last executing test programs:

5m9.780044979s ago: executing program 3 (id=310):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000800)=[{{&(0x7f0000000240)={0xa, 0x4e24, 0x9, @dev={0xfe, 0x80, '\x00', 0x14}, 0x6}, 0x1c, &(0x7f0000000680)=[{&(0x7f0000000280)='Q', 0x1}], 0x1}}, {{&(0x7f0000000000)={0xa, 0x4e22, 0x3ff, @private0={0xfc, 0x0, '\x00', 0x1}, 0x414}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000100)="8744042c7317415de0c5ab22074bf728e14df8dc42334d670353a20e6cf30a2b479662666d8a6039e7c2efc97cc347a5c361d721683d49ffa160de893ef2ec2e09576e41704e708b17e560548249020000ab3fc60681f82c9427433693122633e5af9b1bdc6ddc429a00", 0x6a}], 0x1}}], 0x2, 0x4000840)
setsockopt(r1, 0x84, 0x7f, &(0x7f00000001c0)="020000000980ffff", 0x8)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="bc010000190001000000000003000000fe880000000000000000000000000001fe8000000000000000000000000000aa000a0000000000000a000080000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000002"], 0x1bc}}, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00001f0000), 0x1000002, 0x0)
ioctl$TIOCCONS(r5, 0x541d)
recvmmsg(r3, &(0x7f0000001a80)=[{{0x0, 0x0, 0x0}, 0xff}, {{0x0, 0x0, 0x0}, 0xd}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000600)=""/179, 0xb3}, {&(0x7f00000006c0)=""/267, 0x10b}, {&(0x7f0000003bc0)=""/4107, 0x100b}, {&(0x7f0000000340)=""/212, 0xd4}, {&(0x7f0000000000)=""/48, 0x30}, {&(0x7f0000000240)=""/174, 0xae}], 0x6}, 0x80000000}], 0x3, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r2, 0x4068aea3, &(0x7f0000000000))
ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f00000000c0))
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f00000002c0)={"391cd6cb69b2dda8699f403452c890eaaaff9d17656c6fe69cebd17ee0e44bea5acfc15db6eeae88d01b467881cf9c571f63307df04e68a794adc408be2165fe674a8ef02e90d7576974598884fcbb739f80ec0cac3bcaaa56fc391f38f5b4978ef8cdbbe8c948af4480bf6979928b3f2ea7fbe92515e1c77206892eb91de0cd11d248695a37033036c65d150a039829df66c2e029bb2be8ed69f7ba46ed54380910c93ead68be366aecb603254b1ed16078dcd784a20e4ab2173fad5c91993368473a709ecda58ac8f4d55ca9c689e2927f7c4ac60fe6c95ae47630fb19930bfc375f1fb99e44cd4b36d36c773368c43536b2e3a58307eef7016cd124617a500e8dd608f3bb158178ffe4c48d5e418aac735240e45d88072abe690b0b6a2a815b9c635b09b1d1b1a36e3e2b00769391db42ae8beda04b63984a7a5faa2b88ed79fe99cd4ff14d74e2ebe5632984de415f782ced694d862ef5ad96a84632c08a62cc1c7aea3e19350c4a7c775e7cad1a60c95c97419a9b3da3dfb8c3dc76919b483bae777f3de285869b3cbe6f3934c0e8cced3957718d42419814da399768d9bd0b37244c64f20eacaf9a670c826da418d6c926f3836babc67bd0ae8cae15ab079331d941d89a5f146b3b49e58bec304bdf8f71f20576ebc80393a2364a67beae0b3c7621112c5dc2bdf5b9a32970f2a7daf21f1b0c4bddcc39f4a95e439b812626fd09aef0d4a1f6db3e148df1cbf21294e2897f56abc581c3df9e77c0d3e3750916a69754ffe63a29a8cc486e4671326d7d63f747c46d53c39dcb2dac750e5e8a49a06a82b2d9d9e358ddc7c2a50c4a8095452b59d26d41088a9950c8ca185d364395a047f5efcd35e1e870d61d6b8a00e381e75a24b621dec95d5ba96708ea22271386ef226b59ea57399278ceb1fe79b89ec6e8e476324aa3fbe0d4379b0a77bd1bc92fc8f6b69a2198d7f50b075aaa17e460160f480be5ced25dc119fc9de692b2f03b32b02b85e5494117ed4352037c56ee239f0c659e99f466c658fd029449e9a9f636adb225199da5cf73462570ec66314df91ac7b9783ba7f861790270189f88da43b5ca833c19f47c15fcfa03fd81acbd3b86b935889aa5262433394c05805725e173b95620896501a36662f254ddb57e1d5acab059a3e6dc7a43a8918d36013c1410a4273015fe9671ab44116def237271aadb46b57d3e4213b4992188890040da4a6c26cc18f79153778baf7628f3284e20ad3741ed529a587807ed5bed32b80cc824600ac9d4ee3b424b98ae14b3d153bab6d34901651b6648b098470890145cc66218aecc80bf15971337642668505dbda34c4268cb987f6ed3772402227a4c1c93875d2d4f0bdc7ac5f97dd44c8b79d58fe449c1bfd3b3367f017bfc94d0a826a7a25c082e9a8740caf0cda15a36387746c60052350da931"})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0xffff1000, 0x7, 0x22, 0x7ff, 0x0, [{0x40, 0xfa, 0x4d, '\x00', 0xff}, {0x9, 0x5, 0x3, '\x00', 0xf1}, {0x2, 0x6, 0x3, '\x00', 0x6}, {0xeb, 0x9, 0x22, '\x00', 0x2}, {0xf7, 0x6, 0x10, '\x00', 0x1}, {0x3, 0x4, 0x7, '\x00', 0xff}, {0x10, 0x81, 0x9, '\x00', 0x7}, {0x80, 0x3, 0xc, '\x00', 0x6}, {0x40, 0x65, 0x4, '\x00', 0x3}, {0x1, 0xfe, 0x4, '\x00', 0x7}, {0x3, 0x5, 0x2, '\x00', 0xff}, {0x0, 0x7, 0x6, '\x00', 0x42}, {0x5, 0x2, 0xff, '\x00', 0x1}, {0xc, 0x37, 0x9, '\x00', 0x6}, {0xcc, 0xd1, 0x0, '\x00', 0x15}, {0xa2, 0x1, 0xa7, '\x00', 0x3}, {0x80, 0x7, 0x2, '\x00', 0xe}, {0xa5, 0x4, 0x5, '\x00', 0x6}, {0x40, 0x9d, 0x8, '\x00', 0xf}, {0x1, 0x1, 0x11, '\x00', 0x50}, {0x9, 0x3, 0x2, '\x00', 0x5}, {0x4, 0x7, 0x0, '\x00', 0x2}, {0x9, 0x0, 0x5, '\x00', 0x3d}, {0x4, 0x4, 0x1, '\x00', 0x4}]}})
mprotect(&(0x7f0000001000/0x14000)=nil, 0x14000, 0x4)
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r7, 0x4c80, 0x7000000)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

5m8.81218462s ago: executing program 3 (id=318):
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "e907f8f9951e76c13f64323723e7eecdf40c363423eb3d259266ec9c37865c6c1a4640ce1b22bb3327ef4f8a1d34c07c3260049e4f8d3ee0878ae95bc7f52363c468b257ffb3baf7aea4fb76dcfd54f11ed2c41d078b9cf1fc8f72566153c97e4af37017ea6b16b694bb4a6e4606c3fb19d1d2bd3c8c4e97da2213f9d5c3c4891f9150d685a7d7c27df0355808390666e827d61dcc3a633bb0b1250b5a293e3877adc1a1b44b99c93d57fd720a170e7f5670e419dc64febf7ddc73fd4a5a0b6c281e05c541471d8d2a58f5edac665f7f46c7084e17c809268103a2584ab40a68e528329d97afc3612e325c1eb4a3ab2e156a97444800", "0615e456c196e819a321fdb3690bfab19538829a732a01781564ef7738cb5b82a704b3952f81c68bb4ceeaad63206f88201638e87c4981cbf9332cbc9c4d69e392bd33237ece7ad91e44edac0da8dacad81adf2e08c21ad6b44ce1f90bd618c255ca40cdb411485fb48a51d329c816b3488c7d032ef69c502c6e1236bd381efd410165988847c1dcb98a18ca2b853910e52044fa3b3026cb88de269537c8f26ffc3b15cbf279832bfc90bd95939043182e88050dfd2a4784a5d1453610fb1f1c2bac36c3ecd3e6fb756ef8880debeef3636afd981d8af4ab119928448f90351aec113335eacf52a18c87738d9679d31ce0108dc556e597655ba11bacc032a16fbefc64776f363610a15b37bcd36e6a7cba931151b9c9ba5779d550e9ab21603a43a25f3b4895d8dc4f3ce0e7d5e964e888169ea79a0848e9338b3d34d62e963fbf98834f4455419907f0ffdb76373af77a34edee7789f56e7f01bdab9614a0d460f791a06e6cf5243bf2b3a1624a80ec7e1116f1c81f5ef4b895be74bf67eea9193428b58a8b62b7976d3d2e59796c46ec918c83cd49c3f43dbd2967586966c19ace7b0bef5f94eb333b362649f1bfa114f8b1f126e97ec672cff77e2130823fa7a1df6760c6a8917815e9f0a409ed32b133df7dc9afceffcd472b35145c83c9167764d25ce214133c6170adeb6653b30b226a3b6ff1363ac862a540c7fab584cd051ce7ee951e0f121d43cff75afbdec6bc6f6e8f7db58c8086751320d22ee8582e915cabc536e3767e9a9230c9ae8b92398f0ca2a7141fa4588af7afde10e5ec2a6fe85ba5712e126629d4e3998fc4721cb638f2ef8356049e3448466e2c400d5e8baf843fa399907cb526b791c5350ce29204cb6fe50b892a69ec6dbecc28f032a745738faa12c2a34222942fef0ec0511da5fe0b565ceac429da7cc25cfe0320b40a514723e2392a6a361032343edb79fd83cd0a354837153542fd61b3156b54c566036e493250c3a3214738e3cacc24a50d5dfd17d5008b4ca629c3062f3417cb67c48b8b888ae51256bb4e6c68e95a71a00383ad9df263f6a775ded64fef20ed5cb5f31c33cb86f839d00a12e40cd31219113619c4e0585454cb1776278bfd7f5c4275792afb790e83ff0fc6925355c7aee7a070477d9ec2292366e39b9dc66f7adcf449a1a718e5217183faf0f679efc5cef20bcdcf2d12ea0684084ec0d693256e280025b23b5a08b7b1ebe7d41fb045793f971d6ee066604818cb09d86c1eda99a44c35476a113fd5d1a7543f8f99424ebb78dd9e00d719502a6eafa743a061fa3fa55e4deaa0a011b6b9d633f10e0c9446b5a2e3f6d6014ab00695366c1a6bf0c32f703aebb7988c7d4d322681458e85626302c70f37628835e1fcfff4da3099c0b4af433eb9a51f9609f2c0c09a98b18880c846b34d6ac0210f073765666100976ee1d928893f983580ea47a012144633b98e02c3e81869534ab985eb3a73e0bac892dac949f85db949285a6a7a490b1075467226af23df82d8dd09b7282490fbb3ada9ed4cae8f761aefbe0701de6b132f12044c58ac1c2607c8f51361de5bed021dea13fd0a440263cf0b304522a324b581ab274e7bdae5994316657b5c0ab0220d9b08739729f7a35d436878c182aec4f08dd161c11ee5b7937fae7835e8bfe98a44c8d4bbb2e0eee0cb5d7c93517e96a9fc8132e60f3ef7c735bea1934b37df451f981c8d9210e61278c871e6dad6ceb89aa4d7245658a63e65cec7b81d307426a60a31cc917844a14e1d9ad83bef1c9f736d1836687c950d1275caece0d46ab9f3b0e95d9cf560eb8134e8346b35e0a6f60e6a87a14c4aeb3e0d06158390660a52a6e44b524c1e16de2bf99870f78fc81d267072bc63e97d3f26d23fd59799ff2c847d6a724cebc2377a582ba73d99a610a095c28d66c60910ac64b7d18847fa98fd8528b72e0a149b082c731575b2e2763e67c821ba29eecd8b8c87981c4fb1fbbaaa4e8aa077ec98de1362fc7af7a0ac5e3297fd0d924124b2e255b5cc4f6b0873f3d34418d5ae0d6f734628f38cb9b856b2db3fbb2fafb76983eabc51a348e55789e997fa25cbe6e5031bd2e33d4e2686f964a65d1abf7f96a20a8b270b1522ace4adf6fdade5cd3f101574960d13267e2382f70027ebe5ef7f9418e14e6a8a130d2aec2253c8fe21825e3295774db0c9b1340ea28a96589ba0d9f79aa61b92aea6f704ef7f716d849b8c77e6922e198a086d8133491d0bb85b925825a6d307d7cc8f09c655aa3edabf84c75560dfb279ee3e8b825323279edc58c3161e72cf9ae02ef80d500da922c0abeb8b164abd9c17ef7c02e89000d67b0c2ddd078cacbf37c4826be3845948d598980d63c1d7aade89d0637d80a4c102a35eb027a08ef90cc20d17fc514926914e68e5de54b861200ffa4ce1cbc16e4ecf342a1176cdb561f7dea38b3ae0fd81260f72d34e6f33d364cf313d3b3161410dcbf5f0f0579a1d235b49bb5d27f85825b94f1899e7846d0292ad912d934574f9d55d2152dbfb39d662e6e0f2496182d012af8b4bebbdfa1d68e3e988869fb5cd9612db97e6cc574444f4b5025ec9827bafc55341bf6ad3fd4fab2ee43f343cb9bcec0c38384b5699e5c6d5973ba591978275c51a40200d340b9ed3681f08c69f58320f538f9cd78a34eb6ed55710d2478ea4bd15813921817b42f88f1bb038033b519668f0a2e8693b9a19c7bcf96eec04bda625b31c32f4286be922ab2c87aa30310c8f46551450d5bc26b5fbfdedaae0f756384023bb9a28d3200cfeaedd63d6afe076513e8ad73d16607cd4ede16344e60d8707357e82b1089258c56d851a435e23ce0919825e04471dd61a44c43e87c2959d4e89311a30ee8be010094d0ef109bb210dda58b21b685b9e9c078c9ded6117d9a88dd7799291969851cd4c3f22b5f870a275a692188dafcf6e89ba87b0eb61011de031fda25fb3349901d40da2bbdb76eda417c9fafd90fb23504ab150ca0033b65ccd4e990cb2ba86ba3aaa79d0df4f2e4e4afa565e66d28aa167f835d080bf1d41d0e52dbf81c671f8eacae234bf4fc328302671fab46613b73daf2ace80aff2f80f6a9d84b82480178cc612aa90adfc80ab3bba7d1527fc6ab04f009011bf093494a0d329df4e53d855b1c0ff6a25d22052b3a778e1ca2fbe59c9eeedf99e13682d06da269560524ffa0f404b73b946edf900ee958ceba09a051e27a620fb78e7a352c182c8c2981ce822eeaf6323965b4b3f322d40d406a158b6f3cf5d74822de952fefc341d0dead6c1c8fed8e48e0a85b51c1dcc7796d3f45bb1f50467a475da76c356c9e031b096867da1dbb89c3a038d475dbcdb2df1278d5dba55c2fb5ba6a9778c2a244198491f0f711cdb2ef0332f347afffb1b098b4c59041ccb0c286bb2dd40e7ec713f6ffe0b1067678c748615dae3c1e090f3739a9035767fb9972580d19fdef49a5071f99c3706b8fa4991f430721cf3ca11af0e3bd7c4d0cd0ab5b7d98ee66730c20a098110e4a15ce0bfc88c41fe375f261fe3557e14eb5ff4a2cdf6a008fd7b6702951b8456e940fbd269a0f3ed515ac03cfecce67027d579e1226bd7b7381827453550343566508d38790ee838c3bf85c6c91a45e7a44752f57313533a3e82e4042e65d346afb20c0527575f79080aef4e1aa8d5868d190c8d37bdae7592e41bed37b9d4c30d8126d3debde02dff25f5ef1e48133e2a41cd55347bd23dcce57a00189619db629c530dc112d22ac72bce353681264b5175be40b3ba84408d0f56762cc720e96c128447be7128748e185be2640115556bac64d060207e629b0144e501c1c49c6abd15c7982b01e22da2ad04bb28df1a27f31e18040c16406071d798bb40d901d001e22cc5ed870d08702f49f0021814cdd814901a13c7ab061bb4b8172c639b3449e24f656fee58186e69e6874ea95d946da781b49ca080ffb4a3c87746c661f43e9be52d0ba2ee368b9c143687c8846abac599069decf41e69fddcadf31c5f715917df12df4eedbfcc5805fe8e661b8fcd7b130d7bcc4a9a152de93a15dddacf3cf52479956185a3c5000d18ddce0236d5858c0d8761bca7446e3d30f3e8f48d5e8f86a60cbe46f038b1028ffd35590bdacfeebb86e28d42a923bdc3f9a307b919341a2a7dda096d41070db245c2c424aebe4a4bb9863169454d09f25fd0aa2da7bfc97ad7aca886dd998e041133e07899ad48f7cda600de48ac3951152dfbe6331b8acae24cfd2dd2b14696c75040685c756942a0d049ee9863a2e480388f93876f3910ecb3a59fa16c25b2b3636a542f92744495e10a4ce37f19f5c2256e2d61775d388e2a86b52f76add2f956aa02501f5badb94da12595b2bbf88b05dc70caae6766fd3df4f299d0ff71c8787249b255ea49b3d33b3f1a8c9403cb75d64264465c3578538382b23d721f8a49134020ca2d9e887d9949624ac6d63322b6507e277a0020db9bfa2928736b96c72fa3406a95adfe6b374ffa27001d37d3bbe725e75c257834572026c511f57dce67153a4008f9e75e07ed9237f600005800ee667c137fc78bc4fd4ebf4d228979ab0ccafbcd8b8daad76fb2abcfc585377ea6e19f170db898b950a7b0f4e75466a2ba26e7d60e0a6f5c54a3fe78677f3362c5b01ae791b62ee8a5d0fd65b739ece4f3b758d05a8e4e4ea7e4866ee67750ce2769f72a9f45780eadfae73b42d4dd4c614c797c694ece8af88cc732edabfa26ace57de54835c7551154dfa3be11a0d3b5845ac97b2da84410a652e72cd563acbb2b02bb59370cebaaa80014e3ad280944eae6fbf8d5f85237257bb5b8e5ec3e52dc06f8394176b325a577804e9eb78d7015172d17ed15f905f705d56687f53988bb207c74fbeb2b03a700258e835362886239f4d8f1c2cf6d4d10ff26d2579ea40a5fb99e5b6d01cdeda050d3faa78ed674f2899be08332086c8bf0410a7d06099c50a2d949d49a0f21b43bcdfbdf435875cf5a9def46db63746574ee8a5b1fbcef411154e914dd9e5bb1b1bd2944581083fb66a017e7972df3daefc487e4198cb281d3a80637d52b41738b7f1a57c867d5b2ee5d72465657593339506fd0c3807cd6445eb54cfb5ca9d35ef93eec6383224ebf85197eb6ed75f6c324f6a0345a25be6bb52ed347e57ccb059b903fb7db4e9f46513a4158ce29c1f5d6081b556bbc471e89225cad81aed34dae0f90ee8e7237b3b286e29b49d7a1700c537b28571f7d7e2a55e10792d6f7779ddefa3febdea5693048372a45903c04f1035a96c6cfbe6f6c2b754581aac02f8a70e698be6e37fd411cf4b76317b47683f6b0f80dfdeef3a9767c7e5c30dff786093a21477431fea0458023953700"})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000002c0)={@private2={0xfc, 0x2, '\x00', 0x1}, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80000, 0x6, 0x0, 0x0, 0x6, 0x900066})
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = memfd_create(&(0x7f0000000640)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\xfd\x89\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\rW\xef\x10\xd6d#\xf2\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8\x1f\xb2C\xf8\'?]\x16C\x166\xc0\xbcJT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8', 0x2)
pwritev(r1, &(0x7f0000000540)=[{&(0x7f0000000600)='\x00', 0x1}], 0x1, 0x7fffff, 0x8)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'macvtap0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="14042bfdd3fc03fc01004788031c09100628", 0xfd35, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
r3 = dup(r0)
read$watch_queue(r3, &(0x7f0000000000)=""/39, 0x27)

5m8.715558141s ago: executing program 3 (id=320):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv2(r0, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/58, 0x3a}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000280)}, {&(0x7f00000002c0)=""/209, 0xd1}], 0x4, 0x7, 0x5, 0x36)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000001880), 0x2, 0x0)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
setsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, 0x0, &(0x7f0000000080))
r4 = socket$inet6(0xa, 0x1, 0xffffffff)
setsockopt$inet6_int(r4, 0x29, 0xb, &(0x7f0000000240)=0x7ffb, 0x4)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r1, 0x80047210, &(0x7f00000001c0))
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000c00000/0x400000)=nil)
r7 = syz_kvm_add_vcpu$x86(r6, &(0x7f0000000040)={0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0a000000000000006c000000000000002e450fe0dfb805000000b9e2e3ffff0f01c10fc7b80050000066ba210066edc74424000de6ff00c7442402fdffff7fc7442406000000000f011c240f20c035000000800f22c066420f2900c4a3e144fe5e420f01cbc421ee586f00c38b2a8ec69125e04eec1f79f7dd06675a26ceb5ea43a37f6b151e3d6bdb34"], 0x6c})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r7, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

5m8.355652902s ago: executing program 3 (id=323):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000004c0)='./file0\x00')
rename(&(0x7f00000000c0)='./file1\x00', &(0x7f00000001c0)='./bus\x00')

5m8.26685537s ago: executing program 3 (id=326):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240000001b1401002abdd444d446df250800010000000000090002"], 0x24}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)

5m8.210015912s ago: executing program 3 (id=327):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
clock_gettime(0x0, &(0x7f0000000340)={<r1=>0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f00000003c0)={{r1, r2+10000000}, {0x0, 0x989680}}, &(0x7f0000000400)) (async)
timer_settime(0x0, 0x0, &(0x7f00000003c0)={{r1, r2+10000000}, {0x0, 0x989680}}, &(0x7f0000000400))
listen(r0, 0x101)
mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x100c000, &(0x7f0000000380))
socket$kcm(0x11, 0x2, 0x0) (async)
r3 = socket$kcm(0x11, 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000300)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000440)={0x48, 0x2, r5}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000440)={0x48, 0x2, r5})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r5, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x6}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r5, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x6})
ioctl$IOMMU_IOAS_UNMAP$ALL(r4, 0x3b86, &(0x7f0000000080)={0x18, r5})
sendmsg$sock(r3, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x27}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x18}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), r6) (async)
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000140), r6)
sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, r7, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vlan1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_team\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44845}, 0x80) (async)
sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, r7, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vlan1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_team\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44845}, 0x80)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x34, 0x3f, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x10, 0x2, 0x0, 0x1, [@nested={0xc, 0x14, 0x0, 0x1, [@typed={0x8, 0xd, 0x0, 0x0, @u32=0x4}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
recvmsg$kcm(r3, &(0x7f0000000700)={0x0, 0xfffffffffffffe60, &(0x7f0000000580), 0xb1}, 0x2020)

4m53.157487635s ago: executing program 32 (id=327):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
clock_gettime(0x0, &(0x7f0000000340)={<r1=>0x0, <r2=>0x0})
timer_settime(0x0, 0x0, &(0x7f00000003c0)={{r1, r2+10000000}, {0x0, 0x989680}}, &(0x7f0000000400)) (async)
timer_settime(0x0, 0x0, &(0x7f00000003c0)={{r1, r2+10000000}, {0x0, 0x989680}}, &(0x7f0000000400))
listen(r0, 0x101)
mount$9p_unix(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x100c000, &(0x7f0000000380))
socket$kcm(0x11, 0x2, 0x0) (async)
r3 = socket$kcm(0x11, 0x2, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000300)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000440)={0x48, 0x2, r5}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000440)={0x48, 0x2, r5})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r5, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x6}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f00000002c0)={0x28, 0x6, r5, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x6})
ioctl$IOMMU_IOAS_UNMAP$ALL(r4, 0x3b86, &(0x7f0000000080)={0x18, r5})
sendmsg$sock(r3, &(0x7f00000000c0)={&(0x7f0000000040)=@phonet={0x23, 0x0, 0x0, 0x27}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}], 0x18}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_smc(0x2b, 0x1, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000140), r6) (async)
r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000140), r6)
sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, r7, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vlan1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_team\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44845}, 0x80) (async)
sendmsg$SMC_PNETID_GET(r6, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, r7, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'vlan1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_team\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44845}, 0x80)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x34, 0x3f, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x10, 0x2, 0x0, 0x1, [@nested={0xc, 0x14, 0x0, 0x1, [@typed={0x8, 0xd, 0x0, 0x0, @u32=0x4}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
recvmsg$kcm(r3, &(0x7f0000000700)={0x0, 0xfffffffffffffe60, &(0x7f0000000580), 0xb1}, 0x2020)

2m42.0940494s ago: executing program 0 (id=1316):
socket$inet6(0xa, 0x800000000000002, 0x0)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac1a190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000580)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00N\b'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000080)=ANY=[])
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56e, 0xfb, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x9)
r3 = fanotify_init(0x29, 0x40000)
r4 = open$dir(&(0x7f0000001000)='.\x00', 0x20000, 0x50)
fanotify_mark(r3, 0x641, 0x48001018, r4, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

2m40.427422085s ago: executing program 0 (id=1321):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
syz_usb_connect(0x3, 0x146, &(0x7f0000000200)=ANY=[@ANYBLOB="12010002a4b4b708b40402005ce201020301090234010205093002090434"], 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x2001, 0x0, 0x3}, 0x10)
r2 = socket(0x1e, 0x1, 0x0)
connect$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x80001}}}, 0x10)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f00000000c0)="9aa9210000ae009afeff000023003e67260f01c4c7442400584e0000c7442402173966cac7442406000000000f01142426f30f09b8010000000f01c10f2179c4e3250d6d070c660f38828909000000b97d030000b87de80000ba000000000f30", 0x60}], 0x1, 0x80, 0x0, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="50010000100013040000000000000000ac1e000100000000000000000000000020010000000000000000000000000000000000074e2000000200002000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="20010000000000000000000000000000000000002b000000ac1414fe0000000000000000000000000000000000000000070000000000000000000000000000000400000000000000ffffffffffffffff000000000000000008000000000000000000000000000000000000000800000000000000cc000000000000000000000000000000f600000051401ba86a4301000000cfe069ae35ae4b6f812630409f0100000000000000000000000200010100000000000000005f001200726663343330392863636d28616586292900000000000000000000000000000000000000000000004b2873fb707cb3860000000000000000000000080000000098000000800010007a7721427b16ad"], 0x150}}, 0x804)
syz_open_dev$loop(&(0x7f0000000100), 0x400000000000f01c, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

2m38.893864756s ago: executing program 0 (id=1330):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m38.614661771s ago: executing program 0 (id=1333):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180))
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000080), 0x2000000000000, 0x802)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x324, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000200)={0x2c, &(0x7f0000000000)={0x0, 0xa, 0x5, {0x5, 0x24, "22a249"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$EVIOCSABS20(r2, 0x40044591, 0x0)
close(r2)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f00000005c0)={0x15, 0x110, 0xfa00, {r4, 0xfffffffc, 0x0, 0x30, 0x0, @ib={0x1b, 0x8, 0x5, {'\x00\a\x00'}, 0xf, 0x2, 0x4}, @ib={0x1b, 0x0, 0x0, {"00000000000000000001000000000001"}, 0x80000001}}}, 0x118)

2m36.857424648s ago: executing program 0 (id=1340):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000780)={0x1, 0x0, [{0xc701ecc85fc3e847, 0x1000, &(0x7f0000000ac0)=""/4096}]})
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='nr0\x00', 0x10)
sendmmsg$inet(r2, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000340)="ff", 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0x4000)
dup(r1)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902240001000010000904d1ca000905060200020d000609058202000200011000000000"], 0x0)

2m35.29201981s ago: executing program 0 (id=1350):
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x2208080, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000200)=0x1, 0x4)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_usb_control_io$uac1(r1, &(0x7f0000000180)={0x14, &(0x7f00000000c0)={0x20, 0x21, 0x5, {0x5, 0x6, "b0bc94"}}, &(0x7f0000000100)={0x0, 0x3, 0x3f, @string={0x3f, 0x3, "1b9ea8ee54ceccd77ea8d16f72409fa96b63257e6cc66b6cddc52772624d7beaa770833c2976765c41e8b4086e2c0b80fc5a5dbcb7666430720b414f79"}}}, &(0x7f0000000400)={0x44, &(0x7f00000001c0)={0x20, 0x15, 0xc, "987f8e97cb6516edde6a3b67"}, &(0x7f0000000200)={0x0, 0xa, 0x1}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000002c0)={0x20, 0x81, 0x3, "18a817"}, &(0x7f0000000300)={0x20, 0x82, 0x2, '\a\f'}, &(0x7f0000000340)={0x20, 0x83, 0x1, "99"}, &(0x7f0000000380)={0x20, 0x84, 0x2, "aaf8"}, &(0x7f00000003c0)={0x20, 0x85, 0x3, "d73234"}})

2m20.154926809s ago: executing program 33 (id=1350):
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x2208080, 0x0)
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000200)=0x1, 0x4)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000005c0), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
syz_usb_control_io$uac1(r1, &(0x7f0000000180)={0x14, &(0x7f00000000c0)={0x20, 0x21, 0x5, {0x5, 0x6, "b0bc94"}}, &(0x7f0000000100)={0x0, 0x3, 0x3f, @string={0x3f, 0x3, "1b9ea8ee54ceccd77ea8d16f72409fa96b63257e6cc66b6cddc52772624d7beaa770833c2976765c41e8b4086e2c0b80fc5a5dbcb7666430720b414f79"}}}, &(0x7f0000000400)={0x44, &(0x7f00000001c0)={0x20, 0x15, 0xc, "987f8e97cb6516edde6a3b67"}, &(0x7f0000000200)={0x0, 0xa, 0x1}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000002c0)={0x20, 0x81, 0x3, "18a817"}, &(0x7f0000000300)={0x20, 0x82, 0x2, '\a\f'}, &(0x7f0000000340)={0x20, 0x83, 0x1, "99"}, &(0x7f0000000380)={0x20, 0x84, 0x2, "aaf8"}, &(0x7f00000003c0)={0x20, 0x85, 0x3, "d73234"}})

2m12.820157235s ago: executing program 5 (id=1452):
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
socket(0x10, 0x3, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000180)=""/4058, &(0x7f0000000000)=0xfda)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$packet(0x11, 0x2, 0x300)
pwritev(r1, &(0x7f0000000100)=[{&(0x7f0000001180)="3cfebc10b44c6c01bbb13d89bb1516799725efa3e5ac8804fcc98554b351a131e80a0d7f4ff89ceaf0c0916fb400aab92a9194be807c07e8c796f0969634b23db4095fa623404f02fa23d893a3575b8d78d84d2b9b0ba8a31d6f75f4cfccba6acb50da6c92a63fa8ef3b6ea87de92a56c2d1eb40119b391adf7ef9c95689d4b44497839e03844b375b427d95ff8365c063d9ab8e723d905ba1af12d1d9188b39580298be9b4c1b9ea826ebc5150e27ccb140bc7540dbda5331d97bb3a8e5e8bfd8ebc38626aa51bd20de", 0xca}], 0x1, 0x400, 0x10001)
syz_init_net_socket$x25(0x9, 0x5, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$EXT4_IOC_GETSTATE(r2, 0x4008af25, &(0x7f0000000080))
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x24, &(0x7f00000000c0)=0x100000001, 0x4)
syz_usb_connect(0x5, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="120110039b4fb62011073002613c01020301331209021200010508800009046704006d8f957b"], &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
r4 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
write$uinput_user_dev(r4, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x1, 0xa4, 0x4000006, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0x8000000d, 0x2, 0x12a3, 0x6, 0x1, 0x3, 0x4, 0xb, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x4, 0x9, 0x4, 0x5, 0x1003, 0x0, 0x200b398, 0x400000, 0x5, 0x2, 0x1c, 0x7, 0x1, 0x200, 0x54f5bad8, 0x8, 0xfffffffd, 0x3fd, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x69, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0x1, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x4, 0x101, 0x80000001, 0x7777, 0xfff, 0x1002, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0x7, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x8, 0xdab, 0x1, 0x8, 0x13ffa, 0x1, 0x1b18]}, 0x45c)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x10003, 0x1, 0x2000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000000)={[0x200000035, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0xfffffffffffffffe, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
r9 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r10 = dup(r9)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r9, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)

2m9.689870818s ago: executing program 5 (id=1467):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
exit(0x7)
statx(0xffffffffffffffff, 0x0, 0x1000, 0x10, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x84, @remote, 0x0, 0x0, 'wlc\x00', 0x20, 0xfffffffe, 0x7f}, 0x2c)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r2, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}], 0x1, 0x0) (fail_nth: 12)

2m8.697221961s ago: executing program 5 (id=1474):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="002b86dd03120a0000008d0000006c07010033d43afffe800000000000000000"], 0x340a)

2m8.402810591s ago: executing program 5 (id=1476):
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000340)="3900000014008144f2003c00e9ff008311001f9f640fcf066505acb612f6b8bf44ebb392175f39dbb7d5cac0040071c2ed5453b0e921550000", 0x39}], 0x1}, 0x4000000)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r2 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a7401", 0x17}], 0x1}, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="934300004300338b4ab50200000000000a", @ANYRES32, @ANYRES8=r2], 0xfe33)
r3 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='iocharset', &(0x7f0000000140)='iocharset\xe4\x95\xd5O[\xe5H\xcf\xe3=\xf2\xc2&\xa3\x80[fg\xf1\xd0\x05\xf7\xc7\x83\xa4\xdb\xe7\xcf\xcb70BN\xc2o\xa8\xe9\xbd\xa3\xf4\x1c\x10j\xe2\xcb\xb3\xf4\xcd\t:9E\xe9Js=\x97\x9dT\x84t\x8b\xac\x9c\xdc\x8dJ\xd9\xef}\xb0b\xf7\x1aeW\xa2\xeb\xb8;\xb8\xdb\x99D\xc4R', 0x0)
r4 = openat$cgroup_procs(r1, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000180), 0x12)
pipe2$9p(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1}}, 0x18)
write$FUSE_DIRENTPLUS(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00000000000000338e7266646e6f3d", @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r7, @ANYBLOB=',cache=fscache,\x00'])
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r7, 0x84, 0x1a, &(0x7f0000000480)={<r8=>0x0, 0xfa, "82d3861d632f7b0f5edd6ba720fae6cc3e047d01da2a50e6a3aa10330b34499ef0fa90049cb2e290c3c647c3c4ca0c2cfac9a1f101a88ced3642cb193a60e685f43def0be820ecd0c90753a659150ddcb23c5b60e9c924e5c17fbabf19732f572bd7726e71bc0c1d871146065c471316bdb392d482e7caa2786ad612f77dafdf147d4434da048fd34d3000948634fc0d3482f02263cc3222deae8e4475b660568e730ed3efdb6c6200a936368f09fa914173fb76d6305e937746c063fe30662e440cfca9ada592c313a3bd6341715a9d99d6d52144d9dec3e9644929896003cb170848c6b9683a673f2063f47bd7db4730942e7e72386b384fa4"}, &(0x7f0000000340)=0x102)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000080)={<r9=>r8, @in6={{0xa, 0x4e21, 0x8001, @mcast2, 0x1}}, 0x457, 0x7, 0xb, 0x0, 0x7fd}, &(0x7f0000000140)=0x98)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r7, 0x84, 0x5, &(0x7f0000000240)={r9, @in={{0x2, 0x4e23, @multicast1}}}, 0x84)

2m8.282688112s ago: executing program 5 (id=1477):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x62)
openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000100), 0x4000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {0x2}}, './file1/file0\x00'})

2m7.827921056s ago: executing program 5 (id=1478):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
syz_clone3(&(0x7f00000005c0)={0x200000000, &(0x7f0000000200), &(0x7f0000000280), &(0x7f00000002c0), {0x39}, &(0x7f0000000480)=""/127, 0x7f, &(0x7f0000000500)=""/101, &(0x7f0000000580)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0], 0xa}, 0x58)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m52.717941801s ago: executing program 34 (id=1478):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
syz_clone3(&(0x7f00000005c0)={0x200000000, &(0x7f0000000200), &(0x7f0000000280), &(0x7f00000002c0), {0x39}, &(0x7f0000000480)=""/127, 0x7f, &(0x7f0000000500)=""/101, &(0x7f0000000580)=[0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0], 0xa}, 0x58)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.168645206s ago: executing program 2 (id=2108):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x7, 0x0, 0x1f, 0x0, 0x7c8, 0x9, 0x1, 0xd, 0x3, 0x7, 0x8, 0x5, 0xe, 0x101, 0x3, 0x1], 0x1000, 0x800})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x8, 0xc5, 0x0, 0x6, 0x9, 0x4, 0x6, 0x1, 0xf8, 0x0, 0x1, 0x0, 0x3, 0x6, 0x6, 0x9, 0x4, 0xfe, '\x00', 0x4, 0x4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.02934332s ago: executing program 2 (id=2109):
syz_usb_connect$uac1(0x2, 0x97, &(0x7f0000001880)=ANY=[@ANYBLOB="12015002000000206b1d0101400001020301090285000301bbd0080904000000010100000a24017f0200030201020b24050600bf9b5ab6dc3e0c240202010202090800f701090401000001020000090401010101020000090501092000000180072501039a8556090402000001020000090402010101020000082402010101080a072401010203000905820920"], &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0})
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xa)
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c10000000000000000000", 0x58}], 0x1)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x12, 0x4)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
listen(r4, 0x0)
listen(r2, 0x0)
read$FUSE(r1, &(0x7f0000003480)={0x2020}, 0x2020)

3.822420396s ago: executing program 6 (id=2113):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x800040, 0x0)
ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x2) (async)
r1 = socket$l2tp(0x2, 0x2, 0x73)
r2 = accept$inet(r1, &(0x7f0000000240)={0x2, 0x0, @multicast1}, &(0x7f0000000040)=0x37) (async)
r3 = socket$inet(0x2, 0x801, 0x0)
sendto$inet(r3, 0x0, 0xe803, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
pipe2(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
splice(r3, 0x0, r4, 0x0, 0x7ffff000, 0x0) (async)
sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000300)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f00000003c0)={0x298, 0x0, 0x100, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xaba}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_BEARER={0x154, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x1, @mcast2, 0x6}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xf, @mcast1, 0x10001}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xb}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in={0x2, 0x4e20, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xfffffffe, @local}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x8, @rand_addr=' \x01\x00', 0x1}}, {0x20, 0x2, @in={0x2, 0x4e23, @private=0xa010100}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffff3c06}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0xfffffff5, @private1, 0x2}}, {0x14, 0x2, @in={0x2, 0x4e21, @private=0xa010100}}}}, @TIPC_NLA_BEARER_NAME={0x0, 0x1, @l2={'ib', 0x3a, 'geneve0\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_BEARER={0x30, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth0\x00'}}, @TIPC_NLA_BEARER_NAME={0x12, 0x1, @l2={'ib', 0x3a, 'virt_wifi0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA={0x4c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xde4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x0, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x0, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x0, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x0, 0x2, 0x100}, @TIPC_NLA_PROP_PRIO={0x0, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x0, 0x3, 0x25}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x1a, 0x3, "938593dbced7d9cef0f14f744ad0ad9f316f6beb2a2baf7cb5d84d53a1d84301"}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x0, 0x2, 0xffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x804}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8001}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8}]}]}, 0x298}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x22000, 0x0)
ioctl$NS_GET_USERNS(r6, 0xb701, 0x0) (async)
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000c40)={{0x14}, [@NFT_MSG_NEWRULE={0x274, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x23c, 0x4, 0x0, 0x1, [{0x238, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x228, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x214, 0x3, "d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbaddefdaa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c755ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f"}, @NFTA_MATCH_NAME={0x8, 0x1, 'bpf\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8864}]}]}], {0x14}}, 0x29c}}, 0x4048010)
getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f00000000c0)={'filter\x00', 0xf6, "b1c1601b33c5cced1217b4e05490e7b997883b5c554f0dd870c796dc348dad7c6fb699b53c2370906079730bf8b79ed5b424588222dffe86342c554afc4bc3adbeb201d32b4cb15932c911f619acb53f73ca70121c3461269e7df047a704d08ebefb4ede89d729688727103aeb46201b166e8a41083cff08f813b0e16e766e07ad532ba620a8bed79196c78990c6f8ff67aca37a083e9b03cef798fb28cd9f51e2d84e607aba0c35b0de340e6a8ed7f022e069eae629ef915af75d5c72f6620a8e805d1cba696e353fcaa907f9b7b619487deb26a2234a8c42a23a45f343cdacce12f5cbe834d7c333a36a84e723117f49b16f7bb8c5"}, &(0x7f0000000200)=0x11a)

3.801207474s ago: executing program 1 (id=2114):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000074c0000000c0a01020000000000000000010000000900020073797a3200000000200003801c0000800400018008000340000000010c00044000000000000000000900010073797a3000000000140000001000010000000000000000000000000a"], 0xd8}}, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000002c0), 0xe6, 0x2602)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xd, 0x11, r5, 0x0)
mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x1, 0x0, 0x81, 0x3)
r6 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x12, r6, 0x13000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000380)={"1879669192e382c6b53c4f878a428e78e70ce13edee9c4b088e1340c8411d8cb3a4837eac4c569a5a4eea57ca563fd5ebcfc38aa38aca3c521c2ec38a2535fbd9994e62d94d942a02e63c7869f6eb4f0c019321035959848920ab01ad4709f864b85c69b201402b0ea83db6e368a89f331fd282976a21247e39796e5f6950cd5ee55f505089c2de8c30056e38e48a514e92fda139907c07c8a0367652001ea412d1dc8e6b5fbcd9f94ce61beb2fb511dedbf1bf68b004d67e4109d239beaaff8148012e8fc6aac80d41de34c9efa3cc96ee7869cf21badd6f429c55b006dad28b087ee8b516c77a019e72f48f9b5eb6199ed63b405ab315925422bcfacdf655dfff09c58263c03d36441e6e38e18fbb3bd1a3a76aa653c75525d0b782076c95a6f9b1dba235ffdc35dfe36072b2398d52c1922623036e1ef4bf78ea84e5f9e81a8ebfa860fb6424be84c5c782052ba56aafdb8f7d285191d02239160e08af695dc99d8c9ca99328751e89657674c49b13d931f9a433678a4e6097d82d2b1d42a5225cd5e6d380600bc75d2953425e61a9db4f2bd1612fc1cbc7ee8a8764b6be623a326f9734c2a828a061526fd76accd1c066d0b1aaf16a1c03c837ac52211336a837efae53ab0361705ad21a0a42cd780b0ce2396a869223c3de7943c246215e3892bdcd23797721b1d6a22456cb5cd98dbd8cbce054666c6587fe19bf59f427baacd1adcadd703bc79dacb4ae1b6283baf8cc4bdfdb740c630efe451e8a8596b6708ad6daabce775621076c10c59772c70aafb5450b6d5461d971f384734f131d64f68164afafd49d4e6a526d844c8baa3bbf5acd86adf3b18e834d931c9d3d0118f4adb544cce5a52aa1ba26e02dda1bed8b6b28f4abb6986f41a68401784f9747de360addc1d938c8523e6cf1090278bcf050a10fe27c3a8ad75e894e280ae83e1879758b32a7f830588172a3b2cff56b35b8e0b94bc8d3a21e9969dfcf852e2a28e1f1c5f01259cabba054e15423093adf49df88293ceadeba3b7ad7a1a2c76b5d6bfc4902d22932075dce1384c45bd9cc5e393b4217682828a2330aee3eb61c18ec79ba5db35281632ddec138c0196a0581a2a14bc14599d75b5f9dacaa94d98882e6a7d8b5daa7d8ede8eb21740f203fbc81a81b1113bbe10e36f350aff1bfbfb67ccf0d0bc756690d424a9cdde948a551448a31f3f75a493858b3543b857fce232b0abce2122fb764cd5e586ed0b873ab017ca9e2b65caca926cc97279bf78fc15b053a7baa08d1f3e0115449e1bd7ae19419d27142234d4828451b87b2211debc4c5ce6732020cec7a3eb8d7d677ab30cb076b54d10e4e5120dbf18c6d71f7ef5c193e6a423918836e04f3a8b717de6c598c1460ba31e7d6bd9796868fef11b2da3f93e09a0431fc99ec717cf1e33cce9bbe04cac0b3c97c148c85c"})
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000780)={{0xeeee0000, 0xf000, 0xd, 0x2, 0xc, 0x0, 0xf5, 0x8, 0xe, 0x2, 0x1, 0x2}, {0x2000, 0x8000000, 0xe, 0x8, 0x9, 0xd5, 0x7, 0x4e, 0x1, 0x3, 0x8, 0x3}, {0xeeee0000, 0xdddd0000, 0x3, 0x0, 0x2, 0x8, 0x4, 0x8, 0x4, 0x5, 0x94, 0x8}, {0x80a0000, 0x80a0000, 0x0, 0x6, 0x10, 0x6, 0x0, 0x7, 0x40, 0xb, 0x0, 0x2}, {0x8080000, 0x4000, 0x2, 0x6, 0x3e, 0x1b, 0x1, 0x0, 0x9, 0x9, 0x4, 0x1}, {0x33338000, 0x2, 0x3, 0x2, 0x66, 0x9, 0x7d, 0x6a, 0x7, 0x34, 0x73, 0xff}, {0xeeee8000, 0x4000, 0x9, 0x81, 0x15, 0x0, 0x9, 0x2, 0x2, 0x9, 0x2, 0x3}, {0x0, 0xdddd0000, 0x0, 0x20, 0x74, 0xc, 0xc1, 0x10, 0x3c, 0xde, 0x4a, 0xfe}, {0x3000, 0x6c1}, {0x8000000, 0x7f}, 0x1, 0x0, 0x4000, 0x670218, 0x0, 0x400, 0x2000, [0x5, 0xa756, 0x5, 0x3]})
ioctl$SG_SET_FORCE_PACK_ID(r7, 0x227b, &(0x7f00000001c0)=0x2001)
r8 = fcntl$dupfd(r7, 0x0, r7)
socket(0x1d, 0x2, 0x6)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff0006}]})
close_range(r9, 0xffffffffffffffff, 0x0)
write$sndseq(r8, &(0x7f0000000180)=[{0xff, 0x0, 0x0, 0x0, @tick=0x3, {0x0, 0x2}, {0x0, 0x4}, @result={0x1, 0x2}}, {0x33, 0x0, 0xff, 0x3, @tick=0xf27, {0x3, 0x31}, {0x8}, @addr={0x4, 0x5}}], 0x38)
r10 = socket$kcm(0x11, 0x2, 0x300)
ioctl$sock_kcm_SIOCKCMUNATTACH(r10, 0x8907, 0x0)
recvmsg$kcm(r10, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
readv(r8, &(0x7f0000000000)=[{&(0x7f0000001140)=""/134, 0x86}], 0x1)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000b80)={"6c045ac721bb22e80c614916dbe4274cfd6a53d758f53ba92b08d0a28615a12571617080cda046eb206009d5ab43254b6c3d66e2ebeedb8d77a4bb5811b4f8ae831931afa319e95051aa06a387496da950ef1147c59c1df8ec9fd75288e2339a1c57c0831e2c795ed702fa4e5e7cc974f16ddeee979f92579330bb39a62803ca154cc009bb4947526a315501858a06e0d29ff8e7f4e8b897220b4f9442a9f958caa62858e3fdc9757c9bab453ee8faa4b485fec58c011d7642be72920c77064aa46840a1d260518ce9b7b502bd11152b373d434dd06e1b9132a6801289f05bc8736202c6c5133f9f77edd9a4797a02e2df134f32cfd847b14e5e455a262668224c53cd2a9a0596114dcfab9f8cf4a3464af2d6123294acddd0f9d7a39e1e54171f91dea98069ee38224a931280348dc214e54d3c7b122f72c3d2a6abc1ee0dac4aba038fbf2462516478b14ff7e027c269ad5e9262d88701be5cda2b78880cb28bdc5b8dcb919e97252f533a9936d98c81bc1493283dd4192edf63dab9092fc17ade50177ff175493110eb4bb5382942d6cfd2ea21e4ff04103f43fd9bb5441b8f2281726039ede900857e6da5ead87adb9ee1e1cde179d31c54b92e740a3fe209c0438e5878d7870db6b68a3a1129e343b21b386afbf87462b166c7bef7d71ec70aadc73142a317bbccd82e778d6f9c66e6551bfcea6e35542d6b72261a0f1ca574f4187cc5b4276a81245ef498ff29909abfa9e3ad4a5b3cbfbef7ffdb5a99a554afd917f09df0729bb9d5372af0c027075252f404bf1ea3f70f042e292aa0be835c958ef6c5047a4ad6b8258eec7abca481254ae10c6fb3ae8e8c341e2d242dbc85b6889e82b20a8fff604119ad7d14fc5d282e127cbef82f04ff7ebe8146cae79e008204cb4cbde938748eb2b71e49ac8df3316942c7f437b4729423e27a32e81697873fdceba4e791ccdfcf506073502f95ec3f9e1bc7c5fa6274fa94c1e00321ff0d463f50050000000000000050e7afdb2eead06bb7c8f05cb23ddb3e3003bbd782b24d63a6b8b3eb52c4d7a9bebff2a1b0e9dac5220b611ad870e63a428f3e3918c660ebd00073aa5b21bec3a2a43a801a9a3bf7e5dc1331d5fbe3a492d03b910a353a3412f2c17c09150691d6e9a180473382d096f3ae42c592f363222ace186633a4370c7d9c887e310c0ab40eb62c6ed6a81362bfa4fddf8eb038ce89cf1b2ae0f2593f5f4e1a81d765771703ceb84b347c53ace1329d7f9630cc0ff3a5de921d4a9f088c4185340b80962b17241a12b1768e1e6495f9629c5e01d94d3b4c1794bba73fa587ab53bbe64b27907a78700f409a487e120a54ec82db3dceddfb278ad7c44a1b0093984e87157df5974a3de25f6d3039f25d21dbfef90fa0ff2ecda333027ca313a694dc7fb100"})

3.675375545s ago: executing program 6 (id=2116):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x200, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000280)={0x0, [[0x7ff], [0x400, 0x2], [0xfff]], '\x00', [{0x0, 0x1, 0x1}]})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x3c)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000500)={0x5, 0x6, 0xffff1000, 0x1000, &(0x7f0000ffe000/0x1000)=nil})
ioctl$IOC_PR_PREEMPT_ABORT(r2, 0x401870cc, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x41448000)
write$FUSE_NOTIFY_DELETE(r4, &(0x7f0000000100)={0x29, 0x6, 0x0, {0x1, 0x6}}, 0x29)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r4, 0x80045301, &(0x7f0000000140))
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r7 = syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000c00000/0x400000)=nil)
r8 = syz_kvm_add_vcpu$x86(r7, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[@wr_crn={0x46, 0x20, {0x8, 0x6}}], 0x20})
r9 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0)
ioctl$FBIOPUTCMAP(r9, 0x4605, &(0x7f0000000fc0)={0x0, 0x3, &(0x7f0000000540)=[0x0, 0x0, 0x0], 0x0, 0x0, 0x0})
r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_END_FF_UPLOAD(r10, 0x406855c9, &(0x7f0000000040)={0x10, 0x1, {0x52, 0x8001, 0x7f2, {}, {0x2, 0x5}, @const={0x7, {0x100, 0x959, 0xf3, 0x8}}}, {0x56, 0xbd94, 0x45, {0x4, 0x6}, {0x4, 0x610}, @rumble={0x134, 0xea}}})
waitid(0x2, 0x0, 0xfffffffffffffffe, 0x8, 0x0)
r11 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r11, &(0x7f0000001440)={0x24, @short={0x2, 0x2, 0xffff}}, 0x8)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240), 0x3000000, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@userxattr}, {@index_off}, {@uuid_auto}, {@redirect_dir_follow}, {@xino_off}, {@uuid_on}, {@metacopy_off}], [{@obj_user={'obj_user', 0x3d, '.*'}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@fsname={'fsname', 0x3d, '/dev/fb0\x00'}}]})

3.506449326s ago: executing program 2 (id=2117):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0) (async)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d00", 0x16}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (async)
read$FUSE(r0, &(0x7f0000002bc0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_BMAP(r0, &(0x7f0000000280)={0x18, 0x0, r3, {0x3}}, 0x18)
write$P9_RVERSION(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f00000000c0)) (async)
read$FUSE(r0, &(0x7f0000000b80)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000200)={0x18, 0x0, r4, {0x6}}, 0x18)
write$P9_RLERRORu(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="5300000007000046009d", @ANYRES64], 0x53) (async)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x30, r7, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xfac00}]]}, 0x30}, 0x1, 0x0, 0x0, 0x400a841}, 0x4004010)
r9 = fsopen(&(0x7f0000000000)='configfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0) (async)
r10 = fsmount(r9, 0x0, 0x5)
fchdir(r10) (async)
r11 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) (async)
flock(0xffffffffffffffff, 0x2)
close(r11) (async)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r12 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r12, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0", 0x25}, {&(0x7f0000000ac0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4da6945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da2e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45", 0xbb}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) (async)
recvmsg(r12, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000600)=""/66, 0x42}], 0x1}, 0x10041) (async)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

3.491874954s ago: executing program 6 (id=2118):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, &(0x7f0000000400)=[{0x1, 0x2, {0x1, 0xff, 0x2}, {0x2, 0xf0, 0x5}, 0x1}, {0x2, 0x2, {0x0, 0xff, 0x1}, {0x2, 0xf0, 0x3}, 0xfe, 0xfe}, {0x2, 0x1, {0x2, 0xff, 0x4}, {0x1, 0x1}, 0xfd}, {0x3, 0x2, {0x1}, {0x0, 0xff}, 0xff, 0xfe}], 0x80)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_buf(r4, 0x29, 0x2d, &(0x7f0000000240)=""/115, &(0x7f0000000000)=0x73)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000080)={0x4, 0xbde, 0x0, &(0x7f0000000180)="a1984ec3aec3fc2e025f90eda6dbc903939aac644fd36f1e65174cae030c42cbacc392851a695f247112e91f059460a2c031929dc0515ac7cd20775ff9da9c2b6cb48968dcd6d8d982c492932c572f084d3af58650d207eec0794b3e47c5678c36b99eed61e1dbac68ce8a79aa21a51202018bdc4a51489844f785887083841d65c129992bbe5a51c71b95a9847d2bdede66c6e3184c386faf938fd6db888e73a5c0dcc69c3de7458e68ed33226a8d1c8e17", 0x0, 0xb2})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x7, 0x0, 0x1f, 0x0, 0x7c8, 0x9, 0x1, 0xd, 0x3, 0x7, 0x8, 0x5, 0xe, 0x101, 0x3, 0x1], 0x1000, 0x800})
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getpeername$llc(r5, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000380)=0x10)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x8, 0xc5, 0x0, 0x6, 0x9, 0x4, 0x6, 0x1, 0xf8, 0x0, 0x1, 0x0, 0x3, 0x6, 0x6, 0x9, 0x4, 0xfe, '\x00', 0x4, 0x4})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xb, 0x2e, 0x35, 0x10, 0x413, 0x6026, 0x18aa, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa6, 0x9b, 0xce}}]}}]}}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.3354212s ago: executing program 1 (id=2120):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0xff, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x7, 0x1c0, 0x0, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x7, 0x1, 0x2, 0xd, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x6, 0x7, 0x81}}}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x7f, 0x40, 0xa1, 0xff}, 0xf, &(0x7f00000000c0)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x3, 0x3, 0x3, 0x40}]}, 0x4, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x426}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2056}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x801}}]})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io(r1, &(0x7f0000000540)={0x2c, &(0x7f00000002c0)={0x20, 0x11, 0x93, {0x93, 0x30, "12a0aaec60e1359994d94f3ea9d6652b7e0131d947a91308b5dcf5fed763aa5b3f686925b6aab2b6a5a708960fd2b4cba6ff2f365655fa6a38464e4b6fa8d7217bb2ef517baa283a2ba3220eb0a3d5f620b7584aab8e58b8b728018a03778fe75d4c667330274bc1e17610280d09d0433855bafb9281ea7db8d89053c1eff0f9d79c72dc05e7ce4adb64b513ab01e1cae7"}}, &(0x7f00000003c0)={0x0, 0x3, 0xb2, @string={0xb2, 0x3, "3e16dd11f9a31d1632df40d68a048ea78f7ea9c9cb125d3fa1bf0f870328f102b73484eaffd1b93c2859f9e7cb23a8269ee30d5ae01dfe6419f164697d99d305465b10c2194393866225d52fb9e260a459b75c500a2c0426711c8814bd488a13718e8973a5240004ea27feb57eb79d1b02493cc4a57c5596211efbdb71d238f32069775df78bfb6199377fab0cdbef4312eba278413437f005cc2e4e084eaa584278882708a0430b0e8beed62791f54c"}}, &(0x7f0000000480)={0x0, 0xf, 0x1a, {0x5, 0xf, 0x1a, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0x0, 0x6, 0x25fc}, @wireless={0xb, 0x10, 0x1, 0x2, 0x80, 0x9, 0xce, 0x1ff, 0x9}]}}, &(0x7f00000004c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3, 0x2, 0xff, 0x5, "81397114", "fc339e1f"}}, &(0x7f0000000500)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xff, 0x3, 0x5, 0x3, 0x8, 0x3, 0x5fff}}}, &(0x7f00000009c0)={0x84, &(0x7f0000000580)={0x20, 0xe, 0x3c, "94a6f6301ee78d70a02ab2b8b6205f4a4e09dddc5120bda69ae1581812ffa249020f1f11c45e2f85533acb66f9661fcff54a9bb8acd2de38d8ee67e5"}, &(0x7f0000000600)={0x0, 0xa, 0x1, 0xc0}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000680)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f00000006c0)={0x20, 0x0, 0x8, {0x1e0, 0x40, [0x11fff]}}, &(0x7f0000000700)={0x40, 0x7, 0x2, 0x46e}, &(0x7f0000000740)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000780)={0x40, 0xb, 0x2, "fde9"}, &(0x7f00000007c0)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000000800)={0x40, 0x13, 0x6, @link_local}, &(0x7f0000000840)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000880)={0x40, 0x19, 0x2, 'Rc'}, &(0x7f00000008c0)={0x40, 0x1a, 0x2, 0x1}, &(0x7f0000000900)={0x40, 0x1c, 0x1, 0x5}, &(0x7f0000000940)={0x40, 0x1e, 0x1, 0xf9}, &(0x7f0000000980)={0x40, 0x21, 0x1, 0x8}})
sendmsg$OSF_MSG_ADD(r2, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680200000005010400000000000000000300000354020100000000000632f6d129000000f2010002"], 0x268}, 0x1, 0x0, 0x0, 0x8000000}, 0x4000000)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, &(0x7f0000000b80)={0x14, &(0x7f0000000ac0)={0x40, 0x23, 0x78, {0x78, 0x3, "e6d0a821d2c759d6e7504cbdcb90a6bb070dd66e973125a44db12456d6cd523e8b2593e26af8b03b4f63ad6a7552a0615989134702c71664093d3a9c20368e79c9dd15be60d271c14632cf84e3695a7db17168366fb2506627e580e6499ab7184d8fefc9daae4229af6a34cae1948b029ecb30c1285e"}}, &(0x7f0000000b40)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x827}}}, &(0x7f0000001100)={0x1c, &(0x7f0000000bc0)={0x0, 0x15, 0x8c, "8572587aba93526367e13c72bc17c615ec47288675db69f26b051270d25218df05c756d643940eccfca982ffbf147e570d96fa7094613e1e88d79b0efa9c2180ce6f03028a16356a9c1aafe066b2330265e5cbe7b492e5d774074716f3fdbfd7115450de79bfdf9f1b2240dac7a6f677b04156765636d722e9213c8352369624a4de35100e7f3d28eb13f851"}, &(0x7f0000000c80)={0xa1, 0x1, 0x400, "3fe49c2a98fb162d7832b405f76e186a97b8fe6f58520a6b7135db94b587fee48d43140fa89b1ae54f9ad0b93e2b9460036fd20032dbd645c2af0eaaf64aecde5d58f0525e49d489ef23a7a2871dfd23f190d99e3606a9e506212b6b41e99754dc0a078346ca83dd8e11bddcf51f58e303ebbedfe04e09f7e514aa4912170c3d8273da3d7efb1e9f6b527dd820c722dd3853e9de9acacee252a1ec8b79bbc46bfa2f6533445d7924836f221f4afe37e85d4f5ae4939a044ffa70642cf8a1d85714a3ad41bfcc601acb9e048eb35b3503cef4cfabf00dc76b3ed8feaaebc017e4b4a663adfc3fef5ad31293ab00db3b044b183574a86734c0e7d08ae35807f5d6d5c2fb65ca2aba17e459655c4e95582fefc81560b4880d58ea0202aba8a6c8535c30ce382f03de2567dd929f34ff7754b2e05b02c9ac9e02b1548d437beaf9a4b1c90aee851a0a862b9257307dbea3c3c5aea4ae1eeef08f90fcfa1639b843a170a3b42f740359e8702bb50dd63a99d3a340b871f9986ae536172404dfbd35bcec40265b0016dd82c0c22a69aae588ce83b4425f21e7569b50ddbab447d21888041ed3d0283582e72fe191b56527fded1a65633015d8e87bc24ea0e348a8aee8dbd63643ceba8acf5f8cd6a85afd4b5dc96c1e67d51130c8fb0811c1a67a71224af77b44865a0032715048d1fd03a01dab0b7da6410a0ceb03551253c07f33489b4689cad6e786bc9782df84807987c346d8c5867b00955732933acc0e8298bd15baafc9f29a5f825f3119f5a9687dd9a7ac0f47f80ea3f947a8b859452b7627950856b138a0ce8723eed8df7a120f9e82e6d9186ec343f69924e320d96184e3a761d83da9351c69c14401f1855222da5a6e120c827e6fcb1d4bbf6a94d51f2616b850610d137eba7f07d16230741d392cbf415936d65c9f31cf6d21b397c3e6277406a0a9f57145bff87f41d145f50918debd09d7d11a88085b4cd29ffd7bdaf821e8a9fb99b6778d7f2a9503a08cb2d39ab61792d7b16fe409d6e9c0673acdd0a4a99d63f4b19b1a79e03188c857aa7534d6160f553c52d45edcc28dc26e9a4c113ec104bb2e8f5b26755c51f7689098f62a1c64db37812dfcafd72659d09b67f41a8453db1a61f53622ee27448666b1e465a0d7b9069e5a5ddc04b6c04d32800a590b87e869760bda54b835802fc140cb7dff196c60b658add131e66fe8e4607e4ba44328da284ffe8032b6319174abbdc18dc5b78d066bc4f0aa974da57e0a28a7411060a3d6a8afeaf3690c29d10671ba190dab152f0f0d4a4c4d2918ce0236aec674415c873188ffeae0575a8895cc23258f99840142b90fb9f915e666accc0d310d30b98bb3be68230c38d01f1ab192e242657eed8fb1840a53395d79f2faf5b62e705a72310f7380ce4936be821303ca84b9900178d42d2804a1505c"}, &(0x7f00000010c0)={0x21, 0x0, 0x2, "4b91"}})
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000140)={0x20, 0x10, 0x1, '\x00'}, 0x0, 0x0, 0x0, 0x0})

3.332894371s ago: executing program 2 (id=2121):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x94e, &(0x7f0000000140)={0x0, 0x4bfd, 0x10100}, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000100)=@arm64={0x10, 0x2, 0xff, '\x00', 0x400009})

3.224207677s ago: executing program 2 (id=2122):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac1a190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000080)=ANY=[])
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
close_range(r1, 0xffffffffffffffff, 0x0)

1.947093491s ago: executing program 6 (id=2123):
r0 = socket(0x22, 0x2, 0x4)
ioctl$IMGETCOUNT(r0, 0x80044943, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.869811813s ago: executing program 6 (id=2125):
syz_usb_connect$uac1(0x2, 0x97, &(0x7f0000001880)=ANY=[@ANYBLOB="12015002000000206b1d0101400001020301090285000301bbd0080904000000010100000a24017f0200030201020b24050600bf9b5ab6dc3e0c240202010202090800f701090401000001020000090401010101020000090501092000000180072501039a8556090402000001020000090402010101020000082402010101080a072401010203000905820920"], &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0})
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00')
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0xa)
writev(r3, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100090c10000000000000000000", 0x58}], 0x1)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000000)=0x12, 0x4)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10)
listen(r4, 0x0)
listen(r2, 0x0)
read$FUSE(r1, &(0x7f0000003480)={0x2020}, 0x2020)

1.647664236s ago: executing program 4 (id=2126):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x3b, 0x2000000, 0x4}]})

1.647280832s ago: executing program 2 (id=2127):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, 0x0)
syz_usb_connect(0x1, 0x4e, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x8c, 0xbd, 0x7f, 0x20, 0x499, 0xcdf4, 0x78ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3c, 0x1, 0x10, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x13, 0x0, 0x1, 0xff, 0x6, 0xd2, 0x0, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x839a}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x6, 0x91, 0x81}, {0x6, 0x24, 0x1a, 0x0, 0x8}, [@acm={0x4}]}], [{{0x9, 0x5, 0x5, 0x3, 0x8, 0x9, 0x9, 0x5}}]}}]}}]}}, 0x0) (async)
r1 = syz_usb_connect(0x1, 0x4e, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0x8c, 0xbd, 0x7f, 0x20, 0x499, 0xcdf4, 0x78ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3c, 0x1, 0x10, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x13, 0x0, 0x1, 0xff, 0x6, 0xd2, 0x0, [@cdc_ncm={{0x5}, {0x5, 0x24, 0x0, 0x839a}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x6, 0x91, 0x81}, {0x6, 0x24, 0x1a, 0x0, 0x8}, [@acm={0x4}]}], [{{0x9, 0x5, 0x5, 0x3, 0x8, 0x9, 0x9, 0x5}}]}}]}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x9c, &(0x7f0000000000)=ANY=[@ANYBLOB="0400009410e2a53cede44ceca3317e3cbe3eba26bb04ab6691025f0fb56bc943a540535fe3731dbb904b3e86d71fb79e1c3b0e740c86e7efd12d4e341c0f2663a3abb38b2a073e93af514de0922531342e528a830e4249f267f080d0c06bfbeba05fad0b4ac9fb0e1862f87c0d04090fe52888b8ea3c204fe322f723e0b9f828aedc7139365d1e95d76f037eac40e88c3fcd03c598c011d350a727e4"])

1.557258826s ago: executing program 4 (id=2128):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x4000001, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x4, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x400, 0x7fff, 0x5, 0xa7, 0x1, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0x2, 0x9, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x491, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0x6, 0x7, 0x7, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xd3, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd80, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000005, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x13ffd, 0x1, 0x1b18]}, 0x45c)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x200000035, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0xfffffffffffffffe, 0x7fffffffffffe, 0x5, 0x5, 0x6, 0x0, 0x45, 0x4, 0xbdb], 0x1, 0x1c4213})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

1.351344601s ago: executing program 4 (id=2129):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000008b02"])
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{0xc0010015}]}) (fail_nth: 5)

1.326847658s ago: executing program 1 (id=2130):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_io_uring_setup(0x94e, &(0x7f0000000140)={0x0, 0x4bfd, 0x10100}, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x7, 0x3, 0x804, 0xb, 0xf, 0x8000120000, 0x4000000000009, 0x0, 0xb35, 0x8000000000000083, 0x2, 0x0, 0x101, 0x3, 0x1], 0xffff1000, 0x141200})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, 0x0)

826.447983ms ago: executing program 1 (id=2131):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r0, 0x40384708, &(0x7f0000000040)={0xa9, 0x1, 0x9, 0x200, 0x1a, "3eccd2000500"})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000a41000/0x400000)=nil)
syz_kvm_add_vcpu$x86(r6, &(0x7f0000000140)={0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="140000000000000010000000000000000b008edf"], 0x18})
syz_kvm_add_vcpu$x86(r6, &(0x7f0000000080)={0x0, &(0x7f0000000500)=[@code={0xa, 0x6e, {"c4e2c8f38b00000000c4829dba6acd0fc7f6c744240038010000c7442402e1e80000ff1c243e41f4262e0f1ca57d000000b9800000c00f3235004000000f3066b897000f00d0450f796c3e0eb98b040000b80001c0feba000000000f30"}}, @wrmsr={0x1e, 0x20, {0x40000022, 0x5}}, @rdmsr={0x32, 0x18, {0xa25}}, @wrmsr={0x1e, 0x20, {0xc001103b, 0x9}}, @wrmsr={0x1e, 0x20, {0x2b1, 0xd817}}, @wrmsr={0x1e, 0x20, {0x951, 0x7d0}}, @wr_crn={0x46, 0x20, {0x1, 0x1}}, @wr_crn={0x46, 0x20, {0x2, 0x92c}}, @rdmsr={0x32, 0x18, {0x253}}, @rdmsr={0x32, 0x18, {0x30b}}, @code={0xa, 0x52, {"66baf80cb827bf3187ef66bafc0cb0d1ee410f01c80f94f3c42198129b00000000b805000000b9040000000f01d966ba2100ec0f09f00061ac47d9f5650f7872f1"}}, @code={0xa, 0x59, {"460f01c90f070f5ccf0f20d835080000000f22d8b9e3080000b83a55510cba000000000f300fc73fb9800000c00f3235002000000f3066450ffee20fc7aa38f4c7b666460f6b6100"}}, @wrmsr={0x1e, 0x20, {0x9bd, 0xfffffffffffffff1}}, @rdmsr={0x32, 0x18, {0xbad}}, @wrmsr={0x1e, 0x20, {0x86c, 0xc8}}, @rdmsr={0x32, 0x18}, @code={0xa, 0x59, {"2e0f320f019c1796c6e11736650f797a1e48b87ab9c311db4cc07d0f23c80f21f8350000e0000f23f8420f32400f01f40fc7290f01c3b9800000c00f3235008000000f30660f1ae9"}}, @uexit={0x0, 0x18, 0x7}, @cpuid={0x14, 0x18, {0x7547, 0xd3}}, @rdmsr={0x32, 0x18, {0x225}}, @uexit={0x0, 0x18, 0x9e50}, @wr_crn={0x46, 0x20, {0x8, 0xfffffffffffffff9}}, @code={0xa, 0x5a, {"c4a15df52348b80f000000000000000f23c80f21f835000050000f23f8460f798c7101000000c4c24db8c50f23ee26660f6223490f7e7cfa0f0f01cac462adbab8294f00000fc77906"}}, @wrmsr={0x1e, 0x20, {0xa1b, 0x80000001}}, @cpuid={0x14, 0x18, {0x7fff, 0xfff}}], 0x3fc})
ioctl$KVM_GET_MSRS_cpu(r3, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x29f, 0x0, 0x7fffffff}]})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$vsock_stream(0x28, 0x1, 0x0)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r9, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10)
bind$vsock_stream(r8, &(0x7f0000000100)={0x28, 0x0, 0x2710}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r7)

735.508448ms ago: executing program 4 (id=2132):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r2, 0x6b, 0x1, &(0x7f0000000400)=[{0x1, 0x2, {0x1, 0xff, 0x2}, {0x2, 0xf0, 0x5}, 0x1}, {0x2, 0x2, {0x0, 0xff, 0x1}, {0x2, 0xf0, 0x3}, 0xfe, 0xfe}, {0x2, 0x1, {0x2, 0xff, 0x4}, {0x1, 0x1}, 0xfd}, {0x3, 0x2, {0x1}, {0x0, 0xff}, 0xff, 0xfe}], 0x80)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_buf(r4, 0x29, 0x2d, &(0x7f0000000240)=""/115, &(0x7f0000000000)=0x73)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000080)={0x4, 0xbde, 0x0, &(0x7f0000000180)="a1984ec3aec3fc2e025f90eda6dbc903939aac644fd36f1e65174cae030c42cbacc392851a695f247112e91f059460a2c031929dc0515ac7cd20775ff9da9c2b6cb48968dcd6d8d982c492932c572f084d3af58650d207eec0794b3e47c5678c36b99eed61e1dbac68ce8a79aa21a51202018bdc4a51489844f785887083841d65c129992bbe5a51c71b95a9847d2bdede66c6e3184c386faf938fd6db888e73a5c0dcc69c3de7458e68ed33226a8d1c8e17", 0x0, 0xb2})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x7, 0x0, 0x1f, 0x0, 0x7c8, 0x9, 0x1, 0xd, 0x3, 0x7, 0x8, 0x5, 0xe, 0x101, 0x3, 0x1], 0x1000, 0x800})
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getpeername$llc(r5, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000380)=0x10)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x8, 0xc5, 0x0, 0x6, 0x9, 0x4, 0x6, 0x1, 0xf8, 0x0, 0x1, 0x0, 0x3, 0x6, 0x6, 0x9, 0x4, 0xfe, '\x00', 0x4, 0x4})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

604.284027ms ago: executing program 4 (id=2133):
socket(0x22, 0x2, 0x4)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

560.000987ms ago: executing program 4 (id=2134):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0xff, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x7, 0x1c0, 0x0, [{{0x9, 0x4, 0x0, 0x7, 0x2, 0x7, 0x1, 0x2, 0xd, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x6, 0x7, 0x81}}}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x7f, 0x40, 0xa1, 0xff}, 0xf, &(0x7f00000000c0)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x3, 0x3, 0x3, 0x40}]}, 0x4, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x426}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2056}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x801}}]})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_control_io(r1, &(0x7f0000000540)={0x2c, &(0x7f00000002c0)={0x20, 0x11, 0x93, {0x93, 0x30, "12a0aaec60e1359994d94f3ea9d6652b7e0131d947a91308b5dcf5fed763aa5b3f686925b6aab2b6a5a708960fd2b4cba6ff2f365655fa6a38464e4b6fa8d7217bb2ef517baa283a2ba3220eb0a3d5f620b7584aab8e58b8b728018a03778fe75d4c667330274bc1e17610280d09d0433855bafb9281ea7db8d89053c1eff0f9d79c72dc05e7ce4adb64b513ab01e1cae7"}}, &(0x7f00000003c0)={0x0, 0x3, 0xb2, @string={0xb2, 0x3, "3e16dd11f9a31d1632df40d68a048ea78f7ea9c9cb125d3fa1bf0f870328f102b73484eaffd1b93c2859f9e7cb23a8269ee30d5ae01dfe6419f164697d99d305465b10c2194393866225d52fb9e260a459b75c500a2c0426711c8814bd488a13718e8973a5240004ea27feb57eb79d1b02493cc4a57c5596211efbdb71d238f32069775df78bfb6199377fab0cdbef4312eba278413437f005cc2e4e084eaa584278882708a0430b0e8beed62791f54c"}}, &(0x7f0000000480)={0x0, 0xf, 0x1a, {0x5, 0xf, 0x1a, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0x0, 0x6, 0x25fc}, @wireless={0xb, 0x10, 0x1, 0x2, 0x80, 0x9, 0xce, 0x1ff, 0x9}]}}, &(0x7f00000004c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3, 0x2, 0xff, 0x5, "81397114", "fc339e1f"}}, &(0x7f0000000500)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xff, 0x3, 0x5, 0x3, 0x8, 0x3, 0x5fff}}}, &(0x7f00000009c0)={0x84, &(0x7f0000000580)={0x20, 0xe, 0x3c, "94a6f6301ee78d70a02ab2b8b6205f4a4e09dddc5120bda69ae1581812ffa249020f1f11c45e2f85533acb66f9661fcff54a9bb8acd2de38d8ee67e5"}, &(0x7f0000000600)={0x0, 0xa, 0x1, 0xc0}, &(0x7f0000000640)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000680)={0x20, 0x0, 0x4, {0x1, 0x3}}, &(0x7f00000006c0)={0x20, 0x0, 0x8, {0x1e0, 0x40, [0x11fff]}}, &(0x7f0000000700)={0x40, 0x7, 0x2, 0x46e}, &(0x7f0000000740)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000780)={0x40, 0xb, 0x2, "fde9"}, &(0x7f00000007c0)={0x40, 0xf, 0x2, 0x8}, &(0x7f0000000800)={0x40, 0x13, 0x6, @link_local}, &(0x7f0000000840)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000880)={0x40, 0x19, 0x2, 'Rc'}, &(0x7f00000008c0)={0x40, 0x1a, 0x2, 0x1}, &(0x7f0000000900)={0x40, 0x1c, 0x1, 0x5}, &(0x7f0000000940)={0x40, 0x1e, 0x1, 0xf9}, &(0x7f0000000980)={0x40, 0x21, 0x1, 0x8}})
sendmsg$OSF_MSG_ADD(r2, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680200000005010400000000000000000300000354020100000000000632f6d129000000f2010002"], 0x268}, 0x1, 0x0, 0x0, 0x8000000}, 0x4000000)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, &(0x7f0000000b80)={0x14, &(0x7f0000000ac0)={0x40, 0x23, 0x78, {0x78, 0x3, "e6d0a821d2c759d6e7504cbdcb90a6bb070dd66e973125a44db12456d6cd523e8b2593e26af8b03b4f63ad6a7552a0615989134702c71664093d3a9c20368e79c9dd15be60d271c14632cf84e3695a7db17168366fb2506627e580e6499ab7184d8fefc9daae4229af6a34cae1948b029ecb30c1285e"}}, &(0x7f0000000b40)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x827}}}, &(0x7f0000001100)={0x1c, &(0x7f0000000bc0)={0x0, 0x15, 0x8c, "8572587aba93526367e13c72bc17c615ec47288675db69f26b051270d25218df05c756d643940eccfca982ffbf147e570d96fa7094613e1e88d79b0efa9c2180ce6f03028a16356a9c1aafe066b2330265e5cbe7b492e5d774074716f3fdbfd7115450de79bfdf9f1b2240dac7a6f677b04156765636d722e9213c8352369624a4de35100e7f3d28eb13f851"}, &(0x7f0000000c80)={0xa1, 0x1, 0x400, "3fe49c2a98fb162d7832b405f76e186a97b8fe6f58520a6b7135db94b587fee48d43140fa89b1ae54f9ad0b93e2b9460036fd20032dbd645c2af0eaaf64aecde5d58f0525e49d489ef23a7a2871dfd23f190d99e3606a9e506212b6b41e99754dc0a078346ca83dd8e11bddcf51f58e303ebbedfe04e09f7e514aa4912170c3d8273da3d7efb1e9f6b527dd820c722dd3853e9de9acacee252a1ec8b79bbc46bfa2f6533445d7924836f221f4afe37e85d4f5ae4939a044ffa70642cf8a1d85714a3ad41bfcc601acb9e048eb35b3503cef4cfabf00dc76b3ed8feaaebc017e4b4a663adfc3fef5ad31293ab00db3b044b183574a86734c0e7d08ae35807f5d6d5c2fb65ca2aba17e459655c4e95582fefc81560b4880d58ea0202aba8a6c8535c30ce382f03de2567dd929f34ff7754b2e05b02c9ac9e02b1548d437beaf9a4b1c90aee851a0a862b9257307dbea3c3c5aea4ae1eeef08f90fcfa1639b843a170a3b42f740359e8702bb50dd63a99d3a340b871f9986ae536172404dfbd35bcec40265b0016dd82c0c22a69aae588ce83b4425f21e7569b50ddbab447d21888041ed3d0283582e72fe191b56527fded1a65633015d8e87bc24ea0e348a8aee8dbd63643ceba8acf5f8cd6a85afd4b5dc96c1e67d51130c8fb0811c1a67a71224af77b44865a0032715048d1fd03a01dab0b7da6410a0ceb03551253c07f33489b4689cad6e786bc9782df84807987c346d8c5867b00955732933acc0e8298bd15baafc9f29a5f825f3119f5a9687dd9a7ac0f47f80ea3f947a8b859452b7627950856b138a0ce8723eed8df7a120f9e82e6d9186ec343f69924e320d96184e3a761d83da9351c69c14401f1855222da5a6e120c827e6fcb1d4bbf6a94d51f2616b850610d137eba7f07d16230741d392cbf415936d65c9f31cf6d21b397c3e6277406a0a9f57145bff87f41d145f50918debd09d7d11a88085b4cd29ffd7bdaf821e8a9fb99b6778d7f2a9503a08cb2d39ab61792d7b16fe409d6e9c0673acdd0a4a99d63f4b19b1a79e03188c857aa7534d6160f553c52d45edcc28dc26e9a4c113ec104bb2e8f5b26755c51f7689098f62a1c64db37812dfcafd72659d09b67f41a8453db1a61f53622ee27448666b1e465a0d7b9069e5a5ddc04b6c04d32800a590b87e869760bda54b835802fc140cb7dff196c60b658add131e66fe8e4607e4ba44328da284ffe8032b6319174abbdc18dc5b78d066bc4f0aa974da57e0a28a7411060a3d6a8afeaf3690c29d10671ba190dab152f0f0d4a4c4d2918ce0236aec674415c873188ffeae0575a8895cc23258f99840142b90fb9f915e666accc0d310d30b98bb3be68230c38d01f1ab192e242657eed8fb1840a53395d79f2faf5b62e705a72310f7380ce4936be821303ca84b9900178d42d2804a1505c"}, &(0x7f00000010c0)={0x21, 0x0, 0x2, "4b91"}})

511.722611ms ago: executing program 1 (id=2135):
r0 = syz_usb_connect(0x4, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000b5b30a40450c8f6055b5010203010902120001000000000904", @ANYRES32=0x0, @ANYRESOCT=0x0], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f0000000240)=ANY=[@ANYBLOB="00000003000010"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

371.337377ms ago: executing program 6 (id=2136):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201410130f56920ac1a190272f00102030109021b000100001000090455070103490200090582030004"], 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x40, &(0x7f0000000080)=ANY=[])
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
close_range(r1, 0xffffffffffffffff, 0x0)

0s ago: executing program 1 (id=2137):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = fsopen(&(0x7f0000000080)='qnx4\x00', 0x1)
syz_usb_connect(0x0, 0x3b, &(0x7f00000040c0)=ANY=[@ANYBLOB="1201a107a171fe103c419b81c9cf010203010902290001fa0900e309045804000206000f0524060000052400f8ff0d240f"], &(0x7f0000004ac0)={0x0, 0x0, 0x0, 0x0})
syz_io_uring_setup(0x24f2, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100), &(0x7f0000000140))
r3 = fsopen(&(0x7f0000002200)='ramfs\x00', 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r6 = fsopen(&(0x7f0000000000)='bfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x3b, 0x0, 0x4}]})

kernel console output (not intermixed with test programs):

921] CPU: 1 UID: 0 PID: 11921 Comm: syz.6.1978 Not tainted syzkaller #0 PREEMPT(full) 
[  411.254385][T11921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  411.254396][T11921] Call Trace:
[  411.254404][T11921]  <TASK>
[  411.254412][T11921]  dump_stack_lvl+0x189/0x250
[  411.254445][T11921]  ? __pfx____ratelimit+0x10/0x10
[  411.254470][T11921]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.254497][T11921]  ? __pfx__printk+0x10/0x10
[  411.254524][T11921]  ? __might_fault+0xb0/0x130
[  411.254554][T11921]  should_fail_ex+0x414/0x560
[  411.254580][T11921]  _copy_from_user+0x2d/0xb0
[  411.254609][T11921]  memdup_user+0x5e/0xd0
[  411.254634][T11921]  kvm_arch_vcpu_ioctl+0x1aa7/0x2a80
[  411.254662][T11921]  ? kvm_arch_vcpu_ioctl+0xcc3/0x2a80
[  411.254688][T11921]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  411.254717][T11921]  ? __lock_acquire+0xab9/0xd20
[  411.254756][T11921]  ? is_bpf_text_address+0x26/0x2b0
[  411.254780][T11921]  ? is_bpf_text_address+0x292/0x2b0
[  411.254799][T11921]  ? is_bpf_text_address+0x26/0x2b0
[  411.254821][T11921]  ? kernel_text_address+0xa5/0xe0
[  411.254839][T11921]  ? __kernel_text_address+0xd/0x40
[  411.254854][T11921]  ? unwind_get_return_address+0x4d/0x90
[  411.254878][T11921]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  411.254903][T11921]  ? arch_stack_walk+0xfc/0x150
[  411.254939][T11921]  ? stack_trace_save+0x9c/0xe0
[  411.254966][T11921]  ? stack_depot_save_flags+0x40/0x860
[  411.255005][T11921]  ? __lock_acquire+0xab9/0xd20
[  411.255026][T11921]  ? __mutex_trylock_common+0x153/0x260
[  411.255047][T11921]  ? __pfx___mutex_trylock_common+0x10/0x10
[  411.255072][T11921]  ? rcu_is_watching+0x15/0xb0
[  411.255092][T11921]  ? trace_contention_end+0x39/0x120
[  411.255110][T11921]  ? __mutex_lock+0x335/0x1350
[  411.255138][T11921]  ? kasan_quarantine_put+0xdd/0x220
[  411.255151][T11921]  ? lockdep_hardirqs_on+0x9c/0x150
[  411.255171][T11921]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  411.255187][T11921]  ? __pfx___mutex_lock+0x10/0x10
[  411.255211][T11921]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  411.255241][T11921]  ? do_vfs_ioctl+0xbe8/0x1430
[  411.255259][T11921]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  411.255282][T11921]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  411.255304][T11921]  kvm_vcpu_ioctl+0x74d/0xe90
[  411.255327][T11921]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  411.255366][T11921]  ? __fget_files+0x2a/0x420
[  411.255394][T11921]  ? __fget_files+0x3a0/0x420
[  411.255416][T11921]  ? __fget_files+0x2a/0x420
[  411.255442][T11921]  ? bpf_lsm_file_ioctl+0x9/0x20
[  411.255469][T11921]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  411.255486][T11921]  __se_sys_ioctl+0xfc/0x170
[  411.255507][T11921]  do_syscall_64+0xfa/0xfa0
[  411.255531][T11921]  ? lockdep_hardirqs_on+0x9c/0x150
[  411.255555][T11921]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.255573][T11921]  ? clear_bhb_loop+0x60/0xb0
[  411.255595][T11921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.255613][T11921] RIP: 0033:0x7f56c758ebe9
[  411.255629][T11921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.255644][T11921] RSP: 002b:00007f56c83d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  411.255663][T11921] RAX: ffffffffffffffda RBX: 00007f56c77c5fa0 RCX: 00007f56c758ebe9
[  411.255676][T11921] RDX: 0000200000000080 RSI: 00000000c008ae88 RDI: 0000000000000005
[  411.255689][T11921] RBP: 00007f56c83d5090 R08: 0000000000000000 R09: 0000000000000000
[  411.255700][T11921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.255711][T11921] R13: 00007f56c77c6038 R14: 00007f56c77c5fa0 R15: 00007fff13451408
[  411.255741][T11921]  </TASK>
[  411.624373][ T5951] cpia1 5-1:0.0: unexpected state after lo power cmd: 00
[  411.672291][T11884] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  411.758463][  T888] usb 3-1: USB disconnect, device number 7
[  411.882739][T11929] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  411.955704][  T982] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  412.031482][ T5951] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  412.117432][  T982] usb 2-1: unable to get BOS descriptor or descriptor too short
[  412.135828][  T982] usb 2-1: not running at top speed; connect to a high speed hub
[  412.187489][  T982] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  412.199332][  T982] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  412.217727][  T982] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  412.236710][  T982] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  412.249182][  T982] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.251401][  T888] usb 5-1: USB disconnect, device number 125
[  412.257290][  T982] usb 2-1: Product: syz
[  412.287742][  T982] usb 2-1: Manufacturer: syz
[  412.292363][  T982] usb 2-1: SerialNumber: syz
[  412.466787][ T5951] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  412.540959][  T982] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  412.548331][  T982] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  412.556451][  T982] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  412.580045][  T982] usb 2-1: USB disconnect, device number 7
[  412.595543][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  412.606218][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  412.617304][ T5951] usb 7-1: Using ep0 maxpacket: 32
[  412.644785][ T5951] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[  412.653421][ T5951] usb 7-1: config 0 has no interface number 0
[  412.660129][ T5951] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  412.671508][ T5951] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[  412.681527][ T5951] usb 7-1: config 0 interface 85 has no altsetting 0
[  412.690536][ T5951] usb 7-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  412.700321][ T5951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.708473][ T5951] usb 7-1: Product: syz
[  412.712642][ T5951] usb 7-1: Manufacturer: syz
[  412.718487][ T5951] usb 7-1: SerialNumber: syz
[  412.725119][ T5951] usb 7-1: config 0 descriptor??
[  412.766876][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  412.777878][    T9] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  412.787025][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.806426][    T9] usb 3-1: config 0 descriptor??
[  412.824545][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  412.942914][ T5951] usb 7-1: USB disconnect, device number 38
[  413.085500][  T982] usb 5-1: new high-speed USB device number 126 using dummy_hcd
[  413.118778][T11949] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  413.129244][T11949] FAULT_INJECTION: forcing a failure.
[  413.129244][T11949] name failslab, interval 1, probability 0, space 0, times 0
[  413.143612][T11949] CPU: 0 UID: 0 PID: 11949 Comm: syz.1.1990 Not tainted syzkaller #0 PREEMPT(full) 
[  413.143636][T11949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  413.143648][T11949] Call Trace:
[  413.143657][T11949]  <TASK>
[  413.143665][T11949]  dump_stack_lvl+0x189/0x250
[  413.143700][T11949]  ? __pfx____ratelimit+0x10/0x10
[  413.143730][T11949]  ? __pfx_dump_stack_lvl+0x10/0x10
[  413.143759][T11949]  ? __pfx__printk+0x10/0x10
[  413.143792][T11949]  ? __pfx___might_resched+0x10/0x10
[  413.143813][T11949]  ? fs_reclaim_acquire+0x7d/0x100
[  413.143840][T11949]  should_fail_ex+0x414/0x560
[  413.143868][T11949]  should_failslab+0xa8/0x100
[  413.143898][T11949]  __kmalloc_noprof+0xcb/0x7f0
[  413.143916][T11949]  ? security_task_alloc+0x4d/0x360
[  413.143940][T11949]  ? perf_event_init_task+0x12d/0x4b0
[  413.143972][T11949]  security_task_alloc+0x4d/0x360
[  413.143998][T11949]  copy_process+0x1530/0x3c00
[  413.144039][T11949]  ? copy_process+0x97f/0x3c00
[  413.144071][T11949]  ? __pfx_copy_process+0x10/0x10
[  413.144107][T11949]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  413.144136][T11949]  vhost_task_create+0x1c4/0x290
[  413.144160][T11949]  ? arch_stack_walk+0xfc/0x150
[  413.144184][T11949]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  413.144214][T11949]  ? __pfx_vhost_task_create+0x10/0x10
[  413.144249][T11949]  ? __pfx_vhost_task_fn+0x10/0x10
[  413.144294][T11949]  kvm_mmu_post_init_vm+0x14c/0x300
[  413.144317][T11949]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  413.144342][T11949]  ? __mutex_trylock_common+0x153/0x260
[  413.144370][T11949]  ? __pfx___mutex_trylock_common+0x10/0x10
[  413.144396][T11949]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  413.144418][T11949]  ? rcu_is_watching+0x15/0xb0
[  413.144440][T11949]  ? trace_contention_end+0x39/0x120
[  413.144463][T11949]  ? look_up_lock_class+0x74/0x170
[  413.144493][T11949]  ? register_lock_class+0x51/0x320
[  413.144518][T11949]  ? __lock_acquire+0xab9/0xd20
[  413.144568][T11949]  kvm_vcpu_ioctl+0x95c/0xe90
[  413.144593][T11949]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  413.144634][T11949]  ? __fget_files+0x2a/0x420
[  413.144663][T11949]  ? __fget_files+0x3a0/0x420
[  413.144687][T11949]  ? __fget_files+0x2a/0x420
[  413.144715][T11949]  ? bpf_lsm_file_ioctl+0x9/0x20
[  413.144742][T11949]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  413.144760][T11949]  __se_sys_ioctl+0xfc/0x170
[  413.144782][T11949]  do_syscall_64+0xfa/0xfa0
[  413.144808][T11949]  ? lockdep_hardirqs_on+0x9c/0x150
[  413.144835][T11949]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.144850][T11949]  ? clear_bhb_loop+0x60/0xb0
[  413.144866][T11949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.144881][T11949] RIP: 0033:0x7f698a78ebe9
[  413.144905][T11949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.144922][T11949] RSP: 002b:00007f698b69f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  413.144942][T11949] RAX: ffffffffffffffda RBX: 00007f698a9c5fa0 RCX: 00007f698a78ebe9
[  413.144956][T11949] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  413.144966][T11949] RBP: 00007f698b69f090 R08: 0000000000000000 R09: 0000000000000000
[  413.144978][T11949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.144989][T11949] R13: 00007f698a9c6038 R14: 00007f698a9c5fa0 R15: 00007ffea61c4418
[  413.145012][T11949]  </TASK>
[  413.474453][T11945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.484048][T11945] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.494636][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  413.501937][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  413.507346][  T982] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  413.509452][    T9] pwc: recv_control_msg error -32 req 02 val 2c00
[  413.524642][  T982] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  413.534606][    T9] pwc: recv_control_msg error -32 req 04 val 1000
[  413.534928][  T982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.554403][  T982] usb 5-1: config 0 descriptor??
[  413.562933][  T982] pwc: Askey VC010 type 2 USB webcam detected.
[  413.742254][    T9] pwc: recv_control_msg error -32 req 04 val 1400
[  413.749428][    T9] pwc: recv_control_msg error -32 req 02 val 2000
[  413.845335][ T5951] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  413.962257][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  413.969224][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  413.977695][T11947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.986265][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  413.993318][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  413.999414][T11947] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  414.007611][ T5951] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  414.015677][  T982] pwc: recv_control_msg error -32 req 02 val 2b00
[  414.022174][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.025091][  T982] pwc: recv_control_msg error -32 req 02 val 2700
[  414.031707][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  414.032119][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  414.039468][  T982] pwc: recv_control_msg error -32 req 02 val 2c00
[  414.051529][ T5951] usb 2-1: Product: syz
[  414.063075][ T5951] usb 2-1: Manufacturer: syz
[  414.065643][  T982] pwc: recv_control_msg error -32 req 04 val 1000
[  414.068903][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  414.081114][ T5951] usb 2-1: SerialNumber: syz
[  414.085909][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  414.094531][    T9] pwc: Registered as video103.
[  414.107891][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input55
[  414.129517][ T5951] usb 2-1: config 0 descriptor??
[  414.145675][    T9] usb 3-1: USB disconnect, device number 8
[  414.278537][  T982] pwc: recv_control_msg error -32 req 04 val 1400
[  414.285960][  T982] pwc: recv_control_msg error -32 req 02 val 2000
[  414.454709][ T5951] usb-storage 2-1:0.0: USB Mass Storage device detected
[  414.501488][  T982] pwc: recv_control_msg error -71 req 04 val 1500
[  414.526183][  T982] pwc: recv_control_msg error -71 req 02 val 2500
[  414.565405][  T982] pwc: recv_control_msg error -71 req 02 val 2400
[  414.586028][  T982] pwc: recv_control_msg error -71 req 02 val 2600
[  414.593554][  T982] pwc: recv_control_msg error -71 req 02 val 2900
[  414.604389][  T982] pwc: recv_control_msg error -71 req 02 val 2800
[  414.613722][  T982] pwc: recv_control_msg error -71 req 04 val 1100
[  414.630583][  T982] pwc: recv_control_msg error -71 req 04 val 1200
[  414.645506][  T982] pwc: Registered as video103.
[  414.654721][  T982] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input56
[  414.673375][ T5908] usb 2-1: USB disconnect, device number 8
[  414.705952][  T982] usb 5-1: USB disconnect, device number 126
[  414.807956][ T5951] usb 7-1: new full-speed USB device number 39 using dummy_hcd
[  414.858414][T11979] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  414.969546][ T5951] usb 7-1: unable to get BOS descriptor or descriptor too short
[  414.977845][ T5951] usb 7-1: not running at top speed; connect to a high speed hub
[  414.988489][ T5951] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  414.998806][ T5951] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  415.009818][ T5951] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  415.023387][ T5951] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  415.033117][ T5951] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.041264][ T5951] usb 7-1: Product: syz
[  415.045528][ T5951] usb 7-1: Manufacturer: syz
[  415.050140][ T5951] usb 7-1: SerialNumber: syz
[  415.195377][  T982] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  415.259334][T11989] FAULT_INJECTION: forcing a failure.
[  415.259334][T11989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  415.274965][T11989] CPU: 1 UID: 0 PID: 11989 Comm: syz.1.2004 Not tainted syzkaller #0 PREEMPT(full) 
[  415.274991][T11989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  415.275004][T11989] Call Trace:
[  415.275013][T11989]  <TASK>
[  415.275022][T11989]  dump_stack_lvl+0x189/0x250
[  415.275059][T11989]  ? __pfx____ratelimit+0x10/0x10
[  415.275088][T11989]  ? __pfx_dump_stack_lvl+0x10/0x10
[  415.275119][T11989]  ? __pfx__printk+0x10/0x10
[  415.275149][T11989]  ? __might_fault+0xb0/0x130
[  415.275184][T11989]  should_fail_ex+0x414/0x560
[  415.275214][T11989]  _copy_from_user+0x2d/0xb0
[  415.275250][T11989]  memdup_user+0x5e/0xd0
[  415.275279][T11989]  kvm_arch_vcpu_ioctl+0x1aa7/0x2a80
[  415.275312][T11989]  ? kvm_arch_vcpu_ioctl+0xcc3/0x2a80
[  415.275340][T11989]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  415.275375][T11989]  ? __lock_acquire+0xab9/0xd20
[  415.275420][T11989]  ? is_bpf_text_address+0x26/0x2b0
[  415.275455][T11989]  ? is_bpf_text_address+0x292/0x2b0
[  415.275477][T11989]  ? is_bpf_text_address+0x26/0x2b0
[  415.275502][T11989]  ? kernel_text_address+0xa5/0xe0
[  415.275523][T11989]  ? __kernel_text_address+0xd/0x40
[  415.275540][T11989]  ? unwind_get_return_address+0x4d/0x90
[  415.275566][T11989]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  415.275595][T11989]  ? arch_stack_walk+0xfc/0x150
[  415.275636][T11989]  ? stack_trace_save+0x9c/0xe0
[  415.275666][T11989]  ? stack_depot_save_flags+0x40/0x860
[  415.275707][T11989]  ? __lock_acquire+0xab9/0xd20
[  415.275737][T11989]  ? __mutex_trylock_common+0x153/0x260
[  415.275767][T11989]  ? __pfx___mutex_trylock_common+0x10/0x10
[  415.275799][T11989]  ? rcu_is_watching+0x15/0xb0
[  415.275823][T11989]  ? trace_contention_end+0x39/0x120
[  415.275849][T11989]  ? __mutex_lock+0x335/0x1350
[  415.275888][T11989]  ? kasan_quarantine_put+0xdd/0x220
[  415.275908][T11989]  ? lockdep_hardirqs_on+0x9c/0x150
[  415.275936][T11989]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  415.275959][T11989]  ? __pfx___mutex_lock+0x10/0x10
[  415.275989][T11989]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  415.276020][T11989]  ? do_vfs_ioctl+0xbe8/0x1430
[  415.276040][T11989]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  415.276066][T11989]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  415.276092][T11989]  kvm_vcpu_ioctl+0x74d/0xe90
[  415.276119][T11989]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  415.276163][T11989]  ? __fget_files+0x2a/0x420
[  415.276195][T11989]  ? __fget_files+0x3a0/0x420
[  415.276220][T11989]  ? __fget_files+0x2a/0x420
[  415.276250][T11989]  ? bpf_lsm_file_ioctl+0x9/0x20
[  415.276280][T11989]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  415.276300][T11989]  __se_sys_ioctl+0xfc/0x170
[  415.276324][T11989]  do_syscall_64+0xfa/0xfa0
[  415.276352][T11989]  ? lockdep_hardirqs_on+0x9c/0x150
[  415.276382][T11989]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.276401][T11989]  ? clear_bhb_loop+0x60/0xb0
[  415.276433][T11989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.276453][T11989] RIP: 0033:0x7f698a78ebe9
[  415.276471][T11989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.276490][T11989] RSP: 002b:00007f698b69f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  415.276512][T11989] RAX: ffffffffffffffda RBX: 00007f698a9c5fa0 RCX: 00007f698a78ebe9
[  415.276528][T11989] RDX: 0000200000000040 RSI: 00000000c008ae88 RDI: 0000000000000005
[  415.276541][T11989] RBP: 00007f698b69f090 R08: 0000000000000000 R09: 0000000000000000
[  415.276554][T11989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.276565][T11989] R13: 00007f698a9c6038 R14: 00007f698a9c5fa0 R15: 00007ffea61c4418
[  415.276601][T11989]  </TASK>
[  415.304083][T11991] FAULT_INJECTION: forcing a failure.
[  415.304083][T11991] name failslab, interval 1, probability 0, space 0, times 0
[  415.405450][  T982] usb 3-1: Using ep0 maxpacket: 32
[  415.407734][T11991] CPU: 0 UID: 0 PID: 11991 Comm: syz.4.2005 Not tainted syzkaller #0 PREEMPT(full) 
[  415.407764][T11991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  415.407780][T11991] Call Trace:
[  415.407791][T11991]  <TASK>
[  415.407804][T11991]  dump_stack_lvl+0x189/0x250
[  415.407851][T11991]  ? __pfx____ratelimit+0x10/0x10
[  415.407885][T11991]  ? __pfx_dump_stack_lvl+0x10/0x10
[  415.407921][T11991]  ? __pfx__printk+0x10/0x10
[  415.407962][T11991]  ? __pfx___might_resched+0x10/0x10
[  415.407988][T11991]  ? fs_reclaim_acquire+0x7d/0x100
[  415.408023][T11991]  should_fail_ex+0x414/0x560
[  415.408057][T11991]  should_failslab+0xa8/0x100
[  415.408087][T11991]  __kmalloc_noprof+0xcb/0x7f0
[  415.408111][T11991]  ? security_task_alloc+0x4d/0x360
[  415.408140][T11991]  ? perf_event_init_task+0x12d/0x4b0
[  415.408179][T11991]  security_task_alloc+0x4d/0x360
[  415.408213][T11991]  copy_process+0x1530/0x3c00
[  415.408264][T11991]  ? copy_process+0x97f/0x3c00
[  415.408304][T11991]  ? __pfx_copy_process+0x10/0x10
[  415.408359][T11991]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  415.408394][T11991]  vhost_task_create+0x1c4/0x290
[  415.408424][T11991]  ? arch_stack_walk+0xfc/0x150
[  415.408452][T11991]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  415.408487][T11991]  ? __pfx_vhost_task_create+0x10/0x10
[  415.408529][T11991]  ? __pfx_vhost_task_fn+0x10/0x10
[  415.408583][T11991]  kvm_mmu_post_init_vm+0x14c/0x300
[  415.408610][T11991]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  415.408649][T11991]  ? __mutex_trylock_common+0x153/0x260
[  415.408683][T11991]  ? __pfx___mutex_trylock_common+0x10/0x10
[  415.408713][T11991]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  415.408740][T11991]  ? rcu_is_watching+0x15/0xb0
[  415.408786][T11991]  ? trace_contention_end+0x39/0x120
[  415.408817][T11991]  ? look_up_lock_class+0x74/0x170
[  415.408856][T11991]  ? register_lock_class+0x51/0x320
[  415.408888][T11991]  ? __lock_acquire+0xab9/0xd20
[  415.408952][T11991]  kvm_vcpu_ioctl+0x95c/0xe90
[  415.408983][T11991]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  415.409035][T11991]  ? __fget_files+0x2a/0x420
[  415.409072][T11991]  ? __fget_files+0x3a0/0x420
[  415.409100][T11991]  ? __fget_files+0x2a/0x420
[  415.409135][T11991]  ? bpf_lsm_file_ioctl+0x9/0x20
[  415.409170][T11991]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  415.409193][T11991]  __se_sys_ioctl+0xfc/0x170
[  415.409221][T11991]  do_syscall_64+0xfa/0xfa0
[  415.409252][T11991]  ? lockdep_hardirqs_on+0x9c/0x150
[  415.409285][T11991]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.409309][T11991]  ? clear_bhb_loop+0x60/0xb0
[  415.409338][T11991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.409360][T11991] RIP: 0033:0x7f1e5e78ebe9
[  415.409382][T11991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.409401][T11991] RSP: 002b:00007f1e5f583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  415.409427][T11991] RAX: ffffffffffffffda RBX: 00007f1e5e9c5fa0 RCX: 00007f1e5e78ebe9
[  415.409445][T11991] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  415.409460][T11991] RBP: 00007f1e5f583090 R08: 0000000000000000 R09: 0000000000000000
[  415.409474][T11991] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  415.409489][T11991] R13: 00007f1e5e9c6038 R14: 00007f1e5e9c5fa0 R15: 00007fff726ca7d8
[  415.409530][T11991]  </TASK>
[  415.483481][ T5951] usb 7-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  415.505053][  T982] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  415.530334][ T5951] usb 7-1: 2:1 : no or invalid class specific endpoint descriptor
[  415.536518][  T982] usb 3-1: config 0 has no interface number 0
[  415.542739][ T5951] usb 7-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  415.553566][  T982] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  415.604409][ T5951] usb 7-1: USB disconnect, device number 39
[  415.741762][  T982] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[  416.065763][  T982] usb 3-1: config 0 interface 85 has no altsetting 0
[  416.074366][  T982] usb 3-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  416.084032][  T982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.092076][  T982] usb 3-1: Product: syz
[  416.096295][  T982] usb 3-1: Manufacturer: syz
[  416.100900][  T982] usb 3-1: SerialNumber: syz
[  416.109587][  T982] usb 3-1: config 0 descriptor??
[  416.341128][  T982] usb 3-1: USB disconnect, device number 9
[  416.377519][  T888] usb 5-1: new high-speed USB device number 127 using dummy_hcd
[  416.537384][  T888] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  416.548920][  T888] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  416.562749][  T888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.576582][  T888] usb 5-1: config 0 descriptor??
[  416.589897][  T888] pwc: Askey VC010 type 2 USB webcam detected.
[  416.655405][ T5951] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[  416.809531][ T5951] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  416.819952][ T5951] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  416.834327][ T5951] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.851181][ T5951] usb 7-1: config 0 descriptor??
[  416.886849][ T5951] pwc: Askey VC010 type 2 USB webcam detected.
[  416.998816][T11996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.015206][T11996] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.026522][  T888] pwc: recv_control_msg error -32 req 02 val 2b00
[  417.034596][  T888] pwc: recv_control_msg error -32 req 02 val 2700
[  417.042417][  T888] pwc: recv_control_msg error -32 req 02 val 2c00
[  417.050141][  T888] pwc: recv_control_msg error -32 req 04 val 1000
[  417.139603][T12021] FAULT_INJECTION: forcing a failure.
[  417.139603][T12021] name failslab, interval 1, probability 0, space 0, times 0
[  417.152941][T12021] CPU: 1 UID: 0 PID: 12021 Comm: syz.2.2017 Not tainted syzkaller #0 PREEMPT(full) 
[  417.152962][T12021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  417.152972][T12021] Call Trace:
[  417.152982][T12021]  <TASK>
[  417.152992][T12021]  dump_stack_lvl+0x189/0x250
[  417.153027][T12021]  ? __pfx____ratelimit+0x10/0x10
[  417.153051][T12021]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.153076][T12021]  ? __pfx__printk+0x10/0x10
[  417.153108][T12021]  ? __pfx___might_resched+0x10/0x10
[  417.153132][T12021]  ? fs_reclaim_acquire+0x7d/0x100
[  417.153160][T12021]  should_fail_ex+0x414/0x560
[  417.153187][T12021]  should_failslab+0xa8/0x100
[  417.153213][T12021]  __kmalloc_cache_node_noprof+0x74/0x6f0
[  417.153233][T12021]  ? __get_vm_area_node+0x13f/0x300
[  417.153264][T12021]  __get_vm_area_node+0x13f/0x300
[  417.153288][T12021]  __vmalloc_node_range_noprof+0x301/0x12f0
[  417.153312][T12021]  ? copy_process+0x54b/0x3c00
[  417.153334][T12021]  ? percpu_ref_get_many+0x19/0x140
[  417.153363][T12021]  ? percpu_ref_get_many+0x19/0x140
[  417.153392][T12021]  ? __memcg_slab_post_alloc_hook+0x518/0x7d0
[  417.153425][T12021]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  417.153453][T12021]  ? memcpy_and_pad+0x48/0x80
[  417.153481][T12021]  __vmalloc_node_noprof+0xc2/0x110
[  417.153499][T12021]  ? copy_process+0x54b/0x3c00
[  417.153517][T12021]  ? copy_process+0x54b/0x3c00
[  417.153539][T12021]  dup_task_struct+0x3d5/0x830
[  417.153559][T12021]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.153590][T12021]  copy_process+0x54b/0x3c00
[  417.153649][T12021]  ? __pfx_copy_process+0x10/0x10
[  417.153684][T12021]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  417.153708][T12021]  vhost_task_create+0x1c4/0x290
[  417.153736][T12021]  ? arch_stack_walk+0xfc/0x150
[  417.153762][T12021]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  417.153788][T12021]  ? __pfx_vhost_task_create+0x10/0x10
[  417.153819][T12021]  ? __pfx_vhost_task_fn+0x10/0x10
[  417.153866][T12021]  kvm_mmu_post_init_vm+0x14c/0x300
[  417.153891][T12021]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  417.153919][T12021]  ? __mutex_trylock_common+0x153/0x260
[  417.153944][T12021]  ? __pfx___mutex_trylock_common+0x10/0x10
[  417.153965][T12021]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  417.153985][T12021]  ? rcu_is_watching+0x15/0xb0
[  417.154005][T12021]  ? trace_contention_end+0x39/0x120
[  417.154034][T12021]  ? look_up_lock_class+0x74/0x170
[  417.154062][T12021]  ? register_lock_class+0x51/0x320
[  417.154087][T12021]  ? __lock_acquire+0xab9/0xd20
[  417.154139][T12021]  kvm_vcpu_ioctl+0x95c/0xe90
[  417.154164][T12021]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  417.154210][T12021]  ? __fget_files+0x2a/0x420
[  417.154240][T12021]  ? __fget_files+0x3a0/0x420
[  417.154272][T12021]  ? __fget_files+0x2a/0x420
[  417.154299][T12021]  ? bpf_lsm_file_ioctl+0x9/0x20
[  417.154327][T12021]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  417.154345][T12021]  __se_sys_ioctl+0xfc/0x170
[  417.154366][T12021]  do_syscall_64+0xfa/0xfa0
[  417.154387][T12021]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.154410][T12021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.154425][T12021]  ? clear_bhb_loop+0x60/0xb0
[  417.154451][T12021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.154471][T12021] RIP: 0033:0x7fb54cb8ebe9
[  417.154489][T12021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.154503][T12021] RSP: 002b:00007fb54d9e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  417.154521][T12021] RAX: ffffffffffffffda RBX: 00007fb54cdc5fa0 RCX: 00007fb54cb8ebe9
[  417.154533][T12021] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  417.154543][T12021] RBP: 00007fb54d9e8090 R08: 0000000000000000 R09: 0000000000000000
[  417.154554][T12021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.154563][T12021] R13: 00007fb54cdc6038 R14: 00007fb54cdc5fa0 R15: 00007ffd73b862d8
[  417.154597][T12021]  </TASK>
[  417.154912][T12021] warn_alloc: 2 callbacks suppressed
[  417.154984][T12021] syz.2.2017: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  417.261419][  T888] pwc: recv_control_msg error -32 req 04 val 1400
[  417.266402][T12021] ,cpuset=
[  417.273969][  T888] pwc: recv_control_msg error -32 req 02 val 2000
[  417.316886][T12007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.331747][T12021] /
[  417.352623][T12007] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.611336][T12021] ,mems_allowed=0-1
[  417.619194][T12021] CPU: 0 UID: 0 PID: 12021 Comm: syz.2.2017 Not tainted syzkaller #0 PREEMPT(full) 
[  417.619219][T12021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  417.619229][T12021] Call Trace:
[  417.619237][T12021]  <TASK>
[  417.619244][T12021]  dump_stack_lvl+0x189/0x250
[  417.619275][T12021]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  417.619304][T12021]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.619330][T12021]  ? __pfx__printk+0x10/0x10
[  417.619355][T12021]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  417.619380][T12021]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  417.619411][T12021]  warn_alloc+0x214/0x310
[  417.619435][T12021]  ? __pfx_warn_alloc+0x10/0x10
[  417.619464][T12021]  ? __get_vm_area_node+0x2b5/0x300
[  417.619488][T12021]  __vmalloc_node_range_noprof+0x326/0x12f0
[  417.619507][T12021]  ? percpu_ref_get_many+0x19/0x140
[  417.619533][T12021]  ? percpu_ref_get_many+0x19/0x140
[  417.619561][T12021]  ? __memcg_slab_post_alloc_hook+0x518/0x7d0
[  417.619593][T12021]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  417.619615][T12021]  ? memcpy_and_pad+0x48/0x80
[  417.619637][T12021]  __vmalloc_node_noprof+0xc2/0x110
[  417.619656][T12021]  ? copy_process+0x54b/0x3c00
[  417.619675][T12021]  ? copy_process+0x54b/0x3c00
[  417.619697][T12021]  dup_task_struct+0x3d5/0x830
[  417.619718][T12021]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.619745][T12021]  copy_process+0x54b/0x3c00
[  417.619792][T12021]  ? __pfx_copy_process+0x10/0x10
[  417.619823][T12021]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  417.619850][T12021]  vhost_task_create+0x1c4/0x290
[  417.619872][T12021]  ? arch_stack_walk+0xfc/0x150
[  417.619893][T12021]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  417.619920][T12021]  ? __pfx_vhost_task_create+0x10/0x10
[  417.619951][T12021]  ? __pfx_vhost_task_fn+0x10/0x10
[  417.619991][T12021]  kvm_mmu_post_init_vm+0x14c/0x300
[  417.620011][T12021]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  417.620034][T12021]  ? __mutex_trylock_common+0x153/0x260
[  417.620059][T12021]  ? __pfx___mutex_trylock_common+0x10/0x10
[  417.620082][T12021]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  417.620101][T12021]  ? rcu_is_watching+0x15/0xb0
[  417.620122][T12021]  ? trace_contention_end+0x39/0x120
[  417.620143][T12021]  ? look_up_lock_class+0x74/0x170
[  417.620169][T12021]  ? register_lock_class+0x51/0x320
[  417.620200][T12021]  ? __lock_acquire+0xab9/0xd20
[  417.620244][T12021]  kvm_vcpu_ioctl+0x95c/0xe90
[  417.620267][T12021]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  417.620303][T12021]  ? __fget_files+0x2a/0x420
[  417.620331][T12021]  ? __fget_files+0x3a0/0x420
[  417.620351][T12021]  ? __fget_files+0x2a/0x420
[  417.620376][T12021]  ? bpf_lsm_file_ioctl+0x9/0x20
[  417.620401][T12021]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  417.620417][T12021]  __se_sys_ioctl+0xfc/0x170
[  417.620437][T12021]  do_syscall_64+0xfa/0xfa0
[  417.620461][T12021]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.620483][T12021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.620500][T12021]  ? clear_bhb_loop+0x60/0xb0
[  417.620521][T12021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.620537][T12021] RIP: 0033:0x7fb54cb8ebe9
[  417.620552][T12021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.620567][T12021] RSP: 002b:00007fb54d9e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  417.620585][T12021] RAX: ffffffffffffffda RBX: 00007fb54cdc5fa0 RCX: 00007fb54cb8ebe9
[  417.620598][T12021] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  417.620608][T12021] RBP: 00007fb54d9e8090 R08: 0000000000000000 R09: 0000000000000000
[  417.620619][T12021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.620628][T12021] R13: 00007fb54cdc6038 R14: 00007fb54cdc5fa0 R15: 00007ffd73b862d8
[  417.620657][T12021]  </TASK>
[  417.620727][T12021] Mem-Info:
[  417.998848][T12021] active_anon:10039 inactive_anon:0 isolated_anon:0
[  417.998848][T12021]  active_file:14722 inactive_file:40049 isolated_file:0
[  417.998848][T12021]  unevictable:768 dirty:175 writeback:0
[  417.998848][T12021]  slab_reclaimable:11893 slab_unreclaimable:99106
[  417.998848][T12021]  mapped:39151 shmem:4238 pagetables:1676
[  417.998848][T12021]  sec_pagetables:0 bounce:0
[  417.998848][T12021]  kernel_misc_reclaimable:0
[  417.998848][T12021]  free:1294752 free_pcp:12218 free_cma:0
[  417.999301][  T888] pwc: recv_control_msg error -71 req 04 val 1500
[  418.050846][ T5951] pwc: recv_control_msg error -32 req 02 val 2b00
[  418.058811][T12021] Node 0 active_anon:40156kB inactive_anon:0kB active_file:58888kB inactive_file:159996kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:156604kB dirty:700kB writeback:0kB shmem:15416kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12816kB pagetables:6600kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  418.091029][ T5951] pwc: recv_control_msg error -32 req 02 val 2700
[  418.097875][  T888] pwc: recv_control_msg error -71 req 02 val 2500
[  418.105092][ T5951] pwc: recv_control_msg error -32 req 02 val 2c00
[  418.111855][T12021] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:104kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  418.113518][  T888] pwc: recv_control_msg error -71 req 02 val 2400
[  418.149030][T12021] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  418.153543][ T5951] pwc: recv_control_msg error -32 req 04 val 1000
[  418.179407][T12021] lowmem_reserve[]:
[  418.191126][  T888] pwc: recv_control_msg error -71 req 02 val 2600
[  418.203153][T12021]  0 2495 2496 2496 2496
[  418.207908][  T888] pwc: recv_control_msg error -71 req 02 val 2900
[  418.212472][T12021] Node 0 DMA32 free:1274992kB boost:0kB min:34216kB low:42768kB high:51320kB reserved_highatomic:0KB free_highatomic:0KB active_anon:40008kB inactive_anon:0kB active_file:58888kB inactive_file:158924kB unevictable:1536kB writepending:700kB zspages:0kB present:3129332kB managed:2555404kB mlocked:0kB bounce:0kB free_pcp:31372kB local_pcp:11584kB free_cma:0kB
[  418.248208][  T888] pwc: recv_control_msg error -71 req 02 val 2800
[  418.248948][  T888] pwc: recv_control_msg error -71 req 04 val 1100
[  418.265905][T12021] lowmem_reserve[]: 0 0 1 1 1
[  418.269955][  T888] pwc: recv_control_msg error -71 req 04 val 1200
[  418.270655][T12021] Node 0 Normal free:4kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1072kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  418.282782][  T888] pwc: Registered as video103.
[  418.315369][  T888] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input57
[  418.326022][T12021] lowmem_reserve[]: 0 0 0 0 0
[  418.330792][T12021] Node 1 Normal free:3888652kB boost:0kB min:55668kB low:69584kB high:83500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:18240kB local_pcp:11520kB free_cma:0kB
[  418.385410][  T888] usb 5-1: USB disconnect, device number 127
[  418.403816][ T5951] pwc: recv_control_msg error -32 req 04 val 1400
[  418.413257][ T5951] pwc: recv_control_msg error -32 req 02 val 2000
[  418.437345][T12021] lowmem_reserve[]: 0 0 0 0 0
[  418.442128][T12021] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  418.465943][T12021] Node 0 DMA32: 750*4kB (UME) 321*8kB (UME) 241*16kB (UM) 171*32kB (UME) 36*64kB (UM) 47*128kB (UM) 40*256kB (UME) 19*512kB (UM) 19*1024kB (UME) 10*2048kB (UME) 291*4096kB (UM) = 1275056kB
[  418.494564][T12021] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB
[  418.506692][ T5953] usb 2-1: new full-speed USB device number 9 using dummy_hcd
[  418.530188][T12021] Node 1 Normal: 179*4kB (UE) 36*8kB (UME) 48*16kB (UME) 65*32kB (UME) 26*64kB (UME) 11*128kB (UME) 3*256kB (UM) 2*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 946*4096kB (M) = 3888652kB
[  418.550005][T12021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  418.559832][T12021] Node 0 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  418.569520][T12021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  418.579160][T12021] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  418.589292][T12021] 59005 total pagecache pages
[  418.594006][T12021] 0 pages in swap cache
[  418.598305][T12021] Free swap  = 124996kB
[  418.602605][T12021] Total swap = 124996kB
[  418.607609][T12021] 2097051 pages RAM
[  418.612011][T12021] 0 pages HighMem/MovableOnly
[  418.621287][T12021] 426302 pages reserved
[  418.625541][T12021] 0 pages cma reserved
[  418.630763][ T5951] pwc: recv_control_msg error -71 req 04 val 1500
[  418.645506][ T5951] pwc: recv_control_msg error -71 req 02 val 2500
[  418.653624][ T5951] pwc: recv_control_msg error -71 req 02 val 2400
[  418.664467][ T5951] pwc: recv_control_msg error -71 req 02 val 2600
[  418.680971][ T5953] usb 2-1: unable to get BOS descriptor or descriptor too short
[  418.690110][ T5953] usb 2-1: not running at top speed; connect to a high speed hub
[  418.703106][ T5951] pwc: recv_control_msg error -71 req 02 val 2900
[  418.710501][ T5951] pwc: recv_control_msg error -71 req 02 val 2800
[  418.718079][ T5953] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  418.728524][ T5951] pwc: recv_control_msg error -71 req 04 val 1100
[  418.735185][ T5953] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  418.753142][ T5951] pwc: recv_control_msg error -71 req 04 val 1200
[  418.773274][ T5951] pwc: Registered as video103.
[  418.785429][ T5953] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  418.803888][ T5951] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input58
[  418.821717][ T5953] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  418.836261][ T5953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.854847][ T5951] usb 7-1: USB disconnect, device number 40
[  418.865070][T12036] FAULT_INJECTION: forcing a failure.
[  418.865070][T12036] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  418.878670][ T5953] usb 2-1: Product: syz
[  418.882844][ T5953] usb 2-1: Manufacturer: syz
[  418.897110][ T5953] usb 2-1: SerialNumber: syz
[  418.918531][T12036] CPU: 0 UID: 0 PID: 12036 Comm: syz.2.2023 Not tainted syzkaller #0 PREEMPT(full) 
[  418.918554][T12036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  418.918566][T12036] Call Trace:
[  418.918573][T12036]  <TASK>
[  418.918581][T12036]  dump_stack_lvl+0x189/0x250
[  418.918615][T12036]  ? __pfx____ratelimit+0x10/0x10
[  418.918642][T12036]  ? __pfx_dump_stack_lvl+0x10/0x10
[  418.918670][T12036]  ? __pfx__printk+0x10/0x10
[  418.918696][T12036]  ? __might_fault+0xb0/0x130
[  418.918725][T12036]  should_fail_ex+0x414/0x560
[  418.918750][T12036]  _copy_from_user+0x2d/0xb0
[  418.918778][T12036]  memdup_user+0x5e/0xd0
[  418.918803][T12036]  kvm_arch_vcpu_ioctl+0x1a78/0x2a80
[  418.918830][T12036]  ? kvm_arch_vcpu_ioctl+0x5f8/0x2a80
[  418.918856][T12036]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  418.918885][T12036]  ? __lock_acquire+0xab9/0xd20
[  418.918925][T12036]  ? is_bpf_text_address+0x26/0x2b0
[  418.918950][T12036]  ? is_bpf_text_address+0x292/0x2b0
[  418.918968][T12036]  ? is_bpf_text_address+0x26/0x2b0
[  418.918990][T12036]  ? kernel_text_address+0xa5/0xe0
[  418.919008][T12036]  ? __kernel_text_address+0xd/0x40
[  418.919025][T12036]  ? unwind_get_return_address+0x4d/0x90
[  418.919048][T12036]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  418.919073][T12036]  ? arch_stack_walk+0xfc/0x150
[  418.919107][T12036]  ? stack_trace_save+0x9c/0xe0
[  418.919133][T12036]  ? stack_depot_save_flags+0x40/0x860
[  418.919200][T12036]  ? __lock_acquire+0xab9/0xd20
[  418.919245][T12036]  ? __mutex_trylock_common+0x153/0x260
[  418.919276][T12036]  ? __pfx___mutex_trylock_common+0x10/0x10
[  418.919309][T12036]  ? rcu_is_watching+0x15/0xb0
[  418.919341][T12036]  ? trace_contention_end+0x39/0x120
[  418.919370][T12036]  ? __mutex_lock+0x335/0x1350
[  418.919409][T12036]  ? kasan_quarantine_put+0xdd/0x220
[  418.919430][T12036]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.919459][T12036]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  418.919484][T12036]  ? __pfx___mutex_lock+0x10/0x10
[  418.919515][T12036]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  418.919546][T12036]  ? do_vfs_ioctl+0xbe8/0x1430
[  418.919566][T12036]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  418.919593][T12036]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  418.919620][T12036]  kvm_vcpu_ioctl+0x74d/0xe90
[  418.919646][T12036]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  418.919691][T12036]  ? __fget_files+0x2a/0x420
[  418.919724][T12036]  ? __fget_files+0x3a0/0x420
[  418.919749][T12036]  ? __fget_files+0x2a/0x420
[  418.919780][T12036]  ? bpf_lsm_file_ioctl+0x9/0x20
[  418.919811][T12036]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  418.919832][T12036]  __se_sys_ioctl+0xfc/0x170
[  418.919856][T12036]  do_syscall_64+0xfa/0xfa0
[  418.919884][T12036]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.919912][T12036]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.919933][T12036]  ? clear_bhb_loop+0x60/0xb0
[  418.919959][T12036]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.919979][T12036] RIP: 0033:0x7fb54cb8ebe9
[  418.919998][T12036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.920016][T12036] RSP: 002b:00007fb54d9e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  418.920039][T12036] RAX: ffffffffffffffda RBX: 00007fb54cdc5fa0 RCX: 00007fb54cb8ebe9
[  418.920055][T12036] RDX: 0000200000000040 RSI: 000000004008ae89 RDI: 0000000000000005
[  418.920069][T12036] RBP: 00007fb54d9e8090 R08: 0000000000000000 R09: 0000000000000000
[  418.920083][T12036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.920096][T12036] R13: 00007fb54cdc6038 R14: 00007fb54cdc5fa0 R15: 00007ffd73b862d8
[  418.920132][T12036]  </TASK>
[  419.406714][ T5953] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  419.417584][ T5953] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  419.429207][ T5953] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  419.468629][ T5953] usb 2-1: USB disconnect, device number 9
[  419.504680][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  419.589743][T12046] __nla_validate_parse: 120 callbacks suppressed
[  419.589759][T12046] netlink: 56 bytes leftover after parsing attributes in process `syz.6.2027'.
[  419.656706][T12046] netlink: 256 bytes leftover after parsing attributes in process `syz.6.2027'.
[  419.675109][T12046] kvm: emulating exchange as write
[  419.705384][  T982] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  419.879411][  T982] usb 5-1: Using ep0 maxpacket: 32
[  419.894967][  T982] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  419.907236][  T982] usb 5-1: config 0 has no interface number 0
[  419.913734][  T982] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  419.932736][  T982] usb 5-1: config 0 interface 85 has no altsetting 0
[  419.944570][  T982] usb 5-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  419.958848][  T982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.160974][  T982] usb 5-1: Product: syz
[  420.165141][  T982] usb 5-1: Manufacturer: syz
[  420.169784][  T982] usb 5-1: SerialNumber: syz
[  420.176904][  T982] usb 5-1: config 0 descriptor??
[  420.195752][ T5908] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[  420.204394][T12065] Set syz0 is full, maxelem 0 reached
[  420.260431][T12067] FAULT_INJECTION: forcing a failure.
[  420.260431][T12067] name failslab, interval 1, probability 0, space 0, times 0
[  420.273988][T12067] CPU: 1 UID: 0 PID: 12067 Comm: syz.1.2034 Not tainted syzkaller #0 PREEMPT(full) 
[  420.274010][T12067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  420.274021][T12067] Call Trace:
[  420.274029][T12067]  <TASK>
[  420.274040][T12067]  dump_stack_lvl+0x189/0x250
[  420.274072][T12067]  ? __pfx____ratelimit+0x10/0x10
[  420.274097][T12067]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.274124][T12067]  ? __pfx__printk+0x10/0x10
[  420.274156][T12067]  ? __pfx___might_resched+0x10/0x10
[  420.274175][T12067]  ? fs_reclaim_acquire+0x7d/0x100
[  420.274202][T12067]  should_fail_ex+0x414/0x560
[  420.274226][T12067]  should_failslab+0xa8/0x100
[  420.274242][T12067]  __kmalloc_noprof+0xcb/0x7f0
[  420.274254][T12067]  ? security_task_alloc+0x4d/0x360
[  420.274270][T12067]  ? perf_event_init_task+0x12d/0x4b0
[  420.274291][T12067]  security_task_alloc+0x4d/0x360
[  420.274308][T12067]  copy_process+0x1530/0x3c00
[  420.274335][T12067]  ? copy_process+0x97f/0x3c00
[  420.274356][T12067]  ? __pfx_copy_process+0x10/0x10
[  420.274378][T12067]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  420.274398][T12067]  vhost_task_create+0x1c4/0x290
[  420.274414][T12067]  ? arch_stack_walk+0xfc/0x150
[  420.274430][T12067]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  420.274450][T12067]  ? __pfx_vhost_task_create+0x10/0x10
[  420.274472][T12067]  ? __pfx_vhost_task_fn+0x10/0x10
[  420.274501][T12067]  kvm_mmu_post_init_vm+0x14c/0x300
[  420.274516][T12067]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  420.274533][T12067]  ? __mutex_trylock_common+0x153/0x260
[  420.274551][T12067]  ? __pfx___mutex_trylock_common+0x10/0x10
[  420.274568][T12067]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  420.274583][T12067]  ? rcu_is_watching+0x15/0xb0
[  420.274598][T12067]  ? trace_contention_end+0x39/0x120
[  420.274614][T12067]  ? look_up_lock_class+0x74/0x170
[  420.274633][T12067]  ? register_lock_class+0x51/0x320
[  420.274650][T12067]  ? __lock_acquire+0xab9/0xd20
[  420.274686][T12067]  kvm_vcpu_ioctl+0x95c/0xe90
[  420.274710][T12067]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  420.274751][T12067]  ? __fget_files+0x2a/0x420
[  420.274772][T12067]  ? __fget_files+0x3a0/0x420
[  420.274787][T12067]  ? __fget_files+0x2a/0x420
[  420.274806][T12067]  ? bpf_lsm_file_ioctl+0x9/0x20
[  420.274825][T12067]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  420.274836][T12067]  __se_sys_ioctl+0xfc/0x170
[  420.274851][T12067]  do_syscall_64+0xfa/0xfa0
[  420.274868][T12067]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.274885][T12067]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.274897][T12067]  ? clear_bhb_loop+0x60/0xb0
[  420.274912][T12067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.274924][T12067] RIP: 0033:0x7f698a78ebe9
[  420.274936][T12067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.274947][T12067] RSP: 002b:00007f698b69f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  420.274962][T12067] RAX: ffffffffffffffda RBX: 00007f698a9c5fa0 RCX: 00007f698a78ebe9
[  420.274972][T12067] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  420.274980][T12067] RBP: 00007f698b69f090 R08: 0000000000000000 R09: 0000000000000000
[  420.274988][T12067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.274995][T12067] R13: 00007f698a9c6038 R14: 00007f698a9c5fa0 R15: 00007ffea61c4418
[  420.275016][T12067]  </TASK>
[  420.623817][  T982] usb 5-1: USB disconnect, device number 2
[  420.709478][ T5908] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  420.720138][ T5908] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  420.729482][ T5908] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.739671][ T5908] usb 7-1: config 0 descriptor??
[  420.747956][ T5908] pwc: Askey VC010 type 2 USB webcam detected.
[  420.929423][  T888] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  421.085402][  T888] usb 2-1: Using ep0 maxpacket: 8
[  421.092625][  T888] usb 2-1: unable to get BOS descriptor or descriptor too short
[  421.101561][  T888] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E
[  421.113113][  T888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  421.124074][  T888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  421.133857][  T888] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1
[  421.143583][  T888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  421.153553][  T888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  421.165503][  T982] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  421.172585][T12051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.183379][T12051] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.187478][  T888] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  421.193173][ T5908] pwc: recv_control_msg error -32 req 02 val 2b00
[  421.209078][ T5908] pwc: recv_control_msg error -32 req 02 val 2700
[  421.219335][ T5908] pwc: recv_control_msg error -32 req 02 val 2c00
[  421.224971][  T888] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84
[  421.236096][ T5908] pwc: recv_control_msg error -32 req 04 val 1000
[  421.240225][  T888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.250843][  T888] usb 2-1: Product: syz
[  421.255031][  T888] usb 2-1: Manufacturer: syz
[  421.264786][  T888] usb 2-1: SerialNumber: syz
[  421.282197][  T888] usb 2-1: config 0 descriptor??
[  421.288266][T12069] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  421.301357][  T888] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  421.337417][  T982] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  421.348969][  T982] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  421.358498][  T982] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.369369][  T888] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -12
[  421.382242][  T982] usb 3-1: config 0 descriptor??
[  421.400552][  T982] pwc: Askey VC010 type 2 USB webcam detected.
[  421.444206][ T5908] pwc: recv_control_msg error -32 req 04 val 1400
[  421.455213][ T9826] udevd[9826]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  421.474742][ T5908] pwc: recv_control_msg error -32 req 02 val 2000
[  421.530688][ T5909] usb 2-1: USB disconnect, device number 10
[  421.691271][ T5908] pwc: recv_control_msg error -71 req 04 val 1500
[  421.704254][ T5908] pwc: recv_control_msg error -71 req 02 val 2500
[  421.713370][ T5908] pwc: recv_control_msg error -71 req 02 val 2400
[  421.722611][ T5908] pwc: recv_control_msg error -71 req 02 val 2600
[  421.732482][ T5908] pwc: recv_control_msg error -71 req 02 val 2900
[  421.744273][ T5908] pwc: recv_control_msg error -71 req 02 val 2800
[  421.751572][ T5908] pwc: recv_control_msg error -71 req 04 val 1100
[  421.765352][ T5908] pwc: recv_control_msg error -71 req 04 val 1200
[  421.779763][ T5908] pwc: Registered as video103.
[  421.806770][ T5908] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input59
[  421.821594][T12071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.845806][T12071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.854666][ T5908] usb 7-1: USB disconnect, device number 41
[  421.872269][  T982] pwc: recv_control_msg error -32 req 02 val 2b00
[  421.893194][  T982] pwc: recv_control_msg error -32 req 02 val 2700
[  421.905354][  T982] pwc: recv_control_msg error -32 req 02 val 2c00
[  421.914220][  T982] pwc: recv_control_msg error -32 req 04 val 1000
[  422.018102][  T888] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  422.125461][  T982] pwc: recv_control_msg error -32 req 04 val 1400
[  422.138410][  T982] pwc: recv_control_msg error -32 req 02 val 2000
[  422.159124][  T982] pwc: recv_control_msg error -71 req 02 val 2100
[  422.167194][  T982] pwc: recv_control_msg error -71 req 04 val 1500
[  422.173954][  T982] pwc: recv_control_msg error -71 req 02 val 2500
[  422.181008][  T982] pwc: recv_control_msg error -71 req 02 val 2400
[  422.189272][  T982] pwc: recv_control_msg error -71 req 02 val 2600
[  422.198792][  T982] pwc: recv_control_msg error -71 req 02 val 2900
[  422.205948][  T982] pwc: recv_control_msg error -71 req 02 val 2800
[  422.208228][  T888] usb 5-1: unable to get BOS descriptor or descriptor too short
[  422.212956][  T982] pwc: recv_control_msg error -71 req 04 val 1100
[  422.224652][  T888] usb 5-1: not running at top speed; connect to a high speed hub
[  422.239702][  T888] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  422.245690][  T982] pwc: recv_control_msg error -71 req 04 val 1200
[  422.250355][  T888] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  422.270756][  T982] pwc: Registered as video103.
[  422.272438][  T888] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  422.293698][  T888] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  422.305350][  T982] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input60
[  422.309618][  T888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.342566][  T982] usb 3-1: USB disconnect, device number 10
[  422.349808][  T888] usb 5-1: Product: syz
[  422.381105][  T888] usb 5-1: Manufacturer: syz
[  422.395754][ T5951] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  422.408035][  T888] usb 5-1: SerialNumber: syz
[  422.565360][ T5951] usb 2-1: Using ep0 maxpacket: 16
[  422.573976][ T5951] usb 2-1: New USB device found, idVendor=0413, idProduct=6026, bcdDevice=18.aa
[  422.583361][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.591506][ T5951] usb 2-1: Product: syz
[  422.596822][ T5951] usb 2-1: Manufacturer: syz
[  422.601441][ T5951] usb 2-1: SerialNumber: syz
[  422.609683][ T5951] usb 2-1: config 0 descriptor??
[  422.620981][ T5953] usb 7-1: new full-speed USB device number 42 using dummy_hcd
[  422.631773][ T5951] dvb-usb: found a 'Leadtek - USB2.0 Winfast DTV dongle' in warm state.
[  422.644868][ T5951] dvb-usb: bulk message failed: -22 (3/0)
[  422.659256][ T5951] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  422.669957][ T5951] dvbdev: DVB: registering new adapter (Leadtek - USB2.0 Winfast DTV dongle)
[  422.697497][ T5951] usb 2-1: media controller created
[  422.703828][  T888] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  422.718253][  T888] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[  422.735409][  T888] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  422.748760][ T5951] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  422.775492][ T5953] usb 7-1: device descriptor read/64, error -71
[  422.782227][  T888] usb 5-1: USB disconnect, device number 3
[  422.800412][T12092] FAULT_INJECTION: forcing a failure.
[  422.800412][T12092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  422.811243][ T5951] dvb-usb: bulk message failed: -22 (6/0)
[  422.821293][T12092] CPU: 1 UID: 0 PID: 12092 Comm: syz.2.2044 Not tainted syzkaller #0 PREEMPT(full) 
[  422.821315][T12092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  422.821326][T12092] Call Trace:
[  422.821333][T12092]  <TASK>
[  422.821341][T12092]  dump_stack_lvl+0x189/0x250
[  422.821373][T12092]  ? __pfx____ratelimit+0x10/0x10
[  422.821400][T12092]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.821427][T12092]  ? __pfx__printk+0x10/0x10
[  422.821466][T12092]  should_fail_ex+0x414/0x560
[  422.821491][T12092]  __kvm_read_guest_page+0x18d/0x240
[  422.821513][T12092]  kvm_fetch_guest_virt+0x12b/0x170
[  422.821540][T12092]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[  422.821564][T12092]  __do_insn_fetch_bytes+0x2f9/0x6d0
[  422.821587][T12092]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  422.821617][T12092]  x86_decode_insn+0x33c/0x5310
[  422.821634][T12092]  ? kvm_is_mmio_pfn+0x169/0x730
[  422.821674][T12092]  ? handle_changed_spte+0x1cd/0x10a0
[  422.821703][T12092]  ? __pfx_x86_decode_insn+0x10/0x10
[  422.821722][T12092]  ? kvm_tdp_mmu_map+0x308/0x1d30
[  422.821757][T12092]  ? __asan_memset+0x22/0x50
[  422.821783][T12092]  ? init_decode_cache+0x78/0x90
[  422.821801][T12092]  ? init_emulate_ctxt+0x4d6/0x660
[  422.821828][T12092]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  422.821858][T12092]  ? trace_rcu_utilization+0x47/0x1d0
[  422.821886][T12092]  x86_emulate_instruction+0x61b/0x1f90
[  422.821932][T12092]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  422.821958][T12092]  ? __get_current_cr3_fast+0x90/0x150
[  422.821975][T12092]  ? clear_bhb_loop+0x60/0xb0
[  422.821993][T12092]  ? clear_bhb_loop+0x60/0xb0
[  422.822012][T12092]  ? vmx_vcpu_run+0xe92/0x2b70
[  422.822034][T12092]  ? __vmx_complete_interrupts+0xe7/0x690
[  422.822067][T12092]  handle_ud+0x142/0x590
[  422.822093][T12092]  ? __pfx_handle_ud+0x10/0x10
[  422.822113][T12092]  ? vmx_handle_exit_irqoff+0x61e/0x940
[  422.822133][T12092]  ? complete_hypercall_exit+0x1c8/0x250
[  422.822156][T12092]  ? __lock_acquire+0xab9/0xd20
[  422.822177][T12092]  ? __pfx_handle_exception_nmi+0x10/0x10
[  422.822201][T12092]  vmx_handle_exit+0x10a4/0x18c0
[  422.822222][T12092]  ? vcpu_run+0x3620/0x7020
[  422.822252][T12092]  vcpu_run+0x43aa/0x7020
[  422.822281][T12092]  ? vcpu_run+0x3620/0x7020
[  422.822347][T12092]  ? __pfx_vcpu_run+0x10/0x10
[  422.822371][T12092]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  422.822394][T12092]  ? rcu_is_watching+0x15/0xb0
[  422.822420][T12092]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  422.822444][T12092]  ? __mutex_trylock_common+0x153/0x260
[  422.822471][T12092]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  422.822490][T12092]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  422.822510][T12092]  ? rcu_is_watching+0x15/0xb0
[  422.822531][T12092]  ? trace_contention_end+0x39/0x120
[  422.822554][T12092]  ? __mutex_lock+0x335/0x1350
[  422.822588][T12092]  ? kasan_quarantine_put+0xdd/0x220
[  422.822605][T12092]  ? lockdep_hardirqs_on+0x9c/0x150
[  422.822629][T12092]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  422.822650][T12092]  ? __pfx___mutex_lock+0x10/0x10
[  422.822676][T12092]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  422.822702][T12092]  ? do_vfs_ioctl+0xbe8/0x1430
[  422.822719][T12092]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  422.822742][T12092]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  422.822772][T12092]  kvm_vcpu_ioctl+0x95c/0xe90
[  422.822795][T12092]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  422.822834][T12092]  ? __fget_files+0x2a/0x420
[  422.822862][T12092]  ? __fget_files+0x3a0/0x420
[  422.822883][T12092]  ? __fget_files+0x2a/0x420
[  422.822909][T12092]  ? bpf_lsm_file_ioctl+0x9/0x20
[  422.822935][T12092]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  422.822952][T12092]  __se_sys_ioctl+0xfc/0x170
[  422.822973][T12092]  do_syscall_64+0xfa/0xfa0
[  422.822996][T12092]  ? lockdep_hardirqs_on+0x9c/0x150
[  422.823021][T12092]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.823038][T12092]  ? clear_bhb_loop+0x60/0xb0
[  422.823060][T12092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.823077][T12092] RIP: 0033:0x7fb54cb8ebe9
[  422.823093][T12092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.823110][T12092] RSP: 002b:00007fb54d9e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  422.823129][T12092] RAX: ffffffffffffffda RBX: 00007fb54cdc5fa0 RCX: 00007fb54cb8ebe9
[  422.823142][T12092] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  422.823152][T12092] RBP: 00007fb54d9e8090 R08: 0000000000000000 R09: 0000000000000000
[  422.823163][T12092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.823174][T12092] R13: 00007fb54cdc6038 R14: 00007fb54cdc5fa0 R15: 00007ffd73b862d8
[  422.823204][T12092]  </TASK>
[  422.830299][ T5981] udevd[5981]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  423.294199][ T5951] dvb-usb: bulk message failed: -22 (6/0)
[  423.302242][ T5951] dvb-usb: no frontend was attached by 'Leadtek - USB2.0 Winfast DTV dongle'
[  423.317958][ T5951] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input61
[  423.341275][ T5951] dvb-usb: schedule remote query interval to 150 msecs.
[  423.354303][ T5951] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully initialized and connected.
[  423.378337][ T5951] usb 2-1: USB disconnect, device number 11
[  423.435555][ T5953] usb 7-1: new full-speed USB device number 43 using dummy_hcd
[  423.451860][ T5951] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully deinitialized and disconnected.
[  423.575387][ T5953] usb 7-1: device descriptor read/64, error -71
[  423.675361][  T888] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  423.685649][ T5953] usb usb7-port1: attempt power cycle
[  423.685707][ T5909] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  423.825351][  T888] usb 5-1: Using ep0 maxpacket: 32
[  423.834499][  T888] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  423.842858][  T888] usb 5-1: config 0 has no interface number 0
[  423.849156][  T888] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  423.857209][ T5909] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  423.860357][  T888] usb 5-1: config 0 interface 85 has no altsetting 0
[  423.872759][ T5909] usb 3-1: config 0 has no interface number 0
[  423.878841][  T888] usb 5-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  423.883419][ T5909] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  423.890047][  T888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.900096][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.912120][  T888] usb 5-1: Product: syz
[  423.922252][  T888] usb 5-1: Manufacturer: syz
[  423.930337][  T888] usb 5-1: SerialNumber: syz
[  423.934625][ T5909] usb 3-1: Product: syz
[  423.941491][ T5909] usb 3-1: Manufacturer: syz
[  423.944151][  T888] usb 5-1: config 0 descriptor??
[  423.947614][ T5909] usb 3-1: SerialNumber: syz
[  423.968791][ T5909] usb 3-1: config 0 descriptor??
[  424.025503][ T5953] usb 7-1: new full-speed USB device number 44 using dummy_hcd
[  424.050655][ T5953] usb 7-1: device descriptor read/8, error -71
[  424.178602][ T5909] dvb_usb_ec168 3-1:0.1: probe with driver dvb_usb_ec168 failed with error -71
[  424.197542][  T888] usb 5-1: USB disconnect, device number 4
[  424.221251][ T5909] usb 3-1: USB disconnect, device number 11
[  424.295443][ T5953] usb 7-1: new full-speed USB device number 45 using dummy_hcd
[  424.316000][ T5953] usb 7-1: device descriptor read/8, error -71
[  424.425504][ T5953] usb usb7-port1: unable to enumerate USB device
[  425.185766][  T888] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  425.265370][ T5953] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  425.356649][  T888] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  425.376462][  T888] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  425.389305][  T888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.402337][  T888] usb 5-1: config 0 descriptor??
[  425.417213][  T888] pwc: Askey VC010 type 2 USB webcam detected.
[  425.449113][ T5953] usb 2-1: unable to get BOS descriptor or descriptor too short
[  425.477435][ T5953] usb 2-1: not running at top speed; connect to a high speed hub
[  425.492812][ T5953] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  425.507633][ T5953] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  425.524121][ T5953] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  425.539260][ T5953] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  425.548855][ T5953] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.559800][ T5953] usb 2-1: Product: syz
[  425.564013][ T5953] usb 2-1: Manufacturer: syz
[  425.569176][ T5953] usb 2-1: SerialNumber: syz
[  425.811104][ T5953] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  425.819264][T12115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  425.819361][ T5953] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  425.837028][    T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  425.844843][ T5951] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[  425.847126][T12115] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  425.855745][ T5953] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  425.867408][  T888] pwc: recv_control_msg error -32 req 02 val 2b00
[  425.874502][  T888] pwc: recv_control_msg error -32 req 02 val 2700
[  425.890674][  T888] pwc: recv_control_msg error -32 req 02 val 2c00
[  425.902547][ T5953] usb 2-1: USB disconnect, device number 12
[  425.909080][  T888] pwc: recv_control_msg error -32 req 04 val 1000
[  425.937349][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  425.995942][    T9] usb 3-1: Using ep0 maxpacket: 16
[  426.005194][    T9] usb 3-1: New USB device found, idVendor=0413, idProduct=6026, bcdDevice=18.aa
[  426.015139][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.024011][    T9] usb 3-1: Product: syz
[  426.028438][    T9] usb 3-1: Manufacturer: syz
[  426.033215][    T9] usb 3-1: SerialNumber: syz
[  426.038638][ T5951] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  426.050208][ T5951] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  426.060393][    T9] usb 3-1: config 0 descriptor??
[  426.065622][ T5951] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.076054][    T9] dvb-usb: found a 'Leadtek - USB2.0 Winfast DTV dongle' in warm state.
[  426.084413][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  426.093136][ T5951] usb 7-1: config 0 descriptor??
[  426.102086][ T5951] pwc: Askey VC010 type 2 USB webcam detected.
[  426.113813][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  426.124122][    T9] dvbdev: DVB: registering new adapter (Leadtek - USB2.0 Winfast DTV dongle)
[  426.133658][  T888] pwc: recv_control_msg error -32 req 04 val 1400
[  426.140464][    T9] usb 3-1: media controller created
[  426.146190][  T888] pwc: recv_control_msg error -32 req 02 val 2000
[  426.168178][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  426.189095][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  426.195001][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  426.201207][    T9] dvb-usb: no frontend was attached by 'Leadtek - USB2.0 Winfast DTV dongle'
[  426.212270][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input62
[  426.224847][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  426.231888][    T9] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully initialized and connected.
[  426.315046][  T982] usb 3-1: USB disconnect, device number 12
[  426.355434][  T888] pwc: recv_control_msg error -71 req 04 val 1500
[  426.369654][  T888] pwc: recv_control_msg error -71 req 02 val 2500
[  426.388815][  T888] pwc: recv_control_msg error -71 req 02 val 2400
[  426.402304][  T888] pwc: recv_control_msg error -71 req 02 val 2600
[  426.405883][  T982] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully deinitialized and disconnected.
[  426.417043][  T888] pwc: recv_control_msg error -71 req 02 val 2900
[  426.440673][  T888] pwc: recv_control_msg error -71 req 02 val 2800
[  426.448228][  T888] pwc: recv_control_msg error -71 req 04 val 1100
[  426.455117][  T888] pwc: recv_control_msg error -71 req 04 val 1200
[  426.476515][  T888] pwc: Registered as video103.
[  426.488668][  T888] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input63
[  426.522027][T12119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  426.533486][T12119] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  426.544130][  T888] usb 5-1: USB disconnect, device number 5
[  426.577759][ T5951] pwc: recv_control_msg error -32 req 02 val 2b00
[  426.587129][ T5951] pwc: recv_control_msg error -32 req 02 val 2700
[  426.605791][ T5951] pwc: recv_control_msg error -32 req 02 val 2c00
[  426.614886][ T5951] pwc: recv_control_msg error -32 req 04 val 1000
[  426.823614][ T5951] pwc: recv_control_msg error -32 req 04 val 1400
[  426.832940][ T5951] pwc: recv_control_msg error -71 req 02 val 2000
[  426.839873][ T5951] pwc: recv_control_msg error -71 req 02 val 2100
[  426.846947][ T5951] pwc: recv_control_msg error -71 req 04 val 1500
[  426.853707][ T5951] pwc: recv_control_msg error -71 req 02 val 2500
[  426.861363][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  426.869552][ T5951] pwc: recv_control_msg error -71 req 02 val 2400
[  426.877098][ T5951] pwc: recv_control_msg error -71 req 02 val 2600
[  426.883973][ T5951] pwc: recv_control_msg error -71 req 02 val 2900
[  426.891906][ T5951] pwc: recv_control_msg error -71 req 02 val 2800
[  426.899587][ T5951] pwc: recv_control_msg error -71 req 04 val 1100
[  426.909044][ T5951] pwc: recv_control_msg error -71 req 04 val 1200
[  426.924456][ T5951] pwc: Registered as video103.
[  426.935554][ T5951] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input64
[  426.966985][ T5951] usb 7-1: USB disconnect, device number 46
[  426.976797][T12129] evm: overlay not supported
[  427.035292][    T9] usb 2-1: Using ep0 maxpacket: 32
[  427.046432][    T9] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  427.066717][    T9] usb 2-1: config 0 has no interface number 0
[  427.084320][    T9] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  427.128278][    T9] usb 2-1: config 0 interface 85 has no altsetting 0
[  427.138184][    T9] usb 2-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  427.153513][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.162202][    T9] usb 2-1: Product: syz
[  427.166522][    T9] usb 2-1: Manufacturer: syz
[  427.171123][    T9] usb 2-1: SerialNumber: syz
[  427.185970][    T9] usb 2-1: config 0 descriptor??
[  427.413885][    T9] usb 2-1: USB disconnect, device number 13
[  427.656162][  T982] usb 7-1: new full-speed USB device number 47 using dummy_hcd
[  427.664770][   T11] block nbd0: Possible stuck request ffff888025535080: control (read@0,1024B). Runtime 150 seconds
[  427.677023][   T11] block nbd0: Possible stuck request ffff888025535240: control (read@1024,1024B). Runtime 150 seconds
[  427.688432][   T11] block nbd0: Possible stuck request ffff888025535400: control (read@2048,1024B). Runtime 150 seconds
[  427.699741][   T11] block nbd0: Possible stuck request ffff8880255355c0: control (read@3072,1024B). Runtime 150 seconds
[  427.785377][ T5909] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  427.809979][  T982] usb 7-1: unable to get BOS descriptor or descriptor too short
[  427.818136][  T982] usb 7-1: not running at top speed; connect to a high speed hub
[  427.830692][  T982] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  427.840904][  T982] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  427.851849][  T982] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  427.865010][  T982] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  427.874077][  T982] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.882077][  T982] usb 7-1: Product: syz
[  427.886268][  T982] usb 7-1: Manufacturer: syz
[  427.890867][  T982] usb 7-1: SerialNumber: syz
[  427.956731][ T5909] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  427.969479][ T5909] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  427.979916][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.991118][ T5909] usb 5-1: config 0 descriptor??
[  428.000312][ T5909] pwc: Askey VC010 type 2 USB webcam detected.
[  428.140238][  T982] usb 7-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  428.147282][  T982] usb 7-1: 2:1 : no or invalid class specific endpoint descriptor
[  428.155117][  T982] usb 7-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  428.181616][  T982] usb 7-1: USB disconnect, device number 47
[  428.409793][T12150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.418825][T12150] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.427926][ T5909] pwc: recv_control_msg error -32 req 02 val 2b00
[  428.435664][ T5909] pwc: recv_control_msg error -32 req 02 val 2700
[  428.444741][ T5909] pwc: recv_control_msg error -32 req 02 val 2c00
[  428.451791][ T5909] pwc: recv_control_msg error -32 req 04 val 1000
[  428.680240][ T5909] pwc: recv_control_msg error -32 req 04 val 1400
[  428.694111][ T5909] pwc: recv_control_msg error -32 req 02 val 2000
[  428.912360][ T5909] pwc: recv_control_msg error -71 req 04 val 1500
[  428.922140][ T5909] pwc: recv_control_msg error -71 req 02 val 2500
[  428.931735][ T5909] pwc: recv_control_msg error -71 req 02 val 2400
[  428.945553][ T5909] pwc: recv_control_msg error -71 req 02 val 2600
[  428.956853][ T5909] pwc: recv_control_msg error -71 req 02 val 2900
[  428.964924][ T5909] pwc: recv_control_msg error -71 req 02 val 2800
[  428.971570][  T982] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  428.979912][ T5909] pwc: recv_control_msg error -71 req 04 val 1100
[  428.988154][ T5909] pwc: recv_control_msg error -71 req 04 val 1200
[  428.995316][   T24] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[  429.004027][ T5909] pwc: Registered as video103.
[  429.018424][ T5909] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input65
[  429.046623][ T5909] usb 5-1: USB disconnect, device number 6
[  429.135304][  T982] usb 3-1: Using ep0 maxpacket: 8
[  429.141953][  T982] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  429.153570][  T982] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  429.165464][   T24] usb 7-1: Using ep0 maxpacket: 16
[  429.170694][  T982] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  429.180812][  T982] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  429.193835][  T982] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  429.203131][  T982] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.214412][   T24] usb 7-1: New USB device found, idVendor=0413, idProduct=6026, bcdDevice=18.aa
[  429.224572][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.233083][   T24] usb 7-1: Product: syz
[  429.239024][   T24] usb 7-1: Manufacturer: syz
[  429.243684][   T24] usb 7-1: SerialNumber: syz
[  429.245366][    T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  429.252205][   T24] usb 7-1: config 0 descriptor??
[  429.271049][   T24] dvb-usb: found a 'Leadtek - USB2.0 Winfast DTV dongle' in warm state.
[  429.279555][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  429.288402][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  429.298410][   T24] dvbdev: DVB: registering new adapter (Leadtek - USB2.0 Winfast DTV dongle)
[  429.307661][   T24] usb 7-1: media controller created
[  429.326850][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  429.346828][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  429.352707][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  429.358698][   T24] dvb-usb: no frontend was attached by 'Leadtek - USB2.0 Winfast DTV dongle'
[  429.372697][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input66
[  429.385829][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  429.392794][   T24] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully initialized and connected.
[  429.428035][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  429.453317][  T982] usb 3-1: GET_CAPABILITIES returned 0
[  429.456505][    T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  429.469257][  T982] usbtmc 3-1:16.0: can't read capabilities
[  429.474973][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.509774][    T9] usb 2-1: config 0 descriptor??
[  429.528215][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  429.548327][  T982] dvb-usb: bulk message failed: -22 (1/0)
[  429.559118][  T982] dvb-usb: error while querying for an remote control event.
[  429.570477][ T5909] usb 7-1: USB disconnect, device number 48
[  429.644316][ T5909] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully deinitialized and disconnected.
[  429.662833][ T5953] usb 3-1: USB disconnect, device number 13
[  429.935654][T12162] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  429.944331][T12162] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  429.954439][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  429.962688][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  429.969868][    T9] pwc: recv_control_msg error -32 req 02 val 2c00
[  429.981707][    T9] pwc: recv_control_msg error -32 req 04 val 1000
[  430.115313][ T5909] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  430.191172][    T9] pwc: recv_control_msg error -71 req 04 val 1400
[  430.203846][    T9] pwc: recv_control_msg error -71 req 02 val 2000
[  430.224267][    T9] pwc: recv_control_msg error -71 req 02 val 2100
[  430.239828][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  430.258728][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  430.265382][ T5909] usb 5-1: Using ep0 maxpacket: 32
[  430.278134][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  430.278376][ T5909] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  430.285769][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  430.297725][ T5909] usb 5-1: config 0 has no interface number 0
[  430.312237][ T5909] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  430.327329][ T5909] usb 5-1: config 0 interface 85 has no altsetting 0
[  430.335984][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  430.341140][ T5909] usb 5-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  430.345338][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  430.352074][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.367453][ T5909] usb 5-1: Product: syz
[  430.371644][ T5909] usb 5-1: Manufacturer: syz
[  430.377586][ T5909] usb 5-1: SerialNumber: syz
[  430.382252][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  430.392272][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  430.396093][ T5909] usb 5-1: config 0 descriptor??
[  430.409847][    T9] pwc: Registered as video103.
[  430.426635][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input67
[  430.473605][    T9] usb 2-1: USB disconnect, device number 14
[  430.505340][ T5953] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  430.699292][ T5953] usb 3-1: unable to get BOS descriptor or descriptor too short
[  430.710268][ T5953] usb 3-1: not running at top speed; connect to a high speed hub
[  430.726122][ T5953] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  430.736506][ T5953] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  430.755445][ T5953] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  430.776916][ T5953] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  430.789265][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.799891][ T5953] usb 3-1: Product: syz
[  430.804077][ T5953] usb 3-1: Manufacturer: syz
[  430.812985][ T5953] usb 3-1: SerialNumber: syz
[  430.835510][ T5909] usb 5-1: USB disconnect, device number 7
[  431.107774][ T5953] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  431.114785][ T5953] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  431.123433][ T5953] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  431.125345][  T982] usb 7-1: new full-speed USB device number 49 using dummy_hcd
[  431.147933][ T5953] usb 3-1: USB disconnect, device number 14
[  431.156361][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  431.179804][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  431.300872][  T982] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  431.313125][  T982] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  431.317144][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  431.328423][  T982] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  431.350557][  T982] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  431.355335][    T9] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  431.360345][  T982] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  431.384407][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.395189][    T9] usb 2-1: config 0 descriptor??
[  431.401191][  T982] usb 7-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  431.404583][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  431.432823][  T982] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  431.441018][  T982] usb 7-1: Product: syz
[  431.445194][  T982] usb 7-1: Manufacturer: syz
[  431.456884][  T982] usb 7-1: SerialNumber: syz
[  431.469699][  T982] usb 7-1: config 0 descriptor??
[  431.681429][  T982] radio-si470x 7-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  431.694508][  T982] radio-si470x 7-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  431.701136][T12195] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.728105][T12195] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.729382][T12198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.752532][T12198] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.812756][T12187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.824930][T12187] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.834520][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  431.842463][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  431.850315][    T9] pwc: recv_control_msg error -32 req 02 val 2c00
[  431.858885][    T9] pwc: recv_control_msg error -32 req 04 val 1000
[  431.904891][T12185] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2082'.
[  431.935662][ T5909] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  431.968986][  T982] radio-si470x 7-1:0.0: si470x_get_report: usb_control_msg returned -71
[  431.979634][  T982] radio-si470x 7-1:0.0: si470x_get_scratch: si470x_get_report returned -71
[  431.988782][  T982] radio-si470x 7-1:0.0: probe with driver radio-si470x failed with error -5
[  432.005153][  T982] usb 7-1: USB disconnect, device number 49
[  432.065359][ T5909] usb 3-1: device descriptor read/64, error -71
[  432.072169][    T9] pwc: recv_control_msg error -32 req 04 val 1400
[  432.091849][T12204] FAULT_INJECTION: forcing a failure.
[  432.091849][T12204] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.105171][T12204] CPU: 0 UID: 0 PID: 12204 Comm: syz.4.2088 Not tainted syzkaller #0 PREEMPT(full) 
[  432.105193][T12204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  432.105203][T12204] Call Trace:
[  432.105214][T12204]  <TASK>
[  432.105222][T12204]  dump_stack_lvl+0x189/0x250
[  432.105254][T12204]  ? __pfx____ratelimit+0x10/0x10
[  432.105278][T12204]  ? __pfx_dump_stack_lvl+0x10/0x10
[  432.105306][T12204]  ? __pfx__printk+0x10/0x10
[  432.105345][T12204]  should_fail_ex+0x414/0x560
[  432.105370][T12204]  __kvm_read_guest_page+0x18d/0x240
[  432.105393][T12204]  kvm_fetch_guest_virt+0x12b/0x170
[  432.105420][T12204]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[  432.105444][T12204]  __do_insn_fetch_bytes+0x2f9/0x6d0
[  432.105468][T12204]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  432.105489][T12204]  ? make_spte+0x4a0/0xc80
[  432.105522][T12204]  x86_decode_insn+0x33c/0x5310
[  432.105539][T12204]  ? rcu_is_watching+0x15/0xb0
[  432.105562][T12204]  ? handle_changed_spte+0x1cd/0x10a0
[  432.105598][T12204]  ? kvm_tdp_mmu_map+0x308/0x1d30
[  432.105623][T12204]  ? __pfx_x86_decode_insn+0x10/0x10
[  432.105653][T12204]  ? __asan_memset+0x22/0x50
[  432.105675][T12204]  ? init_decode_cache+0x78/0x90
[  432.105690][T12204]  ? init_emulate_ctxt+0x4d6/0x660
[  432.105713][T12204]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  432.105742][T12204]  x86_emulate_instruction+0x61b/0x1f90
[  432.105774][T12204]  ? vmx_vcpu_run+0xe92/0x2b70
[  432.105794][T12204]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  432.105817][T12204]  ? __pfx_handle_mmio_page_fault+0x10/0x10
[  432.105838][T12204]  ? vmx_vcpu_run+0x184a/0x2b70
[  432.105868][T12204]  kvm_mmu_page_fault+0x91a/0xb70
[  432.105894][T12204]  vmx_handle_exit+0xd9e/0x18c0
[  432.105912][T12204]  ? vcpu_run+0x3620/0x7020
[  432.105937][T12204]  vcpu_run+0x43aa/0x7020
[  432.105967][T12204]  ? vcpu_run+0x3620/0x7020
[  432.106020][T12204]  ? __pfx_vcpu_run+0x10/0x10
[  432.106035][T12204]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  432.106057][T12204]  ? complete_emulated_mmio+0x18e/0x7a0
[  432.106080][T12204]  ? __asan_memcpy+0x40/0x70
[  432.106102][T12204]  ? complete_emulated_mmio+0x4d2/0x7a0
[  432.106132][T12204]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  432.106151][T12204]  ? __mutex_trylock_common+0x153/0x260
[  432.106173][T12204]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  432.106188][T12204]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  432.106205][T12204]  ? rcu_is_watching+0x15/0xb0
[  432.106224][T12204]  ? trace_contention_end+0x39/0x120
[  432.106243][T12204]  ? __mutex_lock+0x335/0x1350
[  432.106269][T12204]  ? kasan_quarantine_put+0xdd/0x220
[  432.106283][T12204]  ? lockdep_hardirqs_on+0x9c/0x150
[  432.106302][T12204]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  432.106319][T12204]  ? __pfx___mutex_lock+0x10/0x10
[  432.106340][T12204]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  432.106361][T12204]  ? do_vfs_ioctl+0xbe8/0x1430
[  432.106375][T12204]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  432.106393][T12204]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  432.106410][T12204]  kvm_vcpu_ioctl+0x95c/0xe90
[  432.106428][T12204]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  432.106457][T12204]  ? __fget_files+0x2a/0x420
[  432.106479][T12204]  ? __fget_files+0x3a0/0x420
[  432.106497][T12204]  ? __fget_files+0x2a/0x420
[  432.106517][T12204]  ? bpf_lsm_file_ioctl+0x9/0x20
[  432.106539][T12204]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  432.106552][T12204]  __se_sys_ioctl+0xfc/0x170
[  432.106568][T12204]  do_syscall_64+0xfa/0xfa0
[  432.106589][T12204]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.106603][T12204]  ? asm_sysvec_call_function_single+0x1a/0x20
[  432.106618][T12204]  ? clear_bhb_loop+0x60/0xb0
[  432.106635][T12204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.106648][T12204] RIP: 0033:0x7f1e5e78ebe9
[  432.106661][T12204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.106674][T12204] RSP: 002b:00007f1e5f583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  432.106689][T12204] RAX: ffffffffffffffda RBX: 00007f1e5e9c5fa0 RCX: 00007f1e5e78ebe9
[  432.106700][T12204] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  432.106709][T12204] RBP: 00007f1e5f583090 R08: 0000000000000000 R09: 0000000000000000
[  432.106718][T12204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.106727][T12204] R13: 00007f1e5e9c6038 R14: 00007f1e5e9c5fa0 R15: 00007fff726ca7d8
[  432.106750][T12204]  </TASK>
[  432.544789][    T9] pwc: recv_control_msg error -32 req 02 val 2000
[  432.668080][ T5909] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  432.752601][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  432.759996][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  432.770590][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  432.777384][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  432.784097][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  432.791886][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  432.799341][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  432.806259][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  432.814191][    T9] pwc: Registered as video103.
[  432.815443][ T5909] usb 3-1: device descriptor read/64, error -71
[  432.821262][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input68
[  432.844825][    T9] usb 2-1: USB disconnect, device number 15
[  432.915701][  T888] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  432.967255][ T5909] usb usb3-port1: attempt power cycle
[  433.078804][  T888] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  433.091691][  T888] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  433.102008][  T888] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.116507][  T888] usb 5-1: config 0 descriptor??
[  433.124808][  T888] pwc: Askey VC010 type 2 USB webcam detected.
[  433.325393][  T982] usb 7-1: new high-speed USB device number 50 using dummy_hcd
[  433.333013][ T5909] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  433.361329][ T5909] usb 3-1: device descriptor read/8, error -71
[  433.485310][  T982] usb 7-1: Using ep0 maxpacket: 32
[  433.491943][  T982] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[  433.500134][  T982] usb 7-1: config 0 has no interface number 0
[  433.506319][  T982] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  433.519397][  T982] usb 7-1: config 0 interface 85 has no altsetting 0
[  433.528048][  T982] usb 7-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  433.535470][T12210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  433.537196][  T982] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.554676][  T982] usb 7-1: Product: syz
[  433.555053][T12210] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  433.570470][  T982] usb 7-1: Manufacturer: syz
[  433.575087][  T982] usb 7-1: SerialNumber: syz
[  433.582740][  T888] pwc: recv_control_msg error -32 req 02 val 2b00
[  433.594241][  T888] pwc: recv_control_msg error -32 req 02 val 2700
[  433.596417][  T982] usb 7-1: config 0 descriptor??
[  433.601929][  T888] pwc: recv_control_msg error -32 req 02 val 2c00
[  433.612923][  T888] pwc: recv_control_msg error -32 req 04 val 1000
[  433.621044][  T888] pwc: recv_control_msg error -71 req 04 val 1300
[  433.629090][  T888] pwc: recv_control_msg error -71 req 04 val 1400
[  433.635553][ T5909] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  433.643466][  T888] pwc: recv_control_msg error -71 req 02 val 2000
[  433.650409][  T888] pwc: recv_control_msg error -71 req 02 val 2100
[  433.657871][  T888] pwc: recv_control_msg error -71 req 04 val 1500
[  433.666316][ T5909] usb 3-1: device descriptor read/8, error -71
[  433.671380][  T888] pwc: recv_control_msg error -71 req 02 val 2500
[  433.679056][ T5951] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  433.690112][  T888] pwc: recv_control_msg error -71 req 02 val 2400
[  433.696986][  T888] pwc: recv_control_msg error -71 req 02 val 2600
[  433.703810][  T888] pwc: recv_control_msg error -71 req 02 val 2900
[  433.710660][  T888] pwc: recv_control_msg error -71 req 02 val 2800
[  433.717752][  T888] pwc: recv_control_msg error -71 req 04 val 1100
[  433.724593][  T888] pwc: recv_control_msg error -71 req 04 val 1200
[  433.732734][  T888] pwc: Registered as video103.
[  433.741171][  T888] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input69
[  433.768439][  T888] usb 5-1: USB disconnect, device number 8
[  433.778967][ T5909] usb usb3-port1: unable to enumerate USB device
[  433.847611][ T5951] usb 2-1: unable to get BOS descriptor or descriptor too short
[  433.856255][ T5951] usb 2-1: not running at top speed; connect to a high speed hub
[  433.865035][ T5951] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  433.879101][ T5951] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  433.889974][ T5951] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  433.902674][ T5951] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  433.911793][ T5951] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.920116][ T5951] usb 2-1: Product: syz
[  433.924288][ T5951] usb 2-1: Manufacturer: syz
[  433.928963][ T5951] usb 2-1: SerialNumber: syz
[  434.044167][  T982] usb 7-1: USB disconnect, device number 50
[  434.175746][ T5951] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  434.182895][ T5951] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  434.193847][ T5951] usb 2-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  434.227704][ T5951] usb 2-1: USB disconnect, device number 16
[  434.262410][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  434.618815][T12238] FAULT_INJECTION: forcing a failure.
[  434.618815][T12238] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  434.634640][T12238] CPU: 1 UID: 0 PID: 12238 Comm: syz.6.2099 Not tainted syzkaller #0 PREEMPT(full) 
[  434.634664][T12238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  434.634676][T12238] Call Trace:
[  434.634683][T12238]  <TASK>
[  434.634692][T12238]  dump_stack_lvl+0x189/0x250
[  434.634725][T12238]  ? __pfx____ratelimit+0x10/0x10
[  434.634749][T12238]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.634777][T12238]  ? __pfx__printk+0x10/0x10
[  434.634803][T12238]  ? __might_fault+0xb0/0x130
[  434.634833][T12238]  should_fail_ex+0x414/0x560
[  434.634859][T12238]  _copy_from_user+0x2d/0xb0
[  434.634887][T12238]  memdup_user+0x5e/0xd0
[  434.634912][T12238]  kvm_arch_vcpu_ioctl+0x1aa7/0x2a80
[  434.634940][T12238]  ? kvm_arch_vcpu_ioctl+0xcc3/0x2a80
[  434.634965][T12238]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  434.634996][T12238]  ? __lock_acquire+0xab9/0xd20
[  434.635042][T12238]  ? is_bpf_text_address+0x26/0x2b0
[  434.635067][T12238]  ? is_bpf_text_address+0x292/0x2b0
[  434.635085][T12238]  ? is_bpf_text_address+0x26/0x2b0
[  434.635108][T12238]  ? kernel_text_address+0xa5/0xe0
[  434.635126][T12238]  ? __kernel_text_address+0xd/0x40
[  434.635143][T12238]  ? unwind_get_return_address+0x4d/0x90
[  434.635165][T12238]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  434.635191][T12238]  ? arch_stack_walk+0xfc/0x150
[  434.635232][T12238]  ? stack_trace_save+0x9c/0xe0
[  434.635259][T12238]  ? stack_depot_save_flags+0x40/0x860
[  434.635295][T12238]  ? __lock_acquire+0xab9/0xd20
[  434.635322][T12238]  ? __mutex_trylock_common+0x153/0x260
[  434.635348][T12238]  ? __pfx___mutex_trylock_common+0x10/0x10
[  434.635376][T12238]  ? rcu_is_watching+0x15/0xb0
[  434.635398][T12238]  ? trace_contention_end+0x39/0x120
[  434.635422][T12238]  ? __mutex_lock+0x335/0x1350
[  434.635455][T12238]  ? kasan_quarantine_put+0xdd/0x220
[  434.635472][T12238]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.635497][T12238]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  434.635518][T12238]  ? __pfx___mutex_lock+0x10/0x10
[  434.635545][T12238]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  434.635572][T12238]  ? do_vfs_ioctl+0xbe8/0x1430
[  434.635590][T12238]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  434.635613][T12238]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  434.635635][T12238]  kvm_vcpu_ioctl+0x74d/0xe90
[  434.635659][T12238]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  434.635697][T12238]  ? __fget_files+0x2a/0x420
[  434.635725][T12238]  ? __fget_files+0x3a0/0x420
[  434.635747][T12238]  ? __fget_files+0x2a/0x420
[  434.635773][T12238]  ? bpf_lsm_file_ioctl+0x9/0x20
[  434.635799][T12238]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  434.635816][T12238]  __se_sys_ioctl+0xfc/0x170
[  434.635837][T12238]  do_syscall_64+0xfa/0xfa0
[  434.635861][T12238]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.635885][T12238]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.635903][T12238]  ? clear_bhb_loop+0x60/0xb0
[  434.635925][T12238]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.635942][T12238] RIP: 0033:0x7f56c758ebe9
[  434.635959][T12238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.635975][T12238] RSP: 002b:00007f56c83d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  434.635994][T12238] RAX: ffffffffffffffda RBX: 00007f56c77c5fa0 RCX: 00007f56c758ebe9
[  434.636013][T12238] RDX: 0000200000000200 RSI: 00000000c008ae88 RDI: 0000000000000005
[  434.636025][T12238] RBP: 00007f56c83d5090 R08: 0000000000000000 R09: 0000000000000000
[  434.636036][T12238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.636046][T12238] R13: 00007f56c77c6038 R14: 00007f56c77c5fa0 R15: 00007fff13451408
[  434.636077][T12238]  </TASK>
[  435.245997][T12251] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3735417615 (239066727360 ns) > initial count (198432572864 ns). Using initial count to start timer.
[  435.405697][  T888] usb 7-1: new high-speed USB device number 51 using dummy_hcd
[  435.557319][  T888] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  435.569106][  T888] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  435.578701][  T888] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.589870][  T888] usb 7-1: config 0 descriptor??
[  435.605426][ T5951] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  435.616812][  T888] pwc: Askey VC010 type 2 USB webcam detected.
[  435.777434][ T5951] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  435.787995][ T5951] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  435.798515][ T5951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  435.815882][ T5951] usb 5-1: config 0 descriptor??
[  435.829081][ T5951] pwc: Askey VC010 type 2 USB webcam detected.
[  436.011908][T12247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  436.029481][T12247] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  436.042878][  T888] pwc: recv_control_msg error -32 req 02 val 2b00
[  436.051504][  T888] pwc: recv_control_msg error -32 req 02 val 2700
[  436.066149][  T888] pwc: recv_control_msg error -32 req 02 val 2c00
[  436.073522][  T888] pwc: recv_control_msg error -32 req 04 val 1000
[  436.117350][ T5909] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  436.242460][T12253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  436.251183][T12253] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  436.260740][ T5951] pwc: recv_control_msg error -32 req 02 val 2b00
[  436.267941][ T5951] pwc: recv_control_msg error -32 req 02 val 2700
[  436.275047][ T5951] pwc: recv_control_msg error -32 req 02 val 2c00
[  436.282247][ T5951] pwc: recv_control_msg error -32 req 04 val 1000
[  436.285430][ T5909] usb 2-1: Using ep0 maxpacket: 32
[  436.291793][ T5951] pwc: recv_control_msg error -71 req 04 val 1300
[  436.303376][ T5909] usb 2-1: config 0 has an invalid interface number: 85 but max is 0
[  436.305360][  T888] pwc: recv_control_msg error -32 req 04 val 1400
[  436.318148][ T5909] usb 2-1: config 0 has no interface number 0
[  436.321473][ T5951] pwc: recv_control_msg error -71 req 04 val 1400
[  436.331931][ T5909] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  436.332417][  T888] pwc: recv_control_msg error -32 req 02 val 2000
[  436.351235][ T5951] pwc: recv_control_msg error -71 req 02 val 2000
[  436.352258][ T5909] usb 2-1: config 0 interface 85 has no altsetting 0
[  436.359082][ T5951] pwc: recv_control_msg error -71 req 02 val 2100
[  436.369379][ T5909] usb 2-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  436.372377][ T5951] pwc: recv_control_msg error -71 req 04 val 1500
[  436.384092][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.387623][ T5951] pwc: recv_control_msg error -71 req 02 val 2500
[  436.394868][ T5909] usb 2-1: Product: syz
[  436.405407][ T5951] pwc: recv_control_msg error -71 req 02 val 2400
[  436.406268][ T5909] usb 2-1: Manufacturer: syz
[  436.413279][ T5951] pwc: recv_control_msg error -71 req 02 val 2600
[  436.416552][ T5909] usb 2-1: SerialNumber: syz
[  436.425958][ T5909] usb 2-1: config 0 descriptor??
[  436.434091][ T5951] pwc: recv_control_msg error -71 req 02 val 2900
[  436.441476][ T5951] pwc: recv_control_msg error -71 req 02 val 2800
[  436.448779][ T5951] pwc: recv_control_msg error -71 req 04 val 1100
[  436.460510][ T5951] pwc: recv_control_msg error -71 req 04 val 1200
[  436.469305][ T5951] pwc: Registered as video103.
[  436.475551][   T24] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  436.483940][ T5951] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input70
[  436.528924][ T5951] usb 5-1: USB disconnect, device number 9
[  436.573689][  T888] pwc: recv_control_msg error -71 req 04 val 1500
[  436.603701][  T888] pwc: recv_control_msg error -71 req 02 val 2500
[  436.614293][  T888] pwc: recv_control_msg error -71 req 02 val 2400
[  436.622775][  T888] pwc: recv_control_msg error -71 req 02 val 2600
[  436.629816][  T888] pwc: recv_control_msg error -71 req 02 val 2900
[  436.637846][  T888] pwc: recv_control_msg error -71 req 02 val 2800
[  436.644755][  T888] pwc: recv_control_msg error -71 req 04 val 1100
[  436.652349][  T888] pwc: recv_control_msg error -71 req 04 val 1200
[  436.661847][  T888] pwc: Registered as video103.
[  436.668510][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  436.671897][  T888] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input71
[  436.700389][   T24] usb 3-1: not running at top speed; connect to a high speed hub
[  436.715543][  T888] usb 7-1: USB disconnect, device number 51
[  436.722366][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  436.745370][   T24] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  436.775346][   T24] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  436.807216][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  436.824155][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.842027][   T24] usb 3-1: Product: syz
[  436.847031][   T24] usb 3-1: Manufacturer: syz
[  436.851676][   T24] usb 3-1: SerialNumber: syz
[  436.866085][ T5909] usb 2-1: USB disconnect, device number 17
[  436.920462][T12268] FAULT_INJECTION: forcing a failure.
[  436.920462][T12268] name failslab, interval 1, probability 0, space 0, times 0
[  436.933652][T12268] CPU: 1 UID: 0 PID: 12268 Comm: syz.4.2110 Not tainted syzkaller #0 PREEMPT(full) 
[  436.933689][T12268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  436.933707][T12268] Call Trace:
[  436.933722][T12268]  <TASK>
[  436.933730][T12268]  dump_stack_lvl+0x189/0x250
[  436.933762][T12268]  ? __pfx____ratelimit+0x10/0x10
[  436.933786][T12268]  ? __pfx_dump_stack_lvl+0x10/0x10
[  436.933813][T12268]  ? __pfx__printk+0x10/0x10
[  436.933845][T12268]  ? __pfx___might_resched+0x10/0x10
[  436.933866][T12268]  ? fs_reclaim_acquire+0x7d/0x100
[  436.933892][T12268]  should_fail_ex+0x414/0x560
[  436.933917][T12268]  should_failslab+0xa8/0x100
[  436.933939][T12268]  __kmalloc_noprof+0xcb/0x7f0
[  436.933956][T12268]  ? tomoyo_encode+0x28b/0x550
[  436.933988][T12268]  tomoyo_encode+0x28b/0x550
[  436.934018][T12268]  tomoyo_realpath_from_path+0x58d/0x5d0
[  436.934047][T12268]  ? tomoyo_domain+0xd9/0x130
[  436.934078][T12268]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  436.934100][T12268]  tomoyo_path_number_perm+0x1e8/0x5a0
[  436.934125][T12268]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  436.934183][T12268]  ? __fget_files+0x2a/0x420
[  436.934210][T12268]  ? __fget_files+0x3a0/0x420
[  436.934231][T12268]  ? __fget_files+0x2a/0x420
[  436.934257][T12268]  security_file_ioctl+0xcb/0x2d0
[  436.934281][T12268]  __se_sys_ioctl+0x47/0x170
[  436.934302][T12268]  do_syscall_64+0xfa/0xfa0
[  436.934325][T12268]  ? lockdep_hardirqs_on+0x9c/0x150
[  436.934350][T12268]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.934368][T12268]  ? clear_bhb_loop+0x60/0xb0
[  436.934390][T12268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.934407][T12268] RIP: 0033:0x7f1e5e78ebe9
[  436.934422][T12268] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.934438][T12268] RSP: 002b:00007f1e5f583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  436.934456][T12268] RAX: ffffffffffffffda RBX: 00007f1e5e9c5fa0 RCX: 00007f1e5e78ebe9
[  436.934469][T12268] RDX: 0000200000000780 RSI: 000000004400ae8f RDI: 0000000000000005
[  436.934480][T12268] RBP: 00007f1e5f583090 R08: 0000000000000000 R09: 0000000000000000
[  436.934491][T12268] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  436.934501][T12268] R13: 00007f1e5e9c6038 R14: 00007f1e5e9c5fa0 R15: 00007fff726ca7d8
[  436.934531][T12268]  </TASK>
[  436.934578][T12268] ERROR: Out of memory at tomoyo_realpath_from_path.
[  437.185427][T12268] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3735417615 (239066727360 ns) > initial count (198432572864 ns). Using initial count to start timer.
[  437.196270][   T24] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  437.252089][   T24] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  437.283565][   T24] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  437.301889][   T24] usb 3-1: USB disconnect, device number 19
[  437.771346][T12290] 9pnet: p9_errstr2errno: server reported unknown error ����������l
[  438.105359][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  438.126028][  T888] usb 7-1: new high-speed USB device number 52 using dummy_hcd
[  438.135520][ T5951] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  438.255471][ T5953] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  438.265703][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.276120][  T888] usb 7-1: Using ep0 maxpacket: 16
[  438.281460][    T9] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  438.290627][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.301481][ T5951] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.314834][    T9] usb 5-1: config 0 descriptor??
[  438.322035][ T5951] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  438.342066][  T888] usb 7-1: New USB device found, idVendor=0413, idProduct=6026, bcdDevice=18.aa
[  438.351610][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  438.358151][  T888] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.366240][ T5951] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.376015][  T888] usb 7-1: Product: syz
[  438.380223][  T888] usb 7-1: Manufacturer: syz
[  438.384822][  T888] usb 7-1: SerialNumber: syz
[  438.391511][ T5951] usb 2-1: config 0 descriptor??
[  438.400971][ T5951] pwc: Askey VC010 type 2 USB webcam detected.
[  438.409773][  T888] usb 7-1: config 0 descriptor??
[  438.415556][ T5953] usb 3-1: Using ep0 maxpacket: 32
[  438.422482][  T888] dvb-usb: found a 'Leadtek - USB2.0 Winfast DTV dongle' in warm state.
[  438.431051][  T888] dvb-usb: bulk message failed: -22 (3/0)
[  438.438561][ T5953] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  438.449932][ T5953] usb 3-1: config 0 has no interface number 0
[  438.457357][  T888] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  438.467491][ T5953] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  438.479523][ T5953] usb 3-1: config 0 interface 85 has no altsetting 0
[  438.486622][  T888] dvbdev: DVB: registering new adapter (Leadtek - USB2.0 Winfast DTV dongle)
[  438.495600][  T888] usb 7-1: media controller created
[  438.502842][ T5953] usb 3-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  438.525502][ T5953] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.533518][ T5953] usb 3-1: Product: syz
[  438.538469][  T888] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  438.547162][ T5953] usb 3-1: Manufacturer: syz
[  438.551803][ T5953] usb 3-1: SerialNumber: syz
[  438.568982][  T888] dvb-usb: bulk message failed: -22 (6/0)
[  438.574891][  T888] dvb-usb: bulk message failed: -22 (6/0)
[  438.582191][ T5953] usb 3-1: config 0 descriptor??
[  438.587538][  T888] dvb-usb: no frontend was attached by 'Leadtek - USB2.0 Winfast DTV dongle'
[  438.604153][  T888] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input72
[  438.618406][  T888] dvb-usb: schedule remote query interval to 150 msecs.
[  438.625448][  T888] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully initialized and connected.
[  438.663289][  T888] usb 7-1: USB disconnect, device number 52
[  438.724576][  T888] dvb-usb: Leadtek - USB2.0 Winfast DTV dongle successfully deinitialized and disconnected.
[  438.750153][T12294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.760479][T12294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.769219][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  438.780468][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  438.789050][    T9] pwc: recv_control_msg error -32 req 02 val 2c00
[  438.796384][    T9] pwc: recv_control_msg error -32 req 04 val 1000
[  438.809758][    T9] pwc: recv_control_msg error -71 req 04 val 1300
[  438.817022][T12296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.817065][    T9] pwc: recv_control_msg error -71 req 04 val 1400
[  438.836086][T12296] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.839750][    T9] pwc: recv_control_msg error -71 req 02 val 2000
[  438.850570][ T5951] pwc: recv_control_msg error -32 req 02 val 2b00
[  438.860119][ T5951] pwc: recv_control_msg error -32 req 02 val 2700
[  438.866953][    T9] pwc: recv_control_msg error -71 req 02 val 2100
[  438.873576][ T5951] pwc: recv_control_msg error -32 req 02 val 2c00
[  438.880700][    T9] pwc: recv_control_msg error -71 req 04 val 1500
[  438.888770][    T9] pwc: recv_control_msg error -71 req 02 val 2500
[  438.896029][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  438.902564][ T5951] pwc: recv_control_msg error -32 req 04 val 1000
[  438.909525][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  438.917483][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  438.924251][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  438.931973][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  438.939713][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  438.955514][    T9] pwc: Registered as video103.
[  438.975473][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input73
[  439.014189][ T5953] usb 3-1: USB disconnect, device number 20
[  439.022695][    T9] usb 5-1: USB disconnect, device number 10
[  439.118080][ T5951] pwc: recv_control_msg error -32 req 04 val 1400
[  439.125064][ T5951] pwc: recv_control_msg error -32 req 02 val 2000
[  439.338634][ T5951] pwc: recv_control_msg error -71 req 04 val 1500
[  439.365352][ T5951] pwc: recv_control_msg error -71 req 02 val 2500
[  439.376634][ T5951] pwc: recv_control_msg error -71 req 02 val 2400
[  439.385154][ T5951] pwc: recv_control_msg error -71 req 02 val 2600
[  439.395374][ T5951] pwc: recv_control_msg error -71 req 02 val 2900
[  439.409908][ T5951] pwc: recv_control_msg error -71 req 02 val 2800
[  439.430942][ T5951] pwc: recv_control_msg error -71 req 04 val 1100
[  439.438794][ T5951] pwc: recv_control_msg error -71 req 04 val 1200
[  439.447038][ T5951] pwc: Registered as video103.
[  439.454256][ T5951] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input74
[  439.480423][ T5951] usb 2-1: USB disconnect, device number 18
[  439.511592][ T5981] udevd[5981]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  439.619517][T12315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  439.630494][T12315] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  439.656091][  T982] usb 7-1: new full-speed USB device number 53 using dummy_hcd
[  439.818377][  T982] usb 7-1: unable to get BOS descriptor or descriptor too short
[  439.826618][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  439.836773][  T982] usb 7-1: not running at top speed; connect to a high speed hub
[  439.845472][ T5953] usb 3-1: new low-speed USB device number 21 using dummy_hcd
[  439.856491][  T982] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  439.873960][  T982] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  439.886206][  T982] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  439.899951][  T982] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  439.915052][  T982] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.925689][  T982] usb 7-1: Product: syz
[  439.929927][  T982] usb 7-1: Manufacturer: syz
[  439.942237][  T982] usb 7-1: SerialNumber: syz
[  439.950383][T12321] FAULT_INJECTION: forcing a failure.
[  439.950383][T12321] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.968663][T12321] CPU: 0 UID: 0 PID: 12321 Comm: syz.4.2129 Not tainted syzkaller #0 PREEMPT(full) 
[  439.968685][T12321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  439.968697][T12321] Call Trace:
[  439.968705][T12321]  <TASK>
[  439.968713][T12321]  dump_stack_lvl+0x189/0x250
[  439.968744][T12321]  ? __pfx____ratelimit+0x10/0x10
[  439.968769][T12321]  ? __pfx_dump_stack_lvl+0x10/0x10
[  439.968796][T12321]  ? __pfx__printk+0x10/0x10
[  439.968821][T12321]  ? __might_fault+0xb0/0x130
[  439.968851][T12321]  should_fail_ex+0x414/0x560
[  439.968876][T12321]  _copy_from_user+0x2d/0xb0
[  439.968905][T12321]  memdup_user+0x5e/0xd0
[  439.968930][T12321]  kvm_arch_vcpu_ioctl+0x1aa7/0x2a80
[  439.968958][T12321]  ? kvm_arch_vcpu_ioctl+0xcc3/0x2a80
[  439.968983][T12321]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  439.969013][T12321]  ? __lock_acquire+0xab9/0xd20
[  439.969052][T12321]  ? is_bpf_text_address+0x26/0x2b0
[  439.969078][T12321]  ? is_bpf_text_address+0x292/0x2b0
[  439.969096][T12321]  ? is_bpf_text_address+0x26/0x2b0
[  439.969118][T12321]  ? kernel_text_address+0xa5/0xe0
[  439.969136][T12321]  ? __kernel_text_address+0xd/0x40
[  439.969153][T12321]  ? unwind_get_return_address+0x4d/0x90
[  439.969176][T12321]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  439.969202][T12321]  ? arch_stack_walk+0xfc/0x150
[  439.969236][T12321]  ? stack_trace_save+0x9c/0xe0
[  439.969263][T12321]  ? stack_depot_save_flags+0x40/0x860
[  439.969297][T12321]  ? __lock_acquire+0xab9/0xd20
[  439.969323][T12321]  ? __mutex_trylock_common+0x153/0x260
[  439.969348][T12321]  ? __pfx___mutex_trylock_common+0x10/0x10
[  439.969375][T12321]  ? rcu_is_watching+0x15/0xb0
[  439.969396][T12321]  ? trace_contention_end+0x39/0x120
[  439.969419][T12321]  ? __mutex_lock+0x335/0x1350
[  439.969451][T12321]  ? kasan_quarantine_put+0xdd/0x220
[  439.969469][T12321]  ? lockdep_hardirqs_on+0x9c/0x150
[  439.969493][T12321]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  439.969512][T12321]  ? __pfx___mutex_lock+0x10/0x10
[  439.969545][T12321]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  439.969572][T12321]  ? do_vfs_ioctl+0xbe8/0x1430
[  439.969588][T12321]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  439.969611][T12321]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  439.969632][T12321]  kvm_vcpu_ioctl+0x74d/0xe90
[  439.969654][T12321]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  439.969693][T12321]  ? __fget_files+0x2a/0x420
[  439.969720][T12321]  ? __fget_files+0x3a0/0x420
[  439.969741][T12321]  ? __fget_files+0x2a/0x420
[  439.969766][T12321]  ? bpf_lsm_file_ioctl+0x9/0x20
[  439.969792][T12321]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  439.969808][T12321]  __se_sys_ioctl+0xfc/0x170
[  439.969829][T12321]  do_syscall_64+0xfa/0xfa0
[  439.969852][T12321]  ? lockdep_hardirqs_on+0x9c/0x150
[  439.969876][T12321]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.969892][T12321]  ? clear_bhb_loop+0x60/0xb0
[  439.969914][T12321]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  439.969931][T12321] RIP: 0033:0x7f1e5e78ebe9
[  439.969946][T12321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  439.969962][T12321] RSP: 002b:00007f1e5f583038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  439.969980][T12321] RAX: ffffffffffffffda RBX: 00007f1e5e9c5fa0 RCX: 00007f1e5e78ebe9
[  439.969993][T12321] RDX: 0000200000000040 RSI: 00000000c008ae88 RDI: 0000000000000005
[  439.970004][T12321] RBP: 00007f1e5f583090 R08: 0000000000000000 R09: 0000000000000000
[  439.970015][T12321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  439.970024][T12321] R13: 00007f1e5e9c6038 R14: 00007f1e5e9c5fa0 R15: 00007fff726ca7d8
[  439.970054][T12321]  </TASK>
[  440.345370][ T5953] usb 3-1: Invalid ep0 maxpacket: 32
[  440.353425][  T982] usb 7-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  440.362020][  T982] usb 7-1: 2:1 : no or invalid class specific endpoint descriptor
[  440.381798][  T982] usb 7-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  440.423269][  T982] usb 7-1: USB disconnect, device number 53
[  440.480328][ T5953] usb 3-1: new low-speed USB device number 22 using dummy_hcd
[  440.491234][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  440.681526][ T5953] usb 3-1: Invalid ep0 maxpacket: 32
[  440.687363][ T5953] usb usb3-port1: attempt power cycle
[  440.935305][  T982] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  441.025347][ T5953] usb 3-1: new low-speed USB device number 23 using dummy_hcd
[  441.045944][ T5953] usb 3-1: Invalid ep0 maxpacket: 32
[  441.100283][  T982] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  441.111553][  T982] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  441.120929][  T982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.129024][   T24] usb 7-1: new high-speed USB device number 54 using dummy_hcd
[  441.141952][  T982] usb 5-1: config 0 descriptor??
[  441.155688][  T982] pwc: Askey VC010 type 2 USB webcam detected.
[  441.175674][ T5953] usb 3-1: new low-speed USB device number 24 using dummy_hcd
[  441.196007][ T5953] usb 3-1: Invalid ep0 maxpacket: 32
[  441.201856][ T5953] usb usb3-port1: unable to enumerate USB device
[  441.315609][   T24] usb 7-1: Using ep0 maxpacket: 32
[  441.322415][   T24] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[  441.331712][   T24] usb 7-1: config 0 has no interface number 0
[  441.337897][   T24] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  441.350813][   T24] usb 7-1: config 0 interface 85 has no altsetting 0
[  441.359799][   T24] usb 7-1: New USB device found, idVendor=1aac, idProduct=0219, bcdDevice=f0.72
[  441.369823][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.377893][   T24] usb 7-1: Product: syz
[  441.382194][   T24] usb 7-1: Manufacturer: syz
[  441.386846][   T24] usb 7-1: SerialNumber: syz
[  441.393635][   T24] usb 7-1: config 0 descriptor??
[  441.515271][ T5909] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  441.560034][T12334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  441.568853][T12334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  441.578664][  T982] pwc: recv_control_msg error -32 req 02 val 2b00
[  441.588133][  T982] pwc: recv_control_msg error -32 req 02 val 2700
[  441.595092][  T982] pwc: recv_control_msg error -32 req 02 val 2c00
[  441.665515][ T5909] usb 2-1: Using ep0 maxpacket: 16
[  441.673173][ T5909] usb 2-1: unable to get BOS descriptor or descriptor too short
[  441.681866][ T5909] usb 2-1: config 250 has an invalid interface number: 88 but max is 0
[  441.690229][ T5909] usb 2-1: config 250 has no interface number 0
[  441.696571][ T5909] usb 2-1: config 250 interface 88 has no altsetting 0
[  441.705736][ T5909] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=cf.c9
[  441.714827][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.722940][ T5909] usb 2-1: Product: syz
[  441.727182][ T5909] usb 2-1: Manufacturer: syz
[  441.731817][ T5909] usb 2-1: SerialNumber: syz
[  441.736568][   T31] INFO: task syz.0.1350:9889 blocked for more than 143 seconds.
[  441.744622][   T31]       Not tainted syzkaller #0
[  441.749791][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  441.760725][   T31] task:syz.0.1350      state:D stack:27840 pid:9889  tgid:9888  ppid:5869   task_flags:0x400140 flags:0x00004004
[  441.772904][   T31] Call Trace:
[  441.776674][   T31]  <TASK>
[  441.779745][   T31]  __schedule+0x1798/0x4cc0
[  441.784405][   T31]  ? __lock_acquire+0xab9/0xd20
[  441.789408][   T31]  ? __lock_acquire+0xab9/0xd20
[  441.794301][   T31]  ? __pfx___schedule+0x10/0x10
[  441.799353][   T31]  ? schedule+0x91/0x360
[  441.803617][   T31]  schedule+0x165/0x360
[  441.811679][   T31]  schedule_preempt_disabled+0x13/0x30
[  441.813393][  T982] pwc: recv_control_msg error -71 req 04 val 1300
[  441.824558][   T24] usb 7-1: USB disconnect, device number 54
[  441.830698][   T31]  __mutex_lock+0x7e6/0x1350
[  441.837508][  T982] pwc: recv_control_msg error -71 req 04 val 1400
[  441.838315][   T31]  ? __mutex_lock+0x5bb/0x1350
[  441.845354][  T982] pwc: recv_control_msg error -71 req 02 val 2000
[  441.853463][   T31]  ? bdev_open+0xe0/0xd30
[  441.859145][  T982] pwc: recv_control_msg error -71 req 02 val 2100
[  441.867510][  T982] pwc: recv_control_msg error -71 req 04 val 1500
[  441.878980][  T982] pwc: recv_control_msg error -71 req 02 val 2500
[  441.880402][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  441.886039][  T982] pwc: recv_control_msg error -71 req 02 val 2400
[  441.898607][  T982] pwc: recv_control_msg error -71 req 02 val 2600
[  441.909068][  T982] pwc: recv_control_msg error -71 req 02 val 2900
[  441.916158][   T31]  ? __pfx_bd_prepare_to_claim+0x10/0x10
[  441.916349][  T982] pwc: recv_control_msg error -71 req 02 val 2800
[  441.927398][   T31]  ? alloc_file_pseudo_noaccount+0x203/0x2c0
[  441.930131][  T982] pwc: recv_control_msg error -71 req 04 val 1100
[  441.938439][   T31]  ? disk_block_events+0xab/0x120
[  441.942089][  T982] pwc: recv_control_msg error -71 req 04 val 1200
[  441.946520][   T31]  ? bdev_open+0xbe/0xd30
[  441.960508][  T982] pwc: Registered as video103.
[  441.970693][  T982] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input75
[  441.983000][   T31]  bdev_open+0xe0/0xd30
[  441.991194][  T982] usb 5-1: USB disconnect, device number 11
[  442.003756][   T31]  bdev_file_open_by_dev+0x1be/0x240
[  442.015638][ T5909] qmi_wwan 2-1:250.88: bogus CDC Union: master=0, slave=0
[  442.019856][   T31]  setup_bdev_super+0x5a/0x5b0
[  442.042499][   T31]  get_tree_bdev_flags+0x366/0x4d0
[  442.046577][ T5909] qmi_wwan 2-1:250.88: probe with driver qmi_wwan failed with error -22
[  442.068353][   T31]  ? __pfx_udf_fill_super+0x10/0x10
[  442.083615][   T31]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  442.093895][   T31]  vfs_get_tree+0x8f/0x2b0
[  442.101569][   T31]  do_new_mount+0x302/0xa10
[  442.106604][   T31]  ? apparmor_capable+0x137/0x1b0
[  442.114241][   T31]  ? __pfx_do_new_mount+0x10/0x10
[  442.122644][ T5909] usb 2-1: USB disconnect, device number 19
[  442.137307][   T31]  ? ns_capable+0x8a/0xf0
[  442.141690][   T31]  ? kmem_cache_free+0x19a/0x690
[  442.149684][   T31]  __se_sys_mount+0x313/0x410
[  442.154395][   T31]  ? __pfx___se_sys_mount+0x10/0x10
[  442.159927][   T31]  ? do_syscall_64+0xbe/0xfa0
[  442.166464][   T31]  ? __x64_sys_mount+0x20/0xc0
[  442.171277][   T31]  do_syscall_64+0xfa/0xfa0
[  442.176027][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  442.181264][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.187445][   T31]  ? clear_bhb_loop+0x60/0xb0
[  442.192147][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.198110][   T31] RIP: 0033:0x7fe960b8ebe9
[  442.202551][   T31] RSP: 002b:00007fe9619b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  442.211024][   T31] RAX: ffffffffffffffda RBX: 00007fe960dc5fa0 RCX: 00007fe960b8ebe9
[  442.220874][   T31] RDX: 0000200000000240 RSI: 0000200000000040 RDI: 0000200000000080
[  442.228949][   T31] RBP: 00007fe960c11e19 R08: 0000000000000000 R09: 0000000000000000
[  442.236973][   T31] R10: 0000000002208080 R11: 0000000000000246 R12: 0000000000000000
[  442.244981][   T31] R13: 00007fe960dc6038 R14: 00007fe960dc5fa0 R15: 00007ffd3a5b34b8
[  442.252998][   T31]  </TASK>
[  442.259372][   T31] 
[  442.259372][   T31] Showing all locks held in the system:
[  442.270576][   T31] 1 lock held by khungtaskd/31:
[  442.281154][   T31]  #0: ffffffff8e53c560 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  442.292440][   T31] 3 locks held by kworker/1:2/982:
[  442.299149][   T31]  #0: ffff8880212b5548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  442.310719][   T31]  #1: ffffc9000387fba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  442.322946][   T31]  #2: ffff888145320198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  442.351963][   T31] 2 locks held by getty/5626:
[  442.359100][   T31]  #0: ffff88814d84e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  442.372251][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  442.382830][   T31] 1 lock held by udevd/5860:
[  442.387768][   T31] 2 locks held by kworker/0:5/5953:
[  442.393020][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  442.403429][   T31]  #1: ffffc900045bfba0 ((work_completion)(&(&ssp->srcu_sup->work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  442.416824][   T31] 1 lock held by udevd/6053:
[  442.421413][   T31]  #0: ffff888142f7e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  442.430742][   T31] 2 locks held by syz.0.1350/9889:
[  442.437363][   T31]  #0: ffff8880226ba0e0 (&type->s_umount_key#86/1){+.+.}-{4:4}, at: alloc_super+0x1bb/0x930
[  442.447596][   T31]  #1: ffff888142f7e358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  442.461576][   T31] 1 lock held by syz.1.2137/12337:
[  442.467024][   T31]  #0: ffffffff8e541ec0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  442.479160][   T31] 
[  442.481501][   T31] =============================================
[  442.481501][   T31] 
[  442.490270][   T31] NMI backtrace for cpu 1
[  442.490286][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  442.490306][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  442.490317][   T31] Call Trace:
[  442.490325][   T31]  <TASK>
[  442.490333][   T31]  dump_stack_lvl+0x189/0x250
[  442.490367][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  442.490394][   T31]  ? __pfx__printk+0x10/0x10
[  442.490432][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  442.490455][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  442.490478][   T31]  ? __pfx__printk+0x10/0x10
[  442.490528][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  442.490550][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  442.490593][   T31]  watchdog+0xf60/0xfa0
[  442.490617][   T31]  ? watchdog+0x1e2/0xfa0
[  442.490642][   T31]  kthread+0x711/0x8a0
[  442.490683][   T31]  ? __pfx_watchdog+0x10/0x10
[  442.490700][   T31]  ? __pfx_kthread+0x10/0x10
[  442.490727][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  442.490750][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  442.490773][   T31]  ? __pfx_kthread+0x10/0x10
[  442.490800][   T31]  ret_from_fork+0x47c/0x820
[  442.490823][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  442.490850][   T31]  ? __switch_to_asm+0x39/0x70
[  442.490868][   T31]  ? __switch_to_asm+0x33/0x70
[  442.490885][   T31]  ? __pfx_kthread+0x10/0x10
[  442.490911][   T31]  ret_from_fork_asm+0x1a/0x30
[  442.490945][   T31]  </TASK>
[  442.490952][   T31] Sending NMI from CPU 1 to CPUs 0:
[  442.641440][    C0] NMI backtrace for cpu 0
[  442.641455][    C0] CPU: 0 UID: 0 PID: 3485 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  442.641473][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  442.641484][    C0] Workqueue: bat_events batadv_nc_worker
[  442.641507][    C0] RIP: 0010:__lock_acquire+0x84a/0xd20
[  442.641525][    C0] Code: e2 44 01 f9 41 29 d7 89 d6 c1 c6 06 44 31 fe 01 ca 89 f0 c1 c0 08 29 f1 31 c8 01 d6 29 c2 89 c1 c1 c1 10 31 d1 01 f0 41 89 cf <41> c1 c7 13 29 ce 41 31 f7 01 c1 44 29 f8 44 01 f9 41 c1 c7 04 41
[  442.641538][    C0] RSP: 0018:ffffc9000c5678d0 EFLAGS: 00000817
[  442.641551][    C0] RAX: 000000004d9de8a3 RBX: 0000000000000002 RCX: 000000003fcd0e6c
[  442.641562][    C0] RDX: 00000000ba98ae9e RSI: 00000000acab634e RDI: ffff8880302ddac0
[  442.641572][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8b574d72
[  442.641582][    C0] R10: dffffc0000000000 R11: ffffffff8b574ca0 R12: 00000000e9f8e3b5
[  442.641596][    C0] R13: ffff8880302de5f0 R14: ffff8880302de640 R15: 000000003fcd0e6c
[  442.641607][    C0] FS:  0000000000000000(0000) GS:ffff8881257b3000(0000) knlGS:0000000000000000
[  442.641619][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  442.641630][    C0] CR2: 00005561f0302cb8 CR3: 00000000246fe000 CR4: 00000000003526f0
[  442.641643][    C0] DR0: fffffffffffffff8 DR1: 0000000000000006 DR2: 0200000000000000
[  442.641653][    C0] DR3: 0000000000000003 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  442.641663][    C0] Call Trace:
[  442.641668][    C0]  <TASK>
[  442.641678][    C0]  ? batadv_nc_worker+0xd2/0x610
[  442.641694][    C0]  lock_acquire+0x120/0x360
[  442.641708][    C0]  ? batadv_nc_worker+0xd2/0x610
[  442.641728][    C0]  ? batadv_nc_worker+0xd2/0x610
[  442.641744][    C0]  ? batadv_nc_worker+0xd2/0x610
[  442.641760][    C0]  batadv_nc_worker+0xef/0x610
[  442.641775][    C0]  ? batadv_nc_worker+0xd2/0x610
[  442.641793][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  442.641810][    C0]  process_scheduled_works+0xae1/0x17b0
[  442.641837][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  442.641860][    C0]  worker_thread+0x8a0/0xda0
[  442.641878][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  442.641900][    C0]  ? __kthread_parkme+0x7b/0x200
[  442.641921][    C0]  kthread+0x711/0x8a0
[  442.641942][    C0]  ? __pfx_worker_thread+0x10/0x10
[  442.641958][    C0]  ? __pfx_kthread+0x10/0x10
[  442.641978][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  442.641996][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  442.642015][    C0]  ? __pfx_kthread+0x10/0x10
[  442.642035][    C0]  ret_from_fork+0x47c/0x820
[  442.642052][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  442.642071][    C0]  ? __switch_to_asm+0x39/0x70
[  442.642087][    C0]  ? __switch_to_asm+0x33/0x70
[  442.642101][    C0]  ? __pfx_kthread+0x10/0x10
[  442.642121][    C0]  ret_from_fork_asm+0x1a/0x30
[  442.642143][    C0]  </TASK>
[  442.927074][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  442.933972][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  442.943085][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  442.953131][   T31] Call Trace:
[  442.956399][   T31]  <TASK>
[  442.959325][   T31]  dump_stack_lvl+0x99/0x250
[  442.963923][   T31]  ? __asan_memcpy+0x40/0x70
[  442.968517][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  442.973714][   T31]  ? __pfx__printk+0x10/0x10
[  442.978344][   T31]  vpanic+0x237/0x6d0
[  442.982343][   T31]  ? __pfx_vpanic+0x10/0x10
[  442.986860][   T31]  ? preempt_schedule_common+0x83/0xd0
[  442.992337][   T31]  panic+0xb9/0xc0
[  442.996050][   T31]  ? __pfx_panic+0x10/0x10
[  443.000458][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  443.005827][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  443.011977][   T31]  watchdog+0xf9f/0xfa0
[  443.016129][   T31]  ? watchdog+0x1e2/0xfa0
[  443.020468][   T31]  kthread+0x711/0x8a0
[  443.024533][   T31]  ? __pfx_watchdog+0x10/0x10
[  443.029198][   T31]  ? __pfx_kthread+0x10/0x10
[  443.033789][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  443.038995][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  443.044220][   T31]  ? __pfx_kthread+0x10/0x10
[  443.048808][   T31]  ret_from_fork+0x47c/0x820
[  443.053393][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  443.058502][   T31]  ? __switch_to_asm+0x39/0x70
[  443.063259][   T31]  ? __switch_to_asm+0x33/0x70
[  443.068016][   T31]  ? __pfx_kthread+0x10/0x10
[  443.072625][   T31]  ret_from_fork_asm+0x1a/0x30
[  443.077397][   T31]  </TASK>
[  443.080734][   T31] Kernel Offset: disabled
[  443.085070][   T31] Rebooting in 86400 seconds..