last executing test programs:

18.273879652s ago: executing program 2 (id=675):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
eventfd2(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000440)='net/sctp\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r1], 0x24}}, 0x0)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000b40), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000040)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x20, r2, 0x786b6295d7f1977, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_DEVKEY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x18001}, 0x40040)
pipe2$9p(&(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f00000005c0)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r6 = dup(r5)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000140)={0x6}, 0x10)
write(r7, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="28000000100001000200000000858abf00000000", @ANYRES32=0x0, @ANYBLOB="000000000101040008001b00"], 0x28}}, 0x0)
write$FUSE_DIRENTPLUS(r6, &(0x7f0000000440)=ANY=[@ANYBLOB="b0000000"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6])

12.6971963s ago: executing program 2 (id=688):
sched_setscheduler(0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80140, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x2c9ab000)
fadvise64(r2, 0x2, 0x106, 0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x1000) (fail_nth: 7)

11.570979493s ago: executing program 2 (id=695):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, 0x0, 0x20004004)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) (fail_nth: 5)
mmap$xdp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000007, 0x10, 0xffffffffffffffff, 0x80000000)

7.131722718s ago: executing program 3 (id=705):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000600)={0x29, 0x1, 0x3, "ff050000007eefad00000001ffffffff000000000000000000000900", 0x32314d4e})

6.847709434s ago: executing program 3 (id=708):
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x12000, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window], 0x3)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xce)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYRESDEC=r2, @ANYBLOB="3f9d00000000fedbdf251700000008000300", @ANYRES32=r3, @ANYBLOB="d713459a7a0500020000000000"], 0x3c}}, 0x0)
bind$ax25(r1, &(0x7f0000000380)={{0x3, @default, 0x2}, [@default, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x48)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$sock_ifreq(r4, 0x89f0, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})
r5 = dup(r1)
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r6, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r6, &(0x7f0000002080)={0x2, 0x0, {&(0x7f00000006c0)=""/151, 0x97, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r6, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000002780)=""/254, 0xfe, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r6, &(0x7f0000000040)={0x2, 0x0, {&(0x7f0000000b40)=""/263, 0x12b, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r6, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xfe65, 0x0, 0x3, 0x2}}, 0x48)
write$vhost_msg_v2(r6, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/107, 0x6b, 0x0, 0x0, 0x3}}, 0x48)
read$proc_mixer(r5, &(0x7f0000000100)=""/25, 0x19)
mmap(&(0x7f00001d4000/0x1000)=nil, 0x1000, 0x100000e, 0x810, r1, 0xf6d0e000)
syz_open_dev$vcsa(&(0x7f0000000000), 0x4, 0x20800)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
madvise(&(0x7f000016f000/0x3000)=nil, 0x3000, 0x19)
socket$nl_route(0x10, 0x3, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r4, 0xc0046686, &(0x7f0000000200)={0x0, 0x7c, "7a9adfd68318917e06539503c1fa47644ae74bd58ac7f3e44d1b1eaf258b8a4d99a1a68174d80f3ea721e82765630b8f98ff1bd08c076738c51a2659584b88e93f779acf8a36a3b85842c616bf8b9e24f0e31527fe49a9c55d3be94f90cf730179fd921aa4a83f1e6bc638c29eca4ab96ff5e7ece8cc2bb3399e7e48"})

6.042591513s ago: executing program 2 (id=713):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000bc0)=[{{&(0x7f00000000c0)={0xa, 0xe20, 0x1, @local, 0x7}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000002700)="89", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r1, 0x1)
getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000100)={0x0, 0x9, 0x80000000, 0xd7c7}, &(0x7f0000000140)=0x10)
r2 = dup(r0)
r3 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_usb_connect(0x0, 0x52, &(0x7f0000000080)=ANY=[@ANYBLOB="12015002369d7b10210435032c56010203010902400001070870bc090430fc0002feff09052406000005240002000d240f010e00000004000900010524"], &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0})
syz_open_dev$tty20(0xc, 0x4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x2642, 0x0)
writev(r7, &(0x7f0000000180)=[{&(0x7f0000000040)="93d90400000300", 0x7}, {&(0x7f0000000140)}], 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'veth1_vlan\x00', <r9=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@delneigh={0x28, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r9, 0x80, 0x2}, [@NDA_LLADDR={0xa}]}, 0x28}}, 0x0)
close(0x3)
ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000000c0)={0x40, 0x202000000000000})
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESDEC=r0])
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
acct(&(0x7f00000001c0)='./file0\x00')

5.851113331s ago: executing program 3 (id=714):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYRES32], 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a0000"], &(0x7f00000001c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x5, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x1e50, &(0x7f0000000140)={0x0, 0x5883, 0x4000, 0x0, 0xed}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
open(&(0x7f0000000640)='./file1\x00', 0x0, 0x11)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00'}, 0x10)
r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r8 = open(&(0x7f00000000c0)='.\x00', 0x101800, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r8, &(0x7f0000000100)='./file0\x00')
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5)
setsockopt$inet6_tcp_int(r9, 0x6, 0x1e, &(0x7f0000000000)=0x8, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r7, 0x40049366, &(0x7f0000000180))
syz_usb_control_io(r0, &(0x7f0000000200)={0x2c, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="000357000000570348349272058d037ab6fac020b50af3fa28785ad796a278ed0898f3edcd5f6248bed277fb71f824001b074ebe5a7acc5d3db8a5cc06ef6622cd09df268b1d37133afbe28b87de39f8470000cd7c3b332699247b5f6b"], 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6c, 0x60, 0x5, 0x7, 0x48, 0xc, 0xc}}}, &(0x7f0000000740)={0x84, &(0x7f0000000240)={0x40, 0x0, 0x78, "30e596797560f095a426e9f49c1369915c4cdbcae0f5a28a3e6dfabb5758ba2e9cc9bc3b185a769caf6ea39767deae6df3c47272b5e2ea920668638552f608460319a686cc26b92d219c8bd3b8ec8527f1f82532ab24487b081596bef54eac5d8bb8a05ee7816478f15688be301a5524b5e453c437cfc6c7"}, 0x0, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f00000005c0)=ANY=[@ANYBLOB="200004000000e001200098b7100d54db7c58ca27f583245b5eeeb465e0eee7a0822370c9dd9587331b"], &(0x7f0000000400)={0x40, 0x7, 0x2, 0x4}, &(0x7f0000000440)={0x40, 0x9, 0x1}, &(0x7f0000000480)={0x40, 0xb, 0x2, "11b7"}, &(0x7f00000004c0)={0x40, 0xf, 0x2, 0x3}, &(0x7f0000000500)={0x40, 0x13, 0x6, @remote}, &(0x7f0000000540)={0x40, 0x17, 0x6, @random="c917e312bbe6"}, 0x0, &(0x7f0000000600)={0x40, 0x1a, 0x2, 0x84c4}, &(0x7f0000000680)={0x40, 0x1c, 0x1, 0x8}, 0x0, &(0x7f0000000700)={0x40, 0x21, 0x1, 0x9}})

5.443375288s ago: executing program 4 (id=715):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) (async)
r1 = syz_open_dev$loop(&(0x7f00000002c0), 0x1, 0xa0182)
ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

5.414286051s ago: executing program 0 (id=716):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000007d00)={0x14, 0x24, 0x301, 0x0, 0x0, {0x1f}}, 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)

5.087386432s ago: executing program 4 (id=717):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000180)='so\xcc\xefurc\x16', &(0x7f0000000040)='c:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14<L\x19K\xbf\xf7\x9c\xe7 \x12+4.\xa9\xa7\xdc[\xd2\xec\xbe\x1a\xa1\x04\xd3\x9e\x92\x8a\xf7\xdb\xe7f\xdeo\xc1\xa5\xb6T\r)\x1c\xbe\x12\xd1\xef\xc2S\xcci\xc8\x0e\x00]\xe6|\xccK\xc7\r\xfa \x02\xe8\x1b\xc1\x93\xce\x02%\x86\xcb\x94K\v\xe7x\xe3\x06[/\xf9\xa8\x82\x9b\xeeF\x88\xc0f\x82\xb7T\r\x04\xbb\x10\x1d3\xa6', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r1, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev}]}}}]}, 0x38}}, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='1', 0x1, 0x40081, &(0x7f0000000200)={0x11, 0x6, r1, 0x1, 0x0, 0x6, @local}, 0x14)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000780), &(0x7f00000007c0)=0x4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000800)={0x0, @remote, @loopback}, &(0x7f0000000840)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000880)={'macvtap0\x00'})
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f0000000080), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
sendmsg$can_bcm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="0500000000e0ffffffffffff", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001"], 0x48}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x1d, r3}, 0x10, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES32=r2], 0x48}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x2, [@TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x200}, @TCA_FQ_PIE_BYTEMODE={0x8, 0xb, 0x1}]}}]}, 0x44}}, 0x8004)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000008c0))
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
getpeername$packet(r8, &(0x7f0000000000)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r7, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r9}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000980)={'ip6gre0\x00', &(0x7f0000000900)={'syztnl0\x00', 0x0, 0x2f, 0xb, 0xf, 0x1257, 0xf, @local, @dev={0xfe, 0x80, '\x00', 0x42}, 0x80, 0x40, 0x4, 0x486}})
sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f00000010c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001080)={&(0x7f00000009c0)={0x14, 0x0, 0x4, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x90)
r10 = gettid()
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000140)='ceph\x00', &(0x7f00000001c0)="e536", 0x2)
tkill(r10, 0xb)

3.707416921s ago: executing program 4 (id=718):
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x1058, 0x18, &(0x7f0000000440)={@flat=@weak_handle={0x77682a85, 0x1100, 0x1}, @flat=@binder={0x73622a85, 0xa, 0xffffffffffffffff}, @flat=@weak_binder={0x77622a85, 0x1000, 0x2}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140))
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x479af, 0x1, 0x7fff, 0x263}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0))
syz_io_uring_submit(r4, r5, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002700)=""/4088, 0xff8}], 0x1)
migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa)
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, 0x0, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[], 0xf8}}, 0x0)

3.489729175s ago: executing program 0 (id=719):
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000080)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xfffffffffffffff9}}, './file0\x00'})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="9febd90102180000000000000900"/26], &(0x7f00000003c0)=""/214, 0x1a, 0xd6, 0x9, 0x4000}, 0x28)
r0 = socket$inet6(0xa, 0x800, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x8, @local, 0x6}, 0x32)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r1, 0x84, 0x80, &(0x7f00000002c0)="1a00000002000100", 0x8)
setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000140)=0x4, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

3.347681976s ago: executing program 1 (id=720):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000140)=ANY=[@ANYRES16=<r3=>r2])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYRES32=r3])

3.216988602s ago: executing program 4 (id=721):
r0 = socket(0x2, 0x80805, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x63b5, &(0x7f0000006680))
open_by_handle_at(r0, &(0x7f0000000000)=@reiserfs_5={0x14, 0x5, {0x200, 0x8e, 0x7b9, 0x8, 0xff}}, 0x400000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x68, 0x14, 0xf0b, 0x1, 0x0, {0x2, 0x0, 0x0, 0x0, {0xffe0, 0xa}, {0xb, 0x2}, {0x4}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0xfa, 0xa, 0x0, 0x3, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0x0, 0x4, 0x7, 0x9, 0x1, 0x0, 0x3}}, {0x4}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000090}, 0x4040480)
listen(r0, 0xb)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000008400000005"], 0x30, 0x4040}], 0x1, 0x0)

2.834623199s ago: executing program 1 (id=722):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000022c0)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000020000000a0000000000000e05000000000000000000f0d13d54d6c6d9f089d8e8ec149da62142cd0a1f27ea66a50a3012a621c42a37"], 0x0, 0x2a, 0x0, 0x0, 0x2, 0x10000}, 0x28)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000300)={0x1, @sdr={0x31303553, 0x4}}) (async)
keyctl$chown(0x6, 0x0, 0x0, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000002200)={0x5, 0x0, [{0x5000, 0x0, &(0x7f00000010c0)}, {0x10000, 0x0, &(0x7f0000001100)}, {0x2, 0x1000, &(0x7f0000001140)=""/4096}, {0xeeef0000, 0x50, &(0x7f0000002140)=""/80}, {0x4000, 0x5, &(0x7f00000021c0)=""/9}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) (async)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r7}, 0x10)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000020000006d0500000300000002000000", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="00000001001b0100"/27], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r8}, 0x38) (async)
r9 = openat$null(0xffffffffffffff9c, &(0x7f0000001100), 0x10001, 0x0)
lseek(r9, 0x0, 0x1)
unshare(0x20000400)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/consoles\x00', 0x0, 0x0)
preadv(r10, &(0x7f0000000000)=[{&(0x7f0000000080)=""/4080, 0xff0}], 0x0, 0x33, 0x0)
ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x400}, {}], 0x2, 0x0, 0x0, 0x0)

2.707558991s ago: executing program 0 (id=723):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
creat(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="440000000a0605000000000000000000010000050900020073797a30000000000500010007000000080009400000000114000880100007800a001100aa5a"], 0x44}, 0x1, 0x0, 0x0, 0x8040}, 0x44000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000180)="000000000000000022385ba986dd", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x20, r6, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0xfffffffffffffd42, 0x1, 0xfffffff9}]}]}, 0x20}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f0000000680)={0x188, r6, 0x800, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xc}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x401}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8c0d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}]}, @TIPC_NLA_BEARER={0x4}, @TIPC_NLA_BEARER={0x94, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'eth', 0x3a, 'veth0_to_hsr\x00'}}, @TIPC_NLA_BEARER_NAME={0xb, 0x1, @l2={'ib', 0x3a, 'wg0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x9817, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x4}}}}]}, @TIPC_NLA_LINK={0x5c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x44}, 0x20004004)

2.593498851s ago: executing program 3 (id=724):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000001140)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001100)={&(0x7f00000010c0)=@ipv6_getanyicast={0x14, 0x3e, 0x300, 0x70bd2c, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x800)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000011c0)=[@in={0x2, 0x4e23, @private=0xa010100}]}, &(0x7f0000000180)=0x10)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x953c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f0000001280)=""/4106, &(0x7f0000001040)=0x100a)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001200)=ANY=[@ANYBLOB="1900000004000000080000000b00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000e7fffffffcff2336c61a0b95734093c32b4c", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3}, 0xc)
r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000001c0)=0x2)
r5 = socket(0x10, 0x803, 0x0)
mkdir(&(0x7f0000000340)='./file0\x00', 0x8)
rename(&(0x7f00000006c0)='./file0\x00', &(0x7f0000000700)='./file0/file0\x00')
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000000c0)={'team_slave_1\x00', &(0x7f0000000240)=@ethtool_link_settings={0x4d, 0x97, 0x6, 0x80, 0x5, 0x80, 0x4, 0x8, 0x6, 0x4, [0x8, 0x6, 0x81, 0x7ff, 0xc90, 0xaf5, 0x6], [0x0, 0x200, 0x1, 0x5, 0x80000]}})
sendto$inet(0xffffffffffffffff, &(0x7f00000003c0)="cc4d5a3d3543f81142b3964bd371f1ff54e322ffda8d5bdad89810548e070556864e0a3cec633194d4afbd455332ed26d1fd344c41a1e47e9d1fcaf1a4c3ce93f459e7ac590f979be58f7453fb2bfebc9532f6334db19375c22685c8e06e1ac7dd2d6236c8393ee901c431d351766757e597c751da3aeb3482aeaa9662783c7db15928ebe57675a59c1e0f86d63aab6600eb7737d03c2ff46bdfe92a1553546c46b8fe155bcde8c607738f514e07b9dcb7a09094ee19be473b91deb1f38a6e09866291562e394d8e428e0d926cce2725a804f84a4017353925aae9087da58394a21986320f72ee3a4f9520401180e3c94a1c919a90757fa0ef53d06043ab", 0xfe, 0x88c4, 0x0, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x23)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSF2(r7, 0x402c542d, &(0x7f0000001180)={0x43, 0x9, 0x7, 0x4, 0x5, "7afc64ec2e1bd09e80adf5151942cb056e3a6b", 0x9, 0x3})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c00000010001fff2dbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0080000000000000240012800b00010067726574617000001400028008000700ac1414aa08000100", @ANYRES32=r6, @ANYBLOB="0807fe33", @ANYRES32=r6, @ANYBLOB], 0x4c}, 0x1, 0x0, 0x0, 0x4048800}, 0xc850)

2.475659252s ago: executing program 1 (id=725):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240020001a0001000000ff7f0000000080200000", @ANYRES32=0x0, @ANYRES32=r0], 0x24}}, 0x0)

2.271674605s ago: executing program 2 (id=726):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYRESHEX=r0], 0x38}, 0x1, 0x0, 0x0, 0x44040}, 0xe000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2}, &(0x7f00000001c0), &(0x7f0000000340)=r3}, 0x20)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r4, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001a80)={0x18, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000018c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r5}, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f00000025c0), r6)
sendmsg$NL802154_CMD_GET_SEC_KEY(r6, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000026c0)={&(0x7f0000002680)={0x14, r7, 0xb11, 0x401, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x24000000)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, 0x0, 0x0)
r9 = fanotify_init(0x200, 0x0)
r10 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f00000000c0)={0x30000015})
setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000100)={{0x84, @empty, 0x4e23, 0x3, 'sh\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x10000, 0xc24, 0x9, 0xfffffffb}}, 0x44)

2.271345299s ago: executing program 0 (id=727):
r0 = fanotify_init(0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r0, 0x641, 0x48001018, r1, 0x0)
fanotify_mark(r0, 0x441, 0x4800001b, r1, 0x0)

2.197425525s ago: executing program 1 (id=728):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000006c0)='\r', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000640)="e3c7b1a7ede708d25165188ee78cddef28630c1c98588beeb7e8892f361bfb39baa334f484ef0622ff258f89771bd88654704574626544693642320f18aaa710a87e4f61a881af6259d7fc5ef2d442f07243e0c0f4cbefcec8de4bf35cccc03e667fbb23c41d2ffa34e21a989b68957a779c9466fc4d8f0a193c661587cba119", 0x80}, {&(0x7f00000007c0)="34bf15654463c3be39a28c61bb95f5d6fc1aba5e37b02db7cbb98cabc6dd7a57f867adb98bf148732dc2b5301b9b16c0b43a1a009dd185fd0862ed5572a1887117b2adc7a1c982e56f1bce0e0afd3c21417aafc20fce885c54a93dc7358cc4e36f1a47d893dba96f75527452ad09c98a5ebf", 0x72}, {&(0x7f0000000840)="2dd79e0f1e05a2c0804b6a9251c52655fa0f8462e1d0bc3aa7463d4889f9257e13456b7ea0fabac22a348c63eb4e0a8fdef8bfe485ef94eb0ee172c71026714f281b59874c2cffcb058c6b9b33aba80f5f54993425b661531e563d7c728fd57c2cb50621419ee79b538dbdab2841024a674000b496a953293f69b2f4a76d506602dd0a67dc38b67f1711716da49a82d2320eea98a5840bb44c63e38c977dfa92fb82faf42733", 0xa6}, {&(0x7f0000000900)="08ef74923496b602343d0f599f56b5a69feb79ed5e7fb268cf88e65e8aa452900b82c9b4d80a1c3c03801dfb1293ca344f8f36fea96f644009295054a1c385bd00896ab357f8d8d08845a8d5cbbf82cc3beebd444cff06c6ef8eafffd76908801f9dfa3e758514832d0fb289faaf8ccbdd4f1eddb9e0b3b74462b758a254ef7073ccffba4baf63deda2e2380f31abe2ab032c45269c0feff1f83541c015e6694da53dc8a4e5926bd447261876b8f20f65a2e60e67068794036451ad0fd2b637a6226e14544eeae1e8e10fe5faa5503b42fba32f070", 0xd5}, {&(0x7f0000000a40)="e20ecc735d37e3ad8f508b91668183b5be0aef5c86d3d3e804b914641d03424c94b3339bc48c0e46df5369f7e0ecc96a23274cdda6055ecfa4d0cec086916377409abdcb7c6373e5a0d3ce9386f9e747e247247ac587f1e19b24be2fca60d5bd5652ca8f30d2a93079b353f4374bfbc5fb9e1e2651bb7de4f4b1b6227f1185849766c0ffcd336c3c582d3730720fb437e2", 0x91}, {&(0x7f0000000b00)="b31184081ef023f747d7726af5cf9824a0ad5c546da7d1034cd4afc1c2429ed89a1c03b17f41545b0ef5ed2a1467f206f00e6196bd8bdb33c7bb3451ac294dde7bc1b6083f072a7b996d5fc87dc4becb19bd54474b543ee4495239357ade8c5819862488f8766c4dc4e5e968e0b844", 0x6f}, {&(0x7f0000000b80)="a40d430db2f2d5f526647cf0ef3f3b6e5d55fdb76be519b3ad8280c3975af8b97f7bf8630dae9842b9a49fb30a7018371ce3c20c097019218bb00576b40988cf4761190b11ce741d3ab7a080046fbf23d0c44ba2b0d8fa62329dc6fa5996e7692274b3cd33a8c86fe4e071a2b5ad1cc74fa3c275354de95f7eb0cef88530b9319186d46844ebb93513ba", 0x8a}, {&(0x7f0000002580)="84c0c8e9301405a28f8ae7a5fc02631476eb12caabb86ae2ace3a4a57a72b114b8ea1296409c20d9043aeaf5ac54e6c67670bc3cbec572db9d857bd02832ce8223e05b2824488341d6a53a46a000aef08dd8304db87ba68832966931f7c5fc0a7e9831362eac08f69755f830b7fd27c3c496033938a581c0543f07601bb2d3f546e8d00df19da10338a8d941ba3f3f70f2f4e14b02ea19b0d9aa584a7d171283efeab984079b7bb27e0aa4524d5fc74019c004d65f5e8b83761b4cfc810645ae1cc66df361a7a3d15f14d733175a7d17f0a8b557df6abb51262dc83151ab0bbc7994a53e7a3a2b0e2ff72c6d163ab2c9a2d71ad52c3617013556a228ca7c1cad54", 0x101}], 0x8}}], 0x2, 0x0)

1.995659859s ago: executing program 0 (id=729):
r0 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000008, 0x20010, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0xd4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$USBDEVFS_CONNECTINFO(r5, 0x8004550f, 0x0)
userfaultfd(0x0)
r6 = syz_open_dev$vim2m(&(0x7f0000000180), 0xa, 0x2)
r7 = syz_open_dev$vivid(&(0x7f0000000100), 0x3, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f0000000300)={0x9, 0x81, 0x5, {0x4, @sliced={0x6000, [0x0, 0x9, 0x7, 0x1, 0x7, 0xef, 0x0, 0x4, 0x39c, 0x3, 0x1, 0xffa6, 0x0, 0x3, 0xfff9, 0xfc18, 0x0, 0x3, 0xc06, 0x6e, 0x81, 0x6, 0x6, 0x5, 0x1, 0x3, 0x6, 0xa2, 0x101, 0x0, 0x3, 0x8, 0x2ce, 0x3, 0x9, 0x5, 0x8, 0x9, 0x400, 0x1, 0x7, 0x9, 0x48, 0x401, 0x5, 0x8, 0x6, 0x6], 0x1}}, 0xf9})
ioctl$vim2m_VIDIOC_ENUM_FMT(r6, 0xc0405602, &(0x7f0000000880)={0x10, 0x2, 0x3, "bc3e099e23000600000000000000000000c70f00", 0x34343452})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000200)="5e73663bf4082f7c6cbecbf09d6dd7be5a4563f329c16f799d1836bfc45a7badc8faed24bb77c848723ad00fb243c3111dda42112650cc00", 0x0, 0x48)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000), &(0x7f00000000c0))

1.897956133s ago: executing program 1 (id=730):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000002240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0) (async)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
r3 = socket$unix(0x1, 0x5, 0x0)
fstatfs(r3, &(0x7f0000000000)) (async)
write$cgroup_devices(r2, &(0x7f0000000200)=ANY=[@ANYBLOB='b *:* rm'], 0x9)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r0, &(0x7f0000005900)=[{{0x0, 0x0, &(0x7f0000002280)=[{&(0x7f0000002380)=""/190}]}, 0x3}, {{&(0x7f0000002440)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x0, &(0x7f00000022c0)=[{&(0x7f00000024c0)=""/221}, {&(0x7f00000025c0)=""/4096}], 0x0, &(0x7f00000035c0)=""/162}, 0x1ff}, {{&(0x7f0000003680), 0x0, &(0x7f0000003900)=[{&(0x7f0000003700)=""/101}, {&(0x7f0000003780)=""/81}, {&(0x7f0000003800)=""/235}]}, 0x4}, {{&(0x7f0000003940)=@pppoe={0x18, 0x0, {0x0, @remote}}, 0x0, &(0x7f0000004dc0)=[{&(0x7f00000039c0)=""/228}, {&(0x7f0000003ac0)=""/237}, {&(0x7f0000003bc0)=""/27}, {&(0x7f0000003c00)=""/216}, {&(0x7f0000003d00)=""/4096}, {&(0x7f0000004d00)=""/108}, {&(0x7f0000004d80)=""/9}]}, 0x6}, {{&(0x7f0000004e40)=@hci, 0x0, &(0x7f0000005000)=[{&(0x7f0000004ec0)=""/49}, {&(0x7f0000004f00)=""/253}], 0x0, &(0x7f0000005040)=""/133}}, {{&(0x7f0000005100)=@x25, 0x0, &(0x7f0000005800)=[{&(0x7f0000005180)=""/101}, {&(0x7f0000005200)=""/45}, {&(0x7f0000005240)=""/243}, {&(0x7f0000005340)=""/166}, {&(0x7f0000005400)=""/197}, {&(0x7f0000005500)=""/209}, {&(0x7f0000005600)=""/139}, {&(0x7f00000056c0)=""/207}, {&(0x7f00000057c0)=""/30}], 0x0, &(0x7f00000058c0)=""/19}, 0x7}], 0x566, 0x4001a100, 0x0)

1.827568291s ago: executing program 3 (id=731):
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x1058, 0x18, &(0x7f0000000440)={@flat=@weak_handle={0x77682a85, 0x1100, 0x1}, @flat=@binder={0x73622a85, 0xa, 0xffffffffffffffff}, @flat=@weak_binder={0x77622a85, 0x1000, 0x2}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140))
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x479af, 0x1, 0x7fff, 0x263}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0))
syz_io_uring_submit(r4, r5, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000002700)=""/4088, 0xff8}], 0x1)
migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa)
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, 0x0, 0x0)
sendmsg$nl_xfrm(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000580)=ANY=[], 0xf8}}, 0x0)

1.533907606s ago: executing program 1 (id=732):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000140)=ANY=[@ANYRES16=<r3=>r2])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYRES32=r3])

608.538902ms ago: executing program 4 (id=733):
r0 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000004300010081007000fddbdf2502000000080002"], 0x1c}, 0x1, 0x0, 0x0, 0x20050}, 0x40080) (fail_nth: 7)

513.156272ms ago: executing program 0 (id=734):
syz_io_uring_setup(0x8, &(0x7f00000001c0)={0x0, 0xda9f, 0x1, 0x2, 0xf0}, 0x0, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
listen(r0, 0x1)
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="30000000000000008400000001"], 0x30, 0x4040}], 0x1, 0x2000000)

940.967µs ago: executing program 2 (id=735):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f000000b200)='/dev/comedi1\x00', 0x8040, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000100)={'pcl812\x00', [0x8001, 0x20, 0x6, 0x8, 0xfffffffb, 0x3ff, 0x4d7, 0x2, 0x34, 0x4, 0x0, 0x401, 0x3, 0x47, 0x9, 0x7ff, 0xffffffff, 0x0, 0x1f29, 0x5, 0x8000, 0x8, 0x6, 0x5, 0x54, 0x2, 0x101, 0x5, 0x8, 0x8, 0x1]})

692.151µs ago: executing program 4 (id=736):
syz_io_uring_setup(0x8, &(0x7f00000001c0)={0x0, 0xda9f, 0x1, 0x2, 0xf0}, 0x0, 0x0)
r0 = socket(0x2, 0x80805, 0x0)
listen(r0, 0x1)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x39)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4c, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x4e1e2563543d84f9}, @TCA_TBF_PBURST={0x8, 0x7, 0x2236}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0xffff}, {0x0, 0x0, 0x0, 0x8, 0x2, 0x3}, 0x0, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x78}}, 0x4000080)
bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14)
sendto$inet6(r1, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x102)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x1000000, &(0x7f00000002c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r5 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
ioctl$FICLONERANGE(r5, 0x4020940d, &(0x7f0000000280)={{r5}, 0x400, 0x8000000000000000, 0x7})
sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="30000000000000008400000001"], 0x30, 0x4040}], 0x1, 0x0)

0s ago: executing program 3 (id=737):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
capset(&(0x7f0000000000)={0x20071026, 0xffffffffffffffff}, &(0x7f0000000180)={0x10, 0x0, 0x152, 0x0, 0x0, 0xc3})
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000640)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000540)="5221d57b0000", 0x0, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

v4l2_ioctl+0x10/0x10
[  294.414300][ T6952]  __se_sys_ioctl+0xf9/0x170
[  294.414323][ T6952]  do_syscall_64+0xfa/0x3b0
[  294.414338][ T6952]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.414361][ T6952]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.414376][ T6952]  ? clear_bhb_loop+0x60/0xb0
[  294.414396][ T6952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.414412][ T6952] RIP: 0033:0x7f9f8b98e929
[  294.414429][ T6952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.414443][ T6952] RSP: 002b:00007f9f897f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  294.414462][ T6952] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98e929
[  294.414474][ T6952] RDX: 0000200000000180 RSI: 00000000c02c564a RDI: 0000000000000003
[  294.414493][ T6952] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000
[  294.414503][ T6952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  294.414512][ T6952] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138
[  294.414540][ T6952]  </TASK>
[  294.435211][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805e64d400: rx timeout, send abort
[  294.447001][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805e64d000: abort rx timeout. Force session deactivation
[  294.930454][    T9] usb 4-1: device descriptor read/64, error -71
[  294.936929][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805e64d400: abort rx timeout. Force session deactivation
[  295.146762][ T5922] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  295.263702][    T9] usb usb4-port1: attempt power cycle
[  295.288538][ T5942] snd_usb_pod 1-1:1.1: probe with driver snd_usb_pod failed with error -71
[  295.304250][ T5942] usb 1-1: USB disconnect, device number 9
[  295.381548][ T5922] usb 5-1: Using ep0 maxpacket: 32
[  295.402277][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  295.427835][ T5922] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  295.431522][ T6963] binder: BINDER_SET_CONTEXT_MGR already set
[  295.462892][ T6963] binder: 6962:6963 ioctl 4018620d 200000000040 returned -16
[  295.464325][ T5922] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  295.549128][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.591066][ T5922] usb 5-1: config 0 descriptor??
[  295.621321][    T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  295.639944][ T5922] hub 5-1:0.0: USB hub found
[  295.661778][    T9] usb 4-1: device descriptor read/8, error -71
[  295.825692][ T5922] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  295.911142][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  295.978095][    T9] usb 4-1: device descriptor read/8, error -71
[  296.352573][    T9] usb usb4-port1: unable to enumerate USB device
[  296.491315][ T5922] hid-generic 0003:046D:C31C.0003: unknown main item tag 0x0
[  296.608339][ T6980] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only
[  296.623987][ T6980] overlayfs: NFS export requires an index dir, falling back to nfs_export=off.
[  296.980296][ T5922] hid-generic 0003:046D:C31C.0003: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0
[  297.160817][   T44] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  297.214910][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.4.312'.
[  297.226734][ T6985] 9pnet_fd: Insufficient options for proto=fd
[  297.366082][   T44] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  297.447900][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  297.497530][ T5942] usb 5-1: USB disconnect, device number 11
[  297.538777][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  297.559135][ T6993] afs: Unknown parameter '��������'
[  297.569562][   T44] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  297.591776][   T44] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  297.605730][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.649461][   T44] usb 3-1: config 0 descriptor??
[  297.668501][ T6979] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  297.794800][ T6997] ubi31: attaching mtd0
[  297.802948][ T6997] ubi31: scanning is finished
[  297.807691][ T6997] ubi31: empty MTD device detected
[  297.870835][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  298.070144][    T9] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  298.090445][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.239560][    T9] usb 2-1: config 0 descriptor??
[  298.250347][    T9] gspca_main: cpia1-2.14.0 probing 0813:0001
[  298.262724][   T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  298.310909][ T6997] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  298.324073][   T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  298.358033][ T6997] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  298.370291][   T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  298.398379][ T6997] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  298.407226][   T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  298.447719][ T6979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.321'.
[  298.461767][ T6997] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  298.464231][   T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  298.469310][ T6997] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  298.469348][ T6997] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  298.469366][ T6997] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 164327439
[  298.469387][ T6997] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  298.483180][ T7003] ubi31: background thread "ubi_bgt31d" started, PID 7003
[  298.649421][    T9] gspca_cpia1: usb_control_msg 03, error -32
[  298.684437][    T9] gspca_cpia1: usb_control_msg 03, error -32
[  298.711286][    T9] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  298.859535][   T44] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  298.905946][    T9] gspca_cpia1: usb_control_msg 01, error -71
[  298.906386][   T44] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  299.577130][   T44] usb 3-1: USB disconnect, device number 9
[  299.670578][    T9] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  299.703197][    T9] usb 2-1: USB disconnect, device number 15
[  299.910834][   T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  299.975057][ T7019] fido_id[7019]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  300.128275][   T24] usb 4-1: Using ep0 maxpacket: 8
[  300.161436][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  300.201499][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  300.237080][ T7031] netlink: 36 bytes leftover after parsing attributes in process `syz.2.335'.
[  300.291870][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  300.349279][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  300.438602][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  300.572680][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  300.648500][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.673039][   T44] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  301.609626][   T24] usb 4-1: config 0 descriptor??
[  301.842416][   T44] usb 5-1: Using ep0 maxpacket: 8
[  301.851941][   T44] usb 5-1: config 5 has an invalid interface number: 35 but max is 0
[  301.873987][   T44] usb 5-1: config 5 has no interface number 0
[  301.880838][   T44] usb 5-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10
[  301.906247][ T5874] Bluetooth: hci5: urb ffff88805cb33b00 submission failed (90)
[  301.956299][ T7052] 9pnet: Unknown protocol version 9p200
[  301.999625][   T24] usb 4-1: USB disconnect, device number 13
[  302.010883][   T44] usb 5-1: config 5 interface 35 has no altsetting 0
[  302.189454][   T44] usb 5-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b
[  302.356893][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.660801][   T44] usb 5-1: Product: syz
[  302.665047][   T44] usb 5-1: Manufacturer: syz
[  302.670027][   T44] usb 5-1: SerialNumber: syz
[  302.696758][ T7053] FAULT_INJECTION: forcing a failure.
[  302.696758][ T7053] name failslab, interval 1, probability 0, space 0, times 0
[  302.747231][ T7053] CPU: 1 UID: 0 PID: 7053 Comm: syz.0.341 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  302.747251][ T7053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  302.747258][ T7053] Call Trace:
[  302.747263][ T7053]  <TASK>
[  302.747269][ T7053]  dump_stack_lvl+0x189/0x250
[  302.747287][ T7053]  ? __pfx____ratelimit+0x10/0x10
[  302.747305][ T7053]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.747318][ T7053]  ? __pfx__printk+0x10/0x10
[  302.747335][ T7053]  ? __pfx___might_resched+0x10/0x10
[  302.747347][ T7053]  ? fs_reclaim_acquire+0x7d/0x100
[  302.747361][ T7053]  should_fail_ex+0x414/0x560
[  302.747380][ T7053]  should_failslab+0xa8/0x100
[  302.747397][ T7053]  kmem_cache_alloc_noprof+0x73/0x3c0
[  302.747412][ T7053]  ? fuse_get_req+0x7b9/0x10b0
[  302.747429][ T7053]  fuse_get_req+0x7b9/0x10b0
[  302.747449][ T7053]  ? process_measurement+0x72d/0x1a40
[  302.747467][ T7053]  ? __pfx_fuse_get_req+0x10/0x10
[  302.747481][ T7053]  ? __pfx_autoremove_wake_function+0x10/0x10
[  302.747496][ T7053]  ? __lock_acquire+0xab9/0xd20
[  302.747514][ T7053]  __fuse_simple_request+0x2aa/0x18d0
[  302.747533][ T7053]  ? __pfx___fuse_simple_request+0x10/0x10
[  302.747555][ T7053]  ? mntput_no_expire+0xb9/0x860
[  302.747571][ T7053]  ? mntput_no_expire+0xb9/0x860
[  302.747582][ T7053]  ? mntput_no_expire+0x241/0x860
[  302.747596][ T7053]  ? dput+0x37/0x2b0
[  302.747609][ T7053]  fuse_getxattr+0x2d7/0x470
[  302.747622][ T7053]  ? step_into+0x435/0xf30
[  302.747635][ T7053]  ? __pfx_fuse_getxattr+0x10/0x10
[  302.747656][ T7053]  ? smk_tskacc+0x2fc/0x370
[  302.747672][ T7053]  ? smack_inode_getxattr+0x13e/0x1a0
[  302.747685][ T7053]  ? __pfx_smack_inode_getxattr+0x10/0x10
[  302.747700][ T7053]  ? rcu_is_watching+0x15/0xb0
[  302.747718][ T7053]  fuse_xattr_get+0x80/0xa0
[  302.747730][ T7053]  ? __pfx_fuse_xattr_get+0x10/0x10
[  302.747743][ T7053]  __vfs_getxattr+0x3f1/0x430
[  302.747766][ T7053]  vfs_getxattr+0x231/0x290
[  302.747785][ T7053]  ? __pfx_vfs_getxattr+0x10/0x10
[  302.747808][ T7053]  do_getxattr+0x171/0x320
[  302.747822][ T7053]  filename_getxattr+0x111/0x210
[  302.747835][ T7053]  ? __pfx_filename_getxattr+0x10/0x10
[  302.747849][ T7053]  ? getname_flags+0x1e5/0x540
[  302.747862][ T7053]  __x64_sys_lgetxattr+0x1c6/0x210
[  302.747877][ T7053]  ? __pfx___x64_sys_lgetxattr+0x10/0x10
[  302.747904][ T7053]  ? __pfx_ksys_write+0x10/0x10
[  302.747917][ T7053]  ? rcu_is_watching+0x15/0xb0
[  302.747931][ T7053]  ? do_syscall_64+0xbe/0x3b0
[  302.747945][ T7053]  do_syscall_64+0xfa/0x3b0
[  302.747955][ T7053]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.747965][ T7053]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  302.747976][ T7053]  ? clear_bhb_loop+0x60/0xb0
[  302.747989][ T7053]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.747999][ T7053] RIP: 0033:0x7f46cd18e929
[  302.748010][ T7053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.748019][ T7053] RSP: 002b:00007f46ce03a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c0
[  302.748033][ T7053] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18e929
[  302.748041][ T7053] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000200000000000
[  302.748048][ T7053] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000
[  302.748055][ T7053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  302.748062][ T7053] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8
[  302.748079][ T7053]  </TASK>
[  303.127629][ T7043] syz.1.337 (7043) used greatest stack depth: 19520 bytes left
[  303.276442][   T44] ttusbir 5-1:5.35: cannot find expected altsetting
[  303.291702][   T44] usb 5-1: USB disconnect, device number 12
[  303.334236][ T5867] udevd[5867]: setting owner of /dev/bus/usb/005/012 to uid=0, gid=0 failed: No such file or directory
[  304.593636][ T7083] netlink: 20 bytes leftover after parsing attributes in process `syz.2.350'.
[  304.679908][ T7083] batadv0: entered promiscuous mode
[  304.712620][ T7083] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  304.744793][ T7083] batadv0: left promiscuous mode
[  304.822039][ T7094] FAULT_INJECTION: forcing a failure.
[  304.822039][ T7094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  304.835891][ T7094] CPU: 1 UID: 0 PID: 7094 Comm: syz.0.351 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  304.835917][ T7094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  304.835927][ T7094] Call Trace:
[  304.835935][ T7094]  <TASK>
[  304.835943][ T7094]  dump_stack_lvl+0x189/0x250
[  304.835968][ T7094]  ? __pfx____ratelimit+0x10/0x10
[  304.835993][ T7094]  ? __pfx_dump_stack_lvl+0x10/0x10
[  304.836012][ T7094]  ? __pfx__printk+0x10/0x10
[  304.836034][ T7094]  ? __might_fault+0xb0/0x130
[  304.836073][ T7094]  should_fail_ex+0x414/0x560
[  304.836104][ T7094]  _copy_from_user+0x2d/0xb0
[  304.836126][ T7094]  ___sys_sendmsg+0x158/0x2a0
[  304.836152][ T7094]  ? __pfx____sys_sendmsg+0x10/0x10
[  304.836212][ T7094]  ? __fget_files+0x2a/0x420
[  304.836229][ T7094]  ? __fget_files+0x3a0/0x420
[  304.836255][ T7094]  __x64_sys_sendmsg+0x19b/0x260
[  304.836278][ T7094]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  304.836308][ T7094]  ? __pfx_ksys_write+0x10/0x10
[  304.836328][ T7094]  ? rcu_is_watching+0x15/0xb0
[  304.836353][ T7094]  ? do_syscall_64+0xbe/0x3b0
[  304.836385][ T7094]  do_syscall_64+0xfa/0x3b0
[  304.836400][ T7094]  ? lockdep_hardirqs_on+0x9c/0x150
[  304.836424][ T7094]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.836443][ T7094]  ? clear_bhb_loop+0x60/0xb0
[  304.836465][ T7094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.836482][ T7094] RIP: 0033:0x7f46cd18e929
[  304.836500][ T7094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.836515][ T7094] RSP: 002b:00007f46ce03a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  304.836535][ T7094] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18e929
[  304.836548][ T7094] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000012
[  304.836559][ T7094] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000
[  304.836570][ T7094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  304.836581][ T7094] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8
[  304.836612][ T7094]  </TASK>
[  305.135512][ T7098] FAULT_INJECTION: forcing a failure.
[  305.135512][ T7098] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  305.247080][ T7098] CPU: 1 UID: 0 PID: 7098 Comm: syz.4.352 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  305.247108][ T7098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  305.247120][ T7098] Call Trace:
[  305.247128][ T7098]  <TASK>
[  305.247135][ T7098]  dump_stack_lvl+0x189/0x250
[  305.247162][ T7098]  ? __pfx____ratelimit+0x10/0x10
[  305.247190][ T7098]  ? __pfx_dump_stack_lvl+0x10/0x10
[  305.247211][ T7098]  ? __pfx__printk+0x10/0x10
[  305.247235][ T7098]  ? __might_fault+0xb0/0x130
[  305.247272][ T7098]  should_fail_ex+0x414/0x560
[  305.247304][ T7098]  _copy_from_user+0x2d/0xb0
[  305.247327][ T7098]  video_usercopy+0x354/0x14f0
[  305.247356][ T7098]  ? smk_tskacc+0x2fc/0x370
[  305.247378][ T7098]  ? __pfx___video_do_ioctl+0x10/0x10
[  305.247410][ T7098]  ? __pfx_video_usercopy+0x10/0x10
[  305.247429][ T7098]  ? smack_file_ioctl+0x2a9/0x340
[  305.247471][ T7098]  ? __fget_files+0x2a/0x420
[  305.247487][ T7098]  ? __fget_files+0x3a0/0x420
[  305.247508][ T7098]  v4l2_ioctl+0x18a/0x1e0
[  305.247530][ T7098]  ? __pfx_v4l2_ioctl+0x10/0x10
[  305.247551][ T7098]  __se_sys_ioctl+0xf9/0x170
[  305.247577][ T7098]  do_syscall_64+0xfa/0x3b0
[  305.247594][ T7098]  ? lockdep_hardirqs_on+0x9c/0x150
[  305.247619][ T7098]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.247636][ T7098]  ? clear_bhb_loop+0x60/0xb0
[  305.247658][ T7098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  305.247674][ T7098] RIP: 0033:0x7f9f8b98e929
[  305.247691][ T7098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  305.247707][ T7098] RSP: 002b:00007f9f897d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  305.247729][ T7098] RAX: ffffffffffffffda RBX: 00007f9f8bbb6080 RCX: 00007f9f8b98e929
[  305.247742][ T7098] RDX: 0000200000000400 RSI: 00000000c0205648 RDI: 0000000000000005
[  305.247755][ T7098] RBP: 00007f9f897d5090 R08: 0000000000000000 R09: 0000000000000000
[  305.247767][ T7098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  305.247778][ T7098] R13: 0000000000000000 R14: 00007f9f8bbb6080 R15: 00007ffcfb69b138
[  305.247809][ T7098]  </TASK>
[  306.843675][ T7124] syz.3.361 uses obsolete (PF_INET,SOCK_PACKET)
[  307.090831][ T5942] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  307.559604][ T5942] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  307.579585][ T5942] usb 1-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[  307.595634][ T5942] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  307.622615][ T5942] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  307.658949][ T5942] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  307.700899][ T5942] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  307.709088][ T5942] usb 1-1: Product: syz
[  307.779523][ T5942] usb 1-1: Manufacturer: syz
[  307.816958][ T5942] cdc_wdm 1-1:1.0: skipping garbage
[  307.832426][ T5942] cdc_wdm 1-1:1.0: skipping garbage
[  307.837752][ T5942] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  308.025088][ T5942] usb 1-1: USB disconnect, device number 10
[  308.342296][ T7155] netlink: 'syz.1.370': attribute type 4 has an invalid length.
[  308.350447][ T7155] netlink: 28 bytes leftover after parsing attributes in process `syz.1.370'.
[  309.566220][ T7172] fuse: Bad value for 'fd'
[  309.730935][ T5942] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  310.318854][ T7175] mmap: syz.0.379 (7175): VmData 25972736 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  310.819198][ T5942] usb 2-1: Using ep0 maxpacket: 8
[  310.839525][ T5942] usb 2-1: unable to get BOS descriptor or descriptor too short
[  310.856427][ T5942] usb 2-1: config index 0 descriptor too short (expected 274, got 18)
[  310.865482][ T5942] usb 2-1: config 4 interface 0 has no altsetting 0
[  311.003694][ T5942] usb 2-1: string descriptor 0 read error: -22
[  311.017894][ T5942] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  311.046068][ T5942] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.091744][ T5942] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  311.118609][ T5942] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  311.186454][ T5942] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  311.223445][ T5942] usb 2-1: media controller created
[  311.276853][ T7168] usb 2-1: dvb_usb_au6610: wlen=132, aborting
[  311.329473][ T5942] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  311.813995][ T5942] zl10353_read_register: readreg error (reg=127, ret==0)
[  312.001846][ T5942] usb 2-1: USB disconnect, device number 16
[  312.668364][ T7215] input: syz0 as /devices/virtual/input/input12
[  312.881203][   T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  313.141332][   T24] usb 1-1: Using ep0 maxpacket: 8
[  313.672930][   T24] usb 1-1: config 5 has an invalid interface number: 35 but max is 0
[  313.703392][   T24] usb 1-1: config 5 has no interface number 0
[  313.709589][   T24] usb 1-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10
[  313.761024][   T24] usb 1-1: config 5 interface 35 has no altsetting 0
[  313.800561][   T24] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b
[  313.832925][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.897406][   T24] usb 1-1: Product: syz
[  313.943558][   T24] usb 1-1: Manufacturer: syz
[  313.973112][   T24] usb 1-1: SerialNumber: syz
[  314.767797][ T7238] netlink: 8 bytes leftover after parsing attributes in process `syz.3.399'.
[  314.836457][ T7238] netlink: 'syz.3.399': attribute type 1 has an invalid length.
[  314.885671][ T7238] netlink: 'syz.3.399': attribute type 2 has an invalid length.
[  315.554447][   T24] ttusbir 1-1:5.35: cannot find expected altsetting
[  315.589428][   T24] usb 1-1: USB disconnect, device number 11
[  316.012572][   T44] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  316.082246][ T7259] netlink: 112 bytes leftover after parsing attributes in process `syz.2.407'.
[  316.193460][   T44] usb 4-1: Using ep0 maxpacket: 16
[  316.210050][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.230966][ T5922] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  316.249215][   T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.260627][   T44] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  316.284244][   T44] usb 4-1: New USB device found, idVendor=046d, idProduct=c227, bcdDevice= 0.00
[  316.295111][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.303064][ T5815] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  316.311964][   T44] usb 4-1: config 0 descriptor??
[  316.482983][ T5815] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  316.494667][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  316.505883][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  316.517003][ T5815] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  316.566449][ T5922] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  316.628485][ T5922] usb 5-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[  316.775946][ T5922] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  316.867327][ T5922] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  317.023475][ T5922] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  317.079491][ T5815] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  317.088674][ T5815] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.103959][ T7249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  317.104444][ T7249] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  317.105241][ T5815] usb 2-1: config 0 descriptor??
[  317.368128][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  317.372455][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  317.377054][ T5922] usb 5-1: Product: syz
[  317.399544][ T5922] usb 5-1: Manufacturer: syz
[  317.437851][ T5922] cdc_wdm 5-1:1.0: skipping garbage
[  318.049767][   T44] hid (null): global environment stack underflow
[  318.056293][ T5922] cdc_wdm 5-1:1.0: skipping garbage
[  318.069157][   T44] lg-g15 0003:046D:C227.0005: global environment stack underflow
[  318.077180][ T5922] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  318.104290][   T44] lg-g15 0003:046D:C227.0005: item 0 4 1 11 parsing failed
[  318.121231][ T5922] usb 5-1: USB disconnect, device number 13
[  318.131816][   T44] lg-g15 0003:046D:C227.0005: probe with driver lg-g15 failed with error -22
[  318.264710][ T7258] netlink: 8 bytes leftover after parsing attributes in process `syz.1.406'.
[  318.280382][ T7258] netlink: 12 bytes leftover after parsing attributes in process `syz.1.406'.
[  318.366731][ T5815] usbhid 2-1:0.0: can't add hid device: -71
[  318.384179][ T5815] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  318.403716][ T5815] usb 2-1: USB disconnect, device number 17
[  318.581434][   T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  318.741006][   T10] usb 1-1: Using ep0 maxpacket: 8
[  318.757253][   T10] usb 1-1: config 5 has an invalid interface number: 35 but max is 0
[  318.772351][   T10] usb 1-1: config 5 has no interface number 0
[  318.783885][   T10] usb 1-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10
[  318.799237][   T10] usb 1-1: config 5 interface 35 has no altsetting 0
[  318.811184][   T10] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b
[  318.821133][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.829862][   T10] usb 1-1: Product: syz
[  318.848984][   T10] usb 1-1: Manufacturer: syz
[  318.858071][   T10] usb 1-1: SerialNumber: syz
[  319.174524][   T44] usb 4-1: USB disconnect, device number 14
[  321.293792][   T10] ttusbir 1-1:5.35: cannot find expected altsetting
[  321.340921][   T10] usb 1-1: USB disconnect, device number 12
[  323.353694][ T7340] xt_bpf: check failed: parse error
[  323.513923][ T7341] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  323.645338][ T7341] netlink: 68 bytes leftover after parsing attributes in process `syz.1.425'.
[  323.728280][ T7352] FAULT_INJECTION: forcing a failure.
[  323.728280][ T7352] name failslab, interval 1, probability 0, space 0, times 0
[  323.741376][   T44] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  323.776120][ T7352] CPU: 1 UID: 0 PID: 7352 Comm: syz.3.439 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  323.776157][ T7352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  323.776170][ T7352] Call Trace:
[  323.776179][ T7352]  <TASK>
[  323.776188][ T7352]  dump_stack_lvl+0x189/0x250
[  323.776217][ T7352]  ? __pfx____ratelimit+0x10/0x10
[  323.776246][ T7352]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.776267][ T7352]  ? __pfx__printk+0x10/0x10
[  323.776299][ T7352]  ? __pfx___might_resched+0x10/0x10
[  323.776326][ T7352]  should_fail_ex+0x414/0x560
[  323.776359][ T7352]  should_failslab+0xa8/0x100
[  323.776389][ T7352]  __kmalloc_noprof+0xcb/0x4f0
[  323.776414][ T7352]  ? sk_prot_alloc+0xe7/0x220
[  323.776441][ T7352]  sk_prot_alloc+0xe7/0x220
[  323.776461][ T7352]  ? sk_alloc+0x24/0x370
[  323.776485][ T7352]  sk_alloc+0x3a/0x370
[  323.776506][ T7352]  ? bpf_ctx_init+0x167/0x1d0
[  323.776531][ T7352]  bpf_prog_test_run_skb+0x2ed/0x1560
[  323.776552][ T7352]  ? __fget_files+0x2a/0x420
[  323.776587][ T7352]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  323.776609][ T7352]  bpf_prog_test_run+0x2c4/0x340
[  323.776643][ T7352]  __sys_bpf+0x4a4/0x860
[  323.776672][ T7352]  ? __pfx___sys_bpf+0x10/0x10
[  323.776714][ T7352]  ? ksys_write+0x22a/0x250
[  323.776743][ T7352]  ? __pfx_ksys_write+0x10/0x10
[  323.776765][ T7352]  ? rcu_is_watching+0x15/0xb0
[  323.776794][ T7352]  __x64_sys_bpf+0x7c/0x90
[  323.776821][ T7352]  do_syscall_64+0xfa/0x3b0
[  323.776839][ T7352]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.776865][ T7352]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.776884][ T7352]  ? clear_bhb_loop+0x60/0xb0
[  323.776907][ T7352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.776926][ T7352] RIP: 0033:0x7f1620f8e929
[  323.776945][ T7352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.776961][ T7352] RSP: 002b:00007f1621d29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  323.776983][ T7352] RAX: ffffffffffffffda RBX: 00007f16211b5fa0 RCX: 00007f1620f8e929
[  323.776997][ T7352] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 000000000000000a
[  323.777009][ T7352] RBP: 00007f1621d29090 R08: 0000000000000000 R09: 0000000000000000
[  323.777021][ T7352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  323.777032][ T7352] R13: 0000000000000000 R14: 00007f16211b5fa0 R15: 00007ffca6d652f8
[  323.777065][ T7352]  </TASK>
[  324.018928][    C1] vkms_vblank_simulate: vblank timer overrun
[  324.203040][   T30] kauditd_printk_skb: 46 callbacks suppressed
[  324.203061][   T30] audit: type=1326 audit(1751970515.062:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7353 comm="syz.0.440" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f46cd18e929 code=0x0
[  324.210760][   T44] usb 3-1: Using ep0 maxpacket: 8
[  324.230603][    C1] vkms_vblank_simulate: vblank timer overrun
[  324.244689][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  324.256050][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  324.265903][   T44] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  324.275679][   T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  324.285599][   T44] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  324.295490][   T44] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  324.304648][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.318493][   T44] usb 3-1: config 0 descriptor??
[  324.364538][ T5874] Bluetooth: hci5: urb ffff888034bba700 submission failed (90)
[  324.568475][   T44] usb 3-1: USB disconnect, device number 10
[  328.011645][ T7407] FAULT_INJECTION: forcing a failure.
[  328.011645][ T7407] name failslab, interval 1, probability 0, space 0, times 0
[  328.051941][ T7406] FAULT_INJECTION: forcing a failure.
[  328.051941][ T7406] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  328.095800][ T7407] CPU: 0 UID: 0 PID: 7407 Comm: syz.4.454 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  328.095830][ T7407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  328.095843][ T7407] Call Trace:
[  328.095851][ T7407]  <TASK>
[  328.095859][ T7407]  dump_stack_lvl+0x189/0x250
[  328.095887][ T7407]  ? __pfx____ratelimit+0x10/0x10
[  328.095915][ T7407]  ? __pfx_dump_stack_lvl+0x10/0x10
[  328.095935][ T7407]  ? __pfx__printk+0x10/0x10
[  328.095967][ T7407]  ? ref_tracker_alloc+0x318/0x460
[  328.095997][ T7407]  should_fail_ex+0x414/0x560
[  328.096028][ T7407]  should_failslab+0xa8/0x100
[  328.096057][ T7407]  kmem_cache_alloc_noprof+0x73/0x3c0
[  328.096081][ T7407]  ? skb_clone+0x212/0x3a0
[  328.096108][ T7407]  skb_clone+0x212/0x3a0
[  328.096132][ T7407]  __netlink_deliver_tap+0x404/0x850
[  328.096166][ T7407]  ? netlink_deliver_tap+0x2e/0x1b0
[  328.096188][ T7407]  netlink_deliver_tap+0x19c/0x1b0
[  328.096210][ T7407]  netlink_unicast+0x72f/0x8d0
[  328.096241][ T7407]  netlink_sendmsg+0x805/0xb30
[  328.096273][ T7407]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.096304][ T7407]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  328.096340][ T7407]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.096361][ T7407]  __sock_sendmsg+0x21c/0x270
[  328.096391][ T7407]  ____sys_sendmsg+0x505/0x830
[  328.096420][ T7407]  ? __pfx_____sys_sendmsg+0x10/0x10
[  328.096455][ T7407]  ? import_iovec+0x74/0xa0
[  328.096480][ T7407]  ___sys_sendmsg+0x21f/0x2a0
[  328.096504][ T7407]  ? __pfx____sys_sendmsg+0x10/0x10
[  328.096567][ T7407]  ? __fget_files+0x2a/0x420
[  328.096583][ T7407]  ? __fget_files+0x3a0/0x420
[  328.096611][ T7407]  __x64_sys_sendmsg+0x19b/0x260
[  328.096636][ T7407]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  328.096671][ T7407]  ? __pfx_ksys_write+0x10/0x10
[  328.096693][ T7407]  ? rcu_is_watching+0x15/0xb0
[  328.096720][ T7407]  ? do_syscall_64+0xbe/0x3b0
[  328.096745][ T7407]  do_syscall_64+0xfa/0x3b0
[  328.096761][ T7407]  ? lockdep_hardirqs_on+0x9c/0x150
[  328.096786][ T7407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.096802][ T7407]  ? clear_bhb_loop+0x60/0xb0
[  328.096824][ T7407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.096841][ T7407] RIP: 0033:0x7f9f8b98e929
[  328.096858][ T7407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.096871][ T7407] RSP: 002b:00007f9f897f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.096893][ T7407] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98e929
[  328.096906][ T7407] RDX: 0000000004008050 RSI: 0000200000000280 RDI: 0000000000000003
[  328.096918][ T7407] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000
[  328.096929][ T7407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.096939][ T7407] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138
[  328.096968][ T7407]  </TASK>
[  328.393338][ T7406] CPU: 1 UID: 0 PID: 7406 Comm: syz.1.451 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  328.393370][ T7406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  328.393381][ T7406] Call Trace:
[  328.393389][ T7406]  <TASK>
[  328.393398][ T7406]  dump_stack_lvl+0x189/0x250
[  328.393425][ T7406]  ? __pfx____ratelimit+0x10/0x10
[  328.393463][ T7406]  ? __pfx_dump_stack_lvl+0x10/0x10
[  328.393483][ T7406]  ? __pfx__printk+0x10/0x10
[  328.393508][ T7406]  ? __might_fault+0xb0/0x130
[  328.393548][ T7406]  should_fail_ex+0x414/0x560
[  328.393581][ T7406]  _copy_from_iter+0x1db/0x16f0
[  328.393605][ T7406]  ? rcu_is_watching+0x15/0xb0
[  328.393628][ T7406]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  328.393656][ T7406]  ? __pfx__copy_from_iter+0x10/0x10
[  328.393677][ T7406]  ? __build_skb_around+0x257/0x3e0
[  328.393703][ T7406]  ? netlink_sendmsg+0x642/0xb30
[  328.393723][ T7406]  ? skb_put+0x11b/0x210
[  328.393748][ T7406]  netlink_sendmsg+0x6b2/0xb30
[  328.393782][ T7406]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.393814][ T7406]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  328.393839][ T7406]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.393862][ T7406]  __sock_sendmsg+0x21c/0x270
[  328.393893][ T7406]  ____sys_sendmsg+0x505/0x830
[  328.393923][ T7406]  ? __pfx_____sys_sendmsg+0x10/0x10
[  328.393957][ T7406]  ? import_iovec+0x74/0xa0
[  328.393982][ T7406]  ___sys_sendmsg+0x21f/0x2a0
[  328.394014][ T7406]  ? __pfx____sys_sendmsg+0x10/0x10
[  328.394081][ T7406]  ? __fget_files+0x2a/0x420
[  328.394097][ T7406]  ? __fget_files+0x3a0/0x420
[  328.394126][ T7406]  __x64_sys_sendmsg+0x19b/0x260
[  328.394154][ T7406]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  328.394187][ T7406]  ? __pfx_ksys_write+0x10/0x10
[  328.394209][ T7406]  ? rcu_is_watching+0x15/0xb0
[  328.394235][ T7406]  ? do_syscall_64+0xbe/0x3b0
[  328.394258][ T7406]  do_syscall_64+0xfa/0x3b0
[  328.394274][ T7406]  ? lockdep_hardirqs_on+0x9c/0x150
[  328.394300][ T7406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.394318][ T7406]  ? clear_bhb_loop+0x60/0xb0
[  328.394341][ T7406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.394359][ T7406] RIP: 0033:0x7f38ad38e929
[  328.394377][ T7406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.394393][ T7406] RSP: 002b:00007f38ae226038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.394416][ T7406] RAX: ffffffffffffffda RBX: 00007f38ad5b5fa0 RCX: 00007f38ad38e929
[  328.394436][ T7406] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000003
[  328.394448][ T7406] RBP: 00007f38ae226090 R08: 0000000000000000 R09: 0000000000000000
[  328.394460][ T7406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.394471][ T7406] R13: 0000000000000000 R14: 00007f38ad5b5fa0 R15: 00007ffdcc2d31e8
[  328.394502][ T7406]  </TASK>
[  328.919055][ T7414] fuse: Unknown parameter '0x0000000000000003'
[  329.085938][ T7420] netlink: 40 bytes leftover after parsing attributes in process `syz.1.459'.
[  329.951168][   T44] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  330.291054][    C1] raw-gadget.0 gadget.3: ignoring, device is not running
[  330.420806][   T44] usb 4-1: device descriptor read/64, error -32
[  330.767128][   T44] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  331.105566][   T44] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  331.371688][ T7442] FAULT_INJECTION: forcing a failure.
[  331.371688][ T7442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  331.389231][   T44] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  331.430495][ T7442] CPU: 1 UID: 0 PID: 7442 Comm: syz.4.469 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  331.430529][ T7442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  331.430540][ T7442] Call Trace:
[  331.430549][ T7442]  <TASK>
[  331.430557][ T7442]  dump_stack_lvl+0x189/0x250
[  331.430585][ T7442]  ? __pfx____ratelimit+0x10/0x10
[  331.430613][ T7442]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.430634][ T7442]  ? __pfx__printk+0x10/0x10
[  331.430671][ T7442]  should_fail_ex+0x414/0x560
[  331.430701][ T7442]  _copy_to_user+0x31/0xb0
[  331.430725][ T7442]  simple_read_from_buffer+0xe1/0x170
[  331.430758][ T7442]  proc_fail_nth_read+0x1df/0x250
[  331.430783][ T7442]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  331.430807][ T7442]  ? rw_verify_area+0x258/0x650
[  331.430830][ T7442]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  331.430851][ T7442]  vfs_read+0x1fd/0x980
[  331.430882][ T7442]  ? __pfx___mutex_lock+0x10/0x10
[  331.430902][ T7442]  ? __pfx_vfs_read+0x10/0x10
[  331.430927][ T7442]  ? __fget_files+0x2a/0x420
[  331.430950][ T7442]  ? __fget_files+0x3a0/0x420
[  331.430966][ T7442]  ? __fget_files+0x2a/0x420
[  331.430994][ T7442]  ksys_read+0x145/0x250
[  331.431015][ T7442]  ? __fget_files+0x2a/0x420
[  331.431035][ T7442]  ? __pfx_ksys_read+0x10/0x10
[  331.431066][ T7442]  ? do_syscall_64+0xbe/0x3b0
[  331.431088][ T7442]  do_syscall_64+0xfa/0x3b0
[  331.431106][ T7442]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.431122][ T7442]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  331.431140][ T7442]  ? clear_bhb_loop+0x60/0xb0
[  331.431175][ T7442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.431193][ T7442] RIP: 0033:0x7f9f8b98d33c
[  331.431211][ T7442] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  331.431228][ T7442] RSP: 002b:00007f9f897f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  331.431250][ T7442] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98d33c
[  331.431264][ T7442] RDX: 000000000000000f RSI: 00007f9f897f60a0 RDI: 0000000000000006
[  331.431276][ T7442] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000
[  331.431288][ T7442] R10: 0000200000003080 R11: 0000000000000246 R12: 0000000000000001
[  331.431300][ T7442] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138
[  331.431333][ T7442]  </TASK>
[  331.743845][   T44] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  331.746537][ T7446] 9pnet_fd: Insufficient options for proto=fd
[  331.753180][   T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.767852][ T7448] fuse: Unknown parameter '0x0000000000000003'
[  331.774447][   T44] usb 4-1: Product: syz
[  331.778654][   T44] usb 4-1: Manufacturer: syz
[  331.783460][   T44] usb 4-1: SerialNumber: syz
[  331.793510][   T44] usb 4-1: config 0 descriptor??
[  331.799319][ T7431] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  331.821011][ T7431] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  332.038212][ T7453] kvm_intel: kvm [7450]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1
[  332.053135][ T7431] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  332.060481][ T7431] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  332.294235][ T7431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.320288][ T7431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.444876][   T44] Error reading MAC address
[  332.456194][   T44] usb 4-1: USB disconnect, device number 16
[  334.162463][ T7478] FAULT_INJECTION: forcing a failure.
[  334.162463][ T7478] name failslab, interval 1, probability 0, space 0, times 0
[  334.246507][ T7478] CPU: 1 UID: 0 PID: 7478 Comm: syz.0.478 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  334.246536][ T7478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  334.246549][ T7478] Call Trace:
[  334.246557][ T7478]  <TASK>
[  334.246566][ T7478]  dump_stack_lvl+0x189/0x250
[  334.246593][ T7478]  ? __pfx____ratelimit+0x10/0x10
[  334.246621][ T7478]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.246642][ T7478]  ? __pfx__printk+0x10/0x10
[  334.246675][ T7478]  ? ref_tracker_alloc+0x318/0x460
[  334.246706][ T7478]  should_fail_ex+0x414/0x560
[  334.246738][ T7478]  should_failslab+0xa8/0x100
[  334.246767][ T7478]  kmem_cache_alloc_noprof+0x73/0x3c0
[  334.246792][ T7478]  ? skb_clone+0x212/0x3a0
[  334.246822][ T7478]  skb_clone+0x212/0x3a0
[  334.246850][ T7478]  __netlink_deliver_tap+0x404/0x850
[  334.246887][ T7478]  ? netlink_deliver_tap+0x2e/0x1b0
[  334.246911][ T7478]  netlink_deliver_tap+0x19c/0x1b0
[  334.246934][ T7478]  netlink_unicast+0x72f/0x8d0
[  334.246966][ T7478]  netlink_sendmsg+0x805/0xb30
[  334.246999][ T7478]  ? __pfx_netlink_sendmsg+0x10/0x10
[  334.247031][ T7478]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  334.247055][ T7478]  ? __pfx_netlink_sendmsg+0x10/0x10
[  334.247086][ T7478]  __sock_sendmsg+0x21c/0x270
[  334.247118][ T7478]  ____sys_sendmsg+0x505/0x830
[  334.247148][ T7478]  ? __pfx_____sys_sendmsg+0x10/0x10
[  334.247182][ T7478]  ? import_iovec+0x74/0xa0
[  334.247208][ T7478]  ___sys_sendmsg+0x21f/0x2a0
[  334.247234][ T7478]  ? __pfx____sys_sendmsg+0x10/0x10
[  334.247300][ T7478]  ? __fget_files+0x2a/0x420
[  334.247317][ T7478]  ? __fget_files+0x3a0/0x420
[  334.247347][ T7478]  __x64_sys_sendmsg+0x19b/0x260
[  334.247374][ T7478]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  334.247410][ T7478]  ? __pfx_ksys_write+0x10/0x10
[  334.247431][ T7478]  ? rcu_is_watching+0x15/0xb0
[  334.247459][ T7478]  ? do_syscall_64+0xbe/0x3b0
[  334.247481][ T7478]  do_syscall_64+0xfa/0x3b0
[  334.247497][ T7478]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.247522][ T7478]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.247546][ T7478]  ? clear_bhb_loop+0x60/0xb0
[  334.247569][ T7478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.247587][ T7478] RIP: 0033:0x7f46cd18e929
[  334.247605][ T7478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.247620][ T7478] RSP: 002b:00007f46ce03a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  334.247642][ T7478] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18e929
[  334.247656][ T7478] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  334.247668][ T7478] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000
[  334.247679][ T7478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.247690][ T7478] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8
[  334.247723][ T7478]  </TASK>
[  334.942098][ T5868] Bluetooth: hci0: command 0x0406 tx timeout
[  334.949004][ T5868] Bluetooth: hci1: command 0x0406 tx timeout
[  334.955613][ T5868] Bluetooth: hci3: command 0x0406 tx timeout
[  334.963075][ T5875] Bluetooth: hci2: command 0x0406 tx timeout
[  335.827514][ T7487] FAULT_INJECTION: forcing a failure.
[  335.827514][ T7487] name failslab, interval 1, probability 0, space 0, times 0
[  335.914443][ T7487] CPU: 0 UID: 0 PID: 7487 Comm: syz.1.482 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  335.914473][ T7487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  335.914485][ T7487] Call Trace:
[  335.914493][ T7487]  <TASK>
[  335.914501][ T7487]  dump_stack_lvl+0x189/0x250
[  335.914529][ T7487]  ? __pfx____ratelimit+0x10/0x10
[  335.914557][ T7487]  ? __pfx_dump_stack_lvl+0x10/0x10
[  335.914578][ T7487]  ? __pfx__printk+0x10/0x10
[  335.914607][ T7487]  ? __pfx___might_resched+0x10/0x10
[  335.914633][ T7487]  should_fail_ex+0x414/0x560
[  335.914664][ T7487]  should_failslab+0xa8/0x100
[  335.914693][ T7487]  kmem_cache_alloc_noprof+0x73/0x3c0
[  335.914717][ T7487]  ? getname_flags+0xb8/0x540
[  335.914741][ T7487]  getname_flags+0xb8/0x540
[  335.914757][ T7487]  ? _copy_from_user+0x94/0xb0
[  335.914781][ T7487]  user_path_at+0x24/0x60
[  335.914804][ T7487]  __se_sys_mount+0x2d3/0x410
[  335.914829][ T7487]  ? __pfx___se_sys_mount+0x10/0x10
[  335.914844][ T7487]  ? rcu_is_watching+0x15/0xb0
[  335.914870][ T7487]  ? do_syscall_64+0xbe/0x3b0
[  335.914886][ T7487]  ? __x64_sys_mount+0x20/0xc0
[  335.914906][ T7487]  do_syscall_64+0xfa/0x3b0
[  335.914921][ T7487]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.914947][ T7487]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.914966][ T7487]  ? clear_bhb_loop+0x60/0xb0
[  335.914988][ T7487]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.915006][ T7487] RIP: 0033:0x7f38ad38e929
[  335.915024][ T7487] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.915040][ T7487] RSP: 002b:00007f38ae226038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  335.915060][ T7487] RAX: ffffffffffffffda RBX: 00007f38ad5b5fa0 RCX: 00007f38ad38e929
[  335.915073][ T7487] RDX: 0000200000002280 RSI: 0000200000000100 RDI: 0000200000000040
[  335.915086][ T7487] RBP: 00007f38ae226090 R08: 0000000000000000 R09: 0000000000000000
[  335.915097][ T7487] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001
[  335.915108][ T7487] R13: 0000000000000000 R14: 00007f38ad5b5fa0 R15: 00007ffdcc2d31e8
[  335.915139][ T7487]  </TASK>
[  336.183425][ T7489] fuse: Unknown parameter 'us�r_id'
[  338.061393][ T7515] FAULT_INJECTION: forcing a failure.
[  338.061393][ T7515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  338.178237][ T7515] CPU: 0 UID: 0 PID: 7515 Comm: syz.3.492 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  338.178264][ T7515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  338.178274][ T7515] Call Trace:
[  338.178282][ T7515]  <TASK>
[  338.178291][ T7515]  dump_stack_lvl+0x189/0x250
[  338.178317][ T7515]  ? __pfx____ratelimit+0x10/0x10
[  338.178345][ T7515]  ? __pfx_dump_stack_lvl+0x10/0x10
[  338.178366][ T7515]  ? __pfx__printk+0x10/0x10
[  338.178404][ T7515]  should_fail_ex+0x414/0x560
[  338.178437][ T7515]  _copy_to_user+0x31/0xb0
[  338.178462][ T7515]  video_usercopy+0xeb2/0x14f0
[  338.178497][ T7515]  ? __pfx___video_do_ioctl+0x10/0x10
[  338.178520][ T7515]  ? __pfx_video_usercopy+0x10/0x10
[  338.178540][ T7515]  ? smack_file_ioctl+0x2a9/0x340
[  338.178582][ T7515]  ? __fget_files+0x2a/0x420
[  338.178599][ T7515]  ? __fget_files+0x3a0/0x420
[  338.178620][ T7515]  v4l2_ioctl+0x18a/0x1e0
[  338.178643][ T7515]  ? __pfx_v4l2_ioctl+0x10/0x10
[  338.178664][ T7515]  __se_sys_ioctl+0xf9/0x170
[  338.178691][ T7515]  do_syscall_64+0xfa/0x3b0
[  338.178711][ T7515]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.178728][ T7515]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  338.178745][ T7515]  ? clear_bhb_loop+0x60/0xb0
[  338.178768][ T7515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.178787][ T7515] RIP: 0033:0x7f1620f8e929
[  338.178804][ T7515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  338.178821][ T7515] RSP: 002b:00007f161edf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  338.178842][ T7515] RAX: ffffffffffffffda RBX: 00007f16211b6080 RCX: 00007f1620f8e929
[  338.178855][ T7515] RDX: 0000200000000400 RSI: 00000000c0205648 RDI: 0000000000000005
[  338.178868][ T7515] RBP: 00007f161edf6090 R08: 0000000000000000 R09: 0000000000000000
[  338.178879][ T7515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  338.178891][ T7515] R13: 0000000000000000 R14: 00007f16211b6080 R15: 00007ffca6d652f8
[  338.178922][ T7515]  </TASK>
[  338.381788][    C0] vkms_vblank_simulate: vblank timer overrun
[  338.432044][ T7519] syz.1.495: attempt to access beyond end of device
[  338.432044][ T7519] nbd1: rw=0, sector=2, nr_sectors = 1 limit=0
[  338.446087][ T7519] hfs: can't find a HFS filesystem on dev nbd1
[  338.622164][ T7519] netlink: 4 bytes leftover after parsing attributes in process `syz.1.495'.
[  338.656100][ T7526] netlink: 112 bytes leftover after parsing attributes in process `syz.4.493'.
[  338.725154][ T7519] Illegal XDP return value 4294967294 on prog  (id 72) dev N/A, expect packet loss!
[  341.248166][ T7554] netlink: 16 bytes leftover after parsing attributes in process `syz.0.508'.
[  341.583592][ T7561] netlink: 112 bytes leftover after parsing attributes in process `syz.1.509'.
[  341.681389][ T5815] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  341.735803][ T7570] FAULT_INJECTION: forcing a failure.
[  341.735803][ T7570] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  341.767033][ T7570] CPU: 1 UID: 0 PID: 7570 Comm: syz.2.511 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  341.767061][ T7570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  341.767075][ T7570] Call Trace:
[  341.767082][ T7570]  <TASK>
[  341.767091][ T7570]  dump_stack_lvl+0x189/0x250
[  341.767118][ T7570]  ? __pfx____ratelimit+0x10/0x10
[  341.767147][ T7570]  ? __pfx_dump_stack_lvl+0x10/0x10
[  341.767168][ T7570]  ? __pfx__printk+0x10/0x10
[  341.767201][ T7570]  ? __might_fault+0xb0/0x130
[  341.767241][ T7570]  should_fail_ex+0x414/0x560
[  341.767272][ T7570]  _copy_from_iter+0x1db/0x16f0
[  341.767296][ T7570]  ? rcu_is_watching+0x15/0xb0
[  341.767319][ T7570]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  341.767346][ T7570]  ? __pfx__copy_from_iter+0x10/0x10
[  341.767365][ T7570]  ? __build_skb_around+0x257/0x3e0
[  341.767390][ T7570]  ? netlink_sendmsg+0x642/0xb30
[  341.767409][ T7570]  ? skb_put+0x11b/0x210
[  341.767433][ T7570]  netlink_sendmsg+0x6b2/0xb30
[  341.767463][ T7570]  ? __pfx_netlink_sendmsg+0x10/0x10
[  341.767493][ T7570]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  341.767517][ T7570]  ? __pfx_netlink_sendmsg+0x10/0x10
[  341.767539][ T7570]  __sock_sendmsg+0x21c/0x270
[  341.767570][ T7570]  ____sys_sendmsg+0x505/0x830
[  341.767599][ T7570]  ? __pfx_____sys_sendmsg+0x10/0x10
[  341.767632][ T7570]  ? import_iovec+0x74/0xa0
[  341.767658][ T7570]  ___sys_sendmsg+0x21f/0x2a0
[  341.767683][ T7570]  ? __pfx____sys_sendmsg+0x10/0x10
[  341.767747][ T7570]  ? __fget_files+0x2a/0x420
[  341.767763][ T7570]  ? __fget_files+0x3a0/0x420
[  341.767793][ T7570]  __x64_sys_sendmsg+0x19b/0x260
[  341.767819][ T7570]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  341.767854][ T7570]  ? __pfx_ksys_write+0x10/0x10
[  341.767876][ T7570]  ? rcu_is_watching+0x15/0xb0
[  341.767902][ T7570]  ? do_syscall_64+0xbe/0x3b0
[  341.767925][ T7570]  do_syscall_64+0xfa/0x3b0
[  341.767940][ T7570]  ? lockdep_hardirqs_on+0x9c/0x150
[  341.767964][ T7570]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.767983][ T7570]  ? clear_bhb_loop+0x60/0xb0
[  341.768006][ T7570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.768024][ T7570] RIP: 0033:0x7f57bcd8e929
[  341.768042][ T7570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.768057][ T7570] RSP: 002b:00007f57bdb4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  341.768080][ T7570] RAX: ffffffffffffffda RBX: 00007f57bcfb5fa0 RCX: 00007f57bcd8e929
[  341.768094][ T7570] RDX: 00000000000448d0 RSI: 0000200000000240 RDI: 0000000000000003
[  341.768107][ T7570] RBP: 00007f57bdb4d090 R08: 0000000000000000 R09: 0000000000000000
[  341.768119][ T7570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  341.768129][ T7570] R13: 0000000000000000 R14: 00007f57bcfb5fa0 R15: 00007ffc07b637c8
[  341.768161][ T7570]  </TASK>
[  342.096641][ T5815] usb 4-1: Using ep0 maxpacket: 8
[  342.124715][ T5815] usb 4-1: unable to get BOS descriptor or descriptor too short
[  342.147821][ T5815] usb 4-1: config index 0 descriptor too short (expected 274, got 18)
[  342.156362][ T5815] usb 4-1: config 4 interface 0 has no altsetting 0
[  342.242998][ T7577] FAULT_INJECTION: forcing a failure.
[  342.242998][ T7577] name failslab, interval 1, probability 0, space 0, times 0
[  342.255959][ T7577] CPU: 0 UID: 0 PID: 7577 Comm: syz.0.514 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  342.255986][ T7577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  342.255997][ T7577] Call Trace:
[  342.256004][ T7577]  <TASK>
[  342.256012][ T7577]  dump_stack_lvl+0x189/0x250
[  342.256039][ T7577]  ? __pfx____ratelimit+0x10/0x10
[  342.256068][ T7577]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.256089][ T7577]  ? __pfx__printk+0x10/0x10
[  342.256120][ T7577]  ? __pfx___might_resched+0x10/0x10
[  342.256146][ T7577]  should_fail_ex+0x414/0x560
[  342.256183][ T7577]  should_failslab+0xa8/0x100
[  342.256213][ T7577]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  342.256240][ T7577]  ? __alloc_skb+0x112/0x2d0
[  342.256266][ T7577]  __alloc_skb+0x112/0x2d0
[  342.256292][ T7577]  netlink_sendmsg+0x5c6/0xb30
[  342.256316][ T7577]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  342.256351][ T7577]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.256383][ T7577]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  342.256410][ T7577]  ? __pfx_netlink_sendmsg+0x10/0x10
[  342.256434][ T7577]  __sock_sendmsg+0x21c/0x270
[  342.256465][ T7577]  sock_write_iter+0x258/0x330
[  342.256495][ T7577]  ? __pfx_sock_write_iter+0x10/0x10
[  342.256534][ T7577]  ? __lock_acquire+0xab9/0xd20
[  342.256563][ T7577]  do_iter_readv_writev+0x56e/0x7f0
[  342.256594][ T7577]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  342.256626][ T7577]  ? bpf_lsm_file_permission+0x9/0x20
[  342.256642][ T7577]  ? security_file_permission+0x75/0x290
[  342.256671][ T7577]  ? rw_verify_area+0x258/0x650
[  342.256699][ T7577]  vfs_writev+0x31a/0x960
[  342.256723][ T7577]  ? __lock_acquire+0xab9/0xd20
[  342.256743][ T7577]  ? __pfx_vfs_writev+0x10/0x10
[  342.256779][ T7577]  ? __fget_files+0x2a/0x420
[  342.256802][ T7577]  ? __fget_files+0x3a0/0x420
[  342.256817][ T7577]  ? __fget_files+0x2a/0x420
[  342.256845][ T7577]  do_writev+0x14d/0x2d0
[  342.256867][ T7577]  ? __pfx_do_writev+0x10/0x10
[  342.256892][ T7577]  ? do_syscall_64+0xbe/0x3b0
[  342.256915][ T7577]  do_syscall_64+0xfa/0x3b0
[  342.256932][ T7577]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.256950][ T7577]  ? asm_sysvec_call_function_single+0x1a/0x20
[  342.256968][ T7577]  ? clear_bhb_loop+0x60/0xb0
[  342.256991][ T7577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.257009][ T7577] RIP: 0033:0x7f46cd18e929
[  342.257027][ T7577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.257042][ T7577] RSP: 002b:00007f46ce019038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  342.257062][ T7577] RAX: ffffffffffffffda RBX: 00007f46cd3b6080 RCX: 00007f46cd18e929
[  342.257076][ T7577] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000003
[  342.257089][ T7577] RBP: 00007f46ce019090 R08: 0000000000000000 R09: 0000000000000000
[  342.257098][ T7577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.257108][ T7577] R13: 0000000000000000 R14: 00007f46cd3b6080 R15: 00007ffdba3f25d8
[  342.257138][ T7577]  </TASK>
[  342.553602][    C0] vkms_vblank_simulate: vblank timer overrun
[  342.993556][ T5815] usb 4-1: string descriptor 0 read error: -22
[  343.021769][ T5815] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  343.030981][ T5815] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.083418][ T5815] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  343.097401][ T5815] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  343.110944][ T5815] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  343.118167][ T5815] usb 4-1: media controller created
[  343.146722][ T5815] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  344.241721][ T5815] zl10353_read_register: readreg error (reg=127, ret==0)
[  344.242744][ T7557] usb 4-1: dvb_usb_au6610: wlen=132, aborting
[  344.738988][ T7599] netlink: 112 bytes leftover after parsing attributes in process `syz.0.522'.
[  345.783610][ T5815] usb 4-1: USB disconnect, device number 17
[  345.803849][ T7612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  345.911374][ T7612] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  346.033026][ T6037] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  346.740774][    T9] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  346.919916][    T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  346.997707][    T9] usb 4-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[  347.106545][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  347.193209][ T7646] FAULT_INJECTION: forcing a failure.
[  347.193209][ T7646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  347.234216][    T9] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  347.362108][ T7646] CPU: 0 UID: 0 PID: 7646 Comm: syz.0.535 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  347.362138][ T7646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  347.362149][ T7646] Call Trace:
[  347.362157][ T7646]  <TASK>
[  347.362166][ T7646]  dump_stack_lvl+0x189/0x250
[  347.362193][ T7646]  ? __pfx____ratelimit+0x10/0x10
[  347.362221][ T7646]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.362242][ T7646]  ? __pfx__printk+0x10/0x10
[  347.362266][ T7646]  ? __might_fault+0xb0/0x130
[  347.362306][ T7646]  should_fail_ex+0x414/0x560
[  347.362339][ T7646]  _copy_from_user+0x2d/0xb0
[  347.362361][ T7646]  ___sys_recvmsg+0x12e/0x510
[  347.362392][ T7646]  ? __pfx____sys_recvmsg+0x10/0x10
[  347.362444][ T7646]  ? __fget_files+0x3a0/0x420
[  347.362475][ T7646]  do_recvmmsg+0x307/0x770
[  347.362508][ T7646]  ? __pfx_do_recvmmsg+0x10/0x10
[  347.362547][ T7646]  ? trace_irq_disable+0x37/0x110
[  347.362589][ T7646]  __x64_sys_recvmmsg+0x190/0x240
[  347.362616][ T7646]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  347.362653][ T7646]  do_syscall_64+0xfa/0x3b0
[  347.362673][ T7646]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.362690][ T7646]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  347.362708][ T7646]  ? clear_bhb_loop+0x60/0xb0
[  347.362731][ T7646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.362748][ T7646] RIP: 0033:0x7f46cd18e929
[  347.362765][ T7646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.362781][ T7646] RSP: 002b:00007f46ce03a038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  347.362803][ T7646] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18e929
[  347.362816][ T7646] RDX: 0000000000000001 RSI: 0000200000000b40 RDI: 0000000000000003
[  347.362827][ T7646] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000
[  347.362837][ T7646] R10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000001
[  347.362848][ T7646] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8
[  347.362877][ T7646]  </TASK>
[  347.469664][ T6037] usb 5-1: device descriptor read/64, error -71
[  347.471827][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 52, changing to 7
[  347.594558][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 9272, setting to 1024
[  347.612898][    T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  347.646095][    T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  347.690814][    T9] usb 4-1: Product: syz
[  347.729886][    T9] usb 4-1: Manufacturer: syz
[  347.751045][ T6037] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  347.784247][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  347.789524][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  347.815419][    T9] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  347.933750][ T6037] usb 5-1: Using ep0 maxpacket: 32
[  347.945271][ T6037] usb 5-1: config 5 has an invalid interface number: 27 but max is 3
[  347.983796][ T6037] usb 5-1: config 5 contains an unexpected descriptor of type 0x1, skipping
[  348.004947][ T6037] usb 5-1: config 5 has an invalid descriptor of length 195, skipping remainder of the config
[  348.030770][ T6037] usb 5-1: config 5 has 1 interface, different from the descriptor's value: 4
[  348.045596][ T6037] usb 5-1: config 5 has no interface number 0
[  348.055874][ T6037] usb 5-1: config 5 interface 27 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  348.076786][ T6037] usb 5-1: config 5 interface 27 has no altsetting 0
[  348.102675][ T6037] usb 5-1: New USB device found, idVendor=1608, idProduct=0004, bcdDevice=e8.3e
[  348.106440][    T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  348.112543][ T6037] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.127905][ T6037] usb 5-1: Product: ᠊
[  348.133714][ T6037] usb 5-1: Manufacturer: 樀␀인✆此潟䥡苸ﾲӼﲄ憹✀Ⱁ짻蠟⨿閐拡쵵킃픍㨠죪燦牎萴醤䶬ԗ跘큥ᠾꝼ㍿扔櫊큛Ǭ㎇ℎꎧ࢜폧⦺ꙸ퇅싥仜↙ௐ䩱⼺牂굊际㱣竆ᢵ⨰럢탂㕜鯅낣賀鉰쵒ᦕቁ勃Ḳ⣪᧭鱬㺹ﲲ❎퐨셇鐆
[  348.161231][ T6037] usb 5-1: SerialNumber: 倊
[  348.171164][ T5975] usb 4-1: USB disconnect, device number 18
[  348.294605][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  348.309496][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.331547][    T9] usb 1-1: config 0 descriptor??
[  348.353761][    T9] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  348.436065][ T6037] io_edgeport 5-1:5.27: required endpoints missing
[  348.486372][ T6037] usb 5-1: USB disconnect, device number 15
[  349.136537][ T7651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  349.189448][ T7651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  349.240029][    T9] gspca_stv06xx: I2C: Read error writing address: -71
[  349.336094][    T9] usb 1-1: USB disconnect, device number 13
[  349.367566][ T7666] IPv6: NLM_F_CREATE should be specified when creating new route
[  349.994992][ T7680] netlink: 112 bytes leftover after parsing attributes in process `syz.0.549'.
[  350.170887][    T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  350.189467][ T7686] netlink: 20 bytes leftover after parsing attributes in process `syz.2.551'.
[  350.374177][    T9] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  350.393715][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.406539][    T9] usb 2-1: config 0 descriptor??
[  350.482591][ T5942] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  350.666457][ T5942] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  350.680802][ T5942] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  350.720975][ T5942] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  350.745661][ T5942] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  350.820782][ T5942] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  350.916361][ T5942] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  350.946948][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  350.955869][ T5942] usb 4-1: Product: syz
[  350.960153][ T5942] usb 4-1: Manufacturer: syz
[  351.401228][    T9] pegasus 2-1:0.0: probe with driver pegasus failed with error -121
[  351.432305][ T5942] cdc_wdm 4-1:1.0: skipping garbage
[  351.437765][ T5942] cdc_wdm 4-1:1.0: skipping garbage
[  351.489682][ T5942] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  351.498151][ T7703] binder: BINDER_SET_CONTEXT_MGR already set
[  351.501033][ T5942] cdc_wdm 4-1:1.0: Unknown control protocol
[  351.525315][ T7703] binder: 7702:7703 ioctl 4018620d 200000000040 returned -16
[  351.670435][ T6037] usb 4-1: USB disconnect, device number 19
[  351.820556][ T7715] netlink: 112 bytes leftover after parsing attributes in process `syz.2.561'.
[  351.932737][ T7720] capability: warning: `syz.2.563' uses 32-bit capabilities (legacy support in use)
[  352.140631][ T6037] usb 2-1: USB disconnect, device number 18
[  352.891916][ T7730] FAULT_INJECTION: forcing a failure.
[  352.891916][ T7730] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  352.946022][ T7730] CPU: 0 UID: 0 PID: 7730 Comm: syz.2.568 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  352.946051][ T7730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  352.946061][ T7730] Call Trace:
[  352.946070][ T7730]  <TASK>
[  352.946078][ T7730]  dump_stack_lvl+0x189/0x250
[  352.946106][ T7730]  ? __pfx____ratelimit+0x10/0x10
[  352.946143][ T7730]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.946164][ T7730]  ? __pfx__printk+0x10/0x10
[  352.946189][ T7730]  ? __might_fault+0xb0/0x130
[  352.946228][ T7730]  should_fail_ex+0x414/0x560
[  352.946261][ T7730]  _copy_from_user+0x2d/0xb0
[  352.946284][ T7730]  ___sys_recvmsg+0x12e/0x510
[  352.946316][ T7730]  ? __pfx____sys_recvmsg+0x10/0x10
[  352.946376][ T7730]  ? __might_fault+0xb0/0x130
[  352.946406][ T7730]  do_recvmmsg+0x307/0x770
[  352.946441][ T7730]  ? __pfx_do_recvmmsg+0x10/0x10
[  352.946479][ T7730]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  352.946519][ T7730]  __x64_sys_recvmmsg+0x190/0x240
[  352.946547][ T7730]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  352.946568][ T7730]  ? rcu_is_watching+0x15/0xb0
[  352.946593][ T7730]  ? do_syscall_64+0xbe/0x3b0
[  352.946616][ T7730]  do_syscall_64+0xfa/0x3b0
[  352.946631][ T7730]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.946656][ T7730]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.946675][ T7730]  ? clear_bhb_loop+0x60/0xb0
[  352.946698][ T7730]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.946716][ T7730] RIP: 0033:0x7f57bcd8e929
[  352.946733][ T7730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.946750][ T7730] RSP: 002b:00007f57bdb4d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  352.946772][ T7730] RAX: ffffffffffffffda RBX: 00007f57bcfb5fa0 RCX: 00007f57bcd8e929
[  352.946786][ T7730] RDX: 0400000000000284 RSI: 0000200000000040 RDI: 0000000000000003
[  352.946799][ T7730] RBP: 00007f57bdb4d090 R08: 0000000000000000 R09: 0000000000000000
[  352.946811][ T7730] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  352.946822][ T7730] R13: 0000000000000000 R14: 00007f57bcfb5fa0 R15: 00007ffc07b637c8
[  352.946853][ T7730]  </TASK>
[  353.110874][ T5922] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  353.916910][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  353.942330][ T5922] usb 4-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  353.982801][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.000118][ T7751] netlink: 112 bytes leftover after parsing attributes in process `syz.1.573'.
[  354.000601][ T5922] usb 4-1: config 0 descriptor??
[  354.126000][ T7753] FAULT_INJECTION: forcing a failure.
[  354.126000][ T7753] name failslab, interval 1, probability 0, space 0, times 0
[  354.194244][ T7755] netlink: 'syz.0.574': attribute type 3 has an invalid length.
[  354.200268][ T7753] CPU: 0 UID: 0 PID: 7753 Comm: syz.1.575 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  354.200295][ T7753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  354.200305][ T7753] Call Trace:
[  354.200313][ T7753]  <TASK>
[  354.200320][ T7753]  dump_stack_lvl+0x189/0x250
[  354.200344][ T7753]  ? __pfx____ratelimit+0x10/0x10
[  354.200369][ T7753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.200387][ T7753]  ? __pfx__printk+0x10/0x10
[  354.200414][ T7753]  ? __pfx___might_resched+0x10/0x10
[  354.200432][ T7753]  ? fs_reclaim_acquire+0x7d/0x100
[  354.200454][ T7753]  should_fail_ex+0x414/0x560
[  354.200482][ T7753]  should_failslab+0xa8/0x100
[  354.200507][ T7753]  __kmalloc_cache_noprof+0x70/0x3d0
[  354.200530][ T7753]  ? rtnl_newlink+0xed/0x1c70
[  354.200545][ T7753]  ? kasan_save_free_info+0x46/0x50
[  354.200566][ T7753]  rtnl_newlink+0xed/0x1c70
[  354.200581][ T7753]  ? netlink_sendmsg+0x805/0xb30
[  354.200598][ T7753]  ? __sock_sendmsg+0x21c/0x270
[  354.200619][ T7753]  ? ____sys_sendmsg+0x505/0x830
[  354.200637][ T7753]  ? ___sys_sendmsg+0x21f/0x2a0
[  354.200654][ T7753]  ? __x64_sys_sendmsg+0x19b/0x260
[  354.200676][ T7753]  ? do_syscall_64+0xfa/0x3b0
[  354.200691][ T7753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.200715][ T7753]  ? __pfx_rtnl_newlink+0x10/0x10
[  354.200755][ T7753]  ? kasan_quarantine_put+0xdd/0x220
[  354.200775][ T7753]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.200804][ T7753]  ? nlmon_xmit+0xb0/0x100
[  354.200819][ T7753]  ? kmem_cache_free+0x18f/0x400
[  354.200848][ T7753]  ? __local_bh_enable_ip+0x12d/0x1c0
[  354.200874][ T7753]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.200897][ T7753]  ? __local_bh_enable_ip+0x12d/0x1c0
[  354.200914][ T7753]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  354.200935][ T7753]  ? __dev_queue_xmit+0x27e/0x3a70
[  354.200957][ T7753]  ? __dev_queue_xmit+0x27e/0x3a70
[  354.200976][ T7753]  ? __dev_queue_xmit+0x27e/0x3a70
[  354.200998][ T7753]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  354.201024][ T7753]  ? __lock_acquire+0xab9/0xd20
[  354.201065][ T7753]  ? __pfx_rtnl_newlink+0x10/0x10
[  354.201081][ T7753]  rtnetlink_rcv_msg+0x7cf/0xb70
[  354.201102][ T7753]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  354.201119][ T7753]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  354.201133][ T7753]  ? ref_tracker_free+0x63a/0x7d0
[  354.201154][ T7753]  ? __copy_skb_header+0xa7/0x550
[  354.201176][ T7753]  ? __pfx_ref_tracker_free+0x10/0x10
[  354.201210][ T7753]  netlink_rcv_skb+0x208/0x470
[  354.201231][ T7753]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  354.201249][ T7753]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  354.201281][ T7753]  ? netlink_deliver_tap+0x2e/0x1b0
[  354.201298][ T7753]  ? netlink_deliver_tap+0x2e/0x1b0
[  354.201322][ T7753]  netlink_unicast+0x75b/0x8d0
[  354.201350][ T7753]  netlink_sendmsg+0x805/0xb30
[  354.201379][ T7753]  ? __pfx_netlink_sendmsg+0x10/0x10
[  354.201406][ T7753]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  354.201427][ T7753]  ? __pfx_netlink_sendmsg+0x10/0x10
[  354.201447][ T7753]  __sock_sendmsg+0x21c/0x270
[  354.201474][ T7753]  ____sys_sendmsg+0x505/0x830
[  354.201500][ T7753]  ? __pfx_____sys_sendmsg+0x10/0x10
[  354.201530][ T7753]  ? import_iovec+0x74/0xa0
[  354.201552][ T7753]  ___sys_sendmsg+0x21f/0x2a0
[  354.201575][ T7753]  ? __pfx____sys_sendmsg+0x10/0x10
[  354.201631][ T7753]  ? __fget_files+0x2a/0x420
[  354.201646][ T7753]  ? __fget_files+0x3a0/0x420
[  354.201671][ T7753]  __x64_sys_sendmsg+0x19b/0x260
[  354.201695][ T7753]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  354.201724][ T7753]  ? __pfx_ksys_write+0x10/0x10
[  354.201743][ T7753]  ? rcu_is_watching+0x15/0xb0
[  354.201767][ T7753]  ? do_syscall_64+0xbe/0x3b0
[  354.201786][ T7753]  do_syscall_64+0xfa/0x3b0
[  354.201800][ T7753]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.201822][ T7753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.201838][ T7753]  ? clear_bhb_loop+0x60/0xb0
[  354.201858][ T7753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  354.201880][ T7753] RIP: 0033:0x7f38ad38e929
[  354.201897][ T7753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  354.201911][ T7753] RSP: 002b:00007f38ae226038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  354.201932][ T7753] RAX: ffffffffffffffda RBX: 00007f38ad5b5fa0 RCX: 00007f38ad38e929
[  354.201944][ T7753] RDX: 0000000004008050 RSI: 0000200000000280 RDI: 0000000000000003
[  354.201954][ T7753] RBP: 00007f38ae226090 R08: 0000000000000000 R09: 0000000000000000
[  354.201964][ T7753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  354.201974][ T7753] R13: 0000000000000000 R14: 00007f38ad5b5fa0 R15: 00007ffdcc2d31e8
[  354.202003][ T7753]  </TASK>
[  354.622098][ T5942] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  354.675707][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0
[  354.690518][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0
[  354.699462][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0
[  354.711091][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0
[  354.718649][ T5922] magicmouse 0003:05AC:0265.0006: unknown main item tag 0x0
[  354.769771][ T5922] magicmouse 0003:05AC:0265.0006: unbalanced collection at end of report description
[  354.796273][ T5922] magicmouse 0003:05AC:0265.0006: magicmouse hid parse failed
[  354.841690][ T5922] magicmouse 0003:05AC:0265.0006: probe with driver magicmouse failed with error -22
[  354.857921][ T7763] overlayfs: failed to resolve '/0': -2
[  354.943275][ T5942] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  354.952204][ T5942] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  354.966800][ T5942] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  354.976320][ T5942] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  354.994968][ T5942] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  354.997338][ T5922] usb 4-1: USB disconnect, device number 20
[  355.008355][ T5942] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  355.027934][ T5942] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  355.047414][ T5942] usb 3-1: Product: syz
[  355.063504][ T5942] usb 3-1: Manufacturer: syz
[  355.110557][ T5942] cdc_wdm 3-1:1.0: skipping garbage
[  355.119372][ T5942] cdc_wdm 3-1:1.0: skipping garbage
[  355.153736][ T5942] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  355.160916][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  355.175943][ T5942] cdc_wdm 3-1:1.0: Unknown control protocol
[  355.348716][ T5942] usb 3-1: USB disconnect, device number 11
[  355.357022][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.372919][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  355.396438][    T9] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  355.399414][ T7773] FAULT_INJECTION: forcing a failure.
[  355.399414][ T7773] name failslab, interval 1, probability 0, space 0, times 0
[  355.406113][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.427873][ T7773] CPU: 1 UID: 0 PID: 7773 Comm: syz.4.581 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  355.427909][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  355.427921][ T7773] Call Trace:
[  355.427929][ T7773]  <TASK>
[  355.427937][ T7773]  dump_stack_lvl+0x189/0x250
[  355.427964][ T7773]  ? __pfx____ratelimit+0x10/0x10
[  355.427992][ T7773]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.428013][ T7773]  ? __pfx__printk+0x10/0x10
[  355.428040][ T7773]  ? __kernel_text_address+0xd/0x40
[  355.428068][ T7773]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  355.428092][ T7773]  ? arch_stack_walk+0xfc/0x150
[  355.428118][ T7773]  should_fail_ex+0x414/0x560
[  355.428149][ T7773]  should_failslab+0xa8/0x100
[  355.428179][ T7773]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  355.428206][ T7773]  ? __alloc_skb+0x112/0x2d0
[  355.428224][ T7773]  ? stack_depot_save_flags+0x40/0x900
[  355.428255][ T7773]  __alloc_skb+0x112/0x2d0
[  355.428281][ T7773]  __pskb_copy_fclone+0xa8/0xfb0
[  355.428323][ T7773]  tipc_msg_reassemble+0x10b/0x3b0
[  355.428349][ T7773]  tipc_mcast_xmit+0x1f0/0x1850
[  355.428389][ T7773]  ? __pfx_tipc_mcast_xmit+0x10/0x10
[  355.428419][ T7773]  ? _copy_from_iter+0x308/0x16f0
[  355.428442][ T7773]  ? rcu_is_watching+0x15/0xb0
[  355.428465][ T7773]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  355.428492][ T7773]  ? __pfx__copy_from_iter+0x10/0x10
[  355.428514][ T7773]  ? __build_skb_around+0x257/0x3e0
[  355.428538][ T7773]  ? tipc_msg_build+0x400/0xcf0
[  355.428583][ T7773]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  355.428625][ T7773]  ? tipc_group_bc_cong+0x15f/0x210
[  355.428655][ T7773]  tipc_send_group_bcast+0x79e/0xa70
[  355.428705][ T7773]  ? __pfx_tipc_send_group_bcast+0x10/0x10
[  355.428746][ T7773]  ? __pfx_woken_wake_function+0x10/0x10
[  355.428776][ T7773]  ? process_measurement+0x72d/0x1a40
[  355.428806][ T7773]  __tipc_sendmsg+0x2d7/0x2960
[  355.428854][ T7773]  ? __pfx___tipc_sendmsg+0x10/0x10
[  355.428887][ T7773]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  355.428913][ T7773]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  355.428955][ T7773]  ? __lock_acquire+0xab9/0xd20
[  355.428979][ T7773]  ? __lock_acquire+0xab9/0xd20
[  355.429018][ T7773]  ? __lock_acquire+0xab9/0xd20
[  355.429051][ T7773]  ? __local_bh_enable_ip+0x12d/0x1c0
[  355.429071][ T7773]  ? lockdep_hardirqs_on+0x9c/0x150
[  355.429099][ T7773]  ? __local_bh_enable_ip+0x12d/0x1c0
[  355.429118][ T7773]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  355.429149][ T7773]  tipc_sendmsg+0x55/0x70
[  355.429175][ T7773]  ? __pfx_tipc_sendmsg+0x10/0x10
[  355.429200][ T7773]  __sock_sendmsg+0x21c/0x270
[  355.429233][ T7773]  ____sys_sendmsg+0x505/0x830
[  355.429262][ T7773]  ? __pfx_____sys_sendmsg+0x10/0x10
[  355.429297][ T7773]  ? import_iovec+0x74/0xa0
[  355.429322][ T7773]  ___sys_sendmsg+0x21f/0x2a0
[  355.429347][ T7773]  ? __pfx____sys_sendmsg+0x10/0x10
[  355.429414][ T7773]  ? __fget_files+0x2a/0x420
[  355.429430][ T7773]  ? __fget_files+0x3a0/0x420
[  355.429460][ T7773]  __x64_sys_sendmsg+0x19b/0x260
[  355.429486][ T7773]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  355.429521][ T7773]  ? __pfx_ksys_write+0x10/0x10
[  355.429543][ T7773]  ? rcu_is_watching+0x15/0xb0
[  355.429569][ T7773]  ? do_syscall_64+0xbe/0x3b0
[  355.429591][ T7773]  do_syscall_64+0xfa/0x3b0
[  355.429607][ T7773]  ? lockdep_hardirqs_on+0x9c/0x150
[  355.429633][ T7773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.429651][ T7773]  ? clear_bhb_loop+0x60/0xb0
[  355.429675][ T7773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.429692][ T7773] RIP: 0033:0x7f9f8b98e929
[  355.429710][ T7773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.429727][ T7773] RSP: 002b:00007f9f897f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  355.429748][ T7773] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98e929
[  355.429762][ T7773] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[  355.429773][ T7773] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000
[  355.429785][ T7773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.429797][ T7773] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138
[  355.429830][ T7773]  </TASK>
[  355.847639][ T5882] Bluetooth: hci4: link tx timeout
[  355.855737][ T5882] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  355.887805][    T9] usb 2-1: config 0 descriptor??
[  356.240105][ T7784] netlink: 112 bytes leftover after parsing attributes in process `syz.3.586'.
[  356.344550][ T7767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  356.362563][ T7767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  356.466512][   T30] audit: type=1326 audit(1751970547.322:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7787 comm="syz.3.588" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1620f8e929 code=0x0
[  356.522349][ T7794] input: syz1 as /devices/virtual/input/input15
[  356.567635][    T9] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x4
[  356.582551][    T9] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x2
[  356.589848][    T9] hid-steam 0003:28DE:1142.0007: item fetching failed at offset 4/5
[  356.671207][    T9] hid-steam 0003:28DE:1142.0007: steam_probe:parse of hid interface failed
[  356.679951][    T9] hid-steam 0003:28DE:1142.0007: probe with driver hid-steam failed with error -22
[  357.270893][    T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  357.440726][ T7767] comedi comedi3: reset error (fatal)
[  357.457021][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  357.490832][    T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  357.533571][    T9] usb 5-1: New USB device found, idVendor=eb1a, idProduct=2800, bcdDevice=8c.f6
[  357.553786][    T9] usb 5-1: New USB device strings: Mfr=3, Product=2, SerialNumber=13
[  357.614568][    T9] usb 5-1: Product: syz
[  357.618822][    T9] usb 5-1: Manufacturer: syz
[  357.644099][    T9] usb 5-1: SerialNumber: syz
[  357.669931][    T9] usb 5-1: config 0 descriptor??
[  357.876716][ T7822] netlink: 112 bytes leftover after parsing attributes in process `syz.2.598'.
[  357.914008][ T7806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.923169][ T5874] Bluetooth: hci4: command 0x0406 tx timeout
[  357.948836][ T7806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  358.068381][ T7806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.105963][ T7806] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  358.209305][ T7834] FAULT_INJECTION: forcing a failure.
[  358.209305][ T7834] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  358.223930][ T7834] CPU: 0 UID: 0 PID: 7834 Comm: syz.0.600 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  358.223957][ T7834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  358.223968][ T7834] Call Trace:
[  358.223976][ T7834]  <TASK>
[  358.223984][ T7834]  dump_stack_lvl+0x189/0x250
[  358.224010][ T7834]  ? __pfx____ratelimit+0x10/0x10
[  358.224047][ T7834]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.224067][ T7834]  ? __pfx__printk+0x10/0x10
[  358.224087][ T7834]  ? __pfx_copy_data+0x10/0x10
[  358.224106][ T7834]  should_fail_ex+0x414/0x560
[  358.224125][ T7834]  _copy_to_user+0x31/0xb0
[  358.224138][ T7834]  ? __pfx_virtio_read+0x10/0x10
[  358.224151][ T7834]  rng_dev_read+0x3f2/0x770
[  358.224168][ T7834]  ? __pfx_rng_dev_read+0x10/0x10
[  358.224185][ T7834]  ? bpf_lsm_file_permission+0x9/0x20
[  358.224195][ T7834]  ? security_file_permission+0x75/0x290
[  358.224212][ T7834]  ? rw_verify_area+0x258/0x650
[  358.224229][ T7834]  vfs_readv+0x5a7/0x850
[  358.224240][ T7834]  ? __pfx_rng_dev_read+0x10/0x10
[  358.224255][ T7834]  ? __pfx_vfs_readv+0x10/0x10
[  358.224275][ T7834]  ? __fget_files+0x2a/0x420
[  358.224288][ T7834]  ? __fget_files+0x3a0/0x420
[  358.224297][ T7834]  ? __fget_files+0x2a/0x420
[  358.224312][ T7834]  __x64_sys_preadv+0x197/0x2a0
[  358.224329][ T7834]  ? __pfx___x64_sys_preadv+0x10/0x10
[  358.224349][ T7834]  ? do_syscall_64+0xbe/0x3b0
[  358.224361][ T7834]  do_syscall_64+0xfa/0x3b0
[  358.224370][ T7834]  ? lockdep_hardirqs_on+0x9c/0x150
[  358.224385][ T7834]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.224396][ T7834]  ? clear_bhb_loop+0x60/0xb0
[  358.224409][ T7834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.224419][ T7834] RIP: 0033:0x7f46cd18e929
[  358.224431][ T7834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.224440][ T7834] RSP: 002b:00007f46ce019038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  358.224453][ T7834] RAX: ffffffffffffffda RBX: 00007f46cd3b6080 RCX: 00007f46cd18e929
[  358.224461][ T7834] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004
[  358.224468][ T7834] RBP: 00007f46ce019090 R08: 0000000000000000 R09: 0000000000000000
[  358.224475][ T7834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  358.224482][ T7834] R13: 0000000000000000 R14: 00007f46cd3b6080 R15: 00007ffdba3f25d8
[  358.224499][ T7834]  </TASK>
[  358.559181][ T5942] usb 5-1: USB disconnect, device number 16
[  358.577431][ T5975] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  358.784416][ T6037] usb 2-1: USB disconnect, device number 19
[  358.996535][ T5975] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  359.421447][ T5975] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  359.465250][ T5975] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  359.527425][ T5975] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  359.626765][ T5975] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  360.256623][ T5975] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  360.290801][ T5975] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  360.298867][ T5975] usb 3-1: Product: syz
[  360.308551][ T5975] usb 3-1: Manufacturer: syz
[  360.391731][ T5975] cdc_wdm 3-1:1.0: skipping garbage
[  360.397020][ T5975] cdc_wdm 3-1:1.0: skipping garbage
[  360.451755][ T5975] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  360.466209][ T5975] cdc_wdm 3-1:1.0: Unknown control protocol
[  360.641244][ T7860] FAULT_INJECTION: forcing a failure.
[  360.641244][ T7860] name failslab, interval 1, probability 0, space 0, times 0
[  360.654319][ T7860] CPU: 0 UID: 0 PID: 7860 Comm: syz.3.606 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  360.654345][ T7860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  360.654355][ T7860] Call Trace:
[  360.654361][ T7860]  <TASK>
[  360.654366][ T7860]  dump_stack_lvl+0x189/0x250
[  360.654384][ T7860]  ? __pfx____ratelimit+0x10/0x10
[  360.654402][ T7860]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.654414][ T7860]  ? __pfx__printk+0x10/0x10
[  360.654430][ T7860]  ? __pfx___might_resched+0x10/0x10
[  360.654442][ T7860]  ? fs_reclaim_acquire+0x7d/0x100
[  360.654458][ T7860]  should_fail_ex+0x414/0x560
[  360.654477][ T7860]  should_failslab+0xa8/0x100
[  360.654494][ T7860]  __kmalloc_noprof+0xcb/0x4f0
[  360.654508][ T7860]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  360.654528][ T7860]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  360.654548][ T7860]  genl_start+0x180/0x6c0
[  360.654562][ T7860]  ? __rcu_read_unlock+0x84/0xe0
[  360.654583][ T7860]  __netlink_dump_start+0x469/0x7e0
[  360.654601][ T7860]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  360.654620][ T7860]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  360.654634][ T7860]  ? genl_get_cmd+0x67f/0x910
[  360.654650][ T7860]  ? __pfx___mutex_lock+0x10/0x10
[  360.654662][ T7860]  ? __pfx_genl_start+0x10/0x10
[  360.654675][ T7860]  ? __pfx_genl_dumpit+0x10/0x10
[  360.654688][ T7860]  ? __pfx_genl_done+0x10/0x10
[  360.654704][ T7860]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  360.654726][ T7860]  genl_rcv_msg+0x5da/0x790
[  360.654749][ T7860]  ? __pfx_genl_rcv_msg+0x10/0x10
[  360.654764][ T7860]  ? __pfx_tipc_nl_node_dump_monitor_peer+0x10/0x10
[  360.654786][ T7860]  netlink_rcv_skb+0x208/0x470
[  360.654799][ T7860]  ? __pfx_genl_rcv_msg+0x10/0x10
[  360.654815][ T7860]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  360.654839][ T7860]  ? down_read+0x1ad/0x2e0
[  360.654852][ T7860]  genl_rcv+0x28/0x40
[  360.654865][ T7860]  netlink_unicast+0x75b/0x8d0
[  360.654884][ T7860]  netlink_sendmsg+0x805/0xb30
[  360.654903][ T7860]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.654922][ T7860]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  360.654936][ T7860]  ? __pfx_netlink_sendmsg+0x10/0x10
[  360.654949][ T7860]  __sock_sendmsg+0x21c/0x270
[  360.654968][ T7860]  ____sys_sendmsg+0x505/0x830
[  360.654992][ T7860]  ? __pfx_____sys_sendmsg+0x10/0x10
[  360.655012][ T7860]  ? import_iovec+0x74/0xa0
[  360.655027][ T7860]  ___sys_sendmsg+0x21f/0x2a0
[  360.655043][ T7860]  ? __pfx____sys_sendmsg+0x10/0x10
[  360.655080][ T7860]  ? __fget_files+0x2a/0x420
[  360.655090][ T7860]  ? __fget_files+0x3a0/0x420
[  360.655107][ T7860]  __x64_sys_sendmsg+0x19b/0x260
[  360.655122][ T7860]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  360.655152][ T7860]  do_syscall_64+0xfa/0x3b0
[  360.655164][ T7860]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.655174][ T7860]  ? asm_sysvec_call_function_single+0x1a/0x20
[  360.655185][ T7860]  ? clear_bhb_loop+0x60/0xb0
[  360.655198][ T7860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.655209][ T7860] RIP: 0033:0x7f1620f8e929
[  360.655220][ T7860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.655230][ T7860] RSP: 002b:00007f161edd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  360.655244][ T7860] RAX: ffffffffffffffda RBX: 00007f16211b6160 RCX: 00007f1620f8e929
[  360.655252][ T7860] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000005
[  360.655259][ T7860] RBP: 00007f161edd5090 R08: 0000000000000000 R09: 0000000000000000
[  360.655265][ T7860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.655272][ T7860] R13: 0000000000000000 R14: 00007f16211b6160 R15: 00007ffca6d652f8
[  360.655290][ T7860]  </TASK>
[  361.417935][    T9] usb 3-1: USB disconnect, device number 12
[  364.088242][ T7911] 9pnet: Could not find request transport: fd0x0000000000000003
[  366.176011][ T5975] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  366.422667][    T9] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[  366.542808][ T5975] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  366.558936][ T5975] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  366.962679][ T5975] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  367.340797][ T5975] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  367.364917][ T5975] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  367.379591][ T5975] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  367.391489][    T9] usb 4-1: too many configurations: 152, using maximum allowed: 8
[  367.401413][ T5975] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  367.409471][ T5975] usb 1-1: Product: syz
[  367.416174][    T9] usb 4-1: unable to read config index 0 descriptor/start: -61
[  367.425024][ T7959] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  367.436120][ T7959] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  367.452509][ T5975] usb 1-1: Manufacturer: syz
[  367.460561][ T7959] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  367.460645][    T9] usb 4-1: can't read configurations, error -61
[  367.467754][ T7959] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  367.517076][ T5975] cdc_wdm 1-1:1.0: skipping garbage
[  367.536833][ T7959] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  367.547589][ T7959] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  367.555986][ T7959] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  367.562161][ T7959] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  367.571754][ T7959] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  367.661109][ T5975] cdc_wdm 1-1:1.0: skipping garbage
[  367.673339][ T5975] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  367.679313][ T5975] cdc_wdm 1-1:1.0: Unknown control protocol
[  367.681785][    T9] usb 4-1: new low-speed USB device number 22 using dummy_hcd
[  367.719214][ T7964] FAULT_INJECTION: forcing a failure.
[  367.719214][ T7964] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.734644][ T5975] usb 1-1: USB disconnect, device number 14
[  367.742276][ T7964] CPU: 0 UID: 0 PID: 7964 Comm: syz.4.627 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  367.742301][ T7964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  367.742311][ T7964] Call Trace:
[  367.742318][ T7964]  <TASK>
[  367.742325][ T7964]  dump_stack_lvl+0x189/0x250
[  367.742351][ T7964]  ? __pfx____ratelimit+0x10/0x10
[  367.742377][ T7964]  ? __pfx_dump_stack_lvl+0x10/0x10
[  367.742397][ T7964]  ? __pfx__printk+0x10/0x10
[  367.742434][ T7964]  should_fail_ex+0x414/0x560
[  367.742466][ T7964]  _copy_to_user+0x31/0xb0
[  367.742491][ T7964]  simple_read_from_buffer+0xe1/0x170
[  367.742522][ T7964]  proc_fail_nth_read+0x1df/0x250
[  367.742545][ T7964]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  367.742568][ T7964]  ? rw_verify_area+0x258/0x650
[  367.742590][ T7964]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  367.742610][ T7964]  vfs_read+0x1fd/0x980
[  367.742640][ T7964]  ? __pfx___mutex_lock+0x10/0x10
[  367.742658][ T7964]  ? __pfx_vfs_read+0x10/0x10
[  367.742682][ T7964]  ? __fget_files+0x2a/0x420
[  367.742703][ T7964]  ? __fget_files+0x3a0/0x420
[  367.742718][ T7964]  ? __fget_files+0x2a/0x420
[  367.742746][ T7964]  ksys_read+0x145/0x250
[  367.742771][ T7964]  ? __pfx_ksys_read+0x10/0x10
[  367.742791][ T7964]  ? rcu_is_watching+0x15/0xb0
[  367.742817][ T7964]  ? do_syscall_64+0xbe/0x3b0
[  367.742838][ T7964]  do_syscall_64+0xfa/0x3b0
[  367.742854][ T7964]  ? lockdep_hardirqs_on+0x9c/0x150
[  367.742878][ T7964]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.742895][ T7964]  ? clear_bhb_loop+0x60/0xb0
[  367.742917][ T7964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.742942][ T7964] RIP: 0033:0x7f9f8b98d33c
[  367.742961][ T7964] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  367.742975][ T7964] RSP: 002b:00007f9f897f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  367.742996][ T7964] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98d33c
[  367.743009][ T7964] RDX: 000000000000000f RSI: 00007f9f897f60a0 RDI: 0000000000000006
[  367.743021][ T7964] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000
[  367.743030][ T7964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.743041][ T7964] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138
[  367.743072][ T7964]  </TASK>
[  368.181606][    T9] usb 4-1: too many configurations: 152, using maximum allowed: 8
[  368.191918][    T9] usb 4-1: unable to read config index 0 descriptor/start: -61
[  368.199542][    T9] usb 4-1: can't read configurations, error -61
[  368.206341][    T9] usb usb4-port1: attempt power cycle
[  368.511196][ T7973] 9pnet: Could not find request transport: fd0x0000000000000003
[  368.559946][    T9] usb 4-1: new low-speed USB device number 23 using dummy_hcd
[  368.617593][    T9] usb 4-1: too many configurations: 152, using maximum allowed: 8
[  369.441011][ T5882] Bluetooth: hci0: command 0x0406 tx timeout
[  369.521496][ T5882] Bluetooth: hci1: command 0x0406 tx timeout
[  369.593284][    T9] usb 4-1: unable to read config index 0 descriptor/start: -71
[  369.604033][ T5874] Bluetooth: hci3: command 0x0406 tx timeout
[  369.610129][ T5874] Bluetooth: hci2: command 0x0406 tx timeout
[  369.616854][ T5882] Bluetooth: hci4: command 0x0406 tx timeout
[  369.629533][    T9] usb 4-1: can't read configurations, error -71
[  369.791419][ T7994] netlink: 44 bytes leftover after parsing attributes in process `syz.4.633'.
[  369.861040][ T1207] usb 1-1: new full-speed USB device number 15 using dummy_hcd
[  369.955144][ T7997] MPI: mpi too large (128392 bits)
[  369.994365][ T7997] netlink: 8 bytes leftover after parsing attributes in process `syz.3.636'.
[  370.024688][ T1207] usb 1-1: device descriptor read/64, error -71
[  370.281231][ T1207] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  370.420859][ T1207] usb 1-1: device descriptor read/64, error -71
[  370.544352][ T1207] usb usb1-port1: attempt power cycle
[  370.830810][ T5975] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  371.035428][ T1207] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  371.068140][ T1207] usb 1-1: device descriptor read/8, error -71
[  371.083055][ T5975] usb 3-1: Using ep0 maxpacket: 16
[  371.114620][ T5975] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.201129][ T5975] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  371.221615][ T5975] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  371.232499][ T5975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.242645][ T5975] usb 3-1: config 0 descriptor??
[  371.371150][ T1207] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  371.413843][ T1207] usb 1-1: device descriptor read/8, error -71
[  371.521216][ T5882] Bluetooth: hci0: command 0x0406 tx timeout
[  371.542631][ T1207] usb usb1-port1: unable to enumerate USB device
[  371.601491][ T5882] Bluetooth: hci1: command 0x0406 tx timeout
[  371.608355][ T8028] 9pnet: Could not find request transport: fd0x0000000000000003
[  371.671275][   T44] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  371.682002][ T5882] Bluetooth: hci2: command 0x0406 tx timeout
[  371.689244][ T5874] Bluetooth: hci3: command 0x0406 tx timeout
[  371.847518][ T5975] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  371.871507][   T44] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  371.880274][   T44] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  371.899309][ T5975] microsoft 0003:045E:07DA.0008: no inputs found
[  371.909936][ T5975] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway
[  371.923283][   T44] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  371.945071][   T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  371.973406][   T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  371.984780][ T6037] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  372.014958][   T44] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  372.024590][   T44] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  372.039182][   T44] usb 5-1: Product: syz
[  372.046241][   T44] usb 5-1: Manufacturer: syz
[  372.101578][   T44] cdc_wdm 5-1:1.0: skipping garbage
[  372.121298][   T44] cdc_wdm 5-1:1.0: skipping garbage
[  372.148048][   T44] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  372.154638][ T6037] usb 2-1: device descriptor read/64, error -71
[  372.170218][   T44] cdc_wdm 5-1:1.0: Unknown control protocol
[  372.312206][   T44] usb 5-1: USB disconnect, device number 17
[  372.401343][ T6037] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  372.550850][ T6037] usb 2-1: device descriptor read/64, error -71
[  372.613303][ T8060] netlink: 112 bytes leftover after parsing attributes in process `syz.0.649'.
[  372.671488][ T6037] usb usb2-port1: attempt power cycle
[  373.756905][ T8067] MPI: mpi too large (128392 bits)
[  373.775006][ T8067] netlink: 8 bytes leftover after parsing attributes in process `syz.4.651'.
[  373.792792][ T8069] 9pnet_fd: Insufficient options for proto=fd
[  374.121629][ T6037] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  374.401287][ T6037] usb 2-1: device descriptor read/8, error -71
[  375.054557][ T5942] usb 3-1: USB disconnect, device number 13
[  375.070854][ T6037] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  375.190352][ T8086] 9pnet_fd: Insufficient options for proto=fd
[  375.310782][ T6037] usb 2-1: device descriptor read/8, error -71
[  375.471156][ T6037] usb usb2-port1: unable to enumerate USB device
[  375.865891][ T8104] netlink: 112 bytes leftover after parsing attributes in process `syz.2.660'.
[  377.021182][   T44] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  377.977841][ T8123] MPI: mpi too large (128392 bits)
[  377.990850][   T44] usb 1-1: Using ep0 maxpacket: 8
[  378.000883][ T8123] netlink: 8 bytes leftover after parsing attributes in process `syz.2.665'.
[  378.029280][   T44] usb 1-1: config 5 has an invalid interface number: 35 but max is 0
[  378.053660][   T44] usb 1-1: config 5 has no interface number 0
[  378.071152][   T44] usb 1-1: config 5 interface 35 altsetting 10 endpoint 0x5 has an invalid bInterval 64, changing to 10
[  378.071815][ T5942] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  378.104511][   T44] usb 1-1: config 5 interface 35 has no altsetting 0
[  378.142269][   T44] usb 1-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b
[  378.159055][   T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.179554][   T44] usb 1-1: Product: syz
[  378.183978][   T44] usb 1-1: Manufacturer: syz
[  378.188742][   T44] usb 1-1: SerialNumber: syz
[  378.253628][ T5942] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  378.277358][ T5942] usb 5-1: New USB device found, idVendor=1943, idProduct=2255, bcdDevice=13.03
[  378.300949][ T5942] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.309015][ T5942] usb 5-1: Product: syz
[  378.341161][ T5942] usb 5-1: Manufacturer: syz
[  378.345922][ T5942] usb 5-1: SerialNumber: syz
[  378.363791][ T8127] FAULT_INJECTION: forcing a failure.
[  378.363791][ T8127] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.385893][ T5942] usb 5-1: config 0 descriptor??
[  378.387963][ T8127] CPU: 1 UID: 0 PID: 8127 Comm: syz.1.666 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  378.387988][ T8127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  378.387998][ T8127] Call Trace:
[  378.388005][ T8127]  <TASK>
[  378.388013][ T8127]  dump_stack_lvl+0x189/0x250
[  378.388038][ T8127]  ? __pfx____ratelimit+0x10/0x10
[  378.388066][ T8127]  ? __pfx_dump_stack_lvl+0x10/0x10
[  378.388114][ T8127]  ? __pfx__printk+0x10/0x10
[  378.388136][ T8127]  ? __might_fault+0xb0/0x130
[  378.388170][ T8127]  should_fail_ex+0x414/0x560
[  378.388198][ T8127]  _copy_from_user+0x2d/0xb0
[  378.388217][ T8127]  ___sys_recvmsg+0x12e/0x510
[  378.388245][ T8127]  ? __pfx____sys_recvmsg+0x10/0x10
[  378.388297][ T8127]  ? __might_fault+0xb0/0x130
[  378.388323][ T8127]  do_recvmmsg+0x307/0x770
[  378.388353][ T8127]  ? __pfx_do_recvmmsg+0x10/0x10
[  378.388386][ T8127]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  378.388420][ T8127]  __x64_sys_recvmmsg+0x190/0x240
[  378.388444][ T8127]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  378.388463][ T8127]  ? rcu_is_watching+0x15/0xb0
[  378.388487][ T8127]  ? do_syscall_64+0xbe/0x3b0
[  378.388506][ T8127]  do_syscall_64+0xfa/0x3b0
[  378.388520][ T8127]  ? lockdep_hardirqs_on+0x9c/0x150
[  378.388542][ T8127]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.388558][ T8127]  ? clear_bhb_loop+0x60/0xb0
[  378.388577][ T8127]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.388592][ T8127] RIP: 0033:0x7f38ad38e929
[  378.388608][ T8127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  378.388622][ T8127] RSP: 002b:00007f38ae226038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  378.388642][ T8127] RAX: ffffffffffffffda RBX: 00007f38ad5b5fa0 RCX: 00007f38ad38e929
[  378.388654][ T8127] RDX: 0400000000000284 RSI: 0000200000000040 RDI: 0000000000000003
[  378.388665][ T8127] RBP: 00007f38ae226090 R08: 0000000000000000 R09: 0000000000000000
[  378.388675][ T8127] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  378.388685][ T8127] R13: 0000000000000000 R14: 00007f38ad5b5fa0 R15: 00007ffdcc2d31e8
[  378.388713][ T8127]  </TASK>
[  378.767530][ T5942] s2255 5-1:0.0: Could not find bulk-in endpoint
[  378.808741][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  378.826921][ T5942] Sensoray 2255 driver load failed: 0xfffffff4
[  378.864686][ T5942] s2255 5-1:0.0: probe with driver s2255 failed with error -12
[  378.987493][ T8115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.997436][ T8115] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.051024][    T9] usb 5-1: USB disconnect, device number 18
[  379.125194][ T8149] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  379.283112][ T5942] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  379.474530][   T44] ttusbir 1-1:5.35: cannot find expected altsetting
[  379.490948][ T5942] usb 2-1: Using ep0 maxpacket: 32
[  379.498228][ T5942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 147, changing to 11
[  379.538045][ T5942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42046, setting to 1024
[  379.551116][   T44] usb 1-1: USB disconnect, device number 19
[  379.624024][ T5942] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  379.659753][ T8158] netlink: 28 bytes leftover after parsing attributes in process `syz.3.672'.
[  379.670823][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.722858][ T8158] netlink: 'syz.3.672': attribute type 7 has an invalid length.
[  379.751250][ T5942] usb 2-1: config 0 descriptor??
[  379.764860][ T8146] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  379.774193][ T8158] netlink: 'syz.3.672': attribute type 8 has an invalid length.
[  379.830585][ T5942] hub 2-1:0.0: USB hub found
[  379.855687][ T8158] netlink: 4 bytes leftover after parsing attributes in process `syz.3.672'.
[  380.094809][ T5942] hub 2-1:0.0: 1 port detected
[  380.163839][ T8172] smk_cipso_doi:692 cipso add rc = -22
[  380.220724][ T8172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.676'.
[  380.231354][ T8172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.676'.
[  380.265873][ T5815] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  380.780788][ T5815] usb 4-1: Using ep0 maxpacket: 32
[  380.838809][ T5815] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  380.899850][ T5815] usb 4-1: config 0 interface 0 has no altsetting 0
[  380.923091][ T5815] usb 4-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00
[  380.984649][ T5815] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.043981][ T5815] usb 4-1: config 0 descriptor??
[  381.112294][ T8174] bridge0: port 2(bridge_slave_1) entered disabled state
[  381.121055][ T8174] bridge0: port 1(bridge_slave_0) entered disabled state
[  381.214599][ T1207] usb 2-1: reset high-speed USB device number 24 using dummy_hcd
[  381.564533][ T8191] sctp: [Deprecated]: syz.0.678 (pid 8191) Use of struct sctp_assoc_value in delayed_ack socket option.
[  381.564533][ T8191] Use struct sctp_sack_info instead
[  382.473851][ T8187] usb 2-1: USB disconnect, device number 24
[  382.503634][ T8195] FAULT_INJECTION: forcing a failure.
[  382.503634][ T8195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  382.517560][ T8195] CPU: 1 UID: 0 PID: 8195 Comm: syz.0.679 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  382.517587][ T8195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  382.517598][ T8195] Call Trace:
[  382.517605][ T8195]  <TASK>
[  382.517613][ T8195]  dump_stack_lvl+0x189/0x250
[  382.517640][ T8195]  ? __pfx____ratelimit+0x10/0x10
[  382.517666][ T8195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  382.517686][ T8195]  ? __pfx__printk+0x10/0x10
[  382.517724][ T8195]  should_fail_ex+0x414/0x560
[  382.517756][ T8195]  _copy_to_user+0x31/0xb0
[  382.517779][ T8195]  simple_read_from_buffer+0xe1/0x170
[  382.517809][ T8195]  proc_fail_nth_read+0x1df/0x250
[  382.517831][ T8195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  382.517854][ T8195]  ? rw_verify_area+0x258/0x650
[  382.517877][ T8195]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  382.517896][ T8195]  vfs_read+0x1fd/0x980
[  382.517924][ T8195]  ? __pfx___mutex_lock+0x10/0x10
[  382.517943][ T8195]  ? __pfx_vfs_read+0x10/0x10
[  382.517967][ T8195]  ? __fget_files+0x2a/0x420
[  382.517989][ T8195]  ? __fget_files+0x3a0/0x420
[  382.518004][ T8195]  ? __fget_files+0x2a/0x420
[  382.518030][ T8195]  ksys_read+0x145/0x250
[  382.518056][ T8195]  ? __pfx_ksys_read+0x10/0x10
[  382.518077][ T8195]  ? rcu_is_watching+0x15/0xb0
[  382.518102][ T8195]  ? do_syscall_64+0xbe/0x3b0
[  382.518123][ T8195]  do_syscall_64+0xfa/0x3b0
[  382.518138][ T8195]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.518163][ T8195]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.518180][ T8195]  ? clear_bhb_loop+0x60/0xb0
[  382.518202][ T8195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.518219][ T8195] RIP: 0033:0x7f46cd18d33c
[  382.518236][ T8195] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  382.518251][ T8195] RSP: 002b:00007f46ce03a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  382.518272][ T8195] RAX: ffffffffffffffda RBX: 00007f46cd3b5fa0 RCX: 00007f46cd18d33c
[  382.518285][ T8195] RDX: 000000000000000f RSI: 00007f46ce03a0a0 RDI: 0000000000000006
[  382.518296][ T8195] RBP: 00007f46ce03a090 R08: 0000000000000000 R09: 0000000000000000
[  382.518307][ T8195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  382.518318][ T8195] R13: 0000000000000000 R14: 00007f46cd3b5fa0 R15: 00007ffdba3f25d8
[  382.518349][ T8195]  </TASK>
[  382.809564][ T8199] MPI: mpi too large (128392 bits)
[  382.815496][ T8199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.680'.
[  383.203671][ T5815] usbhid 4-1:0.0: can't add hid device: -71
[  383.228201][ T5815] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  383.259294][ T5815] usb 4-1: USB disconnect, device number 25
[  383.449294][ T8174] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  383.501909][ T8174] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  383.703620][ T8174] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  383.759824][ T8174] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  383.800871][ T8174] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  383.837919][ T8174] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  384.377490][ T8174] macsec1: left promiscuous mode
[  385.668893][ T8229] FAULT_INJECTION: forcing a failure.
[  385.668893][ T8229] name failslab, interval 1, probability 0, space 0, times 0
[  385.740994][ T8228] netlink: 112 bytes leftover after parsing attributes in process `syz.3.691'.
[  385.793871][ T8229] CPU: 0 UID: 0 PID: 8229 Comm: syz.2.688 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  385.793898][ T8229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  385.793909][ T8229] Call Trace:
[  385.793916][ T8229]  <TASK>
[  385.793924][ T8229]  dump_stack_lvl+0x189/0x250
[  385.793951][ T8229]  ? __pfx____ratelimit+0x10/0x10
[  385.793978][ T8229]  ? __pfx_dump_stack_lvl+0x10/0x10
[  385.793998][ T8229]  ? __pfx__printk+0x10/0x10
[  385.794028][ T8229]  ? __pfx___might_resched+0x10/0x10
[  385.794048][ T8229]  ? fs_reclaim_acquire+0x7d/0x100
[  385.794072][ T8229]  should_fail_ex+0x414/0x560
[  385.794104][ T8229]  should_failslab+0xa8/0x100
[  385.794132][ T8229]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  385.794157][ T8229]  ? __d_alloc+0x31/0x6f0
[  385.794181][ T8229]  __d_alloc+0x31/0x6f0
[  385.794208][ T8229]  d_alloc_pseudo+0x1f/0xb0
[  385.794230][ T8229]  alloc_file_pseudo+0xcc/0x210
[  385.794257][ T8229]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  385.794279][ T8229]  ? shmem_get_inode+0xbc5/0xe90
[  385.794318][ T8229]  __shmem_file_setup+0x284/0x300
[  385.794347][ T8229]  shmem_zero_setup+0x8d/0x130
[  385.794373][ T8229]  mmap_region+0x121e/0x1f30
[  385.794419][ T8229]  ? __pfx_mmap_region+0x10/0x10
[  385.794448][ T8229]  ? is_bpf_text_address+0x26/0x2b0
[  385.794489][ T8229]  ? __lock_acquire+0xab9/0xd20
[  385.794558][ T8229]  ? mm_get_unmapped_area+0xa7/0xd0
[  385.794600][ T8229]  ? bpf_lsm_mmap_addr+0x9/0x20
[  385.794617][ T8229]  ? security_mmap_addr+0x71/0x270
[  385.794653][ T8229]  do_mmap+0xc45/0x10d0
[  385.794692][ T8229]  ? __pfx_do_mmap+0x10/0x10
[  385.794712][ T8229]  ? down_write_killable+0x178/0x230
[  385.794731][ T8229]  ? __pfx_vfs_write+0x10/0x10
[  385.794755][ T8229]  ? __pfx_down_write_killable+0x10/0x10
[  385.794775][ T8229]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  385.794799][ T8229]  vm_mmap_pgoff+0x31b/0x4c0
[  385.794831][ T8229]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  385.794850][ T8229]  ? ksys_write+0x22a/0x250
[  385.794876][ T8229]  ? __pfx_ksys_write+0x10/0x10
[  385.794902][ T8229]  ? rcu_is_watching+0x15/0xb0
[  385.794924][ T8229]  ? ksys_mmap_pgoff+0xf4/0x760
[  385.794948][ T8229]  ? __x64_sys_mmap+0x7f/0x140
[  385.794972][ T8229]  do_syscall_64+0xfa/0x3b0
[  385.794988][ T8229]  ? lockdep_hardirqs_on+0x9c/0x150
[  385.795011][ T8229]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.795028][ T8229]  ? clear_bhb_loop+0x60/0xb0
[  385.795051][ T8229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.795069][ T8229] RIP: 0033:0x7f57bcd8e929
[  385.795085][ T8229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.795101][ T8229] RSP: 002b:00007f57bdb2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  385.795122][ T8229] RAX: ffffffffffffffda RBX: 00007f57bcfb6080 RCX: 00007f57bcd8e929
[  385.795135][ T8229] RDX: 0000000000000000 RSI: 0000000000b36000 RDI: 0000200000000000
[  385.795147][ T8229] RBP: 00007f57bdb2c090 R08: ffffffffffffffff R09: 0000000000001000
[  385.795160][ T8229] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000001
[  385.795171][ T8229] R13: 0000000000000000 R14: 00007f57bcfb6080 R15: 00007ffc07b637c8
[  385.795204][ T8229]  </TASK>
[  386.685652][ T8249] FAULT_INJECTION: forcing a failure.
[  386.685652][ T8249] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.741080][ T8249] CPU: 0 UID: 0 PID: 8249 Comm: syz.2.695 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  386.741109][ T8249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  386.741119][ T8249] Call Trace:
[  386.741126][ T8249]  <TASK>
[  386.741132][ T8249]  dump_stack_lvl+0x189/0x250
[  386.741151][ T8249]  ? __pfx____ratelimit+0x10/0x10
[  386.741169][ T8249]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.741181][ T8249]  ? __pfx__printk+0x10/0x10
[  386.741197][ T8249]  ? __pfx_copy_data+0x10/0x10
[  386.741216][ T8249]  should_fail_ex+0x414/0x560
[  386.741235][ T8249]  _copy_to_user+0x31/0xb0
[  386.741249][ T8249]  ? __pfx_virtio_read+0x10/0x10
[  386.741262][ T8249]  rng_dev_read+0x3f2/0x770
[  386.741279][ T8249]  ? __pfx_rng_dev_read+0x10/0x10
[  386.741296][ T8249]  ? bpf_lsm_file_permission+0x9/0x20
[  386.741307][ T8249]  ? security_file_permission+0x75/0x290
[  386.741323][ T8249]  ? rw_verify_area+0x258/0x650
[  386.741340][ T8249]  vfs_readv+0x5a7/0x850
[  386.741352][ T8249]  ? __pfx_rng_dev_read+0x10/0x10
[  386.741366][ T8249]  ? __pfx_vfs_readv+0x10/0x10
[  386.741386][ T8249]  ? __fget_files+0x2a/0x420
[  386.741399][ T8249]  ? __fget_files+0x3a0/0x420
[  386.741408][ T8249]  ? __fget_files+0x2a/0x420
[  386.741423][ T8249]  __x64_sys_preadv+0x197/0x2a0
[  386.741441][ T8249]  ? __pfx___x64_sys_preadv+0x10/0x10
[  386.741467][ T8249]  ? do_syscall_64+0xbe/0x3b0
[  386.741481][ T8249]  do_syscall_64+0xfa/0x3b0
[  386.741492][ T8249]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.741502][ T8249]  ? asm_sysvec_call_function_single+0x1a/0x20
[  386.741513][ T8249]  ? clear_bhb_loop+0x60/0xb0
[  386.741526][ T8249]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.741536][ T8249] RIP: 0033:0x7f57bcd8e929
[  386.741548][ T8249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.741558][ T8249] RSP: 002b:00007f57bdb2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  386.741572][ T8249] RAX: ffffffffffffffda RBX: 00007f57bcfb6080 RCX: 00007f57bcd8e929
[  386.741580][ T8249] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000004
[  386.741588][ T8249] RBP: 00007f57bdb2c090 R08: 0000000000000000 R09: 0000000000000000
[  386.741594][ T8249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.741601][ T8249] R13: 0000000000000000 R14: 00007f57bcfb6080 R15: 00007ffc07b637c8
[  386.741619][ T8249]  </TASK>
[  387.491180][   T10] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  387.640779][   T10] usb 5-1: Using ep0 maxpacket: 8
[  387.651440][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  387.690013][   T10] usb 5-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54
[  387.767694][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.786403][   T10] usb 5-1: Product: syz
[  387.790873][   T10] usb 5-1: Manufacturer: syz
[  387.801690][   T10] usb 5-1: SerialNumber: syz
[  387.812659][   T10] usb 5-1: config 0 descriptor??
[  387.827510][   T10] cdc_phonet 5-1:0.0: probe with driver cdc_phonet failed with error -22
[  388.039664][ T8253] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.067146][ T8253] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.519439][ T8261] ptrace attach of "./syz-executor exec"[8262] was attempted by "./syz-executor exec"[8261]
[  390.323109][ T8264] block nbd3: NBD_DISCONNECT
[  390.342858][ T8264] block nbd3: Disconnected due to user request.
[  390.349383][ T8264] block nbd3: shutting down sockets
[  390.496582][ T8266] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  390.539278][ T8266] 9pnet_fd: Insufficient options for proto=fd
[  390.702148][ T8270] netlink: 112 bytes leftover after parsing attributes in process `syz.3.703'.
[  390.953410][   T56] usb 5-1: USB disconnect, device number 19
[  391.451584][ T8284] kvm: user requested TSC rate below hardware speed
[  391.585447][ T8288] 8021q: adding VLAN 0 to HW filter on device bond0
[  391.722557][ T8288] bond0: (slave rose0): Enslaving as an active interface with an up link
[  392.247042][ T8299] netlink: 80 bytes leftover after parsing attributes in process `syz.4.712'.
[  392.525803][   T56] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  392.590871][ T5975] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  392.720888][   T56] usb 3-1: Using ep0 maxpacket: 16
[  392.742702][   T56] usb 3-1: unable to get BOS descriptor or descriptor too short
[  392.756879][ T5975] usb 4-1: device descriptor read/64, error -71
[  392.773787][   T56] usb 3-1: config 7 has an invalid interface number: 48 but max is 0
[  392.785037][   T56] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  392.796533][   T56] usb 3-1: config 7 has no interface number 0
[  392.831804][   T56] usb 3-1: config 7 interface 48 has no altsetting 0
[  392.857457][   T56] usb 3-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=56.2c
[  392.880201][   T56] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.940111][   T56] usb 3-1: Product: syz
[  392.960940][   T56] usb 3-1: Manufacturer: syz
[  392.974574][   T56] usb 3-1: SerialNumber: syz
[  393.000798][ T5975] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  393.172505][ T5975] usb 4-1: device descriptor read/64, error -71
[  393.500074][ T5975] usb usb4-port1: attempt power cycle
[  394.894560][ T5975] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  394.941686][ T5975] usb 4-1: device descriptor read/8, error -71
[  395.200798][ T5975] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  395.271687][ T5975] usb 4-1: device descriptor read/8, error -71
[  395.353183][   T56] cdc_phonet 3-1:7.48: probe with driver cdc_phonet failed with error -22
[  395.412834][ T5975] usb usb4-port1: unable to enumerate USB device
[  395.429617][   T56] usb 3-1: USB disconnect, device number 14
[  395.528372][ T8365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.723'.
[  395.726860][ T8368] netlink: 'syz.3.724': attribute type 1 has an invalid length.
[  395.788906][ T8368] netlink: 8 bytes leftover after parsing attributes in process `syz.3.724'.
[  395.920259][ T8368] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  397.583027][ T8402] FAULT_INJECTION: forcing a failure.
[  397.583027][ T8402] name failslab, interval 1, probability 0, space 0, times 0
[  397.659539][ T8402] CPU: 1 UID: 0 PID: 8402 Comm: syz.4.733 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  397.659567][ T8402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  397.659579][ T8402] Call Trace:
[  397.659587][ T8402]  <TASK>
[  397.659595][ T8402]  dump_stack_lvl+0x189/0x250
[  397.659640][ T8402]  ? __pfx____ratelimit+0x10/0x10
[  397.659669][ T8402]  ? __pfx_dump_stack_lvl+0x10/0x10
[  397.659690][ T8402]  ? __pfx__printk+0x10/0x10
[  397.659721][ T8402]  ? __pfx___might_resched+0x10/0x10
[  397.659741][ T8402]  ? fs_reclaim_acquire+0x7d/0x100
[  397.659765][ T8402]  should_fail_ex+0x414/0x560
[  397.659797][ T8402]  should_failslab+0xa8/0x100
[  397.659827][ T8402]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  397.659853][ T8402]  ? __alloc_skb+0x112/0x2d0
[  397.659878][ T8402]  __alloc_skb+0x112/0x2d0
[  397.659903][ T8402]  netlink_ack+0x146/0xa50
[  397.659920][ T8402]  ? __pfx_genl_rcv_msg+0x10/0x10
[  397.659941][ T8402]  ? ref_tracker_free+0x63a/0x7d0
[  397.659970][ T8402]  ? __pfx_ref_tracker_free+0x10/0x10
[  397.660009][ T8402]  netlink_rcv_skb+0x28c/0x470
[  397.660031][ T8402]  ? __pfx_genl_rcv_msg+0x10/0x10
[  397.660058][ T8402]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  397.660100][ T8402]  ? down_read+0x1ad/0x2e0
[  397.660122][ T8402]  genl_rcv+0x28/0x40
[  397.660145][ T8402]  netlink_unicast+0x75b/0x8d0
[  397.660178][ T8402]  netlink_sendmsg+0x805/0xb30
[  397.660211][ T8402]  ? __pfx_netlink_sendmsg+0x10/0x10
[  397.660242][ T8402]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  397.660267][ T8402]  ? __pfx_netlink_sendmsg+0x10/0x10
[  397.660289][ T8402]  __sock_sendmsg+0x21c/0x270
[  397.660320][ T8402]  ____sys_sendmsg+0x505/0x830
[  397.660351][ T8402]  ? __pfx_____sys_sendmsg+0x10/0x10
[  397.660383][ T8402]  ? import_iovec+0x74/0xa0
[  397.660409][ T8402]  ___sys_sendmsg+0x21f/0x2a0
[  397.660435][ T8402]  ? __pfx____sys_sendmsg+0x10/0x10
[  397.660502][ T8402]  ? __fget_files+0x2a/0x420
[  397.660518][ T8402]  ? __fget_files+0x3a0/0x420
[  397.660548][ T8402]  __x64_sys_sendmsg+0x19b/0x260
[  397.660580][ T8402]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  397.660615][ T8402]  ? __pfx_ksys_write+0x10/0x10
[  397.660643][ T8402]  ? rcu_is_watching+0x15/0xb0
[  397.660667][ T8402]  ? do_syscall_64+0xbe/0x3b0
[  397.660688][ T8402]  do_syscall_64+0xfa/0x3b0
[  397.660703][ T8402]  ? lockdep_hardirqs_on+0x9c/0x150
[  397.660726][ T8402]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.660742][ T8402]  ? clear_bhb_loop+0x60/0xb0
[  397.660766][ T8402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.660783][ T8402] RIP: 0033:0x7f9f8b98e929
[  397.660800][ T8402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.660816][ T8402] RSP: 002b:00007f9f897f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  397.660837][ T8402] RAX: ffffffffffffffda RBX: 00007f9f8bbb5fa0 RCX: 00007f9f8b98e929
[  397.660850][ T8402] RDX: 0000000000040080 RSI: 0000200000000a80 RDI: 0000000000000003
[  397.660862][ T8402] RBP: 00007f9f897f6090 R08: 0000000000000000 R09: 0000000000000000
[  397.660873][ T8402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.660884][ T8402] R13: 0000000000000000 R14: 00007f9f8bbb5fa0 R15: 00007ffcfb69b138
[  397.660917][ T8402]  </TASK>
[  398.066059][ T8406] ------------[ cut here ]------------
[  398.071659][ T8406] UBSAN: shift-out-of-bounds in drivers/comedi/drivers/pcl812.c:1152:10
[  398.080202][ T8406] shift exponent 32 is too large for 32-bit type 'int'
[  398.092014][ T8406] CPU: 1 UID: 0 PID: 8406 Comm: syz.2.735 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  398.092044][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  398.092056][ T8406] Call Trace:
[  398.092065][ T8406]  <TASK>
[  398.092074][ T8406]  dump_stack_lvl+0x189/0x250
[  398.092108][ T8406]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.092131][ T8406]  ? __pfx__printk+0x10/0x10
[  398.092173][ T8406]  ubsan_epilogue+0xa/0x40
[  398.092199][ T8406]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[  398.092246][ T8406]  pcl812_attach+0x1b9e/0x2300
[  398.092299][ T8406]  comedi_device_attach+0x520/0x670
[  398.092342][ T8406]  comedi_unlocked_ioctl+0x686/0xf40
[  398.092390][ T8406]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  398.092435][ T8406]  ? __pfx_smack_log+0x10/0x10
[  398.092459][ T8406]  ? smk_access+0x14c/0x4e0
[  398.092490][ T8406]  ? smk_tskacc+0x2fc/0x370
[  398.092519][ T8406]  ? smack_file_ioctl+0x24a/0x340
[  398.092548][ T8406]  ? __pfx_smack_file_ioctl+0x10/0x10
[  398.092587][ T8406]  ? __fget_files+0x2a/0x420
[  398.092603][ T8406]  ? __fget_files+0x3a0/0x420
[  398.092620][ T8406]  ? __fget_files+0x2a/0x420
[  398.092643][ T8406]  ? bpf_lsm_file_ioctl+0x9/0x20
[  398.092662][ T8406]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  398.092688][ T8406]  __se_sys_ioctl+0xf9/0x170
[  398.092717][ T8406]  do_syscall_64+0xfa/0x3b0
[  398.092734][ T8406]  ? lockdep_hardirqs_on+0x9c/0x150
[  398.092762][ T8406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.092782][ T8406]  ? clear_bhb_loop+0x60/0xb0
[  398.092806][ T8406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.092825][ T8406] RIP: 0033:0x7f57bcd8e929
[  398.092845][ T8406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.092862][ T8406] RSP: 002b:00007f57bdb4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  398.092884][ T8406] RAX: ffffffffffffffda RBX: 00007f57bcfb5fa0 RCX: 00007f57bcd8e929
[  398.092898][ T8406] RDX: 0000200000000100 RSI: 0000000040946400 RDI: 0000000000000003
[  398.092911][ T8406] RBP: 00007f57bce10b39 R08: 0000000000000000 R09: 0000000000000000
[  398.092923][ T8406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  398.092936][ T8406] R13: 0000000000000000 R14: 00007f57bcfb5fa0 R15: 00007ffc07b637c8
[  398.092970][ T8406]  </TASK>
[  398.092977][ T8406] ---[ end trace ]---
[  398.316325][ T8411] netlink: 12 bytes leftover after parsing attributes in process `syz.4.736'.
[  398.318979][ T8406] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[  398.318999][ T8406] CPU: 1 UID: 0 PID: 8406 Comm: syz.2.735 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) 
[  398.319021][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  398.319032][ T8406] Call Trace:
[  398.319041][ T8406]  <TASK>
[  398.319049][ T8406]  dump_stack_lvl+0x99/0x250
[  398.319075][ T8406]  ? __asan_memcpy+0x40/0x70
[  398.319098][ T8406]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.319119][ T8406]  ? __pfx__printk+0x10/0x10
[  398.319155][ T8406]  panic+0x2db/0x790
[  398.319180][ T8406]  ? __pfx_panic+0x10/0x10
[  398.319196][ T8406]  ? _printk+0xcf/0x120
[  398.319223][ T8406]  ? __pfx__printk+0x10/0x10
[  398.319254][ T8406]  check_panic_on_warn+0x89/0xb0
[  398.319281][ T8406]  __ubsan_handle_shift_out_of_bounds+0x386/0x410
[  398.319342][ T8406]  pcl812_attach+0x1b9e/0x2300
[  398.319388][ T8406]  comedi_device_attach+0x520/0x670
[  398.319422][ T8406]  comedi_unlocked_ioctl+0x686/0xf40
[  398.319453][ T8406]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  398.319491][ T8406]  ? __pfx_smack_log+0x10/0x10
[  398.319511][ T8406]  ? smk_access+0x14c/0x4e0
[  398.319538][ T8406]  ? smk_tskacc+0x2fc/0x370
[  398.319562][ T8406]  ? smack_file_ioctl+0x24a/0x340
[  398.319588][ T8406]  ? __pfx_smack_file_ioctl+0x10/0x10
[  398.319628][ T8406]  ? __fget_files+0x2a/0x420
[  398.319643][ T8406]  ? __fget_files+0x3a0/0x420
[  398.319659][ T8406]  ? __fget_files+0x2a/0x420
[  398.319678][ T8406]  ? bpf_lsm_file_ioctl+0x9/0x20
[  398.319696][ T8406]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  398.319718][ T8406]  __se_sys_ioctl+0xf9/0x170
[  398.319744][ T8406]  do_syscall_64+0xfa/0x3b0
[  398.319760][ T8406]  ? lockdep_hardirqs_on+0x9c/0x150
[  398.319784][ T8406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.319801][ T8406]  ? clear_bhb_loop+0x60/0xb0
[  398.319823][ T8406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.319840][ T8406] RIP: 0033:0x7f57bcd8e929
[  398.319856][ T8406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.319872][ T8406] RSP: 002b:00007f57bdb4d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  398.319894][ T8406] RAX: ffffffffffffffda RBX: 00007f57bcfb5fa0 RCX: 00007f57bcd8e929
[  398.319908][ T8406] RDX: 0000200000000100 RSI: 0000000040946400 RDI: 0000000000000003
[  398.319920][ T8406] RBP: 00007f57bce10b39 R08: 0000000000000000 R09: 0000000000000000
[  398.319932][ T8406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  398.319944][ T8406] R13: 0000000000000000 R14: 00007f57bcfb5fa0 R15: 00007ffc07b637c8
[  398.319974][ T8406]  </TASK>
[  398.326006][ T8406] Kernel Offset: disabled