60ba64505684e455b8a285f98dfea5b82ea7f5470b4f7694afcf4655ce2a4798563c51cb3abb64e3f546abc6e89c08108351fbdc6f2d2e8d8709f3504b6bc9f5d34b8f2efc3ed021a61b8241095f747056aefba327dc52d29c43a1d737ec3b7b8c3e7b4bd4a11fe44ad86bcb471c61c22d264bbd7dd34668e8dec1217d57fb65162019d0e1a064e151f766afd070b4c47e0221353a44a5c450873974ad2615614f489af2a49283d02afcd384718c8ffdb783adc0f57f67b0ae8c90602a013e1d4f17d76f16812797c45f5ea7d87eb45c03220565166912c3d8c8f8243e89631db0e00cc38b596304e73e5e9db66c38d52b4a9e2cf61a42f11603613ad968d281d89f149269be0e672ca50cd4f9d084215f8d972bede751f322da1f120e2f21d8e0028eb3f9165a4668ea36d88416f9cbf961e033f0bbccc3f4f4568c3e8b38c6ccbc3a26dbc7c67d1f8f1a2bb8278f580e6e15ce7e0ddee388616351c022f2bb35563f360984d55bf23b508bd57214e052a8e0960ebfbaf8428edb876006f69934f461081e5d5f1bbf85af54b54deb51d531f90526a8e88ef24b5f47", 0x447, 0x0, &(0x7f00000000c0), 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, &(0x7f00000002c0))

2.17095231s ago: executing program 0 (id=2257):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x64)
ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000100))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x7, 0x790, 0x80000000002, 0x180, 0x400000004, 0x2, 0x10001, 0x3, 0xfffffffffffffd7e, 0x45, 0xffffffffffffffff, 0x3b9, 0xfffffffffffffffe, 0x1, 0x4000000000000, 0x8], 0x8000000, 0x3c4210})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.939608332s ago: executing program 0 (id=2258):
io_setup(0x7, &(0x7f0000000280)=<r0=>0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000ac0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000380)={0x38, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_KEY={0x1c, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_ID={0x18, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xfffd}]}]}]}]}, 0x38}}, 0x20000000)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="050000400000000000002e00000008000300", @ANYRES32=r6, @ANYBLOB="050034008b001100060049"], 0x2c}}, 0x0)
syz_io_uring_setup(0x3342, &(0x7f0000000000)={0x0, 0x5cb7, 0x10000, 0x3, 0x193}, &(0x7f0000000080), &(0x7f00000000c0))
io_submit(r0, 0x1, &(0x7f0000000340)=[&(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000140)='-3', 0x2}])

1.52943996s ago: executing program 0 (id=2259):
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x40, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x1, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fbf, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x4, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.184967003s ago: executing program 3 (id=2260):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x0, 0x0)
poll(&(0x7f00000002c0)=[{r1, 0x80ad}], 0x1, 0x2)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000200)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000240)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) (fail_nth: 3)

844.737718ms ago: executing program 2 (id=2261):
syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x45e, 0xf9, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x8, 0x0, [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x6, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xfe, 0x54}}}}}]}}]}}, 0x0)
r0 = socket(0x1d, 0x2, 0x7)
getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, 0x0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2, 0x1, 0x1}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r1, 0x2, &(0x7f0000000080)={0x0, 0x1}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x100)
mount$9p_rdma(&(0x7f0000000100), &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e24,timeout=0x0'])
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_pin_code_req={{0x16, 0x6}, {@none}}}, 0x9)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x28, 0x3, 0x8, 0x801, 0x0, 0x0, {0x0, 0x0, 0x6}, [@CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED={0x8, 0x9, 0x1, 0x0, 0x4b9}]}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x28}, 0x1, 0x0, 0x0, 0x20044804}, 0x48010)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
r4 = eventfd2(0x8, 0x0)
ioctl$VHOST_SET_VRING_ERR(r3, 0x4008af22, &(0x7f0000000040)={0x1, r4})
close(0x3)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000900d"])
add_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000a40)="dee7030022cf5c6c95135618fe7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41f020000000000000094f365ae68edf335abf35fc53d6751467ebd2c1874287e", 0x42, r5)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)

606.374915ms ago: executing program 3 (id=2262):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000001ac0)={0x0, 0xfffffffffffffe78, &(0x7f0000000080)=[{&(0x7f0000000200)={0x114, 0x17, 0x301, 0x0, 0x25dfdbfb, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @generic="75ae89b29c2f3f8223c8e01770fdb6a5191e0c02f3f13d44f435d170f667074db0ada56ca8edaabe190cc3797e73b95b90923f585b5c1f66b29d9e32a335fa44ef62a5416cd043404fb693447de85400cdcc6db8071b4b36934d2e94340087b6c398003237a61eec3f56d046e45add06ca2703050b54fe589aee23cf8ead5555fbf60c1750decd341eb215b503507a", @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb47d96219c08c029d1608a487f26fbe816b89f7cb81bff81a8b7a82565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875cf0d972df9e99f07976773f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fdc2f4393c05a007d12b505a84dfdb98d568175b62421d726d1e5331e1ddfd4d", @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x40, 0x0}}]}]}, 0x114}], 0x1}, 0x840)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280)={<r5=>0x0, <r6=>0x0}, &(0x7f00000013c0)=0xc)
sendmmsg$unix(r4, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)='1', 0x1}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r5, r6}}}], 0x20, 0x40044}}], 0x1, 0x4)
r7 = getgid()
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001300)='/proc/key-users\x00', 0x0, 0x0)
r9 = getpid()
sched_setscheduler(r9, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000003b40)={0x2020, 0x0, 0x0, <r10=>0x0}, 0x2020)
statx(r1, &(0x7f0000001340)='./file0\x00', 0x2000, 0x10, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
r12 = accept4$inet6(0xffffffffffffffff, &(0x7f0000001480)={0xa, 0x0, 0x0, @initdev}, &(0x7f00000014c0)=0x1c, 0x0)
r13 = fcntl$getown(r0, 0x9)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000001500)={0x80000001, 0x68, {}, {<r14=>0x0}, 0x8, 0x5})
r15 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$sock_cred(r15, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, <r16=>0x0}, &(0x7f0000000080)=0xc)
setgid(r16)
sendmsg$netlink(r1, &(0x7f0000001640)={&(0x7f0000000040)=@proc={0x10, 0x0, 0x25dfdbfe, 0x100}, 0xc, &(0x7f00000012c0)=[{&(0x7f00000003c0)={0x2a4, 0x20, 0x100, 0x70bd29, 0x25dfdbff, "", [@generic="064ff9094ed8132b6a0534f7fe9b3b8dc7f459855b0a61df8688433cbe1cb041d66c16d5195333f72c650ed308b71136c518aef2ba159c5b952e07a3af0843cbd3cd1e494ee86b585d6dd84caa6081c5d9c88f8cb66b57fa333736c902048daab8af412aff5e3f0140522f674fd7e264f17d752b05d315713c8adec7920ca0fd8dbffd125354156a1db2da8d8a9aec59b76fabae", @nested={0x119, 0x139, 0x0, 0x1, [@generic="0637dcdfc5f086debe15c62b6bc38eb164321735a3de4a9aa83c3aa5a815470dd24972e3501c5e6e2ad175ca204b36d938d61dbaf6331dbe965de70f3cb36b9e8c9039ff64b1f7afff2e127b59556d310f4f10d2791e0edf21e3171c804de047b468965f79e9ee3f29cf36f29437eda5c6e59d337e5cc9eaa90fc6d5c739806a29c9ccde8eb8add14dc78d63a21fc9e2c66ed29525c3aafbf5b979a4ad4ef6d2b85c321457a7afb112db18d7c2c3229bef5246a75055c7e656770fed1d86814fd63f472d1755163f7a9c", @generic="4755055ff9855e6c560f2b3e11007f70fc86174c79ea5c514a4aa3f66e83e9133ed3197a87f7311f16afc7f0884731a77784b13a656e3a71e5ba0c849e6a38eb25e3f1f4df3eeb912e1d6a"]}, @generic="55b3ccb81a3de689ca34523e0a3f79fb3acd81", @typed={0x4, 0x7e}, @generic="683be5e7c09ca0d14de7378a4dbe03629167c3316892ae35ef9348ab629e6c8821c99e8afa698c964399ba1e6a382cc681be4094bee32edadee35b390180ae3a9f1e4babb5c048ae7798feb9100e4fae2d58063a13d2a1a12c698d7898c6618133a2b0e63847c24ec3559c11c6b5665138c7e905034a861dba4d2256ca7294f8a01fba7bc0cc1b4e75ab28ab4e76a95b9b518ff6db9e82b65a92638d1ec11c3512d9916383753a121ab891a6c29ec63e3300f9addf79ab9a1d8b2ddf11a137c3d6df9d77741ca03c33a7b26d50"]}, 0x2a4}, {&(0x7f0000000680)={0x18c, 0x3b, 0x410, 0x70bd25, 0x25dfdbfc, "", [@generic="1ad116e07788faca934952ad88db31112fca99", @nested={0x165, 0x121, 0x0, 0x1, [@typed={0x14, 0x143, 0x0, 0x0, @ipv6=@empty}, @generic="0f27a875615a57d65cc7d083bec5a7e824a3a5c63bebaf022b3c829faad1da9e03e8b5a3a5ff2f92123a56cbf4955269694c1d2fbdb44b6a589d9e88ae9109fdea1200b31c86bffba9", @typed={0x4, 0x34}, @generic="b0b1b1d8442c19bc104f8510fb9158322b1f7b836669dbe1233de4a8167740753a290a3cc82966101afdb12c70e530efca389d3c5f782eb3b7c70687797bfaf9538ba7a95ff154c472df4f507b00f37e6a2735645eca94af2a502e34bc278c89f4332fa8aa938eb901ecb61b9b3d8cb87d4bf43abead819a9ca4f92e6a514b13530f389dfabcc29603e555b3900282c1c568695c50ccb95860721024a01d54b4c74c0bb022b54323cfc9370c824a3334cad38575b4c50acd3c4f6ead89297feac1a44f721d77e2af06b5e6e9cfac328037c8905ad5a529b457392aaf2cf208bf07da7d13050a1e6a16f53e98295b002ff071c372909848f047643121", @nested={0x4, 0x3a}]}]}, 0x18c}, {&(0x7f0000000a80)={0x66c, 0x1d, 0x8, 0x70bd27, 0x25dfdbfd, "", [@typed={0x97, 0x13, 0x0, 0x0, @binary="7aa7754af3d16763917b1ed58322c6f20953d8cc3cdfcc32c03d91aaf3e50f0f11953619c210f9949e25a2f53179180a5b52fc7dab658328da832a0b472d4ae84c6579d4ddb7729f910faf78aff8c09b532d4bbccc31907f134cbd1716a557e02230c56654c7c658a163e0dd79f009ec0013e06172e1e4708d59b724a26503e491955f169eb56912d2f566f4e64ee23ecae4a2"}, @generic="14fb14c63092b4c6e62d6fe499407cd2e4516b8be7d5f34df7270d9e727fe3e5feefadb8bea0fc7c3e8694ec1f3b428648bbd399380ea94b9f3a8ee86a9aeefce4dc5c5fce182b5a23278e4a3725ec70968e4a587116acf7d0fd9bc0e775bf8da4e0347d61ded507c58d4f9355eed5ffd73d4e30101de81939a31ef20944bb10523ae42faefc3136acd032475adb7ce37215d6d70da21f5e96a532ab1a4225b319a8095e0d5a3c4740fb12f4ebdbbd51e5c0f235ad3e64e6fe92e9b90da63cd72e4c0ef0deac776259b5c437c72ae40bbaf61c096b6ac9c0", @nested={0x9f, 0x119, 0x0, 0x1, [@generic="a80ea0333d2f489d89ff6bd9a3bd0162b8301e05d048b0fa532b6de75ec63024a268e87ee2c4130dc4cbc5744c10b2f5d189c7969a1b99bd71665b06e43b", @typed={0xc, 0x72, 0x0, 0x0, @u64=0x8}, @typed={0x8, 0x151, 0x0, 0x0, @uid}, @typed={0x14, 0xe3, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @remote}}, @generic="6ee6227f2a8ec8a67d990ab7e63e9bccf5ca455eb6ab9385df46c349cde77900654d4b5b3c", @typed={0x8, 0x12c, 0x0, 0x0, @uid}, @nested={0x4, 0x135}, @nested={0x4, 0xcb}]}, @generic="f604cf30b6d0b5cb3b26f2a303f9eb219c65ea02197a7b5ff68b435161dbe45622cbf9b8c018fc863aacf4030c27465ccdc8499002196b6a4a1c8db2c6cbfef70e3edf1d62033cab2d80e03e554ad8c10a28c99b2869e9c75f82ed8538befc69c519ba934132414a46c08ea91063b4a1e614517766e0730525cae9bd483226fb7c00a4bd7ae3d02f9b2dcb76d8a52d718e601c2a66f645040eb0f2907bf98a41066c7c4bc57573650d301e9c0eac8b7c89b870a4df9849", @generic="4ad5e6d60b270196e305f6224c0487d943a7cf123d648aa46d314e4a76957d2704bddd74692dfb743a425f8bfe148983de1d52359f387db2c84e974b679aeb8ec90867f058803b0434df78e85af1af7a3b8e00dc818af2db337d2de806629b6d6e4c7f80dd5d37723df7a539d9120529365d94868ffeff2b2a0613fc603d814ca1dfdec9782b1cbffdf6ce67ff69fc34d59b5803a22d431d2fbec9da669560f1b7a769395693b726313505f2295a48a0e935cb693ed33103c1c93375707092e4498e15e90771a249cd82966cb0bbb51f1e152b2f90ed2ca1a20c", @nested={0x1d8, 0x7f, 0x0, 0x1, [@generic="8431a6f2fc90609ecb2258eb81dec582a9a4c18cfbdcd182d55c11c255db7b2b9b1b6c86", @typed={0x8, 0x54, 0x0, 0x0, @ipv4=@private=0xa010100}, @generic="8478afb06c2cb7a3746281753929691d6064bc68cd712093b311a7c3d0cfa9ef63f1641a8c16adf8a2395d8d46371bca08ecade0de35a64cecaf5fce808ac9995610529a9f3e9f1c2125f64516ed073f09bb1cfee8c4c0303b05ac7028230d49ebe4a166e75b9e7334c5bc3887c62f2eec1bfe3786735ab181f0f60c91bb9931124de68e7fa6a2bc5395bba1545af2f9a1284bb0815220e58bf24a11b0bf609f2abb81e130fbaa1c86e755b55b46d43aebd9cf9b01d6fbd843d1", @generic="269f2c0cbe0510e2a5f31523e847e2140efc65ed205a0fdbc3efe38c515a17e8eba3de3d3ce6f4cd45", @generic="7f6c7476f6c2907d12824cf95483c86817", @nested={0x4, 0xbe}, @typed={0xa1, 0x136, 0x0, 0x0, @binary="33e9d7afdfa6f5713a689504dd7aff7b30d599ab2a32db337f51b2501f534f4c58626008d0fc63c0678743772034996d39b2ae0ee2d02ce2bd8090947f710be4156d07885f9d1134bcc720de036bae43e97c7a4b1ba8fcfc4d430e5858e20f61a1bf11397bedce81472c3d3c2cad9108013463cb94e6927823d4ed10f0d28d1cad7464907bce94e141102a9f143c7fb292643699cd84899457491ce987"}, @nested={0x4, 0xdb}, @typed={0x8, 0xfe, 0x0, 0x0, @pid}]}, @generic="777806e5cdca518038a8c6229723254d39360b90ccc11dc356bb1ca6a006705c643dd807da9f94567ce8990b5dffa9eefcb50aa2e77e422f2d3c140abb96d4a43171b26127b4ffb74368c1b81b7da2dc365610068aeef05f58c5fdd97a5b37250facb655adc313752fcb78f37dcc8e205a613fc040ada10c20b153aae2371a23ed333309123c91ab17949f9ae6b738ccc9c9d73029a1533d94186149e137b3e91a1d900155b61c28b2b95005b0755307037c7ae9669aca72e4add30a2011ab721c39c410834cde705c56b50485b62b1a0c34fe623621e42a2987f29b205297b6"]}, 0x66c}, {&(0x7f0000000880)=ANY=[@ANYBLOB="a40100001d00080027bd7000fcdbdf25abf51c5420a3eabba31c887c09415807861935597b896ca6db2aa1684be3d3a79f5a1c978317d3cd83b75a46622163014c80e52d9babc5f88d4d73cc5e6c56cc6820c8c1a6b6492587d5496e9614c63fceafd8758d7ea026399c57e506d94afba43b166150046b323ec7d51a38896bf15cf60600188875dd2aa8d8404af0f58ac9ddd88ca2f693a56850cc7c8ebb494b7d774ac65d2d3d03316d35061b53b8c5edfbf50b698e1d996e4252740a6c750a1bb00e8171b7c704003b8008005600b5990d003538a13c1245a12de821504c2b8edfc8df24b5c6a458639ea999307e4ccad58d1d5c3e21f5568c4d424989419df5a4aafbe2d038d9b8e718a14b4086", @ANYRES32=0x0, @ANYBLOB="410870d58870fac56a280d24d5a769b3f40ae4c10e33ba5dba0c2231c4413af275716d72e5c2c4020924c00a143c96e629036c88b929ba044dae5346dc1155397032f929c9f7e45484a9c0f0d7271665cc3aae9f619e91c726b78f3e4f4f86fb504831eb367a3c99bbe2defb2709c028a49f858193620d2db1a336c591569812a522af8fb47834e01bfa10d61adf842b632e8cbf4fe2e7bdf7f88add4c29cf1ac8db02749e57894d1901a80fbf58c314456a9321d0afbed379279df26169d68c429c86ea340da477e622463a422d000000"], 0x1a4}], 0x4, &(0x7f0000001540)=[@cred={{0x1c, 0x1, 0x2, {0x0, r6, r7}}}, @rights={{0x18, 0x1, 0x1, [r2, r1]}}, @rights={{0x1c, 0x1, 0x1, [r1, r8, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, r3, r3]}}, @cred={{0x1c, 0x1, 0x2, {r9, r10, r11}}}, @rights={{0x18, 0x1, 0x1, [r12, r0]}}, @cred={{0x1c, 0x1, 0x2, {r13, r14, r16}}}], 0xf0, 0x11}, 0x8010)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r17 = syz_open_dev$vim2m(&(0x7f0000000000), 0x100000001, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r17, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x0, 0x0, 0x32314152, 0x0, 0xfffffffd, 0x0, 0x0, 0x7}})
dup(r3)
fanotify_init(0x8, 0x400)

577.057253ms ago: executing program 0 (id=2263):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write(r0, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084")

420.13706ms ago: executing program 3 (id=2264):
r0 = socket(0x10, 0x3, 0x0)
recvmsg(r0, &(0x7f0000001140)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001e00050300e1ff00fedb"], 0x24}, 0x1, 0x8000000, 0x0, 0xc880}, 0x0)

289.448651ms ago: executing program 3 (id=2265):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000003c0)={0x44, r2, 0x201, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000094}, 0x404c004)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc800}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000580)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x54, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x28, 0x3, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @redir={{0xa}, @val={0x4}}}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

138.974346ms ago: executing program 3 (id=2266):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x200)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x6, 0x1fb, 0xc38})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000001c0)={0x7, 0x1, 0x7})
close_range(r0, 0xffffffffffffffff, 0x0)

19.457324ms ago: executing program 2 (id=2267):
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xe9)
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_open_dev$hidraw(0x0, 0x0, 0x0)
r2 = syz_open_dev$mouse(0x0, 0xfff, 0x400000)
read$hidraw(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1000)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000006c0), r5)
sendmsg$NLBL_MGMT_C_REMOVE(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="f9002dbd7000fcdbdf2502002000050001"], 0x1c}, 0x1, 0x0, 0x0, 0x20008011}, 0x10)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)

0s ago: executing program 3 (id=2268):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0x11, 0x800}, @mpls={[], @ipv6=@icmpv6={0x0, 0x6, "ec9700", 0x38, 0x2c, 0x0, @local, @mcast2, {[@fragment={0x3a}], @param_prob={0x4, 0x0, 0x0, 0x804e, {0x1, 0x6, "55cab8", 0x443a, 0x32, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @loopback}}}}}}, 0x6e) (fail_nth: 3)

kernel console output (not intermixed with test programs):

01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.194826][T11688] RSP: 002b:00007f77b588f038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  411.194847][T11688] RAX: ffffffffffffffda RBX: 00007f77b4bd5fa0 RCX: 00007f77b498eba9
[  411.194861][T11688] RDX: ffffffffffffff9c RSI: 0000200000000780 RDI: ffffffffffffff9c
[  411.194875][T11688] RBP: 00007f77b588f090 R08: 0000000000000000 R09: 0000000000000000
[  411.194887][T11688] R10: 00002000000007c0 R11: 0000000000000246 R12: 0000000000000001
[  411.194899][T11688] R13: 00007f77b4bd6038 R14: 00007f77b4bd5fa0 R15: 00007fff62b0ae78
[  411.194930][T11688]  </TASK>
[  411.525433][T11693] FAULT_INJECTION: forcing a failure.
[  411.525433][T11693] name failslab, interval 1, probability 0, space 0, times 0
[  411.538845][T11693] CPU: 0 UID: 0 PID: 11693 Comm: syz.2.1988 Not tainted syzkaller #0 PREEMPT(full) 
[  411.538875][T11693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  411.538887][T11693] Call Trace:
[  411.538902][T11693]  <TASK>
[  411.538911][T11693]  dump_stack_lvl+0x189/0x250
[  411.538939][T11693]  ? __pfx____ratelimit+0x10/0x10
[  411.538968][T11693]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.538987][T11693]  ? __pfx__printk+0x10/0x10
[  411.539017][T11693]  ? __pfx___might_resched+0x10/0x10
[  411.539038][T11693]  ? fs_reclaim_acquire+0x7d/0x100
[  411.539056][T11693]  should_fail_ex+0x414/0x560
[  411.539074][T11693]  should_failslab+0xa8/0x100
[  411.539090][T11693]  __kmalloc_cache_noprof+0x6f/0x6f0
[  411.539110][T11693]  ? trace_contention_end+0x39/0x120
[  411.539125][T11693]  ? vhost_task_create+0xf6/0x290
[  411.539145][T11693]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  411.539163][T11693]  vhost_task_create+0xf6/0x290
[  411.539178][T11693]  ? arch_stack_walk+0xfc/0x150
[  411.539194][T11693]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  411.539213][T11693]  ? __pfx_vhost_task_create+0x10/0x10
[  411.539236][T11693]  ? __pfx_vhost_task_fn+0x10/0x10
[  411.539266][T11693]  kvm_mmu_post_init_vm+0x14c/0x300
[  411.539281][T11693]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  411.539298][T11693]  ? __mutex_trylock_common+0x153/0x260
[  411.539316][T11693]  ? __pfx___mutex_trylock_common+0x10/0x10
[  411.539333][T11693]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  411.539347][T11693]  ? rcu_is_watching+0x15/0xb0
[  411.539366][T11693]  ? trace_contention_end+0x39/0x120
[  411.539381][T11693]  ? look_up_lock_class+0x74/0x170
[  411.539401][T11693]  ? register_lock_class+0x51/0x320
[  411.539418][T11693]  ? __lock_acquire+0xab9/0xd20
[  411.539450][T11693]  kvm_vcpu_ioctl+0x95c/0xe90
[  411.539466][T11693]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  411.539493][T11693]  ? __fget_files+0x2a/0x420
[  411.539513][T11693]  ? __fget_files+0x3a0/0x420
[  411.539528][T11693]  ? __fget_files+0x2a/0x420
[  411.539546][T11693]  ? bpf_lsm_file_ioctl+0x9/0x20
[  411.539564][T11693]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  411.539576][T11693]  __se_sys_ioctl+0xfc/0x170
[  411.539591][T11693]  do_syscall_64+0xfa/0xfa0
[  411.539607][T11693]  ? lockdep_hardirqs_on+0x9c/0x150
[  411.539625][T11693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.539637][T11693]  ? clear_bhb_loop+0x60/0xb0
[  411.539652][T11693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.539664][T11693] RIP: 0033:0x7f77b498eba9
[  411.539677][T11693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.539688][T11693] RSP: 002b:00007f77b588f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  411.539704][T11693] RAX: ffffffffffffffda RBX: 00007f77b4bd5fa0 RCX: 00007f77b498eba9
[  411.539713][T11693] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  411.539721][T11693] RBP: 00007f77b588f090 R08: 0000000000000000 R09: 0000000000000000
[  411.539728][T11693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.539735][T11693] R13: 00007f77b4bd6038 R14: 00007f77b4bd5fa0 R15: 00007fff62b0ae78
[  411.539757][T11693]  </TASK>
[  412.104518][    T9] keytouch 0003:0926:3333.0040: fixing up Keytouch IEC report descriptor
[  412.126277][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0040/input/input59
[  412.225296][    T9] keytouch 0003:0926:3333.0040: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  412.322715][ T5902] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  412.492462][ T5902] usb 3-1: Using ep0 maxpacket: 8
[  412.499874][ T5902] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  412.511884][ T5902] usb 3-1: config 179 has no interface number 0
[  412.518493][ T5902] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  412.534635][ T5902] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  412.546428][ T5902] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  412.558829][ T5902] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  412.570464][ T5902] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  412.583894][ T5902] usb 3-1: config 179 interface 65 has no altsetting 0
[  412.590805][ T5902] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  412.612431][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.633965][ T5944] usb 1-1: USB disconnect, device number 87
[  412.667392][   T43] usb 2-1: USB disconnect, device number 87
[  412.687930][ T5902] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input60
[  412.930012][   T56] block nbd1: Possible stuck request ffff888025c00000: control (read@0,1024B). Runtime 120 seconds
[  412.946533][ T5862] input input60: unable to receive magic message: -110
[  413.023970][   T56] block nbd1: Possible stuck request ffff888025c001c0: control (read@1024,1024B). Runtime 120 seconds
[  413.202625][   T56] block nbd1: Possible stuck request ffff888025c00380: control (read@2048,1024B). Runtime 120 seconds
[  413.214622][   T56] block nbd1: Possible stuck request ffff888025c00540: control (read@3072,1024B). Runtime 120 seconds
[  413.305592][T11711] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  413.318306][T11711] gfs2: error -5 reading superblock
[  413.662748][    T9] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  413.832455][    T9] usb 1-1: Using ep0 maxpacket: 16
[  413.848193][    T9] usb 1-1: too many configurations: 97, using maximum allowed: 8
[  413.875749][    T9] usb 1-1: config 6 has an invalid interface number: 43 but max is 0
[  413.898956][    T9] usb 1-1: config 6 has no interface number 0
[  413.910869][    T9] usb 1-1: config 6 has an invalid interface number: 43 but max is 0
[  413.925667][    T9] usb 1-1: config 6 has no interface number 0
[  413.938030][    T9] usb 1-1: config 6 has an invalid interface number: 43 but max is 0
[  413.952224][    T9] usb 1-1: config 6 has no interface number 0
[  413.981221][    T9] usb 1-1: config 6 has an invalid interface number: 43 but max is 0
[  413.998201][    T9] usb 1-1: config 6 has no interface number 0
[  414.012299][    T9] usb 1-1: config 6 has an invalid interface number: 43 but max is 0
[  414.023318][    T9] usb 1-1: config 6 has no interface number 0
[  414.036734][    T9] usb 1-1: config 6 has an invalid interface number: 43 but max is 0
[  414.045479][    T9] usb 1-1: config 6 has no interface number 0
[  414.053033][    T9] usb 1-1: config 6 has an invalid interface number: 43 but max is 0
[  414.061278][    T9] usb 1-1: config 6 has no interface number 0
[  414.069800][    T9] usb 1-1: config 6 has an invalid interface number: 43 but max is 0
[  414.078588][    T9] usb 1-1: config 6 has no interface number 0
[  414.094939][    T9] usb 1-1: string descriptor 0 read error: -71
[  414.101494][    T9] usb 1-1: New USB device found, idVendor=2304, idProduct=023b, bcdDevice=7b.5c
[  414.118262][    T9] usb 1-1: New USB device strings: Mfr=249, Product=204, SerialNumber=224
[  414.154127][    T9] usb 1-1: rejected 8 configurations due to insufficient available bus power
[  414.164912][    T9] usb 1-1: no configuration chosen from 8 choices
[  414.184197][    T9] usb 1-1: USB disconnect, device number 88
[  414.242529][ T5953] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  414.406883][ T5953] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  414.417664][ T5953] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  414.433839][ T5953] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  414.444449][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.457291][ T5953] usb 4-1: config 0 descriptor??
[  414.468782][ T5953] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  414.522686][   T43] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  414.675763][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  414.688134][   T43] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  414.700540][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.732759][   T43] usb 2-1: config 0 descriptor??
[  415.080989][ T5953] usb 3-1: USB disconnect, device number 100
[  415.081094][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  415.140076][T11739] FAULT_INJECTION: forcing a failure.
[  415.140076][T11739] name failslab, interval 1, probability 0, space 0, times 0
[  415.156628][   T43] keytouch 0003:0926:3333.0041: fixing up Keytouch IEC report descriptor
[  415.167041][T11739] CPU: 1 UID: 0 PID: 11739 Comm: syz.2.2005 Not tainted syzkaller #0 PREEMPT(full) 
[  415.167068][T11739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  415.167081][T11739] Call Trace:
[  415.167091][T11739]  <TASK>
[  415.167101][T11739]  dump_stack_lvl+0x189/0x250
[  415.167128][T11739]  ? __pfx____ratelimit+0x10/0x10
[  415.167159][T11739]  ? __pfx_dump_stack_lvl+0x10/0x10
[  415.167180][T11739]  ? __pfx__printk+0x10/0x10
[  415.167218][T11739]  ? __pfx___might_resched+0x10/0x10
[  415.167241][T11739]  ? fs_reclaim_acquire+0x7d/0x100
[  415.167273][T11739]  should_fail_ex+0x414/0x560
[  415.167317][T11739]  should_failslab+0xa8/0x100
[  415.167343][T11739]  __kmalloc_cache_noprof+0x6f/0x6f0
[  415.167367][T11739]  ? binder_get_thread+0x1c8/0x6d0
[  415.167396][T11739]  ? do_raw_spin_unlock+0x122/0x240
[  415.167430][T11739]  binder_get_thread+0x1c8/0x6d0
[  415.167463][T11739]  binder_ioctl+0x273/0x19c0
[  415.167496][T11739]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  415.167528][T11739]  ? do_vfs_ioctl+0xbe8/0x1430
[  415.167547][T11739]  ? __pfx_binder_ioctl+0x10/0x10
[  415.167575][T11739]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  415.167641][T11739]  ? __fget_files+0x2a/0x420
[  415.167674][T11739]  ? __fget_files+0x3a0/0x420
[  415.167699][T11739]  ? __fget_files+0x2a/0x420
[  415.167730][T11739]  ? bpf_lsm_file_ioctl+0x9/0x20
[  415.167761][T11739]  ? __pfx_binder_ioctl+0x10/0x10
[  415.167824][T11739]  __se_sys_ioctl+0xfc/0x170
[  415.167850][T11739]  do_syscall_64+0xfa/0xfa0
[  415.167879][T11739]  ? lockdep_hardirqs_on+0x9c/0x150
[  415.167909][T11739]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.167931][T11739]  ? clear_bhb_loop+0x60/0xb0
[  415.167958][T11739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.167978][T11739] RIP: 0033:0x7f77b498eba9
[  415.167998][T11739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.168016][T11739] RSP: 002b:00007f77b588f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  415.168039][T11739] RAX: ffffffffffffffda RBX: 00007f77b4bd5fa0 RCX: 00007f77b498eba9
[  415.168054][T11739] RDX: 0000200000004a40 RSI: 00000000c0306201 RDI: 0000000000000003
[  415.168067][T11739] RBP: 00007f77b588f090 R08: 0000000000000000 R09: 0000000000000000
[  415.168080][T11739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.168092][T11739] R13: 00007f77b4bd6038 R14: 00007f77b4bd5fa0 R15: 00007fff62b0ae78
[  415.168127][T11739]  </TASK>
[  415.168674][T11739] binder: 11738:11739 ioctl c0306201 200000004a40 returned -12
[  415.427335][   T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0041/input/input61
[  415.441142][T11742] I/O error, dev loop0, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  415.457826][T11742] gfs2: error -5 reading superblock
[  415.577498][   T43] keytouch 0003:0926:3333.0041: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  415.779637][ T5953] usb 2-1: USB disconnect, device number 88
[  416.793617][T11777] FAULT_INJECTION: forcing a failure.
[  416.793617][T11777] name failslab, interval 1, probability 0, space 0, times 0
[  416.807571][T11777] CPU: 1 UID: 0 PID: 11777 Comm: syz.2.2017 Not tainted syzkaller #0 PREEMPT(full) 
[  416.807600][T11777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  416.807613][T11777] Call Trace:
[  416.807623][T11777]  <TASK>
[  416.807633][T11777]  dump_stack_lvl+0x189/0x250
[  416.807659][T11777]  ? __pfx____ratelimit+0x10/0x10
[  416.807689][T11777]  ? __pfx_dump_stack_lvl+0x10/0x10
[  416.807708][T11777]  ? __pfx__printk+0x10/0x10
[  416.807745][T11777]  ? __pfx___might_resched+0x10/0x10
[  416.807768][T11777]  ? fs_reclaim_acquire+0x7d/0x100
[  416.807799][T11777]  should_fail_ex+0x414/0x560
[  416.807829][T11777]  should_failslab+0xa8/0x100
[  416.807856][T11777]  __kmalloc_cache_noprof+0x6f/0x6f0
[  416.807880][T11777]  ? binder_get_thread+0x1c8/0x6d0
[  416.807909][T11777]  ? do_raw_spin_unlock+0x122/0x240
[  416.807945][T11777]  binder_get_thread+0x1c8/0x6d0
[  416.807982][T11777]  binder_ioctl+0x273/0x19c0
[  416.808021][T11777]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  416.808053][T11777]  ? do_vfs_ioctl+0xbe8/0x1430
[  416.808073][T11777]  ? __pfx_binder_ioctl+0x10/0x10
[  416.808103][T11777]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  416.808169][T11777]  ? __fget_files+0x2a/0x420
[  416.808201][T11777]  ? __fget_files+0x3a0/0x420
[  416.808227][T11777]  ? __fget_files+0x2a/0x420
[  416.808258][T11777]  ? bpf_lsm_file_ioctl+0x9/0x20
[  416.808289][T11777]  ? __pfx_binder_ioctl+0x10/0x10
[  416.808328][T11777]  __se_sys_ioctl+0xfc/0x170
[  416.808354][T11777]  do_syscall_64+0xfa/0xfa0
[  416.808383][T11777]  ? lockdep_hardirqs_on+0x9c/0x150
[  416.808413][T11777]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.808434][T11777]  ? clear_bhb_loop+0x60/0xb0
[  416.808459][T11777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.808479][T11777] RIP: 0033:0x7f77b498eba9
[  416.808499][T11777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.808517][T11777] RSP: 002b:00007f77b588f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  416.808539][T11777] RAX: ffffffffffffffda RBX: 00007f77b4bd5fa0 RCX: 00007f77b498eba9
[  416.808555][T11777] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003
[  416.808568][T11777] RBP: 00007f77b588f090 R08: 0000000000000000 R09: 0000000000000000
[  416.808581][T11777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.808593][T11777] R13: 00007f77b4bd6038 R14: 00007f77b4bd5fa0 R15: 00007fff62b0ae78
[  416.808628][T11777]  </TASK>
[  416.808780][T11777] binder: 11776:11777 ioctl c0306201 2000000001c0 returned -12
[  417.043585][    T9] usb 4-1: USB disconnect, device number 90
[  417.432573][ T5953] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  417.560852][T11795] FAULT_INJECTION: forcing a failure.
[  417.560852][T11795] name failslab, interval 1, probability 0, space 0, times 0
[  417.585044][T11795] CPU: 1 UID: 0 PID: 11795 Comm: syz.1.2023 Not tainted syzkaller #0 PREEMPT(full) 
[  417.585075][T11795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  417.585088][T11795] Call Trace:
[  417.585097][T11795]  <TASK>
[  417.585106][T11795]  dump_stack_lvl+0x189/0x250
[  417.585134][T11795]  ? __pfx____ratelimit+0x10/0x10
[  417.585162][T11795]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.585184][T11795]  ? __pfx__printk+0x10/0x10
[  417.585221][T11795]  ? __pfx___might_resched+0x10/0x10
[  417.585244][T11795]  ? fs_reclaim_acquire+0x7d/0x100
[  417.585276][T11795]  should_fail_ex+0x414/0x560
[  417.585315][T11795]  should_failslab+0xa8/0x100
[  417.585339][T11795]  __kmalloc_noprof+0xcb/0x7f0
[  417.585360][T11795]  ? tomoyo_encode+0x28b/0x550
[  417.585395][T11795]  tomoyo_encode+0x28b/0x550
[  417.585434][T11795]  tomoyo_realpath_from_path+0x58d/0x5d0
[  417.585476][T11795]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  417.585503][T11795]  tomoyo_path_number_perm+0x1e8/0x5a0
[  417.585533][T11795]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  417.585604][T11795]  ? __fget_files+0x2a/0x420
[  417.585639][T11795]  ? __fget_files+0x3a0/0x420
[  417.585665][T11795]  ? __fget_files+0x2a/0x420
[  417.585698][T11795]  security_file_ioctl+0xcb/0x2d0
[  417.585728][T11795]  __se_sys_ioctl+0x47/0x170
[  417.585753][T11795]  do_syscall_64+0xfa/0xfa0
[  417.585783][T11795]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.585813][T11795]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.585834][T11795]  ? clear_bhb_loop+0x60/0xb0
[  417.585861][T11795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.585881][T11795] RIP: 0033:0x7f081758eba9
[  417.585902][T11795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.585921][T11795] RSP: 002b:00007f08183ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  417.585945][T11795] RAX: ffffffffffffffda RBX: 00007f08177d5fa0 RCX: 00007f081758eba9
[  417.585960][T11795] RDX: 0000200000000380 RSI: 00000000c03864bc RDI: 0000000000000003
[  417.585972][T11795] RBP: 00007f08183ab090 R08: 0000000000000000 R09: 0000000000000000
[  417.585985][T11795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.585998][T11795] R13: 00007f08177d6038 R14: 00007f08177d5fa0 R15: 00007ffe744dbc58
[  417.586035][T11795]  </TASK>
[  417.586059][T11795] ERROR: Out of memory at tomoyo_realpath_from_path.
[  417.600572][ T5953] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  417.825025][T11801] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  417.884991][T11801] gfs2: error -5 reading superblock
[  417.951894][ T5953] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  417.982500][ T5953] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.013927][ T5953] usb 1-1: config 0 descriptor??
[  418.429747][ T5953] keytouch 0003:0926:3333.0042: fixing up Keytouch IEC report descriptor
[  418.456334][ T5953] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0042/input/input62
[  418.468511][ T5943] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  418.572940][ T5953] keytouch 0003:0926:3333.0042: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  418.629504][ T5943] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  418.674301][ T5943] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  418.710045][ T5943] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  418.729162][ T5943] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.746845][ T5943] usb 2-1: config 0 descriptor??
[  418.779383][ T5943] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  419.075675][   T43] usb 1-1: USB disconnect, device number 89
[  419.222521][   T24] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  419.374698][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  419.387174][   T24] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  419.396755][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.408849][   T24] usb 3-1: config 0 descriptor??
[  419.615800][T11818] FAULT_INJECTION: forcing a failure.
[  419.615800][T11818] name failslab, interval 1, probability 0, space 0, times 0
[  419.637201][T11810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  419.644747][T11818] CPU: 0 UID: 0 PID: 11818 Comm: syz.3.2030 Not tainted syzkaller #0 PREEMPT(full) 
[  419.644776][T11818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  419.644789][T11818] Call Trace:
[  419.644797][T11818]  <TASK>
[  419.644805][T11818]  dump_stack_lvl+0x189/0x250
[  419.644829][T11818]  ? __pfx____ratelimit+0x10/0x10
[  419.644856][T11818]  ? __pfx_dump_stack_lvl+0x10/0x10
[  419.644873][T11818]  ? __pfx__printk+0x10/0x10
[  419.644906][T11818]  ? __pfx___might_resched+0x10/0x10
[  419.644925][T11818]  ? fs_reclaim_acquire+0x7d/0x100
[  419.644952][T11818]  should_fail_ex+0x414/0x560
[  419.644979][T11818]  should_failslab+0xa8/0x100
[  419.645003][T11818]  __kmalloc_noprof+0xcb/0x7f0
[  419.645022][T11818]  ? tomoyo_encode+0x28b/0x550
[  419.645055][T11818]  tomoyo_encode+0x28b/0x550
[  419.645088][T11818]  tomoyo_realpath_from_path+0x58d/0x5d0
[  419.645117][T11818]  ? tomoyo_domain+0xd9/0x130
[  419.645139][T11818]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  419.645162][T11818]  tomoyo_path_number_perm+0x1e8/0x5a0
[  419.645188][T11818]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  419.645251][T11818]  ? __fget_files+0x2a/0x420
[  419.645288][T11818]  ? __fget_files+0x3a0/0x420
[  419.645310][T11818]  ? __fget_files+0x2a/0x420
[  419.645338][T11818]  security_file_ioctl+0xcb/0x2d0
[  419.645362][T11818]  __se_sys_ioctl+0x47/0x170
[  419.645386][T11818]  do_syscall_64+0xfa/0xfa0
[  419.645411][T11818]  ? lockdep_hardirqs_on+0x9c/0x150
[  419.645437][T11818]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.645455][T11818]  ? clear_bhb_loop+0x60/0xb0
[  419.645478][T11818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.645496][T11818] RIP: 0033:0x7f14f8f8eba9
[  419.645514][T11818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.645531][T11818] RSP: 002b:00007f14f9e45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  419.645552][T11818] RAX: ffffffffffffffda RBX: 00007f14f91d5fa0 RCX: 00007f14f8f8eba9
[  419.645566][T11818] RDX: 0000200000000380 RSI: 000000000000890b RDI: 0000000000000004
[  419.645578][T11818] RBP: 00007f14f9e45090 R08: 0000000000000000 R09: 0000000000000000
[  419.645590][T11818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.645601][T11818] R13: 00007f14f91d6038 R14: 00007f14f91d5fa0 R15: 00007ffcbc3ab448
[  419.645632][T11818]  </TASK>
[  419.645653][T11818] ERROR: Out of memory at tomoyo_realpath_from_path.
[  419.652133][T11810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.087710][T11825] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  420.317477][   T24] usbhid 3-1:0.0: can't add hid device: -71
[  420.324091][   T24] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  420.347509][   T24] usb 3-1: USB disconnect, device number 101
[  420.423707][T11835] I/O error, dev loop0, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  420.434258][T11835] gfs2: error -5 reading superblock
[  421.092222][T11848] binder: 11847:11848 ioctl c0306201 200000004a40 returned -14
[  421.228369][ T5943] usb 2-1: USB disconnect, device number 89
[  421.393623][T11852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2041'.
[  421.612637][ T5943] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  421.776461][ T5943] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  421.814934][ T5943] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  421.833396][ T5943] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.864001][ T5943] usb 2-1: config 0 descriptor??
[  422.192569][ T1212] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  422.284845][ T5943] keytouch 0003:0926:3333.0043: fixing up Keytouch IEC report descriptor
[  422.296955][ T5943] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0043/input/input63
[  422.309121][ T5953] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  422.332548][ T1212] usb 1-1: device descriptor read/64, error -71
[  422.412145][ T5943] keytouch 0003:0926:3333.0043: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  422.466547][ T5953] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  422.488980][ T5953] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  422.505462][ T5953] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  422.515775][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.536947][ T5953] usb 4-1: config 0 descriptor??
[  422.548965][ T5953] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  422.573002][ T1212] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  422.712599][ T1212] usb 1-1: device descriptor read/64, error -71
[  422.828911][ T1212] usb usb1-port1: attempt power cycle
[  422.882010][T11880] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  422.882602][ T5943] usb 2-1: USB disconnect, device number 90
[  423.172593][ T1212] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  423.192615][ T5902] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  423.193298][ T1212] usb 1-1: device descriptor read/8, error -71
[  423.342665][ T5902] usb 3-1: Using ep0 maxpacket: 8
[  423.350015][ T5902] usb 3-1: config 8 has an invalid interface number: 161 but max is 0
[  423.358655][ T5902] usb 3-1: config 8 has no interface number 0
[  423.367119][ T5902] usb 3-1: config 8 interface 161 has no altsetting 0
[  423.378087][ T5902] usb 3-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=60.da
[  423.387611][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.397925][ T5902] usb 3-1: Product: syz
[  423.402150][ T5902] usb 3-1: Manufacturer: syz
[  423.406918][ T5902] usb 3-1: SerialNumber: syz
[  423.442614][ T1212] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  423.485627][ T1212] usb 1-1: device descriptor read/8, error -71
[  423.497708][T11885] sp0: Synchronizing with TNC
[  423.603100][ T1212] usb usb1-port1: unable to enumerate USB device
[  423.656361][ T5902] net1080 3-1:8.161: probe with driver net1080 failed with error -22
[  423.686348][ T5902] usb 3-1: USB disconnect, device number 102
[  424.287123][T11894] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  424.318597][T11893] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  424.330922][T11893] block device autoloading is deprecated and will be removed.
[  425.018654][T11918] FAULT_INJECTION: forcing a failure.
[  425.018654][T11918] name failslab, interval 1, probability 0, space 0, times 0
[  425.036135][T11918] CPU: 1 UID: 0 PID: 11918 Comm: syz.0.2062 Not tainted syzkaller #0 PREEMPT(full) 
[  425.036166][T11918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  425.036178][T11918] Call Trace:
[  425.036187][T11918]  <TASK>
[  425.036196][T11918]  dump_stack_lvl+0x189/0x250
[  425.036217][T11918]  ? __pfx____ratelimit+0x10/0x10
[  425.036235][T11918]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.036247][T11918]  ? __pfx__printk+0x10/0x10
[  425.036267][T11918]  ? __pfx___might_resched+0x10/0x10
[  425.036282][T11918]  ? fs_reclaim_acquire+0x7d/0x100
[  425.036299][T11918]  should_fail_ex+0x414/0x560
[  425.036317][T11918]  should_failslab+0xa8/0x100
[  425.036334][T11918]  __kmalloc_noprof+0xcb/0x7f0
[  425.036346][T11918]  ? alloc_pipe_info+0x1fd/0x4d0
[  425.036365][T11918]  alloc_pipe_info+0x1fd/0x4d0
[  425.036382][T11918]  splice_direct_to_actor+0xa5d/0xcc0
[  425.036399][T11918]  ? __lock_acquire+0xab9/0xd20
[  425.036420][T11918]  ? __pfx_aa_file_perm+0x10/0x10
[  425.036431][T11918]  ? __lock_acquire+0xab9/0xd20
[  425.036444][T11918]  ? __pfx_direct_splice_actor+0x10/0x10
[  425.036459][T11918]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  425.036481][T11918]  do_splice_direct+0x181/0x270
[  425.036499][T11918]  ? __pfx_do_splice_direct+0x10/0x10
[  425.036515][T11918]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  425.036535][T11918]  ? rw_verify_area+0x255/0x4d0
[  425.036551][T11918]  do_sendfile+0x4da/0x7e0
[  425.036575][T11918]  ? __pfx_do_sendfile+0x10/0x10
[  425.036600][T11918]  __se_sys_sendfile64+0xd9/0x190
[  425.036620][T11918]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  425.036639][T11918]  ? do_syscall_64+0xbe/0xfa0
[  425.036660][T11918]  do_syscall_64+0xfa/0xfa0
[  425.036676][T11918]  ? lockdep_hardirqs_on+0x9c/0x150
[  425.036694][T11918]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.036706][T11918]  ? clear_bhb_loop+0x60/0xb0
[  425.036721][T11918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.036732][T11918] RIP: 0033:0x7f5bfb98eba9
[  425.036746][T11918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.036757][T11918] RSP: 002b:00007f5bfc72f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  425.036771][T11918] RAX: ffffffffffffffda RBX: 00007f5bfbbd5fa0 RCX: 00007f5bfb98eba9
[  425.036781][T11918] RDX: 0000200000002080 RSI: 0000000000000003 RDI: 0000000000000004
[  425.036789][T11918] RBP: 00007f5bfc72f090 R08: 0000000000000000 R09: 0000000000000000
[  425.036796][T11918] R10: 000000000000021c R11: 0000000000000246 R12: 0000000000000001
[  425.036804][T11918] R13: 00007f5bfbbd6038 R14: 00007f5bfbbd5fa0 R15: 00007ffd23f314d8
[  425.036824][T11918]  </TASK>
[  425.355976][   T43] usb 4-1: USB disconnect, device number 91
[  425.492527][ T5902] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  425.648786][ T5902] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  425.659946][ T5902] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  425.669097][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.680168][ T5902] usb 3-1: config 0 descriptor??
[  425.952148][T11929] binder: 11928:11929 ioctl c00c6211 0 returned -14
[  425.966477][T11929] netdevsim netdevsim3: Direct firmware load for ..€ failed with error -2
[  425.976739][T11929] netdevsim netdevsim3: Falling back to sysfs fallback for: ..€
[  426.092717][ T1212] usb 2-1: new full-speed USB device number 91 using dummy_hcd
[  426.106690][ T5902] keytouch 0003:0926:3333.0044: fixing up Keytouch IEC report descriptor
[  426.123876][ T5902] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0044/input/input65
[  426.236448][ T5902] keytouch 0003:0926:3333.0044: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  426.255019][ T1212] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  426.289867][ T1212] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  426.328941][ T1212] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  426.349565][T11934] overlayfs: failed to clone lowerpath
[  426.497986][ T1212] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  426.519440][ T1212] usb 2-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  426.536697][ T1212] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.545281][ T1212] usb 2-1: Product: syz
[  426.549703][ T1212] usb 2-1: Manufacturer: syz
[  426.558048][ T1212] usb 2-1: SerialNumber: syz
[  426.569391][ T1212] usb 2-1: config 0 descriptor??
[  426.588762][ T1212] xbox_remote_probe: Unexpected endpoint_in
[  426.677119][ T5902] usb 3-1: USB disconnect, device number 103
[  426.790820][ T1212] usb 2-1: USB disconnect, device number 91
[  426.959166][T11942] I/O error, dev loop0, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  426.970355][T11942] gfs2: error -5 reading superblock
[  427.170474][T11947] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2071'.
[  427.647112][   T43] usb 2-1: new high-speed USB device number 92 using dummy_hcd
[  427.804812][   T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  427.818859][   T43] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  427.890152][   T43] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  427.901138][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.916933][   T43] usb 2-1: config 0 descriptor??
[  427.926205][   T43] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  427.975149][T11955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2073'.
[  429.292632][   T43] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[  429.452566][   T43] usb 3-1: Using ep0 maxpacket: 16
[  429.459903][   T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  429.470801][   T43] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  429.480899][   T43] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  429.492062][   T43] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  429.502264][   T43] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  429.515335][   T43] usb 3-1: config 1 interface 1 has no altsetting 0
[  429.525500][   T43] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  429.535154][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.543324][   T43] usb 3-1: Product: syz
[  429.547610][   T43] usb 3-1: Manufacturer: syz
[  429.552225][   T43] usb 3-1: SerialNumber: syz
[  429.572527][ T5902] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  429.728464][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  429.745420][ T5902] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  429.757378][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.780229][ T5902] usb 4-1: config 0 descriptor??
[  430.058547][T11986] netlink: 'syz.0.2084': attribute type 29 has an invalid length.
[  430.081144][T11986] block nbd0: Attempted send on invalid socket
[  430.090870][T11986] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  430.101868][T11986] MINIX-fs: unable to read superblock
[  430.212597][ T5902] keytouch 0003:0926:3333.0045: fixing up Keytouch IEC report descriptor
[  430.231246][ T5902] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0045/input/input66
[  430.368491][ T5902] keytouch 0003:0926:3333.0045: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  430.526558][ T5943] usb 2-1: USB disconnect, device number 92
[  430.533976][   T43] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  430.552578][   T43] usb 3-1: 2:1 : format type 9 is not supported yet
[  430.676148][T11988] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2085'.
[  430.687874][   T43] usb 3-1: USB disconnect, device number 104
[  430.765759][T10837] udevd[10837]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  430.781037][ T1212] usb 4-1: USB disconnect, device number 92
[  431.497176][T12002] random: crng reseeded on system resumption
[  431.545579][T12009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.559364][T12009] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.702161][T12015] FAULT_INJECTION: forcing a failure.
[  431.702161][T12015] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  431.717368][T12015] CPU: 1 UID: 0 PID: 12015 Comm: syz.3.2094 Not tainted syzkaller #0 PREEMPT(full) 
[  431.717396][T12015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  431.717408][T12015] Call Trace:
[  431.717416][T12015]  <TASK>
[  431.717426][T12015]  dump_stack_lvl+0x189/0x250
[  431.717455][T12015]  ? __pfx____ratelimit+0x10/0x10
[  431.717484][T12015]  ? __pfx_dump_stack_lvl+0x10/0x10
[  431.717591][T12015]  ? __pfx__printk+0x10/0x10
[  431.717625][T12015]  ? __might_fault+0xb0/0x130
[  431.717657][T12015]  should_fail_ex+0x414/0x560
[  431.717686][T12015]  _copy_from_user+0x2d/0xb0
[  431.717708][T12015]  drm_ioctl+0x58a/0xb10
[  431.717737][T12015]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  431.717763][T12015]  ? __pfx_drm_ioctl+0x10/0x10
[  431.717800][T12015]  ? __fget_files+0x3a0/0x420
[  431.717824][T12015]  ? __fget_files+0x2a/0x420
[  431.717853][T12015]  ? bpf_lsm_file_ioctl+0x9/0x20
[  431.717885][T12015]  ? __pfx_drm_ioctl+0x10/0x10
[  431.717921][T12015]  __se_sys_ioctl+0xfc/0x170
[  431.717947][T12015]  do_syscall_64+0xfa/0xfa0
[  431.717978][T12015]  ? lockdep_hardirqs_on+0x9c/0x150
[  431.718008][T12015]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.718028][T12015]  ? clear_bhb_loop+0x60/0xb0
[  431.718054][T12015]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.718074][T12015] RIP: 0033:0x7f14f8f8eba9
[  431.718095][T12015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  431.718111][T12015] RSP: 002b:00007f14f9e45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  431.718131][T12015] RAX: ffffffffffffffda RBX: 00007f14f91d5fa0 RCX: 00007f14f8f8eba9
[  431.718146][T12015] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 0000000000000010
[  431.718160][T12015] RBP: 00007f14f9e45090 R08: 0000000000000000 R09: 0000000000000000
[  431.718173][T12015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  431.718186][T12015] R13: 00007f14f91d6038 R14: 00007f14f91d5fa0 R15: 00007ffcbc3ab448
[  431.718223][T12015]  </TASK>
[  431.928861][ T1212] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  431.986072][ T5860] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  432.087090][ T1212] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  432.096083][ T1212] usb 3-1: config 0 has no interface number 0
[  432.102278][ T1212] usb 3-1: config 0 interface 8 altsetting 0 bulk endpoint 0xB has invalid maxpacket 255
[  432.116673][ T1212] usb 3-1: New USB device found, idVendor=0582, idProduct=b9d5, bcdDevice=73.f7
[  432.125981][ T1212] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.146484][ T5860] usb 1-1: Using ep0 maxpacket: 8
[  432.148770][ T1212] usb 3-1: config 0 descriptor??
[  432.162752][T12008] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  432.171007][ T5860] usb 1-1: unable to get BOS descriptor or descriptor too short
[  432.180835][ T5860] usb 1-1: no configurations
[  432.185818][ T5860] usb 1-1: can't read configurations, error -22
[  432.253065][ T5953] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  432.271840][T10837] udevd[10837]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  432.342678][ T5860] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  432.376657][    T9] usb 3-1: USB disconnect, device number 105
[  432.425847][ T5953] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  432.437279][ T5953] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  432.450326][ T5953] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  432.459446][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.469528][ T5953] usb 4-1: config 0 descriptor??
[  432.480800][ T5953] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  432.502668][ T5860] usb 1-1: Using ep0 maxpacket: 8
[  432.510458][ T5860] usb 1-1: unable to get BOS descriptor or descriptor too short
[  432.519058][ T5860] usb 1-1: no configurations
[  432.524134][ T5860] usb 1-1: can't read configurations, error -22
[  432.531105][ T5860] usb usb1-port1: attempt power cycle
[  432.605003][ T1212] usb 2-1: new high-speed USB device number 93 using dummy_hcd
[  432.774136][ T1212] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  432.785451][ T1212] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  432.797530][ T1212] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.807983][ T1212] usb 2-1: config 0 descriptor??
[  432.882649][ T5860] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  432.914397][ T5860] usb 1-1: Using ep0 maxpacket: 8
[  432.924808][ T5860] usb 1-1: unable to get BOS descriptor or descriptor too short
[  432.935218][ T5860] usb 1-1: no configurations
[  432.939864][ T5860] usb 1-1: can't read configurations, error -22
[  433.072620][ T5860] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  433.093117][ T5860] usb 1-1: Using ep0 maxpacket: 8
[  433.100329][ T5860] usb 1-1: unable to get BOS descriptor or descriptor too short
[  433.108664][ T5860] usb 1-1: no configurations
[  433.113533][ T5860] usb 1-1: can't read configurations, error -22
[  433.120325][ T5860] usb usb1-port1: unable to enumerate USB device
[  433.226915][ T1212] keytouch 0003:0926:3333.0046: fixing up Keytouch IEC report descriptor
[  433.239881][ T1212] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0046/input/input67
[  433.347212][ T1212] keytouch 0003:0926:3333.0046: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  433.799195][ T1212] usb 2-1: USB disconnect, device number 93
[  433.827071][T12034] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2100'.
[  434.379329][T12037] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  434.392584][T12037] gfs2: error -5 reading superblock
[  434.903960][ T1212] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[  435.029816][ T5860] usb 4-1: USB disconnect, device number 93
[  435.071040][ T1212] usb 3-1: config 0 interface 0 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 20
[  435.111437][ T1212] usb 3-1: config 0 interface 0 has no altsetting 0
[  435.118550][    T9] usb 1-1: new full-speed USB device number 98 using dummy_hcd
[  435.140097][ T1212] usb 3-1: New USB device found, idVendor=0582, idProduct=008d, bcdDevice=7a.ac
[  435.153209][ T1212] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.176505][ T1212] usb 3-1: Product: syz
[  435.180838][ T1212] usb 3-1: Manufacturer: syz
[  435.189942][ T1212] usb 3-1: SerialNumber: syz
[  435.219219][ T1212] usb 3-1: config 0 descriptor??
[  435.296674][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  435.314381][    T9] usb 1-1: not running at top speed; connect to a high speed hub
[  435.323780][    T9] usb 1-1: config 5 has an invalid interface number: 215 but max is 0
[  435.332044][    T9] usb 1-1: config 5 has no interface number 0
[  435.341849][    T9] usb 1-1: config 5 interface 215 altsetting 3 endpoint 0xF has invalid maxpacket 512, setting to 64
[  435.356978][    T9] usb 1-1: config 5 interface 215 has no altsetting 0
[  435.368260][    T9] usb 1-1: New USB device found, idVendor=1163, idProduct=0100, bcdDevice=dc.ba
[  435.389079][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.403942][    T9] usb 1-1: Product: syz
[  435.408238][    T9] usb 1-1: Manufacturer: syz
[  435.415330][    T9] usb 1-1: SerialNumber: syz
[  435.431014][T12051] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  435.434731][T12046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  435.450259][T12046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.480462][ T1212] usb 3-1: interface 1 not found
[  435.493623][ T1212] usb 3-1: USB disconnect, device number 106
[  435.664863][    T9] cypress_m8 1-1:5.215: DeLorme Earthmate USB converter detected
[  435.678909][    T9] usb 1-1: DeLorme Earthmate USB converter now attached to ttyUSB0
[  435.691851][    T9] usb 1-1: USB disconnect, device number 98
[  435.716291][    T9] earthmate ttyUSB0: DeLorme Earthmate USB converter now disconnected from ttyUSB0
[  435.728717][    T9] cypress_m8 1-1:5.215: device disconnected
[  436.042664][ T5902] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  436.221676][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  436.237298][ T5902] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  436.250622][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.283638][ T5902] usb 4-1: config 0 descriptor??
[  436.401032][T12071] mkiss: ax0: crc mode is auto.
[  436.562989][ T5860] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[  436.706973][ T5902] keytouch 0003:0926:3333.0047: fixing up Keytouch IEC report descriptor
[  436.721798][ T5902] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0047/input/input68
[  436.735289][ T5860] usb 3-1: Using ep0 maxpacket: 8
[  436.747528][ T5860] usb 3-1: unable to get BOS descriptor or descriptor too short
[  436.769367][ T5860] usb 3-1: config 4 interface 0 has no altsetting 0
[  436.780604][ T5860] usb 3-1: string descriptor 0 read error: -22
[  436.788370][ T5860] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  436.800055][ T5860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.850437][ T5860] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  436.876110][ T5860] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  436.896674][ T5902] keytouch 0003:0926:3333.0047: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  436.933364][ T5860] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  436.940785][ T5860] usb 3-1: media controller created
[  437.051699][    C1] Mem-Info:
[  437.055187][T12072] usb 3-1: dvb_usb_au6610: wlen=0, aborting
[  437.055315][    C1] active_anon:25509 inactive_anon:0 isolated_anon:0
[  437.055315][    C1]  active_file:14041 inactive_file:3632 isolated_file:0
[  437.055315][    C1]  unevictable:768 dirty:454 writeback:0
[  437.055315][    C1]  slab_reclaimable:10918 slab_unreclaimable:91722
[  437.055315][    C1]  mapped:26485 shmem:20586 pagetables:1369
[  437.055315][    C1]  sec_pagetables:0 bounce:0
[  437.055315][    C1]  kernel_misc_reclaimable:0
[  437.055315][    C1]  free:1350041 free_pcp:13127 free_cma:0
[  437.107324][    C1] Node 0 active_anon:102136kB inactive_anon:0kB active_file:56164kB inactive_file:14392kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106040kB dirty:1812kB writeback:0kB shmem:80808kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11780kB pagetables:5424kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  437.139366][    C1] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  437.169197][    C1] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  437.199302][    C1] lowmem_reserve[]: 0 2495 2496 2496 2496
[  437.205083][    C1] Node 0 DMA32 free:1487784kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:101892kB inactive_anon:0kB active_file:56148kB inactive_file:13572kB unevictable:1536kB writepending:1800kB zspages:0kB present:3129332kB managed:2555356kB mlocked:0kB bounce:0kB free_pcp:36496kB local_pcp:18544kB free_cma:0kB
[  437.238921][    C1] lowmem_reserve[]: 0 0 1 1 1
[  437.243668][    C1] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:244kB inactive_anon:0kB active_file:16kB inactive_file:820kB unevictable:0kB writepending:12kB zspages:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:40kB local_pcp:28kB free_cma:0kB
[  437.274191][    C1] lowmem_reserve[]: 0 0 0 0 0
[  437.278929][    C1] Node 1 Normal free:3897008kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15552kB local_pcp:4736kB free_cma:0kB
[  437.311516][    C1] lowmem_reserve[]: 0 0 0 0 0
[  437.316326][    C1] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  437.329018][    C1] Node 0 DMA32: 80*4kB (UE) 194*8kB (U) 21*16kB (UE) 236*32kB (UME) 185*64kB (UME) 46*128kB (UME) 18*256kB (UM) 15*512kB (UME) 12*1024kB (UM) 13*2048kB (UME) 344*4096kB (UM) = 1487712kB
[  437.347617][    C1] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  437.359998][    C1] Node 1 Normal: 222*4kB (UM) 73*8kB (UME) 35*16kB (UME) 156*32kB (UME) 55*64kB (UME) 9*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 947*4096kB (M) = 3897008kB
[  437.378226][    C1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  437.387830][    C1] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  437.397151][    C1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  437.406732][    C1] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  437.416045][    C1] 38255 total pagecache pages
[  437.420737][    C1] 0 pages in swap cache
[  437.424973][    C1] Free swap  = 124996kB
[  437.429226][    C1] Total swap = 124996kB
[  437.433411][    C1] 2097051 pages RAM
[  437.437348][    C1] 0 pages HighMem/MovableOnly
[  437.442053][    C1] 426314 pages reserved
[  437.446206][    C1] 0 pages cma reserved
[  437.479460][ T5860] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  437.595148][ T5860] zl10353_read_register: readreg error (reg=127, ret==0)
[  437.713474][ T5860] usb 3-1: USB disconnect, device number 107
[  437.716479][    T9] usb 4-1: USB disconnect, device number 94
[  437.938763][T12092] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2120'.
[  438.002503][   T43] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[  438.158795][   T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.169596][   T43] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  438.189100][   T43] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  438.198817][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.222233][   T43] usb 2-1: config 0 descriptor??
[  438.245058][   T43] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  438.421846][T12110] FAULT_INJECTION: forcing a failure.
[  438.421846][T12110] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  438.437714][T12110] CPU: 0 UID: 0 PID: 12110 Comm: syz.2.2125 Not tainted syzkaller #0 PREEMPT(full) 
[  438.437747][T12110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  438.437760][T12110] Call Trace:
[  438.437769][T12110]  <TASK>
[  438.437779][T12110]  dump_stack_lvl+0x189/0x250
[  438.437806][T12110]  ? __pfx____ratelimit+0x10/0x10
[  438.437836][T12110]  ? __pfx_dump_stack_lvl+0x10/0x10
[  438.437857][T12110]  ? __pfx__printk+0x10/0x10
[  438.437887][T12110]  ? __might_fault+0xb0/0x130
[  438.437922][T12110]  should_fail_ex+0x414/0x560
[  438.437964][T12110]  _copy_from_user+0x2d/0xb0
[  438.437986][T12110]  drm_ioctl+0x58a/0xb10
[  438.438020][T12110]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  438.438050][T12110]  ? __pfx_drm_ioctl+0x10/0x10
[  438.438092][T12110]  ? __fget_files+0x3a0/0x420
[  438.438118][T12110]  ? __fget_files+0x2a/0x420
[  438.438147][T12110]  ? bpf_lsm_file_ioctl+0x9/0x20
[  438.438177][T12110]  ? __pfx_drm_ioctl+0x10/0x10
[  438.438200][T12110]  __se_sys_ioctl+0xfc/0x170
[  438.438226][T12110]  do_syscall_64+0xfa/0xfa0
[  438.438256][T12110]  ? lockdep_hardirqs_on+0x9c/0x150
[  438.438284][T12110]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.438305][T12110]  ? clear_bhb_loop+0x60/0xb0
[  438.438331][T12110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.438351][T12110] RIP: 0033:0x7f77b498eba9
[  438.438372][T12110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  438.438390][T12110] RSP: 002b:00007f77b588f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  438.438415][T12110] RAX: ffffffffffffffda RBX: 00007f77b4bd5fa0 RCX: 00007f77b498eba9
[  438.438430][T12110] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000f
[  438.438444][T12110] RBP: 00007f77b588f090 R08: 0000000000000000 R09: 0000000000000000
[  438.438457][T12110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  438.438470][T12110] R13: 00007f77b4bd6038 R14: 00007f77b4bd5fa0 R15: 00007fff62b0ae78
[  438.438506][T12110]  </TASK>
[  438.782683][    T9] usb 4-1: new full-speed USB device number 95 using dummy_hcd
[  438.946276][    T9] usb 4-1: no configurations
[  438.951834][    T9] usb 4-1: can't read configurations, error -22
[  439.094191][    T9] usb 4-1: new full-speed USB device number 96 using dummy_hcd
[  439.263467][    T9] usb 4-1: no configurations
[  439.268418][    T9] usb 4-1: can't read configurations, error -22
[  439.280561][    T9] usb usb4-port1: attempt power cycle
[  439.622628][    T9] usb 4-1: new full-speed USB device number 97 using dummy_hcd
[  439.646102][    T9] usb 4-1: no configurations
[  439.651036][    T9] usb 4-1: can't read configurations, error -22
[  439.662589][ T1212] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[  439.782725][    T9] usb 4-1: new full-speed USB device number 98 using dummy_hcd
[  439.803806][    T9] usb 4-1: no configurations
[  439.808595][    T9] usb 4-1: can't read configurations, error -22
[  439.816751][    T9] usb usb4-port1: unable to enumerate USB device
[  439.824638][ T1212] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  439.835783][ T1212] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  439.845068][ T1212] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.856475][ T1212] usb 3-1: config 0 descriptor??
[  440.167649][T12142] FAULT_INJECTION: forcing a failure.
[  440.167649][T12142] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  440.183596][T12142] CPU: 1 UID: 0 PID: 12142 Comm: syz.0.2135 Not tainted syzkaller #0 PREEMPT(full) 
[  440.183627][T12142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  440.183640][T12142] Call Trace:
[  440.183649][T12142]  <TASK>
[  440.183658][T12142]  dump_stack_lvl+0x189/0x250
[  440.183684][T12142]  ? __pfx____ratelimit+0x10/0x10
[  440.183714][T12142]  ? __pfx_dump_stack_lvl+0x10/0x10
[  440.183734][T12142]  ? __pfx__printk+0x10/0x10
[  440.183764][T12142]  ? __might_fault+0xb0/0x130
[  440.183799][T12142]  should_fail_ex+0x414/0x560
[  440.183828][T12142]  _copy_from_user+0x2d/0xb0
[  440.183849][T12142]  ____sys_sendmsg+0x2fe/0x830
[  440.183878][T12142]  ? __pfx_____sys_sendmsg+0x10/0x10
[  440.183911][T12142]  ? import_iovec+0x74/0xa0
[  440.183936][T12142]  ___sys_sendmsg+0x21f/0x2a0
[  440.183960][T12142]  ? __pfx____sys_sendmsg+0x10/0x10
[  440.184022][T12142]  ? __fget_files+0x2a/0x420
[  440.184049][T12142]  ? __fget_files+0x3a0/0x420
[  440.184088][T12142]  __x64_sys_sendmsg+0x19b/0x260
[  440.184113][T12142]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  440.184155][T12142]  ? __pfx_ksys_write+0x10/0x10
[  440.184186][T12142]  ? do_syscall_64+0xbe/0xfa0
[  440.184220][T12142]  do_syscall_64+0xfa/0xfa0
[  440.184247][T12142]  ? lockdep_hardirqs_on+0x9c/0x150
[  440.184274][T12142]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.184295][T12142]  ? clear_bhb_loop+0x60/0xb0
[  440.184321][T12142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.184341][T12142] RIP: 0033:0x7f5bfb98eba9
[  440.184361][T12142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  440.184379][T12142] RSP: 002b:00007f5bfc72f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  440.184402][T12142] RAX: ffffffffffffffda RBX: 00007f5bfbbd5fa0 RCX: 00007f5bfb98eba9
[  440.184417][T12142] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  440.184430][T12142] RBP: 00007f5bfc72f090 R08: 0000000000000000 R09: 0000000000000000
[  440.184443][T12142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  440.184456][T12142] R13: 00007f5bfbbd6038 R14: 00007f5bfbbd5fa0 R15: 00007ffd23f314d8
[  440.184493][T12142]  </TASK>
[  440.408722][    C1] vkms_vblank_simulate: vblank timer overrun
[  440.426184][ T1212] keytouch 0003:0926:3333.0048: fixing up Keytouch IEC report descriptor
[  440.446464][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  440.472786][ T1212] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0048/input/input69
[  440.585502][ T1212] keytouch 0003:0926:3333.0048: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  440.742686][    T9] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  440.756567][    C0] Mem-Info:
[  440.759743][    C0] active_anon:22717 inactive_anon:0 isolated_anon:0
[  440.759743][    C0]  active_file:14041 inactive_file:3634 isolated_file:0
[  440.759743][    C0]  unevictable:768 dirty:257 writeback:0
[  440.759743][    C0]  slab_reclaimable:10942 slab_unreclaimable:91566
[  440.759743][    C0]  mapped:26511 shmem:17735 pagetables:1409
[  440.759743][    C0]  sec_pagetables:0 bounce:0
[  440.759743][    C0]  kernel_misc_reclaimable:0
[  440.759743][    C0]  free:1351623 free_pcp:14725 free_cma:0
[  440.807620][    C0] Node 0 active_anon:90868kB inactive_anon:0kB active_file:56164kB inactive_file:14400kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106044kB dirty:1024kB writeback:0kB shmem:69404kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11792kB pagetables:5484kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  440.839791][    C0] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  440.869872][    C0] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  440.899973][    C0] lowmem_reserve[]: 0 2495 2496 2496 2496
[  440.905829][    C0] Node 0 DMA32 free:1494112kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:90624kB inactive_anon:0kB active_file:56148kB inactive_file:13580kB unevictable:1536kB writepending:1024kB zspages:0kB present:3129332kB managed:2555356kB mlocked:0kB bounce:0kB free_pcp:43308kB local_pcp:22088kB free_cma:0kB
[  440.939383][    C0] lowmem_reserve[]: 0 0 1 1 1
[  440.944301][    C0] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:244kB inactive_anon:0kB active_file:16kB inactive_file:820kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:40kB local_pcp:12kB free_cma:0kB
[  440.975238][    C0] lowmem_reserve[]: 0 0 0 0 0
[  440.979955][    C0] Node 1 Normal free:3897008kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15552kB local_pcp:10816kB free_cma:0kB
[  441.012316][    C0] lowmem_reserve[]: 0 0 0 0 0
[  441.017090][    C0] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  441.029752][    C0] Node 0 DMA32: 406*4kB (UME) 301*8kB (UM) 60*16kB (ME) 298*32kB (UME) 192*64kB (UME) 50*128kB (UME) 21*256kB (UM) 15*512kB (UME) 12*1024kB (UM) 13*2048kB (UME) 344*4096kB (UM) = 1494208kB
[  441.048807][    C0] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  441.061093][    C0] Node 1 Normal: 222*4kB (UM) 73*8kB (UME) 35*16kB (UME) 156*32kB (UME) 55*64kB (UME) 9*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 947*4096kB (M) = 3897008kB
[  441.079539][    C0] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  441.089115][    C0] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  441.098512][    C0] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  441.108063][    C0] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  441.117352][    C0] 35406 total pagecache pages
[  441.122121][    C0] 0 pages in swap cache
[  441.126373][    C0] Free swap  = 124996kB
[  441.130612][    C0] Total swap = 124996kB
[  441.134765][    C0] 2097051 pages RAM
[  441.138841][    C0] 0 pages HighMem/MovableOnly
[  441.143606][    C0] 426314 pages reserved
[  441.147772][    C0] 0 pages cma reserved
[  441.190428][ T5860] usb 2-1: USB disconnect, device number 94
[  441.324546][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  441.338550][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  441.350049][    T9] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  441.359289][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.371662][    T9] usb 1-1: config 0 descriptor??
[  441.388759][ T5860] usb 3-1: USB disconnect, device number 108
[  441.799397][T12144] netlink: 'syz.0.2136': attribute type 1 has an invalid length.
[  441.799915][T12158] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  441.808244][T12144] netlink: 1 bytes leftover after parsing attributes in process `syz.0.2136'.
[  441.817960][T12158] gfs2: error -5 reading superblock
[  441.848898][    T9] hid-steam 0003:28DE:1142.0049: unknown main item tag 0x0
[  441.858289][    T9] hid-steam 0003:28DE:1142.0049: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  441.923945][    T9] hid-steam 0003:28DE:1142.0049: Steam wireless receiver connected
[  441.935438][    T9] hid-steam 0003:28DE:1142.0049: No HID_FEATURE_REPORT submitted -  nothing to read
[  441.982470][   T24] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  441.987224][    T9] hid-steam 0003:28DE:1142.004A: unknown main item tag 0x0
[  442.035789][    T9] hid-steam 0003:28DE:1142.004A: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  442.078152][    T9] usb 1-1: USB disconnect, device number 99
[  442.118423][    T9] hid-steam 0003:28DE:1142.0049: Steam wireless receiver disconnected
[  442.208651][   T24] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  442.236146][T12166] fido_id[12166]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  442.250854][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.250886][   T24] usb 4-1: Product: syz
[  442.250903][   T24] usb 4-1: Manufacturer: syz
[  442.250920][   T24] usb 4-1: SerialNumber: syz
[  442.276000][   T24] usb 4-1: config 0 descriptor??
[  442.287139][   T24] ch341 4-1:0.0: ch341-uart converter detected
[  442.515098][   T24] usb 4-1: failed to receive control message: -71
[  442.530877][   T24] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[  442.545222][   T24] usb 4-1: USB disconnect, device number 99
[  442.555207][   T24] ch341 4-1:0.0: device disconnected
[  442.922538][ T5860] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  442.992680][   T56] block nbd1: Possible stuck request ffff888025c00000: control (read@0,1024B). Runtime 150 seconds
[  443.050441][   T56] block nbd1: Possible stuck request ffff888025c001c0: control (read@1024,1024B). Runtime 150 seconds
[  443.082577][ T5860] usb 1-1: Using ep0 maxpacket: 8
[  443.093431][ T5860] usb 1-1: unable to get BOS descriptor or descriptor too short
[  443.102485][ T5902] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[  443.110860][ T5860] usb 1-1: config 4 interface 0 has no altsetting 0
[  443.138000][ T5860] usb 1-1: string descriptor 0 read error: -22
[  443.148468][ T5860] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  443.168268][ T5860] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.213921][ T5860] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  443.223037][   T56] block nbd1: Possible stuck request ffff888025c00380: control (read@2048,1024B). Runtime 150 seconds
[  443.238571][   T56] block nbd1: Possible stuck request ffff888025c00540: control (read@3072,1024B). Runtime 150 seconds
[  443.266311][ T5860] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  443.299987][ T5902] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  443.321853][ T5860] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  443.337647][ T5902] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  443.350660][ T5860] usb 1-1: media controller created
[  443.363612][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.396472][ T5902] usb 2-1: config 0 descriptor??
[  443.404209][T12175] FAULT_INJECTION: forcing a failure.
[  443.404209][T12175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  443.433353][T12175] CPU: 0 UID: 0 PID: 12175 Comm: syz.0.2145 Not tainted syzkaller #0 PREEMPT(full) 
[  443.433386][T12175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  443.433400][T12175] Call Trace:
[  443.433409][T12175]  <TASK>
[  443.433419][T12175]  dump_stack_lvl+0x189/0x250
[  443.433448][T12175]  ? __pfx____ratelimit+0x10/0x10
[  443.433480][T12175]  ? __pfx_dump_stack_lvl+0x10/0x10
[  443.433501][T12175]  ? __pfx__printk+0x10/0x10
[  443.433533][T12175]  ? __might_fault+0xb0/0x130
[  443.433569][T12175]  should_fail_ex+0x414/0x560
[  443.433599][T12175]  _copy_from_user+0x2d/0xb0
[  443.433622][T12175]  i2cdev_ioctl+0x2e7/0x7f0
[  443.433648][T12175]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  443.433676][T12175]  ? __fget_files+0x3a0/0x420
[  443.433700][T12175]  ? __fget_files+0x2a/0x420
[  443.433727][T12175]  ? bpf_lsm_file_ioctl+0x9/0x20
[  443.433756][T12175]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  443.433780][T12175]  __se_sys_ioctl+0xfc/0x170
[  443.433804][T12175]  do_syscall_64+0xfa/0xfa0
[  443.433831][T12175]  ? lockdep_hardirqs_on+0x9c/0x150
[  443.433859][T12175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.433880][T12175]  ? clear_bhb_loop+0x60/0xb0
[  443.433906][T12175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.433926][T12175] RIP: 0033:0x7f5bfb98eba9
[  443.433947][T12175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.433966][T12175] RSP: 002b:00007f5bfc72f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  443.433990][T12175] RAX: ffffffffffffffda RBX: 00007f5bfbbd5fa0 RCX: 00007f5bfb98eba9
[  443.434014][T12175] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
[  443.434127][T12175] RBP: 00007f5bfc72f090 R08: 0000000000000000 R09: 0000000000000000
[  443.434146][T12175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  443.434231][T12175] R13: 00007f5bfbbd6038 R14: 00007f5bfbbd5fa0 R15: 00007ffd23f314d8
[  443.434269][T12175]  </TASK>
[  443.437861][ T5902] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  443.646088][ T5860] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  443.671866][ T5860] zl10353_read_register: readreg error (reg=127, ret==0)
[  443.744647][ T5860] usb 1-1: USB disconnect, device number 100
[  443.833180][    T9] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[  443.996249][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  444.024411][    T9] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  444.042450][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.069995][    T9] usb 3-1: config 0 descriptor??
[  444.292560][ T5860] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[  444.452565][ T5860] usb 1-1: Using ep0 maxpacket: 8
[  444.459935][ T5860] usb 1-1: config index 0 descriptor too short (expected 6427, got 27)
[  444.468797][ T5860] usb 1-1: config 0 has an invalid interface number: 21 but max is 0
[  444.477449][ T5860] usb 1-1: config 0 has no interface number 0
[  444.483977][ T5860] usb 1-1: config 0 interface 21 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  444.498080][ T5860] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  444.499790][    T9] keytouch 0003:0926:3333.004B: fixing up Keytouch IEC report descriptor
[  444.511601][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  444.527292][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.004B/input/input70
[  444.528185][ T5860] usb 1-1: Product: syz
[  444.565978][ T5860] usb 1-1: config 0 descriptor??
[  444.630401][    T9] keytouch 0003:0926:3333.004B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  444.801836][ T5860] usb 1-1: USB disconnect, device number 101
[  444.827634][    C0] Mem-Info:
[  444.830826][    C0] active_anon:22700 inactive_anon:0 isolated_anon:0
[  444.830826][    C0]  active_file:14041 inactive_file:3634 isolated_file:0
[  444.830826][    C0]  unevictable:768 dirty:263 writeback:0
[  444.830826][    C0]  slab_reclaimable:10932 slab_unreclaimable:91576
[  444.830826][    C0]  mapped:26513 shmem:17735 pagetables:1362
[  444.830826][    C0]  sec_pagetables:0 bounce:0
[  444.830826][    C0]  kernel_misc_reclaimable:0
[  444.830826][    C0]  free:1353002 free_pcp:13359 free_cma:0
[  444.876305][    C0] Node 0 active_anon:90800kB inactive_anon:0kB active_file:56164kB inactive_file:14400kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106052kB dirty:1048kB writeback:0kB shmem:69404kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11764kB pagetables:5296kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  444.908817][    C0] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  444.938629][    C0] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  444.968472][    C0] lowmem_reserve[]: 0 2495 2496 2496 2496
[  444.974262][    C0] Node 0 DMA32 free:1499628kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:90556kB inactive_anon:0kB active_file:56148kB inactive_file:13580kB unevictable:1536kB writepending:1048kB zspages:0kB present:3129332kB managed:2555356kB mlocked:0kB bounce:0kB free_pcp:37356kB local_pcp:19996kB free_cma:0kB
[  445.007921][    C0] lowmem_reserve[]: 0 0 1 1 1
[  445.012657][    C0] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:244kB inactive_anon:0kB active_file:16kB inactive_file:820kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:40kB local_pcp:12kB free_cma:0kB
[  445.043087][    C0] lowmem_reserve[]: 0 0 0 0 0
[  445.047826][    C0] Node 1 Normal free:3897008kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15552kB local_pcp:10816kB free_cma:0kB
[  445.080441][    C0] lowmem_reserve[]: 0 0 0 0 0
[  445.085439][    C0] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  445.098079][    C0] Node 0 DMA32: 113*4kB (ME) 221*8kB (UM) 134*16kB (UME) 353*32kB (UME) 203*64kB (UME) 56*128kB (UME) 24*256kB (UM) 19*512kB (UME) 12*1024kB (UM) 13*2048kB (UME) 344*4096kB (UM) = 1499628kB
[  445.116850][    C0] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  445.129119][    C0] Node 1 Normal: 222*4kB (UM) 73*8kB (UME) 35*16kB (UME) 156*32kB (UME) 55*64kB (UME) 9*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 947*4096kB (M) = 3897008kB
[  445.147128][    C0] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  445.156776][    C0] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  445.166090][    C0] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  445.175689][    C0] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  445.185106][    C0] 35406 total pagecache pages
[  445.189896][    C0] 0 pages in swap cache
[  445.194120][    C0] Free swap  = 124996kB
[  445.198296][    C0] Total swap = 124996kB
[  445.202464][    C0] 2097051 pages RAM
[  445.206290][    C0] 0 pages HighMem/MovableOnly
[  445.211040][    C0] 426314 pages reserved
[  445.215225][    C0] 0 pages cma reserved
[  445.457493][    T9] usb 3-1: USB disconnect, device number 109
[  445.887518][ T5860] usb 2-1: USB disconnect, device number 95
[  446.139620][T12227] I/O error, dev loop0, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  446.164167][T12227] gfs2: error -5 reading superblock
[  446.436556][T12239] binder: 12238:12239 ioctl c0306201 200000000640 returned -22
[  446.457732][ T1212] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  446.641294][ T1212] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  446.672656][ T1212] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  446.706180][ T1212] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  446.724382][ T1212] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.735477][ T1212] usb 2-1: Product: syz
[  446.739697][ T1212] usb 2-1: Manufacturer: syz
[  446.755644][ T1212] usb 2-1: SerialNumber: syz
[  446.773060][ T1212] usb 2-1: config 0 descriptor??
[  446.779576][T12232] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  446.791187][T12232] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  447.015733][T12232] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  447.025981][T12232] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  447.115662][   T24] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[  447.282851][ T5860] usb 3-1: new high-speed USB device number 110 using dummy_hcd
[  447.329696][   T24] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  447.351191][   T24] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  447.363278][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.397083][   T24] usb 1-1: config 0 descriptor??
[  447.428712][   T24] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  447.450579][ T1212] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  447.468679][ T5860] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  447.492390][ T5860] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  447.504915][ T5860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.533344][ T5860] usb 3-1: config 0 descriptor??
[  447.559842][T12237] syz.3.2165 (12237): drop_caches: 2
[  447.770401][T12251] FAULT_INJECTION: forcing a failure.
[  447.770401][T12251] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  447.785016][T12251] CPU: 1 UID: 0 PID: 12251 Comm: syz.3.2172 Not tainted syzkaller #0 PREEMPT(full) 
[  447.785049][T12251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  447.785062][T12251] Call Trace:
[  447.785073][T12251]  <TASK>
[  447.785082][T12251]  dump_stack_lvl+0x189/0x250
[  447.785109][T12251]  ? __pfx____ratelimit+0x10/0x10
[  447.785146][T12251]  ? __pfx_dump_stack_lvl+0x10/0x10
[  447.785190][T12251]  ? __pfx__printk+0x10/0x10
[  447.785221][T12251]  ? __might_fault+0xb0/0x130
[  447.785256][T12251]  should_fail_ex+0x414/0x560
[  447.785286][T12251]  _copy_from_user+0x2d/0xb0
[  447.785307][T12251]  ____sys_sendmsg+0x2fe/0x830
[  447.785337][T12251]  ? __pfx_____sys_sendmsg+0x10/0x10
[  447.785367][T12251]  ? import_iovec+0x74/0xa0
[  447.785389][T12251]  ___sys_sendmsg+0x21f/0x2a0
[  447.785406][T12251]  ? __pfx____sys_sendmsg+0x10/0x10
[  447.785446][T12251]  ? __fget_files+0x2a/0x420
[  447.785470][T12251]  ? __fget_files+0x3a0/0x420
[  447.785507][T12251]  __x64_sys_sendmsg+0x19b/0x260
[  447.785531][T12251]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  447.785557][T12251]  ? __pfx_ksys_write+0x10/0x10
[  447.785575][T12251]  ? do_syscall_64+0xbe/0xfa0
[  447.785596][T12251]  do_syscall_64+0xfa/0xfa0
[  447.785619][T12251]  ? lockdep_hardirqs_on+0x9c/0x150
[  447.785648][T12251]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.785667][T12251]  ? clear_bhb_loop+0x60/0xb0
[  447.785691][T12251]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.785709][T12251] RIP: 0033:0x7f14f8f8eba9
[  447.785724][T12251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  447.785735][T12251] RSP: 002b:00007f14f9e45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  447.785750][T12251] RAX: ffffffffffffffda RBX: 00007f14f91d5fa0 RCX: 00007f14f8f8eba9
[  447.785760][T12251] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000004
[  447.785773][T12251] RBP: 00007f14f9e45090 R08: 0000000000000000 R09: 0000000000000000
[  447.785784][T12251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  447.785797][T12251] R13: 00007f14f91d6038 R14: 00007f14f91d5fa0 R15: 00007ffcbc3ab448
[  447.785831][T12251]  </TASK>
[  448.020118][ T5860] keytouch 0003:0926:3333.004C: fixing up Keytouch IEC report descriptor
[  448.035175][ T5860] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.004C/input/input71
[  448.131944][ T5860] keytouch 0003:0926:3333.004C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  448.221622][ T1212] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading MODE_CTRL
[  448.252165][ T1212] usb 2-1: USB disconnect, device number 96
[  448.423068][    T9] usb 3-1: USB disconnect, device number 110
[  448.481001][T12256] fido_id[12256]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  448.807465][T12260] I/O error, dev loop1, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  448.817434][T12260] gfs2: error -5 reading superblock
[  449.233015][ T5860] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[  449.336106][T12275] FAULT_INJECTION: forcing a failure.
[  449.336106][T12275] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  449.350811][T12275] CPU: 1 UID: 0 PID: 12275 Comm: syz.1.2179 Not tainted syzkaller #0 PREEMPT(full) 
[  449.350843][T12275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  449.350857][T12275] Call Trace:
[  449.350866][T12275]  <TASK>
[  449.350876][T12275]  dump_stack_lvl+0x189/0x250
[  449.350903][T12275]  ? __pfx____ratelimit+0x10/0x10
[  449.350934][T12275]  ? __pfx_dump_stack_lvl+0x10/0x10
[  449.350954][T12275]  ? __pfx__printk+0x10/0x10
[  449.350985][T12275]  ? __might_fault+0xb0/0x130
[  449.351026][T12275]  should_fail_ex+0x414/0x560
[  449.351063][T12275]  _copy_from_user+0x2d/0xb0
[  449.351085][T12275]  binder_ioctl_write_read+0x124/0xa040
[  449.351128][T12275]  ? is_bpf_text_address+0x26/0x2b0
[  449.351257][T12275]  ? is_bpf_text_address+0x292/0x2b0
[  449.351277][T12275]  ? is_bpf_text_address+0x26/0x2b0
[  449.351302][T12275]  ? kernel_text_address+0xa5/0xe0
[  449.351324][T12275]  ? __kernel_text_address+0xd/0x40
[  449.351343][T12275]  ? unwind_get_return_address+0x4d/0x90
[  449.351370][T12275]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  449.351400][T12275]  ? arch_stack_walk+0xfc/0x150
[  449.351439][T12275]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  449.351474][T12275]  ? stack_trace_save+0x9c/0xe0
[  449.351505][T12275]  ? stack_depot_save_flags+0x40/0x860
[  449.351539][T12275]  ? kasan_save_track+0x4f/0x80
[  449.351559][T12275]  ? kasan_save_track+0x3e/0x80
[  449.351577][T12275]  ? __kasan_save_free_info+0x46/0x50
[  449.351602][T12275]  ? __kasan_slab_free+0x5b/0x80
[  449.351622][T12275]  ? kfree+0x199/0x6d0
[  449.351639][T12275]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  449.351664][T12275]  ? security_file_ioctl+0xcb/0x2d0
[  449.351685][T12275]  ? __se_sys_ioctl+0x47/0x170
[  449.351701][T12275]  ? do_syscall_64+0xfa/0xfa0
[  449.351730][T12275]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.351761][T12275]  ? __lock_acquire+0xab9/0xd20
[  449.351781][T12275]  ? binder_debug+0x13f/0x1b0
[  449.351815][T12275]  ? __pfx_binder_debug+0x10/0x10
[  449.351842][T12275]  ? do_raw_spin_lock+0x121/0x290
[  449.351889][T12275]  ? _raw_spin_unlock+0x28/0x50
[  449.351915][T12275]  ? binder_get_thread+0x178/0x6d0
[  449.351949][T12275]  binder_ioctl+0x3e0/0x19c0
[  449.352078][T12275]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  449.352113][T12275]  ? do_vfs_ioctl+0xbe8/0x1430
[  449.352133][T12275]  ? __pfx_binder_ioctl+0x10/0x10
[  449.352235][T12275]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  449.352300][T12275]  ? __fget_files+0x2a/0x420
[  449.352332][T12275]  ? __fget_files+0x3a0/0x420
[  449.352354][T12275]  ? __fget_files+0x2a/0x420
[  449.352383][T12275]  ? bpf_lsm_file_ioctl+0x9/0x20
[  449.352413][T12275]  ? __pfx_binder_ioctl+0x10/0x10
[  449.352443][T12275]  __se_sys_ioctl+0xfc/0x170
[  449.352469][T12275]  do_syscall_64+0xfa/0xfa0
[  449.352498][T12275]  ? lockdep_hardirqs_on+0x9c/0x150
[  449.352525][T12275]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.352545][T12275]  ? clear_bhb_loop+0x60/0xb0
[  449.352571][T12275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.352592][T12275] RIP: 0033:0x7f081758eba9
[  449.352614][T12275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.352633][T12275] RSP: 002b:00007f08183ab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  449.352656][T12275] RAX: ffffffffffffffda RBX: 00007f08177d5fa0 RCX: 00007f081758eba9
[  449.352672][T12275] RDX: 0000200000000640 RSI: 00000000c0306201 RDI: 0000000000000004
[  449.352687][T12275] RBP: 00007f08183ab090 R08: 0000000000000000 R09: 0000000000000000
[  449.352700][T12275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  449.352713][T12275] R13: 00007f08177d6038 R14: 00007f08177d5fa0 R15: 00007ffe744dbc58
[  449.352750][T12275]  </TASK>
[  449.715597][T12275] binder: 12274:12275 ioctl c0306201 200000000640 returned -14
[  449.742576][ T5860] usb 3-1: Using ep0 maxpacket: 32
[  449.748653][ T5860] usb 3-1: too many configurations: 17, using maximum allowed: 8
[  449.758309][ T5860] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  449.766692][ T5860] usb 3-1: config 0 has no interface number 0
[  449.793472][ T5860] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  449.801556][ T5860] usb 3-1: config 0 has no interface number 0
[  449.815496][ T5860] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  449.823856][ T5860] usb 3-1: config 0 has no interface number 0
[  449.842890][ T5860] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  449.851267][ T5860] usb 3-1: config 0 has no interface number 0
[  449.867062][ T5860] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  449.876510][ T5860] usb 3-1: config 0 has no interface number 0
[  449.886934][ T5860] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  449.895382][ T5860] usb 3-1: config 0 has no interface number 0
[  449.913604][ T5860] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  449.921665][ T5860] usb 3-1: config 0 has no interface number 0
[  449.929267][ T5860] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  449.937605][ T5860] usb 3-1: config 0 has no interface number 0
[  449.951784][ T5860] usb 3-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  449.961305][ T5860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.969789][ T5860] usb 3-1: Product: syz
[  449.974503][ T5860] usb 3-1: Manufacturer: syz
[  449.979147][ T5860] usb 3-1: SerialNumber: syz
[  449.988734][ T5860] usb 3-1: config 0 descriptor??
[  449.995169][ T1212] usb 1-1: USB disconnect, device number 102
[  449.996447][ T5860] etas_es58x 3-1:0.2: Starting syz syz (Serial Number syz)
[  450.076058][   T30] audit: type=1400 audit(1757638553.935:42): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=12278 comm="syz.1.2181"
[  450.126743][T12283] I/O error, dev loop0, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  450.136780][T12283] gfs2: error -5 reading superblock
[  450.215798][ T5860] etas_es58x 3-1:0.2: could not parse product info: '424242424242'
[  450.642538][ T5860] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  450.814878][ T5860] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  450.844383][ T5860] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  450.869417][ T5860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.906255][ T5860] usb 4-1: config 0 descriptor??
[  451.365447][ T5860] keytouch 0003:0926:3333.004D: fixing up Keytouch IEC report descriptor
[  451.399237][ T5860] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.004D/input/input72
[  451.535794][ T5860] keytouch 0003:0926:3333.004D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  451.742376][    C0] etas_es58x 3-1:0.2: es58x_check_rx_urb: Expected sequence 0xFECA for start of frame but got 0xFF03.
[  451.753705][    C0] etas_es58x 3-1:0.2: es58x_split_urb_try_recovery: Recovery failed
[  451.761753][    C0] etas_es58x 3-1:0.2: es58x_split_urb() returned error -EBADMSG
[  451.770359][    C0] etas_es58x 3-1:0.2: es58x_check_rx_urb: Expected sequence 0xFECA for start of frame but got 0x0000.
[  451.781371][    C0] etas_es58x 3-1:0.2: es58x_split_urb_try_recovery: Recovery failed
[  451.789394][    C0] etas_es58x 3-1:0.2: es58x_split_urb() returned error -EBADMSG
[  451.793171][ T5860] usb 4-1: USB disconnect, device number 100
[  451.797465][    C0] vkms_vblank_simulate: vblank timer overrun
[  451.818608][T12315] fido_id[12315]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  451.856102][ T5526] etas_es58x 3-1:0.2 can0: bit-timing not yet defined
[  452.582613][ T5902] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  452.749249][ T5902] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  452.760742][ T5902] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  452.774772][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.793056][ T5902] usb 4-1: config 0 descriptor??
[  452.832657][ T5902] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  452.913194][ T5526] etas_es58x 3-1:0.2: es58x_free_urbs: Timeout, some TX urbs still remain
[  452.922605][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -ENOENT
[  452.931656][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -ENOENT
[  452.939891][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -ENOENT
[  452.949161][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -ENOENT
[  452.957252][ T5526] etas_es58x 3-1:0.2 can0: es58x_open: Could not open the network device: -EINVAL
[  452.970267][    C0] etas_es58x 3-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  452.988204][ T1212] usb 3-1: USB disconnect, device number 111
[  452.998607][ T1212] etas_es58x 3-1:0.2: Disconnecting syz syz
[  453.211512][T12344] I/O error, dev loop0, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  453.223602][T12344] gfs2: error -5 reading superblock
[  453.482455][ T1212] usb 3-1: new low-speed USB device number 112 using dummy_hcd
[  453.557001][T12359] FAULT_INJECTION: forcing a failure.
[  453.557001][T12359] name failslab, interval 1, probability 0, space 0, times 0
[  453.579118][T12359] CPU: 1 UID: 0 PID: 12359 Comm: syz.0.2196 Not tainted syzkaller #0 PREEMPT(full) 
[  453.579150][T12359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  453.579163][T12359] Call Trace:
[  453.579172][T12359]  <TASK>
[  453.579182][T12359]  dump_stack_lvl+0x189/0x250
[  453.579209][T12359]  ? __pfx____ratelimit+0x10/0x10
[  453.579240][T12359]  ? __pfx_dump_stack_lvl+0x10/0x10
[  453.579260][T12359]  ? __pfx__printk+0x10/0x10
[  453.579298][T12359]  ? __pfx___might_resched+0x10/0x10
[  453.579320][T12359]  ? fs_reclaim_acquire+0x7d/0x100
[  453.579351][T12359]  should_fail_ex+0x414/0x560
[  453.579383][T12359]  should_failslab+0xa8/0x100
[  453.579411][T12359]  __kmalloc_noprof+0xcb/0x7f0
[  453.579432][T12359]  ? tomoyo_encode+0x28b/0x550
[  453.579470][T12359]  tomoyo_encode+0x28b/0x550
[  453.579503][T12359]  tomoyo_realpath_from_path+0x58d/0x5d0
[  453.579533][T12359]  ? tomoyo_domain+0xd9/0x130
[  453.579556][T12359]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  453.579580][T12359]  tomoyo_path_number_perm+0x1e8/0x5a0
[  453.579610][T12359]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  453.579681][T12359]  ? __fget_files+0x2a/0x420
[  453.579714][T12359]  ? __fget_files+0x3a0/0x420
[  453.579738][T12359]  ? __fget_files+0x2a/0x420
[  453.579767][T12359]  security_file_ioctl+0xcb/0x2d0
[  453.579796][T12359]  __se_sys_ioctl+0x47/0x170
[  453.579821][T12359]  do_syscall_64+0xfa/0xfa0
[  453.579849][T12359]  ? lockdep_hardirqs_on+0x9c/0x150
[  453.579878][T12359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.579897][T12359]  ? clear_bhb_loop+0x60/0xb0
[  453.579923][T12359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.579942][T12359] RIP: 0033:0x7f5bfb98eba9
[  453.579962][T12359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  453.579980][T12359] RSP: 002b:00007f5bf9bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  453.580014][T12359] RAX: ffffffffffffffda RBX: 00007f5bfbbd6090 RCX: 00007f5bfb98eba9
[  453.580029][T12359] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  453.580042][T12359] RBP: 00007f5bf9bf6090 R08: 0000000000000000 R09: 0000000000000000
[  453.580055][T12359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  453.580066][T12359] R13: 00007f5bfbbd6128 R14: 00007f5bfbbd6090 R15: 00007ffd23f314d8
[  453.580100][T12359]  </TASK>
[  453.580124][T12359] ERROR: Out of memory at tomoyo_realpath_from_path.
[  453.622511][ T1212] usb 3-1: device descriptor read/64, error -71
[  454.085440][ T1212] usb 3-1: new low-speed USB device number 113 using dummy_hcd
[  454.223105][ T1212] usb 3-1: device descriptor read/64, error -71
[  454.343008][ T1212] usb usb3-port1: attempt power cycle
[  454.689699][ T1212] usb 3-1: new low-speed USB device number 114 using dummy_hcd
[  454.724990][ T1212] usb 3-1: device descriptor read/8, error -71
[  454.972721][ T1212] usb 3-1: new low-speed USB device number 115 using dummy_hcd
[  454.995983][ T1212] usb 3-1: device descriptor read/8, error -71
[  455.114135][ T1212] usb usb3-port1: unable to enumerate USB device
[  455.380742][    T9] usb 4-1: USB disconnect, device number 101
[  455.842663][ T1212] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  456.008335][ T1212] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.024648][ T1212] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  456.034801][ T1212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.047383][ T1212] usb 4-1: config 0 descriptor??
[  456.197996][T12411] I/O error, dev loop0, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  456.208307][T12411] gfs2: error -5 reading superblock
[  456.468895][ T1212] keytouch 0003:0926:3333.004E: fixing up Keytouch IEC report descriptor
[  456.500432][ T1212] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.004E/input/input73
[  456.512877][    T9] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[  456.624831][ T1212] keytouch 0003:0926:3333.004E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  456.689938][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  456.712534][    T9] usb 3-1: config 0 has no interface number 0
[  456.719048][    T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.754567][    T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  456.784071][    T9] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  456.794642][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.814189][    T9] usb 3-1: config 0 descriptor??
[  456.890108][ T5860] usb 4-1: USB disconnect, device number 102
[  457.025921][T12409] netlink: 'syz.2.2203': attribute type 83 has an invalid length.
[  457.245352][    T9] prodikeys 0003:041E:2801.004F: unknown main item tag 0x0
[  457.258154][    T9] prodikeys 0003:041E:2801.004F: unknown main item tag 0x0
[  457.267257][    T9] prodikeys 0003:041E:2801.004F: unknown main item tag 0x0
[  457.275288][    T9] prodikeys 0003:041E:2801.004F: unknown main item tag 0x0
[  457.284585][    T9] prodikeys 0003:041E:2801.004F: unknown main item tag 0x0
[  457.292248][    T9] prodikeys 0003:041E:2801.004F: unknown main item tag 0x0
[  457.300221][    T9] prodikeys 0003:041E:2801.004F: unknown main item tag 0x0
[  457.322916][    T9] prodikeys 0003:041E:2801.004F: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input1
[  457.338235][    T9] hid_prodikeys: hid-prodikeys: failed to find output report
[  457.338235][    T9] 
[  457.445467][    T9] usb 3-1: USB disconnect, device number 116
[  457.712968][ T5902] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  457.874576][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  457.885563][ T5902] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  457.895975][ T5902] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  457.922564][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.937573][ T5902] usb 4-1: config 0 descriptor??
[  458.273480][T12440] I/O error, dev loop0, sector 128 op 0x0:(READ) flags 0x1800 phys_seg 1 prio class 2
[  458.286517][T12440] gfs2: error -5 reading superblock
[  458.380339][ T5902] keytouch 0003:0926:3333.0050: fixing up Keytouch IEC report descriptor
[  458.397128][ T5902] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0050/input/input74
[  458.526800][ T5902] keytouch 0003:0926:3333.0050: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  458.589973][ T5902] usb 4-1: USB disconnect, device number 103
[  458.677571][T12448] fido_id[12448]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  459.052675][ T5860] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[  459.178110][T12460] FAULT_INJECTION: forcing a failure.
[  459.178110][T12460] name failslab, interval 1, probability 0, space 0, times 0
[  459.191340][T12460] CPU: 0 UID: 0 PID: 12460 Comm: syz.3.2220 Not tainted syzkaller #0 PREEMPT(full) 
[  459.191372][T12460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  459.191386][T12460] Call Trace:
[  459.191395][T12460]  <TASK>
[  459.191405][T12460]  dump_stack_lvl+0x189/0x250
[  459.191432][T12460]  ? __pfx____ratelimit+0x10/0x10
[  459.191463][T12460]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.191484][T12460]  ? __pfx__printk+0x10/0x10
[  459.191521][T12460]  ? __pfx___might_resched+0x10/0x10
[  459.191552][T12460]  should_fail_ex+0x414/0x560
[  459.191583][T12460]  should_failslab+0xa8/0x100
[  459.191611][T12460]  __kmalloc_noprof+0xcb/0x7f0
[  459.191632][T12460]  ? kfree+0x4d/0x6d0
[  459.191648][T12460]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  459.191688][T12460]  tomoyo_realpath_from_path+0xe3/0x5d0
[  459.191720][T12460]  ? tomoyo_domain+0xd9/0x130
[  459.191745][T12460]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  459.191772][T12460]  tomoyo_path_number_perm+0x1e8/0x5a0
[  459.191803][T12460]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  459.191877][T12460]  ? __fget_files+0x2a/0x420
[  459.191910][T12460]  ? __fget_files+0x3a0/0x420
[  459.191937][T12460]  ? __fget_files+0x2a/0x420
[  459.191968][T12460]  security_file_ioctl+0xcb/0x2d0
[  459.192009][T12460]  __se_sys_ioctl+0x47/0x170
[  459.192035][T12460]  do_syscall_64+0xfa/0xfa0
[  459.192065][T12460]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.192095][T12460]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.192116][T12460]  ? clear_bhb_loop+0x60/0xb0
[  459.192143][T12460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.192163][T12460] RIP: 0033:0x7f14f8f8eba9
[  459.192184][T12460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.192202][T12460] RSP: 002b:00007f14f9e45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  459.192226][T12460] RAX: ffffffffffffffda RBX: 00007f14f91d5fa0 RCX: 00007f14f8f8eba9
[  459.192242][T12460] RDX: 00002000000001c0 RSI: 0000000000005609 RDI: 0000000000000003
[  459.192256][T12460] RBP: 00007f14f9e45090 R08: 0000000000000000 R09: 0000000000000000
[  459.192270][T12460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.192283][T12460] R13: 00007f14f91d6038 R14: 00007f14f91d5fa0 R15: 00007ffcbc3ab448
[  459.192326][T12460]  </TASK>
[  459.421575][    C0] vkms_vblank_simulate: vblank timer overrun
[  459.433168][ T5860] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.444962][T12460] ERROR: Out of memory at tomoyo_realpath_from_path.
[  459.445462][ T5860] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  459.464790][ T5860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.467154][ T5860] usb 3-1: config 0 descriptor??
[  459.885840][ T5860] keytouch 0003:0926:3333.0051: fixing up Keytouch IEC report descriptor
[  459.908727][ T5860] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0051/input/input75
[  460.051068][ T5860] keytouch 0003:0926:3333.0051: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  460.292522][ T5860] usb 3-1: USB disconnect, device number 117
[  460.368547][T12477] Malformed UNC in devname
[  460.368547][T12477] 
[  460.386215][T12477] CIFS: VFS: Malformed UNC in devname
[  460.632577][ T1212] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[  460.742529][ T5953] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  460.784572][ T1212] usb 1-1: config 7 has an invalid interface number: 4 but max is 0
[  460.792946][ T1212] usb 1-1: config 7 has no interface number 0
[  460.799207][ T1212] usb 1-1: config 7 interface 4 has no altsetting 0
[  460.810104][ T1212] usb 1-1: New USB device found, idVendor=05c6, idProduct=9000, bcdDevice=bb.9d
[  460.819662][ T1212] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.828711][ T1212] usb 1-1: Product: syz
[  460.834474][ T1212] usb 1-1: Manufacturer: syz
[  460.839694][ T1212] usb 1-1: SerialNumber: syz
[  460.905258][ T5953] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  460.917545][ T5953] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  460.930402][ T5953] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  460.941655][ T5953] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  460.954610][ T5953] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  460.963761][ T5953] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.975268][ T5953] usb 4-1: config 0 descriptor??
[  460.981337][T12479] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  461.060025][T12477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.069139][T12477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.134737][ T1212] usb 1-1: USB disconnect, device number 103
[  461.410627][ T5953] plantronics 0003:047F:FFFF.0052: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  461.952604][ T5860] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[  462.115128][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  462.126352][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  462.136664][ T5860] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  462.146424][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.182546][ T5860] usb 1-1: config 0 descriptor??
[  462.599683][ T5860] keytouch 0003:0926:3333.0053: fixing up Keytouch IEC report descriptor
[  462.633064][ T5860] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0053/input/input77
[  462.761239][ T5860] keytouch 0003:0926:3333.0053: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  462.827721][ T5860] usb 1-1: USB disconnect, device number 104
[  462.998991][T12513] fido_id[12513]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  463.251326][T12516] FAULT_INJECTION: forcing a failure.
[  463.251326][T12516] name failslab, interval 1, probability 0, space 0, times 0
[  463.267922][T12516] CPU: 1 UID: 0 PID: 12516 Comm: syz.3.2235 Not tainted syzkaller #0 PREEMPT(full) 
[  463.267952][T12516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  463.267965][T12516] Call Trace:
[  463.267974][T12516]  <TASK>
[  463.267985][T12516]  dump_stack_lvl+0x189/0x250
[  463.268012][T12516]  ? __pfx____ratelimit+0x10/0x10
[  463.268041][T12516]  ? __pfx_dump_stack_lvl+0x10/0x10
[  463.268062][T12516]  ? __pfx__printk+0x10/0x10
[  463.268099][T12516]  ? __pfx___might_resched+0x10/0x10
[  463.268130][T12516]  should_fail_ex+0x414/0x560
[  463.268162][T12516]  should_failslab+0xa8/0x100
[  463.268190][T12516]  __kmalloc_noprof+0xcb/0x7f0
[  463.268210][T12516]  ? kfree+0x4d/0x6d0
[  463.268226][T12516]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  463.268265][T12516]  tomoyo_realpath_from_path+0xe3/0x5d0
[  463.268300][T12516]  ? tomoyo_domain+0xd9/0x130
[  463.268327][T12516]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  463.268354][T12516]  tomoyo_path_number_perm+0x1e8/0x5a0
[  463.268384][T12516]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  463.268457][T12516]  ? __fget_files+0x2a/0x420
[  463.268492][T12516]  ? __fget_files+0x3a0/0x420
[  463.268518][T12516]  ? __fget_files+0x2a/0x420
[  463.268550][T12516]  security_file_ioctl+0xcb/0x2d0
[  463.268578][T12516]  __se_sys_ioctl+0x47/0x170
[  463.268604][T12516]  do_syscall_64+0xfa/0xfa0
[  463.268633][T12516]  ? lockdep_hardirqs_on+0x9c/0x150
[  463.268663][T12516]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.268684][T12516]  ? clear_bhb_loop+0x60/0xb0
[  463.268710][T12516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.268730][T12516] RIP: 0033:0x7f14f8f8eba9
[  463.268750][T12516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.268778][T12516] RSP: 002b:00007f14f9e24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  463.268803][T12516] RAX: ffffffffffffffda RBX: 00007f14f91d6090 RCX: 00007f14f8f8eba9
[  463.268818][T12516] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  463.268831][T12516] RBP: 00007f14f9e24090 R08: 0000000000000000 R09: 0000000000000000
[  463.268845][T12516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  463.268859][T12516] R13: 00007f14f91d6128 R14: 00007f14f91d6090 R15: 00007ffcbc3ab448
[  463.268896][T12516]  </TASK>
[  463.268906][T12516] ERROR: Out of memory at tomoyo_realpath_from_path.
[  463.762520][   T43] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[  463.924762][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  463.972660][   T43] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  463.981797][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.003600][   T43] usb 1-1: config 0 descriptor??
[  464.042118][ T5902] usb 4-1: USB disconnect, device number 104
[  464.425978][   T43] keytouch 0003:0926:3333.0054: fixing up Keytouch IEC report descriptor
[  464.474992][   T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0054/input/input78
[  464.620232][   T43] keytouch 0003:0926:3333.0054: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  464.851734][   T43] usb 1-1: USB disconnect, device number 105
[  464.979512][T12543] FAULT_INJECTION: forcing a failure.
[  464.979512][T12543] name failslab, interval 1, probability 0, space 0, times 0
[  465.009837][T12543] CPU: 0 UID: 0 PID: 12543 Comm: syz.3.2243 Not tainted syzkaller #0 PREEMPT(full) 
[  465.009872][T12543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  465.009886][T12543] Call Trace:
[  465.009896][T12543]  <TASK>
[  465.009906][T12543]  dump_stack_lvl+0x189/0x250
[  465.009935][T12543]  ? __pfx____ratelimit+0x10/0x10
[  465.009965][T12543]  ? __pfx_dump_stack_lvl+0x10/0x10
[  465.009985][T12543]  ? __pfx__printk+0x10/0x10
[  465.010020][T12543]  ? __pfx___might_resched+0x10/0x10
[  465.010046][T12543]  ? fs_reclaim_acquire+0x7d/0x100
[  465.010077][T12543]  should_fail_ex+0x414/0x560
[  465.010110][T12543]  should_failslab+0xa8/0x100
[  465.010138][T12543]  __kmalloc_cache_noprof+0x6f/0x6f0
[  465.010162][T12543]  ? trace_contention_end+0x39/0x120
[  465.010189][T12543]  ? vhost_task_create+0xf6/0x290
[  465.010224][T12543]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  465.010257][T12543]  vhost_task_create+0xf6/0x290
[  465.010285][T12543]  ? arch_stack_walk+0xfc/0x150
[  465.010314][T12543]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  465.010347][T12543]  ? __pfx_vhost_task_create+0x10/0x10
[  465.010386][T12543]  ? __pfx_vhost_task_fn+0x10/0x10
[  465.010440][T12543]  kvm_mmu_post_init_vm+0x14c/0x300
[  465.010467][T12543]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  465.010497][T12543]  ? __mutex_trylock_common+0x153/0x260
[  465.010529][T12543]  ? __pfx___mutex_trylock_common+0x10/0x10
[  465.010559][T12543]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  465.010585][T12543]  ? rcu_is_watching+0x15/0xb0
[  465.010612][T12543]  ? trace_contention_end+0x39/0x120
[  465.010640][T12543]  ? look_up_lock_class+0x74/0x170
[  465.010673][T12543]  ? register_lock_class+0x51/0x320
[  465.010718][T12543]  ? __lock_acquire+0xab9/0xd20
[  465.010777][T12543]  kvm_vcpu_ioctl+0x95c/0xe90
[  465.010808][T12543]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  465.010856][T12543]  ? __fget_files+0x2a/0x420
[  465.010890][T12543]  ? __fget_files+0x3a0/0x420
[  465.010916][T12543]  ? __fget_files+0x2a/0x420
[  465.010948][T12543]  ? bpf_lsm_file_ioctl+0x9/0x20
[  465.010978][T12543]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  465.011000][T12543]  __se_sys_ioctl+0xfc/0x170
[  465.011026][T12543]  do_syscall_64+0xfa/0xfa0
[  465.011056][T12543]  ? lockdep_hardirqs_on+0x9c/0x150
[  465.011086][T12543]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.011107][T12543]  ? clear_bhb_loop+0x60/0xb0
[  465.011134][T12543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  465.011155][T12543] RIP: 0033:0x7f14f8f8eba9
[  465.011176][T12543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  465.011195][T12543] RSP: 002b:00007f14f9e45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  465.011219][T12543] RAX: ffffffffffffffda RBX: 00007f14f91d5fa0 RCX: 00007f14f8f8eba9
[  465.011234][T12543] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  465.011248][T12543] RBP: 00007f14f9e45090 R08: 0000000000000000 R09: 0000000000000000
[  465.011262][T12543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  465.011275][T12543] R13: 00007f14f91d6038 R14: 00007f14f91d5fa0 R15: 00007ffcbc3ab448
[  465.011314][T12543]  </TASK>
[  465.322834][    C0] vkms_vblank_simulate: vblank timer overrun
[  465.742569][ T5860] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[  465.882704][   T43] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  465.908161][ T5860] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  465.917435][ T5860] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.926002][ T5860] usb 1-1: Product: syz
[  465.930280][ T5860] usb 1-1: Manufacturer: syz
[  465.936514][ T5860] usb 1-1: SerialNumber: syz
[  465.943846][ T5860] usb 1-1: config 0 descriptor??
[  465.951932][ T5860] gspca_main: sunplus-2.14.0 probing 055f:c230
[  466.035448][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  466.046679][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  466.056790][   T43] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  466.066435][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.083907][   T43] usb 4-1: config 0 descriptor??
[  466.201555][    T9] usb 1-1: USB disconnect, device number 106
[  466.517707][   T43] keytouch 0003:0926:3333.0055: fixing up Keytouch IEC report descriptor
[  466.540432][   T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0055/input/input79
[  466.660164][   T43] keytouch 0003:0926:3333.0055: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  466.722081][   T43] usb 4-1: USB disconnect, device number 105
[  466.818862][T12565] fido_id[12565]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  467.252504][    T9] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[  467.317317][ T5861] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  467.328616][ T5861] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  467.332544][   T43] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[  467.338944][ T5861] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  467.354401][ T5861] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  467.362487][ T5861] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  467.425491][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  467.440997][    T9] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  467.458094][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.470032][    T9] usb 1-1: config 0 descriptor??
[  467.562242][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  467.582867][   T43] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  467.602518][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.633930][   T43] usb 3-1: config 0 descriptor??
[  467.772647][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  467.796241][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  467.827495][    T9] usb 1-1: USB disconnect, device number 107
[  467.997988][T12575] chnl_net:caif_netlink_parms(): no params data found
[  468.077150][   T43] keytouch 0003:0926:3333.0056: fixing up Keytouch IEC report descriptor
[  468.113074][   T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0056/input/input80
[  468.246983][T12575] bridge0: port 1(bridge_slave_0) entered blocking state
[  468.254597][T12575] bridge0: port 1(bridge_slave_0) entered disabled state
[  468.267097][T12575] bridge_slave_0: entered allmulticast mode
[  468.276120][T12575] bridge_slave_0: entered promiscuous mode
[  468.286355][T12575] bridge0: port 2(bridge_slave_1) entered blocking state
[  468.288713][   T43] keytouch 0003:0926:3333.0056: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  468.293718][T12575] bridge0: port 2(bridge_slave_1) entered disabled state
[  468.313273][T12575] bridge_slave_1: entered allmulticast mode
[  468.339132][T12575] bridge_slave_1: entered promiscuous mode
[  468.416837][T12575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  468.430301][T12575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  468.495346][   T43] usb 3-1: USB disconnect, device number 118
[  468.618198][T12575] team0: Port device team_slave_0 added
[  468.650766][T12575] team0: Port device team_slave_1 added
[  468.752536][T12575] batman_adv: batadv0: Adding interface: batadv_slave_0
[  468.771347][T12575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  468.803216][T12575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  468.816760][T12575] batman_adv: batadv0: Adding interface: batadv_slave_1
[  468.824262][T12575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  468.859772][T12575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  468.880123][T12605] FAULT_INJECTION: forcing a failure.
[  468.880123][T12605] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  468.897754][T12605] CPU: 0 UID: 0 PID: 12605 Comm: syz.3.2260 Not tainted syzkaller #0 PREEMPT(full) 
[  468.897784][T12605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  468.897796][T12605] Call Trace:
[  468.897805][T12605]  <TASK>
[  468.897814][T12605]  dump_stack_lvl+0x189/0x250
[  468.897841][T12605]  ? __pfx____ratelimit+0x10/0x10
[  468.897871][T12605]  ? __pfx_dump_stack_lvl+0x10/0x10
[  468.897890][T12605]  ? __pfx__printk+0x10/0x10
[  468.897918][T12605]  ? __might_fault+0xb0/0x130
[  468.897952][T12605]  should_fail_ex+0x414/0x560
[  468.897979][T12605]  _copy_from_user+0x2d/0xb0
[  468.898001][T12605]  binder_ioctl_write_read+0x124/0xa040
[  468.898042][T12605]  ? is_bpf_text_address+0x26/0x2b0
[  468.898071][T12605]  ? is_bpf_text_address+0x292/0x2b0
[  468.898093][T12605]  ? is_bpf_text_address+0x26/0x2b0
[  468.898118][T12605]  ? kernel_text_address+0xa5/0xe0
[  468.898140][T12605]  ? __kernel_text_address+0xd/0x40
[  468.898158][T12605]  ? unwind_get_return_address+0x4d/0x90
[  468.898185][T12605]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  468.898215][T12605]  ? arch_stack_walk+0xfc/0x150
[  468.898251][T12605]  ? __pfx_binder_ioctl_write_read+0x10/0x10
[  468.898283][T12605]  ? stack_trace_save+0x9c/0xe0
[  468.898315][T12605]  ? stack_depot_save_flags+0x40/0x860
[  468.898348][T12605]  ? kasan_save_track+0x4f/0x80
[  468.898367][T12605]  ? kasan_save_track+0x3e/0x80
[  468.898385][T12605]  ? __kasan_save_free_info+0x46/0x50
[  468.898411][T12605]  ? __kasan_slab_free+0x5b/0x80
[  468.898431][T12605]  ? kfree+0x199/0x6d0
[  468.898447][T12605]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  468.898471][T12605]  ? security_file_ioctl+0xcb/0x2d0
[  468.898492][T12605]  ? __se_sys_ioctl+0x47/0x170
[  468.898512][T12605]  ? do_syscall_64+0xfa/0xfa0
[  468.898539][T12605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.898570][T12605]  ? __lock_acquire+0xab9/0xd20
[  468.898592][T12605]  ? binder_debug+0x13f/0x1b0
[  468.898628][T12605]  ? __pfx_binder_debug+0x10/0x10
[  468.898654][T12605]  ? do_raw_spin_lock+0x121/0x290
[  468.898711][T12605]  ? _raw_spin_unlock+0x28/0x50
[  468.898737][T12605]  ? binder_get_thread+0x178/0x6d0
[  468.898772][T12605]  binder_ioctl+0x3e0/0x19c0
[  468.898805][T12605]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  468.898837][T12605]  ? do_vfs_ioctl+0xbe8/0x1430
[  468.898858][T12605]  ? __pfx_binder_ioctl+0x10/0x10
[  468.898890][T12605]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  468.898953][T12605]  ? __fget_files+0x2a/0x420
[  468.898985][T12605]  ? __fget_files+0x3a0/0x420
[  468.899011][T12605]  ? __fget_files+0x2a/0x420
[  468.899042][T12605]  ? bpf_lsm_file_ioctl+0x9/0x20
[  468.899073][T12605]  ? __pfx_binder_ioctl+0x10/0x10
[  468.899103][T12605]  __se_sys_ioctl+0xfc/0x170
[  468.899128][T12605]  do_syscall_64+0xfa/0xfa0
[  468.899156][T12605]  ? lockdep_hardirqs_on+0x9c/0x150
[  468.899185][T12605]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.899206][T12605]  ? clear_bhb_loop+0x60/0xb0
[  468.899231][T12605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.899252][T12605] RIP: 0033:0x7f14f8f8eba9
[  468.899272][T12605] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  468.899291][T12605] RSP: 002b:00007f14f9e45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  468.899314][T12605] RAX: ffffffffffffffda RBX: 00007f14f91d5fa0 RCX: 00007f14f8f8eba9
[  468.899329][T12605] RDX: 0000200000000480 RSI: 00000000c0306201 RDI: 0000000000000004
[  468.899343][T12605] RBP: 00007f14f9e45090 R08: 0000000000000000 R09: 0000000000000000
[  468.899357][T12605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  468.899369][T12605] R13: 00007f14f91d6038 R14: 00007f14f91d5fa0 R15: 00007ffcbc3ab448
[  468.899404][T12605]  </TASK>
[  468.903872][T12605] binder: 12604:12605 ioctl c0306201 200000000480 returned -14
[  469.318943][T12575] hsr_slave_0: entered promiscuous mode
[  469.330965][T12575] hsr_slave_1: entered promiscuous mode
[  469.338703][T12575] debugfs: 'hsr0' already exists in 'hsr'
[  469.349348][T12575] Cannot create hsr debugfs directory
[  469.392530][ T5861] Bluetooth: hci4: command tx timeout
[  469.647174][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2264'.
[  469.683120][    T9] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[  469.741443][T12575] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  469.754295][T12575] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  469.766706][T12575] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  469.780445][T12575] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  469.865281][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  469.884061][    T9] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  469.898953][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.913530][    T9] usb 1-1: config 0 descriptor??
[  470.060733][T12628] FAULT_INJECTION: forcing a failure.
[  470.060733][T12628] name failslab, interval 1, probability 0, space 0, times 0
[  470.087851][T12628] CPU: 1 UID: 0 PID: 12628 Comm: syz.3.2268 Not tainted syzkaller #0 PREEMPT(full) 
[  470.087984][T12628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  470.087999][T12628] Call Trace:
[  470.088011][T12628]  <TASK>
[  470.088044][T12628]  dump_stack_lvl+0x189/0x250
[  470.088070][T12628]  ? __pfx____ratelimit+0x10/0x10
[  470.088100][T12628]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.088118][T12628]  ? __pfx__printk+0x10/0x10
[  470.088153][T12628]  ? __pfx___might_resched+0x10/0x10
[  470.088176][T12628]  ? fs_reclaim_acquire+0x7d/0x100
[  470.088203][T12628]  should_fail_ex+0x414/0x560
[  470.088232][T12628]  should_failslab+0xa8/0x100
[  470.088260][T12628]  kmem_cache_alloc_node_noprof+0x77/0x710
[  470.088282][T12628]  ? __alloc_skb+0x112/0x2d0
[  470.088319][T12628]  __alloc_skb+0x112/0x2d0
[  470.088349][T12628]  alloc_skb_with_frags+0xca/0x890
[  470.088387][T12628]  sock_alloc_send_pskb+0x857/0x990
[  470.088431][T12628]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  470.088469][T12628]  ? iov_iter_advance+0x8b/0x1c0
[  470.088503][T12628]  tun_get_user+0xa43/0x3e20
[  470.088552][T12628]  ? aa_file_perm+0x44d/0x1550
[  470.088572][T12628]  ? __pfx_tun_get_user+0x10/0x10
[  470.088595][T12628]  ? _parse_integer_limit+0x1ae/0x1f0
[  470.088628][T12628]  ? __lock_acquire+0xab9/0xd20
[  470.088658][T12628]  ? ref_tracker_alloc+0x318/0x460
[  470.088680][T12628]  ? __lock_acquire+0xab9/0xd20
[  470.088703][T12628]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  470.088732][T12628]  ? tun_get+0x1c/0x2f0
[  470.088766][T12628]  ? tun_get+0x1c/0x2f0
[  470.088793][T12628]  ? tun_get+0x1c/0x2f0
[  470.088826][T12628]  tun_chr_write_iter+0x113/0x200
[  470.088855][T12628]  vfs_write+0x5c6/0xb30
[  470.088887][T12628]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  470.088915][T12628]  ? __pfx_vfs_write+0x10/0x10
[  470.088951][T12628]  ? __fget_files+0x2a/0x420
[  470.088987][T12628]  ksys_write+0x145/0x250
[  470.089021][T12628]  ? __pfx_ksys_write+0x10/0x10
[  470.089051][T12628]  ? do_syscall_64+0xbe/0xfa0
[  470.089086][T12628]  do_syscall_64+0xfa/0xfa0
[  470.089113][T12628]  ? lockdep_hardirqs_on+0x9c/0x150
[  470.089141][T12628]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.089162][T12628]  ? clear_bhb_loop+0x60/0xb0
[  470.089189][T12628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.089209][T12628] RIP: 0033:0x7f14f8f8eba9
[  470.089232][T12628] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.089249][T12628] RSP: 002b:00007f14f9e45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  470.089274][T12628] RAX: ffffffffffffffda RBX: 00007f14f91d5fa0 RCX: 00007f14f8f8eba9
[  470.089290][T12628] RDX: 000000000000006e RSI: 00002000000002c0 RDI: 0000000000000003
[  470.089304][T12628] RBP: 00007f14f9e45090 R08: 0000000000000000 R09: 0000000000000000
[  470.089317][T12628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.089329][T12628] R13: 00007f14f91d6038 R14: 00007f14f91d5fa0 R15: 00007ffcbc3ab448
[  470.089364][T12628]  </TASK>
[  470.117808][T12575] 8021q: adding VLAN 0 to HW filter on device bond0
[  470.449579][T12575] 8021q: adding VLAN 0 to HW filter on device team0
[  470.468631][  T719] bridge0: port 1(bridge_slave_0) entered blocking state
[  470.476102][  T719] bridge0: port 1(bridge_slave_0) entered forwarding state
[  470.504226][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state
[  470.511599][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  470.518028][   T31] INFO: task poweroff:9985 blocked for more than 143 seconds.
[  470.542492][   T31]       Not tainted syzkaller #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  470.547763][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  470.587436][   T31] task:poweroff        state:D stack:24584 pid:9985  tgid:9985  ppid:5216   task_flags:0x400000 flags:0x00004002
[  470.602686][   T31] Call Trace:
[  470.606078][   T31]  <TASK>
[  470.609086][   T31]  __schedule+0x1798/0x4cc0
[  470.625417][T12575] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  470.643575][   T31]  ? __lock_acquire+0xab9/0xd20
[  470.648592][   T31]  ? __lock_acquire+0xab9/0xd20
[  470.676350][   T31]  ? __pfx___schedule+0x10/0x10
[  470.681405][   T31]  ? schedule+0x91/0x360
[  470.712469][   T31]  schedule+0x165/0x360
[  470.717190][   T31]  schedule_preempt_disabled+0x13/0x30
[  470.792491][   T31]  __mutex_lock+0x7e6/0x1350
[  470.797695][   T31]  ? __mutex_lock+0x5bb/0x1350
[  470.822447][   T31]  ? sync_bdevs+0x1ac/0x340
[  470.827120][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  470.832213][   T31]  ? iput+0x5d5/0xc40
[  470.912863][   T31]  sync_bdevs+0x1ac/0x340
[  470.913698][ T5860] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  470.917525][   T31]  ksys_sync+0xb9/0x150
[  470.965513][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  470.970528][   T31]  ? do_syscall_64+0xbe/0xfa0
[  470.975345][   T31]  __ia32_sys_sync+0xe/0x20
[  470.979914][   T31]  do_syscall_64+0xfa/0xfa0
[  470.992212][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.013982][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.020198][   T31]  ? clear_bhb_loop+0x60/0xb0
[  471.047956][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.054171][   T31] RIP: 0033:0x7fbc181e8f37
[  471.058659][   T31] RSP: 002b:00007ffe56af1748 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  471.087064][   T31] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007fbc181e8f37
[  471.120201][   T31] RDX: ffffffffffffff88 RSI: 00007fbc18381e51 RDI: 00000000ffffff9c
[  471.129981][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  471.138584][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  471.147289][   T31] R13: 00007ffe56af18a8 R14: 00007fbc183cb000 R15: 000055bd2f9d4d98
[  471.156540][   T31]  </TASK>
[  471.159670][   T31] 
[  471.159670][   T31] Showing all locks held in the system:
[  471.167975][   T31] 5 locks held by kworker/0:0/9:
[  471.173093][   T31]  #0: ffff8881446e0d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  471.185067][   T31]  #1: ffffc900000e7ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  471.197209][   T31]  #2: ffff888144b07198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  471.206544][   T31]  #3: ffff888029867198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  471.216037][   T31]  #4: ffff888020e95160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  471.237647][   T31] 6 locks held by kworker/u8:1/13:
[  471.243247][   T31] 1 lock held by khungtaskd/31:
[  471.248411][   T31]  #0: ffffffff8e53c560 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  471.259648][   T31] 3 locks held by kworker/1:1/43:
[  471.268285][   T31]  #0: ffff88801a871548 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  471.280332][   T31]  #1: ffffc90000b37ba0 ((work_completion)(&data->fib_event_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  471.299113][   T31]  #2: ffff888026bfe240 (&data->fib_lock){+.+.}-{4:4}, at: nsim_fib_event_work+0x1f7/0x3b0
[  471.309846][   T31] 2 locks held by kworker/0:2/1212:
[  471.319321][   T31]  #0: ffff88801a871548 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  471.343224][   T31]  #1: ffffc90004097ba0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  471.364497][   T31] 2 locks held by getty/5619:
[  471.369284][   T31]  #0: ffff8880306920a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  471.382450][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  471.401145][   T31] 6 locks held by kworker/1:3/5860:
[  471.407640][   T31]  #0: ffff8881446e0d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  471.424026][   T31]  #1: ffffc90004397ba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  471.439007][   T31]  #2: ffff888144bba198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  471.457301][   T31]  #3: ffff888144bbd518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b8/0x4a20
[  471.468482][   T31]  #4: ffff888027e06968 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e5/0x4a20
[  471.472618][ T5861] Bluetooth: hci4: command tx timeout
[  471.489608][   T31]  #5: ffffffff8f1f89b0 (ehci_cf_port_reset_rwsem){.+.+}-{4:4}, at: hub_port_reset+0x163/0x1750
[  471.502959][   T31] 1 lock held by udevd/5867:
[  471.507911][   T31]  #0: ffff888025709358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  471.518746][   T31] 1 lock held by syz.3.1150/9108:
[  471.524008][   T31]  #0: ffffffff8e541ff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  471.535461][   T31] 1 lock held by poweroff/9985:
[  471.540651][   T31]  #0: ffff888025709358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x1ac/0x340
[  471.550291][   T31] 1 lock held by syz.1.2191/12321:
[  471.557539][   T31]  #0: ffff888025709358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  471.567664][   T31] 2 locks held by syz.1.2191/12323:
[  471.573677][   T31]  #0: ffff888076a300e0 (&type->s_umount_key#85/1){+.+.}-{4:4}, at: alloc_super+0x1bb/0x930
[  471.584630][   T31]  #1: ffff888025709358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  471.594806][   T31] 5 locks held by syz-executor/12575:
[  471.600479][   T31]  #0: ffff88807d1dcdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  471.611798][   T31]  #1: ffff88807d1dc0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  471.622093][   T31]  #2: ffffffff8fab70e8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  471.633197][   T31]  #3: ffff88806d37fb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  471.643086][   T31]  #4: ffffffff8e541ff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  471.654820][   T31] 
[  471.663962][   T31] =============================================
[  471.663962][   T31] 
[  471.702380][   T31] NMI backtrace for cpu 1
[  471.702408][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  471.702434][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  471.702445][   T31] Call Trace:
[  471.702453][   T31]  <TASK>
[  471.702461][   T31]  dump_stack_lvl+0x189/0x250
[  471.702488][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  471.702505][   T31]  ? __pfx__printk+0x10/0x10
[  471.702540][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  471.702565][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  471.702588][   T31]  ? __pfx__printk+0x10/0x10
[  471.702615][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  471.702635][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  471.702659][   T31]  watchdog+0xf60/0xfa0
[  471.702692][   T31]  ? watchdog+0x1e2/0xfa0
[  471.702719][   T31]  kthread+0x711/0x8a0
[  471.702751][   T31]  ? __pfx_watchdog+0x10/0x10
[  471.702772][   T31]  ? __pfx_kthread+0x10/0x10
[  471.702802][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  471.702830][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.702858][   T31]  ? __pfx_kthread+0x10/0x10
[  471.702887][   T31]  ret_from_fork+0x47c/0x820
[  471.702914][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  471.702944][   T31]  ? __switch_to_asm+0x39/0x70
[  471.702964][   T31]  ? __switch_to_asm+0x33/0x70
[  471.702984][   T31]  ? __pfx_kthread+0x10/0x10
[  471.703015][   T31]  ret_from_fork_asm+0x1a/0x30
[  471.703054][   T31]  </TASK>
[  471.703091][   T31] Sending NMI from CPU 1 to CPUs 0:
[  471.861136][    C0] NMI backtrace for cpu 0
[  471.861159][    C0] CPU: 0 UID: 0 PID: 12627 Comm: syz.2.2267 Not tainted syzkaller #0 PREEMPT(full) 
[  471.861185][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  471.861195][    C0] RIP: 0010:__read_once_word_nocheck+0x0/0x10
[  471.861224][    C0] Code: e8 45 d8 af 00 48 ba 00 00 00 00 00 fc ff df e9 88 fc ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 07 e9 c8 08 19 0a cc cc cc cc cc cc cc cc 90 90 90 90 90 90
[  471.861239][    C0] RSP: 0018:ffffc9001855f4d8 EFLAGS: 00000202
[  471.861256][    C0] RAX: ffffc9001855fc01 RBX: ffffc90018558000 RCX: 0000000000000001
[  471.861268][    C0] RDX: ffffc9001855f648 RSI: dffffc0000000000 RDI: ffffc9001855fc30
[  471.861280][    C0] RBP: 1ffff920030abec1 R08: ffffc9001855fc30 R09: 0000000000000000
[  471.861292][    C0] R10: ffffc9001855f658 R11: fffff520030abecd R12: 1ffff920030abec2
[  471.861304][    C0] R13: 1ffff920030abec3 R14: ffffc90018560000 R15: dffffc0000000000
[  471.861316][    C0] FS:  0000000000000000(0000) GS:ffff8881257b1000(0000) knlGS:0000000000000000
[  471.861330][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  471.861342][    C0] CR2: 00007f8fbf344e9c CR3: 000000007d418000 CR4: 00000000003526f0
[  471.861359][    C0] Call Trace:
[  471.861366][    C0]  <TASK>
[  471.861372][    C0]  deref_stack_reg+0x19f/0x230
[  471.861396][    C0]  unwind_next_frame+0x17c4/0x2390
[  471.861419][    C0]  ? unwind_next_frame+0xa5/0x2390
[  471.861438][    C0]  ? do_exit+0x6b5/0x2300
[  471.861461][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  471.861484][    C0]  arch_stack_walk+0x11c/0x150
[  471.861508][    C0]  ? do_group_exit+0x21c/0x2d0
[  471.861523][    C0]  stack_trace_save+0x9c/0xe0
[  471.861544][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  471.861570][    C0]  save_stack+0xf5/0x1f0
[  471.861588][    C0]  ? __pfx_save_stack+0x10/0x10
[  471.861611][    C0]  ? __free_frozen_pages+0xbc4/0xd30
[  471.861629][    C0]  ? vfree+0x25a/0x400
[  471.861643][    C0]  ? kcov_close+0x28/0x50
[  471.861657][    C0]  ? __fput+0x449/0xa70
[  471.861671][    C0]  ? task_work_run+0x1d4/0x260
[  471.861685][    C0]  ? do_exit+0x6b5/0x2300
[  471.861713][    C0]  __reset_page_owner+0x71/0x1f0
[  471.861730][    C0]  __free_frozen_pages+0xbc4/0xd30
[  471.861752][    C0]  vfree+0x25a/0x400
[  471.861767][    C0]  ? __pfx_kcov_close+0x10/0x10
[  471.861783][    C0]  kcov_close+0x28/0x50
[  471.861798][    C0]  __fput+0x449/0xa70
[  471.861817][    C0]  task_work_run+0x1d4/0x260
[  471.861834][    C0]  ? __pfx_task_work_run+0x10/0x10
[  471.861849][    C0]  ? do_exit+0x6b0/0x2300
[  471.861869][    C0]  ? kmem_cache_free+0x19a/0x690
[  471.861889][    C0]  do_exit+0x6b5/0x2300
[  471.861914][    C0]  ? do_raw_spin_lock+0x121/0x290
[  471.861937][    C0]  ? __pfx_do_exit+0x10/0x10
[  471.861965][    C0]  do_group_exit+0x21c/0x2d0
[  471.861979][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.862005][    C0]  get_signal+0x1286/0x1340
[  471.862032][    C0]  arch_do_signal_or_restart+0x9a/0x750
[  471.862049][    C0]  ? __pfx_get_timespec64+0x10/0x10
[  471.862067][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  471.862090][    C0]  ? exit_to_user_mode_loop+0x40/0x130
[  471.862108][    C0]  exit_to_user_mode_loop+0x75/0x130
[  471.862124][    C0]  do_syscall_64+0x2bd/0xfa0
[  471.862147][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.862163][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  471.862179][    C0]  ? clear_bhb_loop+0x60/0xb0
[  471.862197][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.862212][    C0] RIP: 0033:0x7f77b49c1465
[  471.862226][    C0] Code: Unable to access opcode bytes at 0x7f77b49c143b.
[  471.862235][    C0] RSP: 002b:00007fff62b0af70 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  471.862252][    C0] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f77b49c1465
[  471.862262][    C0] RDX: 00007fff62b0afb0 RSI: 0000000000000000 RDI: 0000000000000000
[  471.862272][    C0] RBP: 0000000000000004 R08: 0000000000000000 R09: 0000001562b0b2cf
[  471.862283][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 00007f77b4bd5fac
[  471.862294][    C0] R13: 00007f77b4bd5fa0 R14: ffffffffffffffff R15: 00007fff62b0b0f0
[  471.862313][    C0]  </TASK>
[  472.487634][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  472.494657][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  472.504333][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  472.515133][   T31] Call Trace:
[  472.518541][   T31]  <TASK>
[  472.521491][   T31]  dump_stack_lvl+0x99/0x250
[  472.526181][   T31]  ? __asan_memcpy+0x40/0x70
[  472.530883][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  472.536187][   T31]  ? __pfx__printk+0x10/0x10
[  472.540813][   T31]  vpanic+0x237/0x6d0
[  472.544823][   T31]  ? __pfx_vpanic+0x10/0x10
[  472.549334][   T31]  ? preempt_schedule_common+0x83/0xd0
[  472.554828][   T31]  panic+0xb9/0xc0
[  472.558590][   T31]  ? __pfx_panic+0x10/0x10
[  472.563201][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  472.568911][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  472.575259][   T31]  watchdog+0xf9f/0xfa0
[  472.579549][   T31]  ? watchdog+0x1e2/0xfa0
[  472.583929][   T31]  kthread+0x711/0x8a0
[  472.588070][   T31]  ? __pfx_watchdog+0x10/0x10
[  472.592796][   T31]  ? __pfx_kthread+0x10/0x10
[  472.597777][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  472.603286][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  472.608501][   T31]  ? __pfx_kthread+0x10/0x10
[  472.613118][   T31]  ret_from_fork+0x47c/0x820
[  472.617999][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  472.623233][   T31]  ? __switch_to_asm+0x39/0x70
[  472.628269][   T31]  ? __switch_to_asm+0x33/0x70
[  472.633064][   T31]  ? __pfx_kthread+0x10/0x10
[  472.638049][   T31]  ret_from_fork_asm+0x1a/0x30
[  472.642936][   T31]  </TASK>
[  472.646383][   T31] Kernel Offset: disabled
[  472.650925][   T31] Rebooting in 86400 seconds..