last executing test programs:

8.678977189s ago: executing program 2 (id=1940):
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xf604, 0x108008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r2, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})

7.954197408s ago: executing program 3 (id=1943):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44000}, 0x8042)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

7.666886628s ago: executing program 2 (id=1947):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002980)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x2000, 0xa68d7c519f800ff1, 0xffbc, 0x6, 0x1d45, 0x0, 0x0, 0x0, 0x40}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008380)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x68cc, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r2, &(0x7f0000000580)=[{&(0x7f0000000740)='[', 0x1}, {0x0, 0x18}], 0x2)

7.595077089s ago: executing program 3 (id=1948):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x933, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0xa, "45448c13"}, @global=@item_012={0x1, 0x1, 0x4, '`'}]}}, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, 0x0)

6.782947666s ago: executing program 0 (id=1951):
r0 = socket(0x1, 0x2, 0x0)
bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r0, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/65, 0x41}], 0x1}}], 0x1, 0x0, 0x0)

6.692725391s ago: executing program 0 (id=1953):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x33, &(0x7f0000000000)={0x20, &(0x7f0000000140)=[{0x6, 0x81, 0x1}]}, 0x10)

5.624134038s ago: executing program 0 (id=1955):
socket$netlink(0x10, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1])

5.213315033s ago: executing program 3 (id=1956):
openat$fb0(0xffffffffffffff9c, 0x0, 0xc0c01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
r4 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
read$midi(r4, 0x0, 0x14)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r5, 0x890b, 0x0)
epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setpriority(0x2, 0x0, 0x3)
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000080)={0x1, @pix_mp={0x8000, 0x1, 0x56555941, 0x3, 0x9, [{0x3, 0x10001}, {0x54, 0x5}, {0x4, 0x7}, {0x2, 0x3}, {0x9, 0x5}, {0x2, 0x10000}, {0x5, 0x400}, {0xc, 0x3000000}], 0xd, 0x3, 0x3, 0x1, 0x7}})

4.907203708s ago: executing program 0 (id=1958):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"})
r2 = syz_open_pts(r1, 0x0)
dup3(r2, r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

4.199302671s ago: executing program 1 (id=1959):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x400c0d4, 0x0, 0x0)
prlimit64(0x0, 0x3, 0x0, 0x0)
syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0x3)

4.19880164s ago: executing program 0 (id=1960):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
brk(0x5fde6000)
brk(0x5fde6000)
socket(0x1d, 0x6, 0x6)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4048aecb, &(0x7f0000001440)={{0x2, 0x0, 0x80, {0xffffffffffffffff, 0xd000, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9e7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf2805372a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64ffff5208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab77ff8898d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77030094543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2dbed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3ad34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
sendmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{&(0x7f0000000180)=@nfc_llcp={0x2d, 0x0, 0x0, 0x7, 0x4, 0x7, "47af57ce8c8e5af84d109ee7a1488bd8c3df97e87f7e771f69ced4c5de6ddeb44ee59bdfb62866129f1338dba84b5d82a121c369a6837123e849c909c16b53", 0x17}, 0x6a, 0x0}}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getitimer(0x2, &(0x7f00000000c0))
r3 = syz_clone(0x202000, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_readv(r3, &(0x7f0000000440)=[{0x0}], 0x1, &(0x7f0000000480)=[{&(0x7f0000000500)=""/145, 0x91}], 0x1, 0x0)
capset(0x0, &(0x7f0000000040)={0x1000, 0x7, 0x6, 0x0, 0x1, 0xffffff80})
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000003800), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
r5 = socket$netlink(0x10, 0x3, 0x4)
write(r5, &(0x7f00000001c0)="2900000014000594ff00000004eabdeb0101b6ff02c0da6ec9a3f986394c0fc75520756b1933b49db9", 0x29)
readv(r4, &(0x7f0000000b00)=[{&(0x7f0000000100)=""/138, 0x8a}, {&(0x7f00000009c0)=""/131, 0x83}], 0x2)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r6, 0x0, 0x13, &(0x7f0000000140)=0x80000000, 0x4)

4.082931529s ago: executing program 3 (id=1961):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010102ae299820fc0d0100ac240102030109022b0001fffa"], 0x0)
r0 = socket$inet(0x2, 0x5, 0x0)
shutdown(r0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

3.981930816s ago: executing program 2 (id=1962):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d214"], 0x68}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)

3.888767445s ago: executing program 2 (id=1963):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000004c0)=@urb_type_iso={0x0, {0x7}, 0xaa, 0x6, &(0x7f00000003c0), 0x0, 0x8000, 0x5, 0x26, 0x5, 0x6, &(0x7f00000007c0), [{0x400, 0x2, 0x7fff}, {0x7fffffff, 0x466f, 0x3ad}, {0x80000001, 0x5, 0x7839e4bc}, {0xfff, 0x5, 0x8}, {0x80000001, 0xfffffffc, 0xd}, {0x0, 0xff, 0xfffffffe}, {0x0, 0x8, 0x2}, {0xe35, 0x101, 0x6}, {0x2, 0x7, 0x5}, {0x2, 0x500, 0x2}, {0x4, 0x7, 0xfffffffd}, {0x5c, 0x9, 0xfffffff7}, {0x2, 0x4, 0x2}, {0x3, 0x97a6, 0x2}, {0xb, 0x0, 0xdfb}, {0x2, 0x11c3104f}, {0xd5bd, 0x3, 0x5}, {0x8, 0x4, 0x6}, {0x7, 0x1, 0x7fff}, {0xb94, 0x3, 0x800000}, {0x5, 0x7fffffff, 0x6}, {0x80000000, 0x301, 0xf}, {0xc, 0x3, 0x40}, {0xfffffffe, 0xa7, 0x80000000}, {0x101, 0xa, 0x5}, {0x0, 0x5, 0x9}, {0x8000, 0x2, 0x7fffffff}, {0x8001, 0x957, 0x9}, {0x446a, 0xfffffff7, 0x47b12441}, {0x1ff, 0x4, 0x3}, {0x0, 0x0, 0x7}, {0x10000, 0x8, 0x9}, {0xc, 0x1, 0x1}, {0x703, 0x3, 0x1}, {0x0, 0x13a, 0xfffffff9}, {0x8, 0x100, 0xc3f}, {0x4, 0x1, 0xad}, {0x100, 0x1}]})
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
lseek(r1, 0x10001, 0x0)

3.123018932s ago: executing program 1 (id=1964):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x14, 0x0, 0x1, 0x10000}, 0x14}}, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0xd, 0x0, 0x10, 0xfd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xff, 0xff})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.603029024s ago: executing program 2 (id=1965):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)

2.332317987s ago: executing program 1 (id=1966):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
prlimit64(0x0, 0xc, &(0x7f00000000c0)={0x1000, 0x7}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0x1, 0x5479, 0x103d, 0x200000000006, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x8000000000005, 0x800000068], 0x2000, 0x80cd4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.546998246s ago: executing program 2 (id=1967):
socket$packet(0x11, 0x2, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c9741, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x2082, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c"], 0x38}}, 0x2040)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="89edee2c78daddb4b473fec988ca", 0xe}], 0x1)

1.499058269s ago: executing program 0 (id=1968):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x1d, 0x91, 0x67, 0x20, 0x174f, 0x6a31, 0x263f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x83, 0x3c, 0x8f}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

1.424955669s ago: executing program 1 (id=1969):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
pwritev(r0, &(0x7f0000001480)=[{&(0x7f0000000140)="ec", 0x1}], 0x1, 0x9, 0x26d0d5f1)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)

1.206916437s ago: executing program 3 (id=1970):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x4404}})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x5})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0xffffffffffffffff, 0x0, 0x9}, 0x3})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f00000000c0)="af3e64f08189ef001601ba6100ec0f2264ba4100b80600ef660f38351d0f212666b94006000066b80000010066ba000000000f300f211a2e0f013c", 0x3b}], 0x1, 0xe, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

985.639822ms ago: executing program 3 (id=1971):
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f00000000c0)=ANY=[])
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000080)=[0x3, 0x10])
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f00000001c0)=[0x9, 0x34])

513.272915ms ago: executing program 1 (id=1972):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000010280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x800c0}, 0x4048010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
accept4(r1, 0x0, 0x0, 0x0)

0s ago: executing program 1 (id=1973):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x34, r1, 0x431, 0x70bd2b, 0xfffffffd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_TX={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40)

kernel console output (not intermixed with test programs):

09]  ? __pfx__printk+0x10/0x10
[  448.481703][T10209]  ? __pfx___might_resched+0x10/0x10
[  448.481726][T10209]  ? fs_reclaim_acquire+0x7d/0x100
[  448.481756][T10209]  should_fail_ex+0x414/0x560
[  448.481797][T10209]  should_failslab+0xa8/0x100
[  448.481825][T10209]  __kmalloc_cache_noprof+0x70/0x3d0
[  448.481847][T10209]  ? percpu_ref_init+0xc5/0x360
[  448.481881][T10209]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[  448.481903][T10209]  percpu_ref_init+0xc5/0x360
[  448.481938][T10209]  io_ring_ctx_alloc+0x28c/0xae0
[  448.481960][T10209]  ? io_uring_fill_params+0x3f9/0x7e0
[  448.481993][T10209]  io_uring_create+0x130/0xb60
[  448.482025][T10209]  __se_sys_io_uring_setup+0x264/0x270
[  448.482055][T10209]  ? __pfx___se_sys_io_uring_setup+0x10/0x10
[  448.482107][T10209]  ? rcu_is_watching+0x15/0xb0
[  448.482133][T10209]  ? do_syscall_64+0xbe/0x3b0
[  448.482162][T10209]  do_syscall_64+0xfa/0x3b0
[  448.482186][T10209]  ? lockdep_hardirqs_on+0x9c/0x150
[  448.482208][T10209]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.482228][T10209]  ? clear_bhb_loop+0x60/0xb0
[  448.482254][T10209]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.482275][T10209] RIP: 0033:0x7fc26d38e929
[  448.482295][T10209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.482313][T10209] RSP: 002b:00007fc26b1d4fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  448.482335][T10209] RAX: ffffffffffffffda RBX: 00007fc26d5b6080 RCX: 00007fc26d38e929
[  448.482351][T10209] RDX: 0000200000ffe000 RSI: 0000200000000040 RDI: 00000000000018d7
[  448.482366][T10209] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000200000ffe000
[  448.482381][T10209] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  448.482394][T10209] R13: 0000200000ffe000 R14: 00000000000018d7 R15: 0000200000ffe000
[  448.482426][T10209]  </TASK>
[  448.483413][T10211] FAULT_INJECTION: forcing a failure.
[  448.483413][T10211] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.728611][T10211] CPU: 1 UID: 0 PID: 10211 Comm: syz.2.1585 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  448.728642][T10211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  448.728657][T10211] Call Trace:
[  448.728667][T10211]  <TASK>
[  448.728677][T10211]  dump_stack_lvl+0x189/0x250
[  448.728708][T10211]  ? __pfx____ratelimit+0x10/0x10
[  448.728733][T10211]  ? __pfx_dump_stack_lvl+0x10/0x10
[  448.728758][T10211]  ? __pfx__printk+0x10/0x10
[  448.728784][T10211]  ? __might_fault+0xb0/0x130
[  448.728817][T10211]  should_fail_ex+0x414/0x560
[  448.728857][T10211]  _copy_from_iter+0x1db/0x16f0
[  448.728894][T10211]  ? rcu_is_watching+0x15/0xb0
[  448.728917][T10211]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  448.728942][T10211]  ? __pfx__copy_from_iter+0x10/0x10
[  448.728976][T10211]  ? __build_skb_around+0x257/0x3e0
[  448.729007][T10211]  ? netlink_sendmsg+0x642/0xb30
[  448.729032][T10211]  ? skb_put+0x11b/0x210
[  448.729063][T10211]  netlink_sendmsg+0x6b2/0xb30
[  448.729098][T10211]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.729127][T10211]  ? aa_sock_msg_perm+0xf1/0x1d0
[  448.729155][T10211]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  448.729183][T10211]  ? __pfx_netlink_sendmsg+0x10/0x10
[  448.729211][T10211]  __sock_sendmsg+0x219/0x270
[  448.729246][T10211]  ____sys_sendmsg+0x505/0x830
[  448.729283][T10211]  ? __pfx_____sys_sendmsg+0x10/0x10
[  448.729324][T10211]  ? import_iovec+0x74/0xa0
[  448.729350][T10211]  ___sys_sendmsg+0x21f/0x2a0
[  448.729382][T10211]  ? __pfx____sys_sendmsg+0x10/0x10
[  448.729452][T10211]  ? __fget_files+0x2a/0x420
[  448.729481][T10211]  ? __fget_files+0x3a0/0x420
[  448.729519][T10211]  __x64_sys_sendmsg+0x19b/0x260
[  448.729554][T10211]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  448.729596][T10211]  ? __pfx_ksys_write+0x10/0x10
[  448.729617][T10211]  ? rcu_is_watching+0x15/0xb0
[  448.729643][T10211]  ? do_syscall_64+0xbe/0x3b0
[  448.729674][T10211]  do_syscall_64+0xfa/0x3b0
[  448.729698][T10211]  ? lockdep_hardirqs_on+0x9c/0x150
[  448.729721][T10211]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.729744][T10211]  ? clear_bhb_loop+0x60/0xb0
[  448.729771][T10211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.729793][T10211] RIP: 0033:0x7f2380d8e929
[  448.729812][T10211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  448.729832][T10211] RSP: 002b:00007f2381c33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  448.729856][T10211] RAX: ffffffffffffffda RBX: 00007f2380fb5fa0 RCX: 00007f2380d8e929
[  448.729872][T10211] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  448.729885][T10211] RBP: 00007f2381c33090 R08: 0000000000000000 R09: 0000000000000000
[  448.729899][T10211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.729913][T10211] R13: 0000000000000000 R14: 00007f2380fb5fa0 R15: 00007fff9039e078
[  448.729946][T10211]  </TASK>
[  449.314583][T10229] FAULT_INJECTION: forcing a failure.
[  449.314583][T10229] name failslab, interval 1, probability 0, space 0, times 0
[  449.327425][T10229] CPU: 1 UID: 0 PID: 10229 Comm: syz.2.1593 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  449.327457][T10229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  449.327471][T10229] Call Trace:
[  449.327480][T10229]  <TASK>
[  449.327490][T10229]  dump_stack_lvl+0x189/0x250
[  449.327523][T10229]  ? __pfx____ratelimit+0x10/0x10
[  449.327549][T10229]  ? __pfx_dump_stack_lvl+0x10/0x10
[  449.327574][T10229]  ? __pfx__printk+0x10/0x10
[  449.327606][T10229]  ? __pfx___might_resched+0x10/0x10
[  449.327628][T10229]  ? fs_reclaim_acquire+0x7d/0x100
[  449.327660][T10229]  should_fail_ex+0x414/0x560
[  449.327701][T10229]  should_failslab+0xa8/0x100
[  449.327728][T10229]  __kmalloc_noprof+0xcb/0x4f0
[  449.327748][T10229]  ? iter_file_splice_write+0x1cb/0x1000
[  449.327780][T10229]  iter_file_splice_write+0x1cb/0x1000
[  449.327838][T10229]  ? __pfx_iter_file_splice_write+0x10/0x10
[  449.327873][T10229]  ? rcu_read_lock_any_held+0xb3/0x120
[  449.327898][T10229]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  449.327923][T10229]  ? ovl_real_file_path+0x145/0x310
[  449.327955][T10229]  backing_file_splice_write+0x3be/0x5e0
[  449.328000][T10229]  ovl_splice_write+0x3b7/0x4e0
[  449.328021][T10229]  ? __lock_acquire+0xab9/0xd20
[  449.328060][T10229]  ? __pfx_ovl_splice_write+0x10/0x10
[  449.328084][T10229]  ? __pfx_ovl_file_end_write+0x10/0x10
[  449.328110][T10229]  ? rcu_read_lock_any_held+0xb3/0x120
[  449.328149][T10229]  ? __pfx_ovl_splice_write+0x10/0x10
[  449.328174][T10229]  direct_splice_actor+0xfe/0x160
[  449.328211][T10229]  splice_direct_to_actor+0x5a8/0xcc0
[  449.328263][T10229]  ? __pfx_direct_splice_actor+0x10/0x10
[  449.328290][T10229]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  449.328331][T10229]  do_splice_direct+0x181/0x270
[  449.328361][T10229]  ? __pfx_do_splice_direct+0x10/0x10
[  449.328389][T10229]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  449.328427][T10229]  ? rw_verify_area+0x258/0x650
[  449.328455][T10229]  do_sendfile+0x4da/0x7e0
[  449.328497][T10229]  ? __pfx_do_sendfile+0x10/0x10
[  449.328543][T10229]  __se_sys_sendfile64+0xd9/0x190
[  449.328576][T10229]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  449.328603][T10229]  ? rcu_is_watching+0x15/0xb0
[  449.328631][T10229]  ? do_syscall_64+0xbe/0x3b0
[  449.328662][T10229]  do_syscall_64+0xfa/0x3b0
[  449.328686][T10229]  ? lockdep_hardirqs_on+0x9c/0x150
[  449.328710][T10229]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.328732][T10229]  ? clear_bhb_loop+0x60/0xb0
[  449.328761][T10229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  449.328782][T10229] RIP: 0033:0x7f2380d8e929
[  449.328803][T10229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  449.328822][T10229] RSP: 002b:00007f2381c33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  449.328845][T10229] RAX: ffffffffffffffda RBX: 00007f2380fb5fa0 RCX: 00007f2380d8e929
[  449.328862][T10229] RDX: 0000200000000080 RSI: 0000000000000003 RDI: 0000000000000003
[  449.328877][T10229] RBP: 00007f2381c33090 R08: 0000000000000000 R09: 0000000000000000
[  449.328891][T10229] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000002
[  449.328905][T10229] R13: 0000000000000000 R14: 00007f2380fb5fa0 R15: 00007fff9039e078
[  449.328941][T10229]  </TASK>
[  450.049571][ T5897] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  450.126933][T10071] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[  450.209723][ T5897] usb 3-1: Using ep0 maxpacket: 16
[  450.217134][ T5897] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  450.227619][ T5897] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  450.241164][ T5897] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  450.251099][ T5897] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  450.264501][ T5897] usb 3-1: config 7 interface 0 has no altsetting 0
[  450.271579][ T5897] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  450.276727][T10071] usb 1-1: device descriptor read/64, error -71
[  450.281956][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.547008][T10071] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  450.697330][T10071] usb 1-1: device descriptor read/64, error -71
[  450.710581][T10240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  450.724266][T10240] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  450.767381][ T5897] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:7.0/0003:0458:5010.002B/input/input36
[  450.815076][ T5897] kye 0003:0458:5010.002B: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0
[  450.819978][T10071] usb usb1-port1: attempt power cycle
[  451.119204][ T5897] usb 3-1: USB disconnect, device number 21
[  451.197882][T10071] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  451.229440][T10071] usb 1-1: device descriptor read/8, error -71
[  451.346379][T10276] overlayfs: missing 'lowerdir'
[  451.476785][T10071] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  451.487412][T10070] gspca_stk1135: reg_w 0x353 err -71
[  451.493766][T10070] gspca_stk1135: serial bus timeout: status=0x00
[  451.506678][T10070] gspca_stk1135: Sensor write failed
[  451.516729][T10070] gspca_stk1135: serial bus timeout: status=0x00
[  451.523092][T10070] gspca_stk1135: Sensor write failed
[  451.536952][T10071] usb 1-1: device descriptor read/8, error -71
[  451.546714][T10070] gspca_stk1135: serial bus timeout: status=0x00
[  451.553071][T10070] gspca_stk1135: Sensor read failed
[  451.558400][T10070] gspca_stk1135: serial bus timeout: status=0x00
[  451.564752][T10070] gspca_stk1135: Sensor read failed
[  451.570008][T10070] gspca_stk1135: Detected sensor type unknown (0x0)
[  451.576698][T10070] gspca_stk1135: serial bus timeout: status=0x00
[  451.583040][T10070] gspca_stk1135: Sensor read failed
[  451.588381][T10070] gspca_stk1135: serial bus timeout: status=0x00
[  451.594726][T10070] gspca_stk1135: Sensor read failed
[  451.606747][T10070] gspca_stk1135: serial bus timeout: status=0x00
[  451.613105][T10070] gspca_stk1135: Sensor write failed
[  451.619486][T10070] gspca_stk1135: serial bus timeout: status=0x00
[  451.625844][T10070] gspca_stk1135: Sensor write failed
[  451.632004][T10070] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  451.673369][T10071] usb usb1-port1: unable to enumerate USB device
[  451.683196][T10070] usb 4-1: USB disconnect, device number 127
[  451.800932][T10285] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1612'.
[  451.831730][T10287] FAULT_INJECTION: forcing a failure.
[  451.831730][T10287] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  451.848550][T10287] CPU: 1 UID: 0 PID: 10287 Comm: syz.2.1613 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  451.848582][T10287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  451.848596][T10287] Call Trace:
[  451.848605][T10287]  <TASK>
[  451.848615][T10287]  dump_stack_lvl+0x189/0x250
[  451.848645][T10287]  ? __pfx____ratelimit+0x10/0x10
[  451.848670][T10287]  ? __pfx_dump_stack_lvl+0x10/0x10
[  451.848695][T10287]  ? __pfx__printk+0x10/0x10
[  451.848720][T10287]  ? __might_fault+0xb0/0x130
[  451.848754][T10287]  should_fail_ex+0x414/0x560
[  451.848795][T10287]  _copy_from_user+0x2d/0xb0
[  451.848818][T10287]  ___sys_sendmsg+0x158/0x2a0
[  451.848853][T10287]  ? __pfx____sys_sendmsg+0x10/0x10
[  451.848923][T10287]  ? __fget_files+0x2a/0x420
[  451.848951][T10287]  ? __fget_files+0x3a0/0x420
[  451.848998][T10287]  __x64_sys_sendmsg+0x19b/0x260
[  451.849033][T10287]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  451.849075][T10287]  ? __pfx_ksys_write+0x10/0x10
[  451.849096][T10287]  ? rcu_is_watching+0x15/0xb0
[  451.849124][T10287]  ? do_syscall_64+0xbe/0x3b0
[  451.849154][T10287]  do_syscall_64+0xfa/0x3b0
[  451.849178][T10287]  ? lockdep_hardirqs_on+0x9c/0x150
[  451.849201][T10287]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.849223][T10287]  ? clear_bhb_loop+0x60/0xb0
[  451.849251][T10287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.849273][T10287] RIP: 0033:0x7f2380d8e929
[  451.849293][T10287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.849313][T10287] RSP: 002b:00007f2381c33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  451.849336][T10287] RAX: ffffffffffffffda RBX: 00007f2380fb5fa0 RCX: 00007f2380d8e929
[  451.849353][T10287] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  451.849367][T10287] RBP: 00007f2381c33090 R08: 0000000000000000 R09: 0000000000000000
[  451.849381][T10287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  451.849395][T10287] R13: 0000000000000000 R14: 00007f2380fb5fa0 R15: 00007fff9039e078
[  451.849428][T10287]  </TASK>
[  452.124558][T10289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1615'.
[  452.280921][T10291] netdevsim netdevsim1: Firmware load for '../file0/file0' refused, path contains '..' component
[  452.364214][T10294] usb usb8: usbfs: process 10294 (syz.3.1617) did not claim interface 0 before use
[  452.413951][T10294] vxfs: WRONG superblock magic 00000000 at 1
[  452.423296][T10294] vxfs: WRONG superblock magic 00000000 at 8
[  452.430502][T10294] vxfs: can't find superblock.
[  452.437958][T10298] overlayfs: missing 'lowerdir'
[  452.659850][T10307] syzkaller1: entered promiscuous mode
[  452.665374][T10307] syzkaller1: entered allmulticast mode
[  452.896906][ T5897] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  452.985605][T10320] overlayfs: missing 'lowerdir'
[  453.083151][ T5897] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  453.098438][ T5897] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  453.104666][T10327] usb usb1: usbfs: process 10327 (syz.0.1632) did not claim interface 0 before use
[  453.124626][ T5897] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  453.141587][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.162292][ T5897] usb 4-1: Product: syz
[  453.169116][ T5897] usb 4-1: Manufacturer: syz
[  453.173755][ T5897] usb 4-1: SerialNumber: syz
[  453.222359][T10331] NILFS (rnullb0): couldn't find nilfs on the device
[  453.258593][T10334] syzkaller1: entered promiscuous mode
[  453.264278][T10334] syzkaller1: entered allmulticast mode
[  453.415667][T10309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  453.442463][T10309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.486845][T10309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  453.495752][T10309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.900338][T10347] overlayfs: missing 'lowerdir'
[  453.937350][ T5897] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS
[  453.950794][ T5897] cdc_ncm 4-1:1.0: bind() failure
[  453.965795][ T5897] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  453.986857][ T5897] cdc_ncm 4-1:1.1: bind() failure
[  454.001086][ T5897] usb 4-1: USB disconnect, device number 2
[  454.251005][T10357] fuse: Unknown parameter './file0'
[  454.582556][T10369] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1650'.
[  454.726352][T10373] overlayfs: missing 'lowerdir'
[  455.094420][T10382] fuse: Unknown parameter './file0'
[  455.439839][T10387] kvm: kvm [10386]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0xbe00
[  455.668805][T10389] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1659'.
[  455.696185][T10389] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  455.751470][T10389] netlink: 'syz.3.1659': attribute type 8 has an invalid length.
[  456.012558][T10394] overlayfs: missing 'lowerdir'
[  456.480515][T10403] fuse: Unknown parameter './file0'
[  456.739281][T10417] overlayfs: missing 'workdir'
[  456.826976][ T5897] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  456.916487][T10425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.928099][T10425] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.010886][ T5897] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  457.021149][ T5897] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  457.030282][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.041369][ T5897] usb 4-1: config 0 descriptor??
[  457.051016][ T5897] pwc: Askey VC010 type 2 USB webcam detected.
[  457.076764][T10062] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  457.126808][T10070] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  457.240806][T10062] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  457.251369][T10062] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  457.260791][T10062] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.272075][T10062] usb 3-1: config 0 descriptor??
[  457.279785][T10070] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  457.291363][T10070] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  457.301128][T10070] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.316480][T10070] usb 1-1: config 0 descriptor??
[  457.461636][ T5897] pwc: recv_control_msg error -32 req 02 val 2b00
[  457.469481][ T5897] pwc: recv_control_msg error -32 req 02 val 2700
[  457.477580][ T5897] pwc: recv_control_msg error -32 req 02 val 2c00
[  457.485471][ T5897] pwc: recv_control_msg error -32 req 04 val 1000
[  457.494792][ T5897] pwc: recv_control_msg error -32 req 04 val 1300
[  457.503899][ T5897] pwc: recv_control_msg error -32 req 04 val 1400
[  457.511601][ T5897] pwc: recv_control_msg error -32 req 02 val 2000
[  457.519251][ T5897] pwc: recv_control_msg error -32 req 02 val 2100
[  457.526881][ T5897] pwc: recv_control_msg error -32 req 04 val 1500
[  457.531243][T10070] usbhid 1-1:0.0: can't add hid device: -71
[  457.534863][ T5897] pwc: recv_control_msg error -32 req 02 val 2500
[  457.539969][T10070] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  457.554936][ T5897] pwc: recv_control_msg error -32 req 02 val 2400
[  457.569758][T10070] usb 1-1: USB disconnect, device number 5
[  457.708799][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0
[  457.716154][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0
[  457.723220][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0
[  457.730294][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0
[  457.737331][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0
[  457.746888][T10062] lenovo 0003:17EF:6047.002C: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[  457.760717][ T5897] pwc: recv_control_msg error -71 req 02 val 2900
[  457.768140][ T5897] pwc: recv_control_msg error -71 req 02 val 2800
[  457.781093][ T5897] pwc: recv_control_msg error -71 req 04 val 1100
[  457.789928][ T5897] pwc: recv_control_msg error -71 req 04 val 1200
[  457.804089][ T5897] pwc: Registered as video103.
[  457.824691][ T5897] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input37
[  457.853547][ T5897] usb 4-1: USB disconnect, device number 3
[  458.006867][ T5874] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  458.156714][ T5874] usb 1-1: Using ep0 maxpacket: 32
[  458.164277][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  458.175294][ T5874] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  458.184450][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.195389][ T5874] usb 1-1: config 0 descriptor??
[  458.204921][ T5874] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  458.216061][ T5874] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  458.307643][T10421] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  458.357549][T10431] syzkaller1: entered promiscuous mode
[  458.363485][T10431] syzkaller1: entered allmulticast mode
[  458.407744][T10070] usb 1-1: USB disconnect, device number 6
[  458.420144][T10070] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  458.463891][T10436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  458.476035][T10436] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  458.492868][T10436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  458.511656][T10436] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  458.542143][T10438] fuse: Bad value for 'group_id'
[  458.547397][T10438] fuse: Bad value for 'group_id'
[  458.838758][ T5874] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  458.899393][T10441] FAT-fs (rnullb0): bogus number of reserved sectors
[  458.906132][T10441] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  458.979283][T10445] binder: 10444:10445 ioctl c018620c 200000000140 returned -22
[  459.016872][ T5874] usb 4-1: Using ep0 maxpacket: 32
[  459.024167][ T5874] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  459.040123][ T5874] usb 4-1: config 0 has no interface number 0
[  459.078023][ T5874] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  459.089796][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.103752][ T5874] usb 4-1: Product: syz
[  459.115045][ T5874] usb 4-1: Manufacturer: syz
[  459.128012][ T5874] usb 4-1: SerialNumber: syz
[  459.144792][T10448] overlayfs: missing 'workdir'
[  459.145900][ T5874] usb 4-1: config 0 descriptor??
[  459.160311][ T5874] smsc95xx v2.0.0
[  459.429823][T10458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  459.460823][T10460] FAULT_INJECTION: forcing a failure.
[  459.460823][T10460] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  459.469620][T10458] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  459.475295][T10460] CPU: 1 UID: 0 PID: 10460 Comm: syz.0.1687 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  459.475330][T10460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  459.475346][T10460] Call Trace:
[  459.475356][T10460]  <TASK>
[  459.475366][T10460]  dump_stack_lvl+0x189/0x250
[  459.475400][T10460]  ? __pfx____ratelimit+0x10/0x10
[  459.475430][T10460]  ? __pfx_dump_stack_lvl+0x10/0x10
[  459.475457][T10460]  ? __pfx__printk+0x10/0x10
[  459.475488][T10460]  ? __might_fault+0xb0/0x130
[  459.475526][T10460]  should_fail_ex+0x414/0x560
[  459.475571][T10460]  _copy_from_user+0x2d/0xb0
[  459.475597][T10460]  ___sys_sendmsg+0x158/0x2a0
[  459.475644][T10460]  ? __pfx____sys_sendmsg+0x10/0x10
[  459.475721][T10460]  ? __fget_files+0x2a/0x420
[  459.475754][T10460]  ? __fget_files+0x3a0/0x420
[  459.475796][T10460]  __x64_sys_sendmsg+0x19b/0x260
[  459.475834][T10460]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  459.475881][T10460]  ? __pfx_ksys_write+0x10/0x10
[  459.475904][T10460]  ? rcu_is_watching+0x15/0xb0
[  459.475935][T10460]  ? do_syscall_64+0xbe/0x3b0
[  459.475969][T10460]  do_syscall_64+0xfa/0x3b0
[  459.475995][T10460]  ? lockdep_hardirqs_on+0x9c/0x150
[  459.476021][T10460]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.476044][T10460]  ? clear_bhb_loop+0x60/0xb0
[  459.476076][T10460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.476099][T10460] RIP: 0033:0x7f197738e929
[  459.476122][T10460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.476143][T10460] RSP: 002b:00007f1978265038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  459.476170][T10460] RAX: ffffffffffffffda RBX: 00007f19775b5fa0 RCX: 00007f197738e929
[  459.476188][T10460] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  459.476205][T10460] RBP: 00007f1978265090 R08: 0000000000000000 R09: 0000000000000000
[  459.476222][T10460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.476236][T10460] R13: 0000000000000000 R14: 00007f19775b5fa0 R15: 00007ffcb8556868
[  459.476273][T10460]  </TASK>
[  459.561991][T10462] fuse: Bad value for 'group_id'
[  459.578825][T10440] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1679'.
[  459.597617][T10462] fuse: Bad value for 'group_id'
[  459.602248][T10440] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1679'.
[  459.758667][T10463] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1679'.
[  460.018112][T10474] dummy0: left allmulticast mode
[  460.024347][T10474] dummy0: left promiscuous mode
[  460.038254][T10474] bridge0: port 3(dummy0) entered disabled state
[  460.061655][T10069] usb 3-1: USB disconnect, device number 22
[  460.114742][T10474] bridge_slave_1: left allmulticast mode
[  460.121179][T10474] bridge_slave_1: left promiscuous mode
[  460.135311][T10474] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.161199][T10474] bridge_slave_0: left allmulticast mode
[  460.169683][T10474] bridge_slave_0: left promiscuous mode
[  460.175979][T10474] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.448646][ T5874] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71
[  460.478238][ T5874] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  460.499254][ T5874] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  460.538795][ T5874] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[  460.557026][T10069] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  460.577315][ T5874] usb 4-1: USB disconnect, device number 4
[  460.741583][T10069] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  460.755008][T10069] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  460.771259][T10069] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.785881][T10069] usb 3-1: config 0 descriptor??
[  460.803108][T10069] pwc: Askey VC010 type 2 USB webcam detected.
[  460.836921][T10070] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  460.990742][T10070] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  461.026038][T10070] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  461.072099][T10070] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.103300][T10070] usb 1-1: config 0 descriptor??
[  461.127481][T10070] pwc: Askey VC010 type 2 USB webcam detected.
[  461.292538][T10069] pwc: recv_control_msg error -32 req 02 val 2b00
[  461.300963][T10069] pwc: recv_control_msg error -32 req 02 val 2700
[  461.315047][T10069] pwc: recv_control_msg error -32 req 02 val 2c00
[  461.328009][T10069] pwc: recv_control_msg error -32 req 04 val 1000
[  461.335343][T10069] pwc: recv_control_msg error -32 req 04 val 1300
[  461.343051][T10069] pwc: recv_control_msg error -32 req 04 val 1400
[  461.350500][T10069] pwc: recv_control_msg error -32 req 02 val 2000
[  461.357725][T10069] pwc: recv_control_msg error -32 req 02 val 2100
[  461.365006][T10069] pwc: recv_control_msg error -32 req 04 val 1500
[  461.373068][T10069] pwc: recv_control_msg error -32 req 02 val 2500
[  461.496759][T10073] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  461.525872][T10070] pwc: recv_control_msg error -32 req 02 val 2b00
[  461.533738][T10070] pwc: recv_control_msg error -32 req 02 val 2700
[  461.593734][T10070] pwc: recv_control_msg error -32 req 02 val 2c00
[  461.603460][T10070] pwc: recv_control_msg error -32 req 04 val 1000
[  461.610701][T10070] pwc: recv_control_msg error -32 req 04 val 1300
[  461.618204][T10070] pwc: recv_control_msg error -32 req 04 val 1400
[  461.625363][T10070] pwc: recv_control_msg error -32 req 02 val 2000
[  461.633260][T10070] pwc: recv_control_msg error -32 req 02 val 2100
[  461.641442][T10069] pwc: recv_control_msg error -71 req 02 val 2600
[  461.650615][T10070] pwc: recv_control_msg error -32 req 04 val 1500
[  461.658071][T10069] pwc: recv_control_msg error -71 req 02 val 2900
[  461.665277][T10073] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  461.676652][T10070] pwc: recv_control_msg error -32 req 02 val 2500
[  461.683266][T10069] pwc: recv_control_msg error -71 req 02 val 2800
[  461.690736][T10070] pwc: recv_control_msg error -32 req 02 val 2400
[  461.697327][T10073] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  461.706387][T10073] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.714527][T10069] pwc: recv_control_msg error -71 req 04 val 1100
[  461.725385][T10069] pwc: recv_control_msg error -71 req 04 val 1200
[  461.731972][T10070] pwc: recv_control_msg error -32 req 02 val 2600
[  461.741601][T10069] pwc: Registered as video103.
[  461.757987][T10073] usb 4-1: config 0 descriptor??
[  461.766375][T10069] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input39
[  461.808361][T10069] usb 3-1: USB disconnect, device number 23
[  461.966138][T10073] usbhid 4-1:0.0: can't add hid device: -71
[  461.977821][T10073] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  462.007123][T10073] usb 4-1: USB disconnect, device number 5
[  462.247285][T10501] fuse: Bad value for 'group_id'
[  462.252449][T10501] fuse: Bad value for 'group_id'
[  462.411967][T10506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.428947][T10506] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.486779][T10073] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  462.646894][T10073] usb 4-1: Using ep0 maxpacket: 32
[  462.655587][T10073] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  462.668697][T10073] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  462.678524][T10073] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.719588][T10073] usb 4-1: config 0 descriptor??
[  462.736431][T10073] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  462.785031][T10073] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  462.941496][T10497] FAULT_INJECTION: forcing a failure.
[  462.941496][T10497] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  462.963404][T10497] CPU: 0 UID: 0 PID: 10497 Comm: syz.3.1695 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  462.963443][T10497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  462.963458][T10497] Call Trace:
[  462.963467][T10497]  <TASK>
[  462.963478][T10497]  dump_stack_lvl+0x189/0x250
[  462.963508][T10497]  ? __pfx____ratelimit+0x10/0x10
[  462.963533][T10497]  ? __pfx_dump_stack_lvl+0x10/0x10
[  462.963559][T10497]  ? __pfx__printk+0x10/0x10
[  462.963586][T10497]  ? fs_reclaim_acquire+0x7d/0x100
[  462.963623][T10497]  should_fail_ex+0x414/0x560
[  462.963665][T10497]  prepare_alloc_pages+0x213/0x610
[  462.963702][T10497]  __alloc_frozen_pages_noprof+0x123/0x370
[  462.963736][T10497]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  462.963763][T10497]  ? do_raw_spin_lock+0x121/0x290
[  462.963794][T10497]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  462.963825][T10497]  ? policy_nodemask+0x27c/0x720
[  462.963855][T10497]  alloc_pages_mpol+0x232/0x4a0
[  462.963885][T10497]  alloc_pages_noprof+0xa9/0x190
[  462.963912][T10497]  get_free_pages_noprof+0xf/0x80
[  462.963940][T10497]  __pollwait+0x27b/0x460
[  462.963968][T10497]  ? __pfx___pollwait+0x10/0x10
[  462.963992][T10497]  n_tty_poll+0x9d/0x740
[  462.964026][T10497]  ? __pfx_n_tty_poll+0x10/0x10
[  462.964056][T10497]  tty_poll+0xbe/0x160
[  462.964083][T10497]  ? __pfx_tty_poll+0x10/0x10
[  462.964122][T10497]  do_select+0x105b/0x17e0
[  462.964146][T10497]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  462.964207][T10497]  ? __pfx_do_select+0x10/0x10
[  462.964232][T10497]  ? __lock_acquire+0xab9/0xd20
[  462.964271][T10497]  ? __pfx___pollwait+0x10/0x10
[  462.964309][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964338][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964370][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964400][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964430][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964460][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964490][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964521][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964551][T10497]  ? __pfx_pollwake+0x10/0x10
[  462.964604][T10497]  core_sys_select+0x6dd/0xa20
[  462.964643][T10497]  ? __pfx_core_sys_select+0x10/0x10
[  462.964697][T10497]  ? __pfx_set_user_sigmask+0x10/0x10
[  462.964731][T10497]  __se_sys_pselect6+0x27a/0x300
[  462.964764][T10497]  ? __pfx___se_sys_pselect6+0x10/0x10
[  462.964791][T10497]  ? __pfx_ksys_write+0x10/0x10
[  462.964813][T10497]  ? rcu_is_watching+0x15/0xb0
[  462.964841][T10497]  ? __x64_sys_pselect6+0x21/0xf0
[  462.964870][T10497]  do_syscall_64+0xfa/0x3b0
[  462.964897][T10497]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.964919][T10497]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  462.964953][T10497]  ? clear_bhb_loop+0x60/0xb0
[  462.964980][T10497]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.965021][T10497] RIP: 0033:0x7fcf8478e929
[  462.965054][T10497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  462.965073][T10497] RSP: 002b:00007fcf85602038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  462.965095][T10497] RAX: ffffffffffffffda RBX: 00007fcf849b5fa0 RCX: 00007fcf8478e929
[  462.965137][T10497] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  462.965152][T10497] RBP: 00007fcf85602090 R08: 0000200000000300 R09: 0000000000000000
[  462.965167][T10497] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  462.965183][T10497] R13: 0000000000000000 R14: 00007fcf849b5fa0 R15: 00007ffe99591ee8
[  462.965217][T10497]  </TASK>
[  463.386015][ T5874] usb 4-1: USB disconnect, device number 6
[  463.394814][ T5874] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  463.574851][T10070] pwc: recv_control_msg error -71 req 02 val 2800
[  463.588382][T10070] pwc: recv_control_msg error -71 req 04 val 1100
[  463.638228][T10070] pwc: recv_control_msg error -71 req 04 val 1200
[  463.687143][T10070] pwc: Registered as video103.
[  463.694141][T10070] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input40
[  463.822989][T10070] usb 1-1: USB disconnect, device number 7
[  464.185368][T10528] binder: 10526:10528 ioctl c0306201 200000001040 returned -14
[  464.406830][T10070] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  464.427771][T10536] FAULT_INJECTION: forcing a failure.
[  464.427771][T10536] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  464.476562][T10536] CPU: 0 UID: 0 PID: 10536 Comm: syz.1.1709 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  464.476593][T10536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  464.476612][T10536] Call Trace:
[  464.476622][T10536]  <TASK>
[  464.476632][T10536]  dump_stack_lvl+0x189/0x250
[  464.476662][T10536]  ? __pfx____ratelimit+0x10/0x10
[  464.476686][T10536]  ? __pfx_dump_stack_lvl+0x10/0x10
[  464.476711][T10536]  ? __pfx__printk+0x10/0x10
[  464.476735][T10536]  ? __might_fault+0xb0/0x130
[  464.476768][T10536]  should_fail_ex+0x414/0x560
[  464.476810][T10536]  _copy_from_user+0x2d/0xb0
[  464.476833][T10536]  ___sys_sendmsg+0x158/0x2a0
[  464.476868][T10536]  ? __pfx____sys_sendmsg+0x10/0x10
[  464.476937][T10536]  ? __fget_files+0x2a/0x420
[  464.476964][T10536]  ? __fget_files+0x3a0/0x420
[  464.477003][T10536]  __x64_sys_sendmsg+0x19b/0x260
[  464.477046][T10536]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  464.477100][T10536]  ? __pfx_ksys_write+0x10/0x10
[  464.477121][T10536]  ? rcu_is_watching+0x15/0xb0
[  464.477148][T10536]  ? do_syscall_64+0xbe/0x3b0
[  464.477177][T10536]  do_syscall_64+0xfa/0x3b0
[  464.477201][T10536]  ? lockdep_hardirqs_on+0x9c/0x150
[  464.477223][T10536]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.477245][T10536]  ? clear_bhb_loop+0x60/0xb0
[  464.477272][T10536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.477311][T10536] RIP: 0033:0x7fc26d38e929
[  464.477331][T10536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  464.477350][T10536] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  464.477374][T10536] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  464.477391][T10536] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  464.477405][T10536] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  464.477419][T10536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.477433][T10536] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  464.477466][T10536]  </TASK>
[  464.789629][T10070] usb 3-1: Using ep0 maxpacket: 32
[  464.796749][T10070] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  464.804867][T10070] usb 3-1: config 0 has no interface number 0
[  464.826484][T10546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  464.849056][T10546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  464.859792][T10070] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  464.875932][T10070] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.875963][T10070] usb 3-1: Product: syz
[  464.875981][T10070] usb 3-1: Manufacturer: syz
[  464.875998][T10070] usb 3-1: SerialNumber: syz
[  464.889303][T10070] usb 3-1: config 0 descriptor??
[  464.949517][T10070] smsc95xx v2.0.0
[  465.003726][T10554] syzkaller1: entered promiscuous mode
[  465.003774][T10554] syzkaller1: entered allmulticast mode
[  465.366150][T10070] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61
[  465.377396][T10070] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  465.571185][T10527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.580288][T10527] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.665697][T10073] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0
[  465.710686][T10073] hid-generic 0000:0000:0000.002D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  465.873463][T10062] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0
[  465.907248][T10062] hid-generic 0000:0000:0000.002E: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  465.991625][T10070] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[  466.027440][T10070] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  466.065346][T10070] usb 3-1: USB disconnect, device number 24
[  466.696566][T10580] snd_dummy snd_dummy.0: control 3:2:0:syz0:211 is already present
[  466.806285][   T30] audit: type=1326 audit(1750977056.774:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000
[  466.829828][   T30] audit: type=1326 audit(1750977056.774:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000
[  466.855622][   T30] audit: type=1326 audit(1750977056.774:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000
[  466.881143][   T30] audit: type=1326 audit(1750977056.804:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000
[  466.903946][T10062] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  466.917557][   T30] audit: type=1326 audit(1750977056.804:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000
[  466.943156][   T30] audit: type=1326 audit(1750977056.824:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000
[  466.970873][   T30] audit: type=1326 audit(1750977056.824:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000
[  466.999364][   T30] audit: type=1326 audit(1750977056.854:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcf8478d290 code=0x7ffc0000
[  467.025210][   T30] audit: type=1326 audit(1750977056.854:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fcf84790157 code=0x7ffc0000
[  467.060391][T10070] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  467.068140][   T30] audit: type=1326 audit(1750977056.854:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000
[  467.098379][T10062] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  467.110649][T10062] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  467.126192][T10062] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  467.141725][T10062] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.155526][T10062] usb 3-1: config 0 descriptor??
[  467.227331][T10070] usb 1-1: Using ep0 maxpacket: 32
[  467.234830][T10070] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  467.253622][T10070] usb 1-1: config 0 has no interface number 0
[  467.271354][T10070] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  467.290445][T10070] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.300445][T10070] usb 1-1: Product: syz
[  467.304643][T10070] usb 1-1: Manufacturer: syz
[  467.312228][T10070] usb 1-1: SerialNumber: syz
[  467.322133][T10070] usb 1-1: config 0 descriptor??
[  467.334779][T10070] smsc95xx v2.0.0
[  467.736147][T10070] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  467.748740][T10070] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  467.800224][T10578] fuse: Unknown parameter '00000000000000000000006�0xffffffffffffffff����n仮E���{�i�EHP@I��@-��'
[  467.815659][T10062] usbhid 3-1:0.0: can't add hid device: -71
[  467.822944][T10062] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  467.843810][T10062] usb 3-1: USB disconnect, device number 25
[  467.954228][T10598] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1731'.
[  468.216223][T10608] syzkaller1: entered promiscuous mode
[  468.222338][T10608] syzkaller1: entered allmulticast mode
[  468.270442][T10610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.279316][T10610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  468.291633][T10610] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  468.299013][T10610] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  468.492489][T10616] dlm: plock device version mismatch: kernel (1.2.0), user (1.6.16)
[  468.736839][T10062] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  468.793287][T10070] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  468.807594][T10070] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  468.836823][T10070] usb 1-1: USB disconnect, device number 8
[  468.898153][T10062] usb 3-1: Using ep0 maxpacket: 8
[  468.918317][T10062] usb 3-1: config 0 has an invalid interface number: 130 but max is 0
[  468.936047][T10062] usb 3-1: config 0 has no interface number 0
[  468.944000][T10062] usb 3-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=71.1b
[  468.957516][T10062] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.974291][T10620] syz.3.1740: attempt to access beyond end of device
[  468.974291][T10620] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[  468.978169][T10062] usb 3-1: config 0 descriptor??
[  468.995725][T10620] efs: cannot read volume header
[  469.008086][T10062] ftdi_sio 3-1:0.130: FTDI USB Serial Device converter detected
[  469.024187][T10062] ftdi_sio ttyUSB0: unknown device type: 0x711b
[  469.089527][T10622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.103070][T10622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.116099][T10622] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1741'.
[  469.129308][T10624] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[  469.172593][T10626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.189573][T10626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.231240][T10062] usb 3-1: USB disconnect, device number 26
[  469.253650][T10062] ftdi_sio 3-1:0.130: device disconnected
[  469.657137][T10644] ceph: Path missing in source
[  469.820766][T10650] snd_dummy snd_dummy.0: control 3:2:0:syz0:211 is already present
[  469.976826][T10062] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  470.016960][ T5897] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  470.111482][T10062] usb 4-1: device descriptor read/64, error -71
[  470.118025][ T5874] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  470.157999][T10660] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  470.166938][T10660] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  470.176703][ T5897] usb 1-1: Using ep0 maxpacket: 32
[  470.199098][ T5897] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  470.208841][ T5897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.220944][ T5897] usb 1-1: Product: syz
[  470.225138][ T5897] usb 1-1: Manufacturer: syz
[  470.230519][ T5897] usb 1-1: SerialNumber: syz
[  470.241335][ T5897] usb 1-1: config 0 descriptor??
[  470.261350][ T5897] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  470.286901][ T5874] usb 3-1: Using ep0 maxpacket: 32
[  470.295360][ T5874] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  470.308279][ T5874] usb 3-1: config 0 has no interface number 0
[  470.319957][ T5874] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  470.331441][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.339739][ T5874] usb 3-1: Product: syz
[  470.344046][ T5874] usb 3-1: Manufacturer: syz
[  470.347235][T10664] binder_alloc: 10663: binder_alloc_buf size 65816 failed, no address space
[  470.349636][ T5874] usb 3-1: SerialNumber: syz
[  470.361929][T10664] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[  470.362150][T10062] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  470.382981][ T5874] usb 3-1: config 0 descriptor??
[  470.393379][ T5874] smsc95xx v2.0.0
[  470.516907][T10062] usb 4-1: device descriptor read/64, error -71
[  470.543755][T10668] netlink: 'syz.1.1761': attribute type 10 has an invalid length.
[  470.551823][T10668] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1761'.
[  470.631426][T10062] usb usb4-port1: attempt power cycle
[  470.798069][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  470.812192][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  470.976821][T10062] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  470.997646][T10062] usb 4-1: device descriptor read/8, error -71
[  471.236871][T10062] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  471.260159][T10062] usb 4-1: device descriptor read/8, error -71
[  471.387430][T10062] usb usb4-port1: unable to enumerate USB device
[  471.618831][T10672] FAULT_INJECTION: forcing a failure.
[  471.618831][T10672] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  471.633369][T10672] CPU: 1 UID: 0 PID: 10672 Comm: syz.1.1763 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  471.633402][T10672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  471.633418][T10672] Call Trace:
[  471.633427][T10672]  <TASK>
[  471.633437][T10672]  dump_stack_lvl+0x189/0x250
[  471.633469][T10672]  ? __pfx____ratelimit+0x10/0x10
[  471.633493][T10672]  ? __pfx_dump_stack_lvl+0x10/0x10
[  471.633526][T10672]  ? __pfx__printk+0x10/0x10
[  471.633552][T10672]  ? __might_fault+0xb0/0x130
[  471.633587][T10672]  should_fail_ex+0x414/0x560
[  471.633627][T10672]  _copy_from_user+0x2d/0xb0
[  471.633650][T10672]  ___sys_sendmsg+0x158/0x2a0
[  471.633687][T10672]  ? __pfx____sys_sendmsg+0x10/0x10
[  471.633759][T10672]  ? __fget_files+0x2a/0x420
[  471.633787][T10672]  ? __fget_files+0x3a0/0x420
[  471.633829][T10672]  __x64_sys_sendmsg+0x19b/0x260
[  471.633864][T10672]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  471.633907][T10672]  ? __pfx_ksys_write+0x10/0x10
[  471.633939][T10672]  ? do_syscall_64+0xbe/0x3b0
[  471.633970][T10672]  do_syscall_64+0xfa/0x3b0
[  471.633995][T10672]  ? lockdep_hardirqs_on+0x9c/0x150
[  471.634018][T10672]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.634040][T10672]  ? clear_bhb_loop+0x60/0xb0
[  471.634066][T10672]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.634088][T10672] RIP: 0033:0x7fc26d38e929
[  471.634108][T10672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.634128][T10672] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  471.634151][T10672] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  471.634168][T10672] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  471.634182][T10672] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  471.634197][T10672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.634210][T10672] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  471.634244][T10672]  </TASK>
[  471.862317][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  471.875903][ T5874] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  471.898541][ T5874] usb 3-1: USB disconnect, device number 27
[  471.981491][T10676] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1764'.
[  472.410651][T10678] syz.2.1765: attempt to access beyond end of device
[  472.410651][T10678] loop2: rw=6144, sector=128, nr_sectors = 8 limit=0
[  472.424039][T10678] gfs2: error -5 reading superblock
[  472.884285][T10690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  472.895301][T10690] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  472.993150][T10693] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1772'.
[  473.095023][T10696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1775'.
[  473.103377][T10698] snd_dummy snd_dummy.0: control 3:2:0:syz0:211 is already present
[  473.436740][ T5874] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  473.525622][T10709] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1780'.
[  473.549512][ T1151] Bluetooth: hci4: Frame reassembly failed (-84)
[  473.557427][T10709] Bluetooth: hci4: Frame reassembly failed (-84)
[  473.558563][T10073] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  473.564414][T10709] Bluetooth: hci4: Frame reassembly failed (-84)
[  473.596725][ T5874] usb 3-1: Using ep0 maxpacket: 32
[  473.603493][ T5874] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  473.612154][ T5874] usb 3-1: config 0 has no interface number 0
[  473.621172][ T5874] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  473.631113][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.639396][ T5874] usb 3-1: Product: syz
[  473.643653][ T5874] usb 3-1: Manufacturer: syz
[  473.648562][ T5874] usb 3-1: SerialNumber: syz
[  473.656878][ T5874] usb 3-1: config 0 descriptor??
[  473.662935][ T5897] gspca_stk1135: reg_w 0x353 err -71
[  473.672997][ T5874] smsc95xx v2.0.0
[  473.677773][ T5897] gspca_stk1135: serial bus timeout: status=0x00
[  473.684274][ T5897] gspca_stk1135: Sensor write failed
[  473.689975][ T5897] gspca_stk1135: serial bus timeout: status=0x00
[  473.696389][ T5897] gspca_stk1135: Sensor write failed
[  473.701967][ T5897] gspca_stk1135: serial bus timeout: status=0x00
[  473.709213][ T5897] gspca_stk1135: Sensor read failed
[  473.714471][ T5897] gspca_stk1135: serial bus timeout: status=0x00
[  473.720271][T10073] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  473.721201][ T5897] gspca_stk1135: Sensor read failed
[  473.737081][ T5897] gspca_stk1135: Detected sensor type unknown (0x0)
[  473.740246][T10073] usb 4-1: config 0 interface 0 has no altsetting 0
[  473.743767][ T5897] gspca_stk1135: serial bus timeout: status=0x00
[  473.755309][T10073] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  473.756783][ T5897] gspca_stk1135: Sensor read failed
[  473.756823][ T5897] gspca_stk1135: serial bus timeout: status=0x00
[  473.756837][ T5897] gspca_stk1135: Sensor read failed
[  473.756873][ T5897] gspca_stk1135: serial bus timeout: status=0x00
[  473.770491][T10073] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  473.771195][ T5897] gspca_stk1135: Sensor write failed
[  473.777892][T10073] usb 4-1: Product: syz
[  473.782897][ T5897] gspca_stk1135: serial bus timeout: status=0x00
[  473.793132][T10073] usb 4-1: Manufacturer: syz
[  473.797516][ T5897] gspca_stk1135: Sensor write failed
[  473.803261][T10073] usb 4-1: SerialNumber: syz
[  473.807436][ T5897] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71
[  473.832422][T10073] usb 4-1: config 0 descriptor??
[  473.848487][T10073] usb 4-1: selecting invalid altsetting 0
[  473.852107][ T5897] usb 1-1: USB disconnect, device number 9
[  474.053688][T10076] usb 4-1: USB disconnect, device number 11
[  474.076318][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  474.089715][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  474.921449][T10715] FAULT_INJECTION: forcing a failure.
[  474.921449][T10715] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  474.936788][T10715] CPU: 1 UID: 0 PID: 10715 Comm: syz.0.1782 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  474.936819][T10715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  474.936833][T10715] Call Trace:
[  474.936844][T10715]  <TASK>
[  474.936853][T10715]  dump_stack_lvl+0x189/0x250
[  474.936884][T10715]  ? __pfx____ratelimit+0x10/0x10
[  474.936911][T10715]  ? __pfx_dump_stack_lvl+0x10/0x10
[  474.936936][T10715]  ? __pfx__printk+0x10/0x10
[  474.936961][T10715]  ? __might_fault+0xb0/0x130
[  474.936996][T10715]  should_fail_ex+0x414/0x560
[  474.937038][T10715]  _copy_from_user+0x2d/0xb0
[  474.937061][T10715]  futex_parse_waitv+0xf4/0x410
[  474.937092][T10715]  ? __pfx_futex_wake_mark+0x10/0x10
[  474.937125][T10715]  ? __pfx_futex_parse_waitv+0x10/0x10
[  474.937155][T10715]  ? rcu_is_watching+0x15/0xb0
[  474.937177][T10715]  ? trace_kmalloc+0x1f/0xd0
[  474.937206][T10715]  ? __se_sys_futex_waitv+0x17d/0x280
[  474.937239][T10715]  __se_sys_futex_waitv+0x19f/0x280
[  474.937272][T10715]  ? __pfx___se_sys_futex_waitv+0x10/0x10
[  474.937308][T10715]  ? __task_pid_nr_ns+0x28/0x470
[  474.937342][T10715]  ? do_syscall_64+0xbe/0x3b0
[  474.937366][T10715]  ? __x64_sys_futex_waitv+0x20/0xc0
[  474.937397][T10715]  do_syscall_64+0xfa/0x3b0
[  474.937422][T10715]  ? lockdep_hardirqs_on+0x9c/0x150
[  474.937446][T10715]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.937468][T10715]  ? clear_bhb_loop+0x60/0xb0
[  474.937496][T10715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  474.937518][T10715] RIP: 0033:0x7f197738e929
[  474.937538][T10715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  474.937559][T10715] RSP: 002b:00007f1978265038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1
[  474.937583][T10715] RAX: ffffffffffffffda RBX: 00007f19775b5fa0 RCX: 00007f197738e929
[  474.937600][T10715] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000001080
[  474.937615][T10715] RBP: 00007f1978265090 R08: 0000000000000001 R09: 0000000000000000
[  474.937629][T10715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  474.937643][T10715] R13: 0000000000000000 R14: 00007f19775b5fa0 R15: 00007ffcb8556868
[  474.937676][T10715]  </TASK>
[  475.228697][T10721] FAULT_INJECTION: forcing a failure.
[  475.228697][T10721] name failslab, interval 1, probability 0, space 0, times 0
[  475.242134][T10721] CPU: 1 UID: 0 PID: 10721 Comm: syz.3.1785 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  475.242167][T10721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  475.242181][T10721] Call Trace:
[  475.242189][T10721]  <TASK>
[  475.242199][T10721]  dump_stack_lvl+0x189/0x250
[  475.242229][T10721]  ? __pfx____ratelimit+0x10/0x10
[  475.242254][T10721]  ? __pfx_dump_stack_lvl+0x10/0x10
[  475.242277][T10721]  ? __pfx__printk+0x10/0x10
[  475.242307][T10721]  ? __pfx___might_resched+0x10/0x10
[  475.242334][T10721]  should_fail_ex+0x414/0x560
[  475.242375][T10721]  should_failslab+0xa8/0x100
[  475.242402][T10721]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  475.242425][T10721]  ? __alloc_skb+0x112/0x2d0
[  475.242464][T10721]  __alloc_skb+0x112/0x2d0
[  475.242496][T10721]  netlink_sendmsg+0x5c6/0xb30
[  475.242534][T10721]  ? __pfx_netlink_sendmsg+0x10/0x10
[  475.242566][T10721]  ? aa_sock_msg_perm+0xf1/0x1d0
[  475.242594][T10721]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  475.242624][T10721]  ? __pfx_netlink_sendmsg+0x10/0x10
[  475.242652][T10721]  __sock_sendmsg+0x219/0x270
[  475.242678][T10721]  ____sys_sendmsg+0x505/0x830
[  475.242716][T10721]  ? __pfx_____sys_sendmsg+0x10/0x10
[  475.242757][T10721]  ? import_iovec+0x74/0xa0
[  475.242782][T10721]  ___sys_sendmsg+0x21f/0x2a0
[  475.242817][T10721]  ? __pfx____sys_sendmsg+0x10/0x10
[  475.242888][T10721]  ? __fget_files+0x2a/0x420
[  475.242915][T10721]  ? __fget_files+0x3a0/0x420
[  475.242954][T10721]  __x64_sys_sendmsg+0x19b/0x260
[  475.242988][T10721]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  475.243030][T10721]  ? __pfx_ksys_write+0x10/0x10
[  475.243051][T10721]  ? rcu_is_watching+0x15/0xb0
[  475.243078][T10721]  ? do_syscall_64+0xbe/0x3b0
[  475.243109][T10721]  do_syscall_64+0xfa/0x3b0
[  475.243132][T10721]  ? lockdep_hardirqs_on+0x9c/0x150
[  475.243156][T10721]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.243179][T10721]  ? clear_bhb_loop+0x60/0xb0
[  475.243206][T10721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  475.243228][T10721] RIP: 0033:0x7fcf8478e929
[  475.243248][T10721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  475.243268][T10721] RSP: 002b:00007fcf85602038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  475.243292][T10721] RAX: ffffffffffffffda RBX: 00007fcf849b5fa0 RCX: 00007fcf8478e929
[  475.243309][T10721] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003
[  475.243323][T10721] RBP: 00007fcf85602090 R08: 0000000000000000 R09: 0000000000000000
[  475.243337][T10721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  475.243351][T10721] R13: 0000000000000000 R14: 00007fcf849b5fa0 R15: 00007ffe99591ee8
[  475.243385][T10721]  </TASK>
[  475.549830][ T5153] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  475.608174][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  475.628224][T10723] Failed to get privilege flags for destination (handle=0x2:0x0)
[  475.668946][ T5874] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  475.696307][ T5874] usb 3-1: USB disconnect, device number 28
[  475.722671][T10723] XFS (rnullb0): Invalid superblock magic number
[  475.919344][T10073] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  476.079855][T10073] usb 1-1: config 1 has an invalid interface number: 228 but max is 2
[  476.088258][T10073] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  476.097027][T10073] usb 1-1: config 1 has an invalid interface number: 146 but max is 2
[  476.105336][T10073] usb 1-1: config 1 has an invalid interface number: 246 but max is 2
[  476.110162][T10076] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  476.113815][T10073] usb 1-1: config 1 has no interface number 0
[  476.127575][T10073] usb 1-1: config 1 has no interface number 1
[  476.133680][T10073] usb 1-1: config 1 has no interface number 2
[  476.145059][T10073] usb 1-1: config 1 interface 228 altsetting 4 bulk endpoint 0x8 has invalid maxpacket 32
[  476.155480][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0x7, skipping
[  476.167292][T10073] usb 1-1: config 1 interface 228 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  476.179252][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0x4, skipping
[  476.188418][T10741] FAULT_INJECTION: forcing a failure.
[  476.188418][T10741] name failslab, interval 1, probability 0, space 0, times 0
[  476.193967][T10073] usb 1-1: config 1 interface 228 altsetting 4 endpoint 0xD has invalid maxpacket 1023, setting to 64
[  476.208713][T10741] CPU: 0 UID: 0 PID: 10741 Comm: syz.2.1791 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  476.208747][T10741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  476.208763][T10741] Call Trace:
[  476.208773][T10741]  <TASK>
[  476.208784][T10741]  dump_stack_lvl+0x189/0x250
[  476.208817][T10741]  ? __pfx____ratelimit+0x10/0x10
[  476.208844][T10741]  ? __pfx_dump_stack_lvl+0x10/0x10
[  476.208871][T10741]  ? __pfx__printk+0x10/0x10
[  476.208901][T10741]  ? __pfx___might_resched+0x10/0x10
[  476.208926][T10741]  ? fs_reclaim_acquire+0x7d/0x100
[  476.208961][T10741]  should_fail_ex+0x414/0x560
[  476.209005][T10741]  should_failslab+0xa8/0x100
[  476.209033][T10741]  __kmalloc_noprof+0xcb/0x4f0
[  476.209057][T10741]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  476.209100][T10741]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  476.209146][T10741]  genl_family_rcv_msg_doit+0xb8/0x300
[  476.209190][T10741]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  476.209228][T10741]  ? rcu_is_watching+0x15/0xb0
[  476.209256][T10741]  ? apparmor_capable+0x137/0x1b0
[  476.209294][T10741]  ? bpf_lsm_capable+0x9/0x20
[  476.209317][T10741]  ? security_capable+0x7e/0x2e0
[  476.209360][T10741]  genl_rcv_msg+0x60e/0x790
[  476.209403][T10741]  ? __pfx_genl_rcv_msg+0x10/0x10
[  476.209435][T10741]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  476.209469][T10741]  ? __pfx_nl80211_start_ap+0x10/0x10
[  476.209488][T10741]  ? __pfx_nl80211_post_doit+0x10/0x10
[  476.209540][T10741]  netlink_rcv_skb+0x205/0x470
[  476.209569][T10741]  ? __pfx_genl_rcv_msg+0x10/0x10
[  476.209605][T10741]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  476.209654][T10741]  ? down_read+0x1ad/0x2e0
[  476.209687][T10741]  genl_rcv+0x28/0x40
[  476.209720][T10741]  netlink_unicast+0x758/0x8d0
[  476.209759][T10741]  netlink_sendmsg+0x805/0xb30
[  476.209802][T10741]  ? __pfx_netlink_sendmsg+0x10/0x10
[  476.209835][T10741]  ? aa_sock_msg_perm+0xf1/0x1d0
[  476.209865][T10741]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  476.209896][T10741]  ? __pfx_netlink_sendmsg+0x10/0x10
[  476.209927][T10741]  __sock_sendmsg+0x219/0x270
[  476.209955][T10741]  ____sys_sendmsg+0x505/0x830
[  476.209995][T10741]  ? __pfx_____sys_sendmsg+0x10/0x10
[  476.210040][T10741]  ? import_iovec+0x74/0xa0
[  476.210067][T10741]  ___sys_sendmsg+0x21f/0x2a0
[  476.210103][T10741]  ? __pfx____sys_sendmsg+0x10/0x10
[  476.210178][T10741]  ? __fget_files+0x2a/0x420
[  476.210206][T10741]  ? __fget_files+0x3a0/0x420
[  476.210269][T10741]  __x64_sys_sendmsg+0x19b/0x260
[  476.210306][T10741]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  476.210360][T10741]  ? __pfx_ksys_write+0x10/0x10
[  476.210383][T10741]  ? rcu_is_watching+0x15/0xb0
[  476.210415][T10741]  ? do_syscall_64+0xbe/0x3b0
[  476.210449][T10741]  do_syscall_64+0xfa/0x3b0
[  476.210474][T10741]  ? lockdep_hardirqs_on+0x9c/0x150
[  476.210498][T10741]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.210523][T10741]  ? clear_bhb_loop+0x60/0xb0
[  476.210553][T10741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.210578][T10741] RIP: 0033:0x7f2380d8e929
[  476.210600][T10741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  476.210623][T10741] RSP: 002b:00007f2381c33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  476.210648][T10741] RAX: ffffffffffffffda RBX: 00007f2380fb5fa0 RCX: 00007f2380d8e929
[  476.210668][T10741] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  476.210683][T10741] RBP: 00007f2381c33090 R08: 0000000000000000 R09: 0000000000000000
[  476.210699][T10741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  476.210715][T10741] R13: 0000000000000000 R14: 00007f2380fb5fa0 R15: 00007fff9039e078
[  476.210753][T10741]  </TASK>
[  476.302453][T10076] usb 4-1: Using ep0 maxpacket: 32
[  476.305028][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0x9, skipping
[  476.321184][T10076] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  476.325648][T10073] usb 1-1: config 1 interface 228 altsetting 4 endpoint 0x1 has invalid wMaxPacketSize 0
[  476.325678][T10073] usb 1-1: config 1 interface 228 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  476.337850][T10076] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.340335][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0x8, skipping
[  476.350514][T10076] usb 4-1: Product: syz
[  476.352094][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0xC, skipping
[  476.363629][T10076] usb 4-1: Manufacturer: syz
[  476.370008][T10073] usb 1-1: config 1 interface 146 altsetting 8 has a duplicate endpoint with address 0x8, skipping
[  476.385178][T10076] usb 4-1: SerialNumber: syz
[  476.393903][T10073] usb 1-1: config 1 interface 146 altsetting 8 has a duplicate endpoint with address 0x9, skipping
[  476.413013][T10743] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1792'.
[  476.419534][T10073] usb 1-1: config 1 interface 146 altsetting 8 has a duplicate endpoint with address 0x7, skipping
[  476.422302][T10076] usb 4-1: config 0 descriptor??
[  476.425987][T10073] usb 1-1: config 1 interface 146 altsetting 8 has a duplicate endpoint with address 0x4, skipping
[  476.445964][T10076] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  476.460027][T10073] usb 1-1: config 1 interface 246 altsetting 4 has a duplicate endpoint with address 0x8, skipping
[  476.670126][ T5842] Bluetooth: hci1: unexpected event for opcode 0x0403
[  476.681362][T10073] usb 1-1: config 1 interface 228 has no altsetting 0
[  476.775330][T10073] usb 1-1: config 1 interface 146 has no altsetting 0
[  476.782772][T10073] usb 1-1: config 1 interface 246 has no altsetting 0
[  476.795954][T10073] usb 1-1: New USB device found, idVendor=0c45, idProduct=624e, bcdDevice= 8.71
[  476.831416][T10073] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.841071][T10073] usb 1-1: Product: syz
[  476.856010][T10753] FAULT_INJECTION: forcing a failure.
[  476.856010][T10753] name failslab, interval 1, probability 0, space 0, times 0
[  476.871978][T10753] CPU: 1 UID: 0 PID: 10753 Comm: syz.1.1796 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  476.872008][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  476.872023][T10753] Call Trace:
[  476.872032][T10753]  <TASK>
[  476.872042][T10753]  dump_stack_lvl+0x189/0x250
[  476.872071][T10753]  ? __pfx____ratelimit+0x10/0x10
[  476.872098][T10753]  ? __pfx_dump_stack_lvl+0x10/0x10
[  476.872122][T10753]  ? __pfx__printk+0x10/0x10
[  476.872151][T10753]  ? __pfx___might_resched+0x10/0x10
[  476.872172][T10753]  ? fs_reclaim_acquire+0x7d/0x100
[  476.872201][T10753]  should_fail_ex+0x414/0x560
[  476.872240][T10753]  should_failslab+0xa8/0x100
[  476.872266][T10753]  __kmalloc_noprof+0xcb/0x4f0
[  476.872285][T10753]  ? iter_file_splice_write+0x1cb/0x1000
[  476.872315][T10753]  iter_file_splice_write+0x1cb/0x1000
[  476.872363][T10753]  ? __pfx_iter_file_splice_write+0x10/0x10
[  476.872397][T10753]  ? rcu_read_lock_any_held+0xb3/0x120
[  476.872421][T10753]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  476.872445][T10753]  ? ovl_real_file_path+0x145/0x310
[  476.872475][T10753]  backing_file_splice_write+0x3be/0x5e0
[  476.872508][T10753]  ovl_splice_write+0x3b7/0x4e0
[  476.872522][T10753]  ? __lock_acquire+0xab9/0xd20
[  476.872557][T10753]  ? __pfx_ovl_splice_write+0x10/0x10
[  476.872580][T10753]  ? __pfx_ovl_file_end_write+0x10/0x10
[  476.872604][T10753]  ? rcu_read_lock_any_held+0xb3/0x120
[  476.872639][T10753]  ? __pfx_ovl_splice_write+0x10/0x10
[  476.872656][T10753]  direct_splice_actor+0xfe/0x160
[  476.872677][T10753]  splice_direct_to_actor+0x5a8/0xcc0
[  476.872723][T10753]  ? __pfx_direct_splice_actor+0x10/0x10
[  476.872749][T10753]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  476.872787][T10753]  do_splice_direct+0x181/0x270
[  476.872809][T10753]  ? __pfx_do_splice_direct+0x10/0x10
[  476.872828][T10753]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  476.872882][T10753]  ? rw_verify_area+0x258/0x650
[  476.872910][T10753]  do_sendfile+0x4da/0x7e0
[  476.872951][T10753]  ? __pfx_do_sendfile+0x10/0x10
[  476.872983][T10753]  __se_sys_sendfile64+0xd9/0x190
[  476.873006][T10753]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  476.873035][T10753]  ? rcu_is_watching+0x15/0xb0
[  476.873063][T10753]  ? do_syscall_64+0xbe/0x3b0
[  476.873091][T10753]  do_syscall_64+0xfa/0x3b0
[  476.873114][T10753]  ? lockdep_hardirqs_on+0x9c/0x150
[  476.873131][T10753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.873146][T10753]  ? clear_bhb_loop+0x60/0xb0
[  476.873169][T10753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.873191][T10753] RIP: 0033:0x7fc26d38e929
[  476.873211][T10753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  476.873229][T10753] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  476.873252][T10753] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  476.873306][T10753] RDX: 0000200000000080 RSI: 0000000000000003 RDI: 0000000000000003
[  476.873318][T10753] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  476.873334][T10753] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000002
[  476.873355][T10753] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  476.873390][T10753]  </TASK>
[  476.873560][T10073] usb 1-1: Manufacturer: 칺ᐰ탴冇䑋㉸勵ẊᲴ頻ꆶ厒맥痆膃ጬ䧫ᢼ
[  477.106866][ T5897] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  477.111428][T10073] usb 1-1: SerialNumber: syz
[  477.116957][T10727] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  477.226308][T10727] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  477.270165][T10757] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  477.277900][T10757] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  477.344967][T10759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.356578][T10759] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.374532][ T5897] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  477.384356][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  477.392537][ T5897] usb 3-1: Product: syz
[  477.396807][ T5897] usb 3-1: Manufacturer: syz
[  477.401445][ T5897] usb 3-1: SerialNumber: syz
[  477.415648][ T5897] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  477.472302][ T5874] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  477.504747][T10073] usb 1-1: USB disconnect, device number 10
[  478.035058][T10761] snd_dummy snd_dummy.0: control 3:2:0:syz0:211 is already present
[  478.336764][T10073] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  478.486709][T10073] usb 1-1: Using ep0 maxpacket: 32
[  478.494073][T10073] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  478.502405][T10073] usb 1-1: config 0 has no interface number 0
[  478.511474][T10073] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  478.517731][ T5874] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  478.521206][T10073] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  478.536223][T10073] usb 1-1: Product: syz
[  478.540805][T10073] usb 1-1: Manufacturer: syz
[  478.545520][T10073] usb 1-1: SerialNumber: syz
[  478.545996][ T5874] ath9k_htc: Failed to initialize the device
[  478.558527][T10073] usb 1-1: config 0 descriptor??
[  478.571883][T10073] smsc95xx v2.0.0
[  478.593834][ T5874] usb 3-1: ath9k_htc: USB layer deinitialized
[  478.812941][ T5874] usb 3-1: USB disconnect, device number 29
[  478.970581][T10073] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  478.981555][T10073] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  479.636893][T10069] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  479.745953][T10076] gspca_stk1135: reg_w 0x353 err -71
[  479.752602][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  479.763904][T10076] gspca_stk1135: Sensor write failed
[  479.769346][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  479.776873][T10076] gspca_stk1135: Sensor write failed
[  479.783505][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  479.790960][T10076] gspca_stk1135: Sensor read failed
[  479.796218][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  479.804719][T10076] gspca_stk1135: Sensor read failed
[  479.809998][T10069] usb 3-1: Using ep0 maxpacket: 16
[  479.815323][T10076] gspca_stk1135: Detected sensor type unknown (0x0)
[  479.818762][T10069] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  479.825268][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  479.836149][T10069] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  479.841781][T10076] gspca_stk1135: Sensor read failed
[  479.849555][T10069] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  479.856361][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  479.864688][T10069] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  479.864725][T10069] usb 3-1: config 7 interface 0 has no altsetting 0
[  479.864796][T10069] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  479.876760][T10076] gspca_stk1135: Sensor read failed
[  479.884231][T10069] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  479.895985][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  479.923309][T10076] gspca_stk1135: Sensor write failed
[  479.929210][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  479.935762][T10076] gspca_stk1135: Sensor write failed
[  479.944332][T10076] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  479.964686][T10076] usb 4-1: USB disconnect, device number 12
[  480.022422][T10073] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  480.033812][T10073] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  480.051077][T10073] usb 1-1: USB disconnect, device number 11
[  480.367695][T10069] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:7.0/0003:0458:5010.002F/input/input41
[  480.549193][T10069] kye 0003:0458:5010.002F: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0
[  481.095372][T10783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.119432][T10783] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.216752][T10069] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  481.399238][T10069] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  481.411900][T10069] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.429748][T10069] usb 1-1: config 0 descriptor??
[  481.800756][T10789] FAULT_INJECTION: forcing a failure.
[  481.800756][T10789] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  481.815127][T10789] CPU: 0 UID: 0 PID: 10789 Comm: syz.3.1808 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  481.815158][T10789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  481.815173][T10789] Call Trace:
[  481.815182][T10789]  <TASK>
[  481.815192][T10789]  dump_stack_lvl+0x189/0x250
[  481.815222][T10789]  ? __pfx____ratelimit+0x10/0x10
[  481.815247][T10789]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.815273][T10789]  ? __pfx__printk+0x10/0x10
[  481.815299][T10789]  ? __might_fault+0xb0/0x130
[  481.815332][T10789]  should_fail_ex+0x414/0x560
[  481.815374][T10789]  _copy_from_user+0x2d/0xb0
[  481.815397][T10789]  snd_seq_oss_write+0x515/0x930
[  481.815461][T10789]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  481.815497][T10789]  ? common_file_perm+0x199/0x200
[  481.815527][T10789]  ? security_file_permission+0x75/0x290
[  481.815565][T10789]  odev_write+0x5a/0x80
[  481.815592][T10789]  ? __pfx_odev_write+0x10/0x10
[  481.815621][T10789]  vfs_write+0x27b/0xa90
[  481.815653][T10789]  ? __pfx_vfs_write+0x10/0x10
[  481.815677][T10789]  ? __fget_files+0x2a/0x420
[  481.815707][T10789]  ? __fget_files+0x2a/0x420
[  481.815733][T10789]  ? __fget_files+0x3a0/0x420
[  481.815766][T10789]  ? __fget_files+0x2a/0x420
[  481.815803][T10789]  ksys_write+0x145/0x250
[  481.815828][T10789]  ? __pfx_ksys_write+0x10/0x10
[  481.815857][T10789]  ? do_syscall_64+0xbe/0x3b0
[  481.815886][T10789]  do_syscall_64+0xfa/0x3b0
[  481.815909][T10789]  ? lockdep_hardirqs_on+0x9c/0x150
[  481.815931][T10789]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.815952][T10789]  ? clear_bhb_loop+0x60/0xb0
[  481.815979][T10789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.816000][T10789] RIP: 0033:0x7fcf8478e929
[  481.816020][T10789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.816038][T10789] RSP: 002b:00007fcf85602038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  481.816060][T10789] RAX: ffffffffffffffda RBX: 00007fcf849b5fa0 RCX: 00007fcf8478e929
[  481.816076][T10789] RDX: 0000000000000232 RSI: 0000200000000840 RDI: 0000000000000003
[  481.816090][T10789] RBP: 00007fcf85602090 R08: 0000000000000000 R09: 0000000000000000
[  481.816104][T10789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.816117][T10789] R13: 0000000000000000 R14: 00007fcf849b5fa0 R15: 00007ffe99591ee8
[  481.816150][T10789]  </TASK>
[  482.208721][T10793] QAT: Invalid ioctl 21531
[  482.215719][T10793] omfs: Invalid superblock (0)
[  482.335981][T10796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  482.346247][T10796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.356971][T10071] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  482.395574][T10076] usb 3-1: USB disconnect, device number 30
[  482.536755][T10071] usb 4-1: Using ep0 maxpacket: 32
[  482.546586][T10071] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  482.555960][T10071] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.564051][T10071] usb 4-1: Product: syz
[  482.568301][T10071] usb 4-1: Manufacturer: syz
[  482.572941][T10071] usb 4-1: SerialNumber: syz
[  482.580757][T10071] usb 4-1: config 0 descriptor??
[  482.589914][T10071] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  482.776842][T10076] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  482.869757][T10781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  482.878677][T10781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  482.890270][T10069] usb 1-1: Cannot set autoneg
[  482.899939][T10069] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  482.920565][T10069] usb 1-1: USB disconnect, device number 12
[  482.930879][T10076] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  482.955106][T10076] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  482.969044][T10076] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  482.979642][T10076] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  482.994371][T10076] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  483.006566][T10076] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  483.026033][T10076] usb 3-1: config 0 descriptor??
[  483.453408][T10076] plantronics 0003:047F:FFFF.0030: ignoring exceeding usage max
[  483.486046][T10076] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  483.647867][T10799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  483.669023][T10799] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  483.764746][T10069] usb 3-1: USB disconnect, device number 31
[  484.103442][T10821] hfs: can't find a HFS filesystem on dev rnullb0
[  484.426796][T10069] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  484.598873][T10069] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  484.609362][T10069] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  484.616741][T10076] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  484.621096][T10069] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  484.636766][T10069] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  484.647855][T10069] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  484.668185][T10069] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  484.677584][T10069] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  484.685643][T10069] usb 1-1: Product: syz
[  484.690676][T10069] usb 1-1: Manufacturer: syz
[  484.713417][T10069] cdc_wdm 1-1:1.0: skipping garbage
[  484.723868][T10069] cdc_wdm 1-1:1.0: skipping garbage
[  484.734228][T10069] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  484.741556][T10069] cdc_wdm 1-1:1.0: Unknown control protocol
[  484.778234][T10076] usb 3-1: Using ep0 maxpacket: 32
[  484.791934][T10076] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  484.803735][T10076] usb 3-1: config 0 has no interface number 0
[  484.816005][T10076] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  484.826590][T10076] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.836177][T10076] usb 3-1: Product: syz
[  484.841783][T10076] usb 3-1: Manufacturer: syz
[  484.846427][T10076] usb 3-1: SerialNumber: syz
[  484.855586][T10076] usb 3-1: config 0 descriptor??
[  484.866323][T10076] smsc95xx v2.0.0
[  485.267402][T10076] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  485.278478][T10076] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  485.814699][T10071] gspca_stk1135: reg_w 0x353 err -71
[  485.838138][T10071] gspca_stk1135: serial bus timeout: status=0x00
[  485.844535][T10071] gspca_stk1135: Sensor write failed
[  485.854200][T10071] gspca_stk1135: serial bus timeout: status=0x00
[  485.876742][T10071] gspca_stk1135: Sensor write failed
[  485.882126][T10071] gspca_stk1135: serial bus timeout: status=0x00
[  485.889036][T10071] gspca_stk1135: Sensor read failed
[  485.894321][T10071] gspca_stk1135: serial bus timeout: status=0x00
[  485.901910][T10071] gspca_stk1135: Sensor read failed
[  485.907532][T10071] gspca_stk1135: Detected sensor type unknown (0x0)
[  485.914254][T10071] gspca_stk1135: serial bus timeout: status=0x00
[  485.921282][T10071] gspca_stk1135: Sensor read failed
[  485.926573][T10071] gspca_stk1135: serial bus timeout: status=0x00
[  485.933511][T10071] gspca_stk1135: Sensor read failed
[  485.939124][T10071] gspca_stk1135: serial bus timeout: status=0x00
[  485.945683][T10071] gspca_stk1135: Sensor write failed
[  485.951733][T10071] gspca_stk1135: serial bus timeout: status=0x00
[  485.958499][T10071] gspca_stk1135: Sensor write failed
[  485.963998][T10071] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  485.975390][T10071] usb 4-1: USB disconnect, device number 13
[  486.310580][T10076] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  486.331303][T10076] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  486.346147][T10076] usb 3-1: USB disconnect, device number 32
[  486.564356][T10841] tc_dump_action: action bad kind
[  486.651969][T10843] FAULT_INJECTION: forcing a failure.
[  486.651969][T10843] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  486.688287][T10843] CPU: 0 UID: 0 PID: 10843 Comm: syz.3.1828 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  486.688328][T10843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  486.688342][T10843] Call Trace:
[  486.688351][T10843]  <TASK>
[  486.688361][T10843]  dump_stack_lvl+0x189/0x250
[  486.688391][T10843]  ? __pfx____ratelimit+0x10/0x10
[  486.688417][T10843]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.688442][T10843]  ? __pfx__printk+0x10/0x10
[  486.688481][T10843]  should_fail_ex+0x414/0x560
[  486.688521][T10843]  _copy_to_user+0x31/0xb0
[  486.688546][T10843]  msr_read+0x177/0x250
[  486.688580][T10843]  ? __pfx_msr_read+0x10/0x10
[  486.688604][T10843]  ? security_file_permission+0x75/0x290
[  486.688641][T10843]  ? rw_verify_area+0x258/0x650
[  486.688663][T10843]  ? __pfx_msr_read+0x10/0x10
[  486.688690][T10843]  vfs_read+0x1fd/0x980
[  486.688723][T10843]  ? __pfx_vfs_read+0x10/0x10
[  486.688747][T10843]  ? __fget_files+0x2a/0x420
[  486.688778][T10843]  ? __fget_files+0x2a/0x420
[  486.688804][T10843]  ? __fget_files+0x3a0/0x420
[  486.688831][T10843]  ? __fget_files+0x2a/0x420
[  486.688869][T10843]  ksys_read+0x145/0x250
[  486.688894][T10843]  ? __pfx_ksys_read+0x10/0x10
[  486.688915][T10843]  ? rcu_is_watching+0x15/0xb0
[  486.688942][T10843]  ? do_syscall_64+0xbe/0x3b0
[  486.688972][T10843]  do_syscall_64+0xfa/0x3b0
[  486.688996][T10843]  ? lockdep_hardirqs_on+0x9c/0x150
[  486.689020][T10843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.689041][T10843]  ? clear_bhb_loop+0x60/0xb0
[  486.689068][T10843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.689090][T10843] RIP: 0033:0x7fcf8478e929
[  486.689110][T10843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.689131][T10843] RSP: 002b:00007fcf85602038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  486.689154][T10843] RAX: ffffffffffffffda RBX: 00007fcf849b5fa0 RCX: 00007fcf8478e929
[  486.689171][T10843] RDX: 0000000000018ff8 RSI: 0000200000019680 RDI: 0000000000000003
[  486.689186][T10843] RBP: 00007fcf85602090 R08: 0000000000000000 R09: 0000000000000000
[  486.689200][T10843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  486.689214][T10843] R13: 0000000000000000 R14: 00007fcf849b5fa0 R15: 00007ffe99591ee8
[  486.689246][T10843]  </TASK>
[  486.722421][T10845] FAULT_INJECTION: forcing a failure.
[  486.722421][T10845] name failslab, interval 1, probability 0, space 0, times 0
[  486.938489][T10845] CPU: 1 UID: 0 PID: 10845 Comm: syz.1.1829 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  486.938519][T10845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  486.938533][T10845] Call Trace:
[  486.938542][T10845]  <TASK>
[  486.938551][T10845]  dump_stack_lvl+0x189/0x250
[  486.938580][T10845]  ? __pfx____ratelimit+0x10/0x10
[  486.938605][T10845]  ? __pfx_dump_stack_lvl+0x10/0x10
[  486.938629][T10845]  ? __pfx__printk+0x10/0x10
[  486.938669][T10845]  should_fail_ex+0x414/0x560
[  486.938711][T10845]  should_failslab+0xa8/0x100
[  486.938737][T10845]  kmem_cache_alloc_noprof+0x73/0x3c0
[  486.938772][T10845]  ? __nf_conntrack_alloc+0x99/0x380
[  486.938808][T10845]  __nf_conntrack_alloc+0x99/0x380
[  486.938846][T10845]  init_conntrack+0x155/0xef0
[  486.938886][T10845]  ? __pfx_init_conntrack+0x10/0x10
[  486.938922][T10845]  ? __pfx___nf_conntrack_find_get+0x10/0x10
[  486.938953][T10845]  ? __siphash_unaligned+0x232/0x3b0
[  486.938985][T10845]  nf_conntrack_in+0xbf2/0x1600
[  486.939040][T10845]  ? __pfx_nf_conntrack_in+0x10/0x10
[  486.939075][T10845]  ? ip6t_do_table+0x1db/0x1560
[  486.939108][T10845]  ? __pfx_ip6t_do_table+0x10/0x10
[  486.939143][T10845]  ? NF_HOOK+0x9a/0x3a0
[  486.939188][T10845]  ? ipv6_defrag+0x2d6/0x3b0
[  486.939220][T10845]  ? __pfx_ipv6_conntrack_in+0x10/0x10
[  486.939249][T10845]  nf_hook_slow+0xc5/0x220
[  486.939280][T10845]  NF_HOOK+0x206/0x3a0
[  486.939308][T10845]  ? skb_orphan+0x4c/0xd0
[  486.939351][T10845]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  486.939380][T10845]  ? NF_HOOK+0x9a/0x3a0
[  486.939409][T10845]  ? __pfx_NF_HOOK+0x10/0x10
[  486.939442][T10845]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  486.939485][T10845]  __netif_receive_skb+0xd3/0x380
[  486.939514][T10845]  ? netif_receive_skb+0x115/0x790
[  486.939536][T10845]  netif_receive_skb+0x1cb/0x790
[  486.939557][T10845]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  486.939593][T10845]  ? __pfx_netif_receive_skb+0x10/0x10
[  486.939621][T10845]  ? tun_rx_batched+0x160/0x730
[  486.939656][T10845]  tun_rx_batched+0x1b9/0x730
[  486.939705][T10845]  ? __lock_acquire+0xab9/0xd20
[  486.939743][T10845]  ? __pfx_tun_rx_batched+0x10/0x10
[  486.939791][T10845]  ? tun_get_user+0x2549/0x3ce0
[  486.939837][T10845]  tun_get_user+0x298e/0x3ce0
[  486.939869][T10845]  ? tun_get_user+0x693/0x3ce0
[  486.939899][T10845]  ? tun_get_user+0x2549/0x3ce0
[  486.939944][T10845]  ? __pfx_tun_get_user+0x10/0x10
[  486.939982][T10845]  ? __lock_acquire+0xab9/0xd20
[  486.940019][T10845]  ? ref_tracker_alloc+0x318/0x460
[  486.940039][T10845]  ? __lock_acquire+0xab9/0xd20
[  486.940072][T10845]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  486.940101][T10845]  ? tun_get+0x1c/0x2f0
[  486.940154][T10845]  ? tun_get+0x1c/0x2f0
[  486.940185][T10845]  ? tun_get+0x1c/0x2f0
[  486.940221][T10845]  tun_chr_write_iter+0x113/0x200
[  486.940256][T10845]  vfs_write+0x548/0xa90
[  486.940285][T10845]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  486.940317][T10845]  ? __pfx_vfs_write+0x10/0x10
[  486.940361][T10845]  ? __fget_files+0x2a/0x420
[  486.940401][T10845]  ksys_write+0x145/0x250
[  486.940429][T10845]  ? __pfx_ksys_write+0x10/0x10
[  486.940449][T10845]  ? rcu_is_watching+0x15/0xb0
[  486.940478][T10845]  ? do_syscall_64+0xbe/0x3b0
[  486.940508][T10845]  do_syscall_64+0xfa/0x3b0
[  486.940533][T10845]  ? lockdep_hardirqs_on+0x9c/0x150
[  486.940556][T10845]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.940578][T10845]  ? clear_bhb_loop+0x60/0xb0
[  486.940606][T10845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.940628][T10845] RIP: 0033:0x7fc26d38e929
[  486.940647][T10845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  486.940668][T10845] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  486.940692][T10845] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  486.940709][T10845] RDX: 0000000000000082 RSI: 00002000000001c0 RDI: 0000000000000004
[  486.940735][T10845] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  486.940748][T10845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.940761][T10845] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  486.940795][T10845]  </TASK>
[  487.412839][T10071] usb 1-1: USB disconnect, device number 13
[  487.801773][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.826341][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.838778][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.840475][T10866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.850419][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.870232][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.881580][T10866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.892609][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.899032][T10866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  487.947385][T10076] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  488.116816][T10076] usb 3-1: Using ep0 maxpacket: 32
[  488.134288][T10076] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  488.146661][T10076] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  488.154757][T10076] usb 3-1: Product: syz
[  488.159219][T10076] usb 3-1: Manufacturer: syz
[  488.163996][T10076] usb 3-1: SerialNumber: syz
[  488.187262][T10076] usb 3-1: config 0 descriptor??
[  488.209482][T10076] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  488.551047][T10886] FAULT_INJECTION: forcing a failure.
[  488.551047][T10886] name failslab, interval 1, probability 0, space 0, times 0
[  488.584260][T10886] CPU: 0 UID: 0 PID: 10886 Comm: syz.1.1845 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  488.584293][T10886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  488.584308][T10886] Call Trace:
[  488.584320][T10886]  <TASK>
[  488.584331][T10886]  dump_stack_lvl+0x189/0x250
[  488.584361][T10886]  ? __pfx____ratelimit+0x10/0x10
[  488.584386][T10886]  ? __pfx_dump_stack_lvl+0x10/0x10
[  488.584419][T10886]  ? __pfx__printk+0x10/0x10
[  488.584453][T10886]  ? ref_tracker_alloc+0x318/0x460
[  488.584480][T10886]  should_fail_ex+0x414/0x560
[  488.584521][T10886]  should_failslab+0xa8/0x100
[  488.584548][T10886]  kmem_cache_alloc_noprof+0x73/0x3c0
[  488.584584][T10886]  ? skb_clone+0x212/0x3a0
[  488.584622][T10886]  skb_clone+0x212/0x3a0
[  488.584659][T10886]  __netlink_deliver_tap+0x404/0x850
[  488.584700][T10886]  ? netlink_deliver_tap+0x2e/0x1b0
[  488.584728][T10886]  netlink_deliver_tap+0x19c/0x1b0
[  488.584757][T10886]  netlink_unicast+0x72f/0x8d0
[  488.584793][T10886]  netlink_sendmsg+0x805/0xb30
[  488.584831][T10886]  ? __pfx_netlink_sendmsg+0x10/0x10
[  488.584862][T10886]  ? aa_sock_msg_perm+0xf1/0x1d0
[  488.584891][T10886]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  488.584921][T10886]  ? __pfx_netlink_sendmsg+0x10/0x10
[  488.584949][T10886]  __sock_sendmsg+0x219/0x270
[  488.584977][T10886]  ____sys_sendmsg+0x505/0x830
[  488.585015][T10886]  ? __pfx_____sys_sendmsg+0x10/0x10
[  488.585057][T10886]  ? import_iovec+0x74/0xa0
[  488.585084][T10886]  ___sys_sendmsg+0x21f/0x2a0
[  488.585118][T10886]  ? __pfx____sys_sendmsg+0x10/0x10
[  488.585191][T10886]  ? __fget_files+0x2a/0x420
[  488.585219][T10886]  ? __fget_files+0x3a0/0x420
[  488.585259][T10886]  __x64_sys_sendmsg+0x19b/0x260
[  488.585294][T10886]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  488.585349][T10886]  ? __pfx_ksys_write+0x10/0x10
[  488.585370][T10886]  ? rcu_is_watching+0x15/0xb0
[  488.585398][T10886]  ? do_syscall_64+0xbe/0x3b0
[  488.585442][T10886]  do_syscall_64+0xfa/0x3b0
[  488.585465][T10886]  ? lockdep_hardirqs_on+0x9c/0x150
[  488.585488][T10886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.585509][T10886]  ? clear_bhb_loop+0x60/0xb0
[  488.585536][T10886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  488.585556][T10886] RIP: 0033:0x7fc26d38e929
[  488.585575][T10886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  488.585595][T10886] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  488.585618][T10886] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  488.585634][T10886] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  488.585648][T10886] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  488.585662][T10886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  488.585675][T10886] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  488.585708][T10886]  </TASK>
[  488.952727][T10888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  489.010672][T10888] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  489.027137][T10888] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1847'.
[  489.501776][T10905] /dev/rnullb0: Can't open blockdev
[  489.701037][T10071] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  489.859296][T10071] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  489.870228][T10071] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  489.883141][T10071] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  489.892259][T10071] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.903851][T10071] usb 1-1: config 0 descriptor??
[  489.957596][T10069] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  490.086875][T10069] usb 4-1: device descriptor read/64, error -71
[  490.318627][T10071] kovaplus 0003:1E7D:2D50.0031: report_id 1654844164 is invalid
[  490.331043][T10071] kovaplus 0003:1E7D:2D50.0031: item 0 4 1 8 parsing failed
[  490.339554][T10071] kovaplus 0003:1E7D:2D50.0031: parse failed
[  490.345790][T10069] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  490.355228][T10071] kovaplus 0003:1E7D:2D50.0031: probe with driver kovaplus failed with error -22
[  490.486949][T10069] usb 4-1: device descriptor read/64, error -71
[  490.517781][T10924] overlay: ./file0 is not a directory
[  490.598034][T10069] usb usb4-port1: attempt power cycle
[  490.946802][T10069] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  490.977537][T10069] usb 4-1: device descriptor read/8, error -71
[  491.216815][T10069] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  491.238694][T10069] usb 4-1: device descriptor read/8, error -71
[  491.260783][T10929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.271064][T10929] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.349466][T10069] usb usb4-port1: unable to enumerate USB device
[  491.385899][T10935] /dev/rnullb0: Can't open blockdev
[  491.400928][T10935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  491.410656][T10935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.597093][T10076] gspca_stk1135: reg_w 0x353 err -71
[  491.603530][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  491.610014][T10076] gspca_stk1135: Sensor write failed
[  491.615439][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  491.621897][T10076] gspca_stk1135: Sensor write failed
[  491.627274][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  491.633635][T10076] gspca_stk1135: Sensor read failed
[  491.639018][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  491.645381][T10076] gspca_stk1135: Sensor read failed
[  491.651509][T10076] gspca_stk1135: Detected sensor type unknown (0x0)
[  491.658293][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  491.664639][T10076] gspca_stk1135: Sensor read failed
[  491.670360][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  491.676780][T10076] gspca_stk1135: Sensor read failed
[  491.682022][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  491.688597][T10076] gspca_stk1135: Sensor write failed
[  491.693942][T10076] gspca_stk1135: serial bus timeout: status=0x00
[  491.700437][T10076] gspca_stk1135: Sensor write failed
[  491.705824][T10076] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[  491.720183][T10076] usb 3-1: USB disconnect, device number 33
[  491.959822][T10937] FAULT_INJECTION: forcing a failure.
[  491.959822][T10937] name failslab, interval 1, probability 0, space 0, times 0
[  491.974045][T10937] CPU: 1 UID: 0 PID: 10937 Comm: syz.1.1860 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  491.974077][T10937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  491.974105][T10937] Call Trace:
[  491.974114][T10937]  <TASK>
[  491.974123][T10937]  dump_stack_lvl+0x189/0x250
[  491.974153][T10937]  ? __pfx____ratelimit+0x10/0x10
[  491.974177][T10937]  ? __pfx_dump_stack_lvl+0x10/0x10
[  491.974202][T10937]  ? __pfx__printk+0x10/0x10
[  491.974233][T10937]  ? ref_tracker_alloc+0x318/0x460
[  491.974260][T10937]  should_fail_ex+0x414/0x560
[  491.974298][T10937]  should_failslab+0xa8/0x100
[  491.974324][T10937]  kmem_cache_alloc_noprof+0x73/0x3c0
[  491.974358][T10937]  ? skb_clone+0x212/0x3a0
[  491.974395][T10937]  skb_clone+0x212/0x3a0
[  491.974430][T10937]  __netlink_deliver_tap+0x404/0x850
[  491.974469][T10937]  ? netlink_deliver_tap+0x2e/0x1b0
[  491.974497][T10937]  netlink_deliver_tap+0x19c/0x1b0
[  491.974524][T10937]  netlink_unicast+0x72f/0x8d0
[  491.974558][T10937]  netlink_sendmsg+0x805/0xb30
[  491.974594][T10937]  ? __pfx_netlink_sendmsg+0x10/0x10
[  491.974623][T10937]  ? aa_sock_msg_perm+0xf1/0x1d0
[  491.974650][T10937]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  491.974679][T10937]  ? __pfx_netlink_sendmsg+0x10/0x10
[  491.974705][T10937]  __sock_sendmsg+0x219/0x270
[  491.974730][T10937]  ____sys_sendmsg+0x505/0x830
[  491.974767][T10937]  ? __pfx_____sys_sendmsg+0x10/0x10
[  491.974795][T10937]  ? import_iovec+0x74/0xa0
[  491.974812][T10937]  ___sys_sendmsg+0x21f/0x2a0
[  491.974835][T10937]  ? __pfx____sys_sendmsg+0x10/0x10
[  491.974882][T10937]  ? __fget_files+0x2a/0x420
[  491.974909][T10937]  ? __fget_files+0x3a0/0x420
[  491.974935][T10937]  __x64_sys_sendmsg+0x19b/0x260
[  491.974958][T10937]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  491.974987][T10937]  ? __pfx_ksys_write+0x10/0x10
[  491.975001][T10937]  ? rcu_is_watching+0x15/0xb0
[  491.975020][T10937]  ? do_syscall_64+0xbe/0x3b0
[  491.975040][T10937]  do_syscall_64+0xfa/0x3b0
[  491.975056][T10937]  ? lockdep_hardirqs_on+0x9c/0x150
[  491.975072][T10937]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.975087][T10937]  ? clear_bhb_loop+0x60/0xb0
[  491.975106][T10937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.975121][T10937] RIP: 0033:0x7fc26d38e929
[  491.975134][T10937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.975149][T10937] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  491.975165][T10937] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  491.975177][T10937] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  491.975187][T10937] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  491.975196][T10937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  491.975205][T10937] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  491.975227][T10937]  </TASK>
[  492.262458][    C1] vkms_vblank_simulate: vblank timer overrun
[  492.442161][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  492.442181][   T30] audit: type=1326 audit(1750977082.414:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10943 comm="syz.1.1863" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc26d38e929 code=0x0
[  492.987712][T10959] overlayfs: failed to get inode (-116)
[  492.994373][T10959] overlayfs: failed to get inode (-116)
[  493.084408][T10961] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1869'.
[  493.107294][T10961] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1869'.
[  493.216278][T10967] /dev/rnullb0: Can't open blockdev
[  493.392340][T10073] usb 1-1: USB disconnect, device number 14
[  493.506959][T10069] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  493.666827][T10069] usb 3-1: Using ep0 maxpacket: 32
[  493.679995][T10986] binder: BINDER_SET_CONTEXT_MGR already set
[  493.686087][T10069] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  493.686258][T10986] binder: 10983:10986 ioctl 4018620d 200000000040 returned -16
[  493.704886][T10069] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  493.718249][T10069] usb 3-1: Product: syz
[  493.723948][T10069] usb 3-1: Manufacturer: syz
[  493.736786][T10069] usb 3-1: SerialNumber: syz
[  493.744456][T10069] usb 3-1: config 0 descriptor??
[  493.757260][T10069] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  493.810188][T10988] /dev/rnullb0: Can't open blockdev
[  493.874501][T10991] netlink: 'syz.0.1882': attribute type 27 has an invalid length.
[  493.887279][T10076] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  493.973570][T10991] CUSE: info not properly terminated
[  494.016778][T10076] usb 4-1: device descriptor read/64, error -71
[  494.256732][T10076] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  494.296842][T10073] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  494.356550][T10999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  494.365537][T10999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.381868][T10999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  494.392203][T10999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.400160][T10076] usb 4-1: device descriptor read/64, error -71
[  494.404037][T10999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  494.417456][T10999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.428678][T10999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  494.438097][T10999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  494.480331][T10073] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.491396][T10073] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.501239][T10073] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  494.514433][T10076] usb usb4-port1: attempt power cycle
[  494.514476][T10073] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  494.529191][T10073] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.540484][T10073] usb 1-1: config 0 descriptor??
[  494.866741][T10076] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  494.887548][T10076] usb 4-1: device descriptor read/8, error -71
[  494.971151][T10073] plantronics 0003:047F:FFFF.0032: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  495.126892][T10076] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  495.147991][T10076] usb 4-1: device descriptor read/8, error -71
[  495.194572][T11006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  495.206403][T11006] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  495.257051][T10076] usb usb4-port1: unable to enumerate USB device
[  495.952590][T11013] syzkaller1: entered promiscuous mode
[  495.958308][T11013] syzkaller1: entered allmulticast mode
[  496.166946][    C1] plantronics 0003:047F:FFFF.0032: usb_submit_urb(ctrl) failed: -1
[  496.862148][T11024] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1895'.
[  496.862472][T11025] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1895'.
[  496.864227][T11024] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1895'.
[  496.959625][T10076] usb 1-1: USB disconnect, device number 15
[  496.997413][T10069] gspca_stk1135: reg_w 0x353 err -71
[  497.011523][T10069] gspca_stk1135: serial bus timeout: status=0x00
[  497.019066][T10069] gspca_stk1135: Sensor write failed
[  497.024965][T10069] gspca_stk1135: serial bus timeout: status=0x00
[  497.024984][T10069] gspca_stk1135: Sensor write failed
[  497.025021][T10069] gspca_stk1135: serial bus timeout: status=0x00
[  497.025033][T10069] gspca_stk1135: Sensor read failed
[  497.025069][T10069] gspca_stk1135: serial bus timeout: status=0x00
[  497.025081][T10069] gspca_stk1135: Sensor read failed
[  497.025091][T10069] gspca_stk1135: Detected sensor type unknown (0x0)
[  497.025132][T10069] gspca_stk1135: serial bus timeout: status=0x00
[  497.025144][T10069] gspca_stk1135: Sensor read failed
[  497.025179][T10069] gspca_stk1135: serial bus timeout: status=0x00
[  497.025191][T10069] gspca_stk1135: Sensor read failed
[  497.025227][T10069] gspca_stk1135: serial bus timeout: status=0x00
[  497.025239][T10069] gspca_stk1135: Sensor write failed
[  497.025275][T10069] gspca_stk1135: serial bus timeout: status=0x00
[  497.025287][T10069] gspca_stk1135: Sensor write failed
[  497.025369][T10069] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71
[  497.038011][T10069] usb 3-1: USB disconnect, device number 34
[  497.586700][T10073] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  497.698954][T11044] /dev/rnullb0: Can't open blockdev
[  497.736729][T10073] usb 4-1: device descriptor read/64, error -71
[  498.026726][T10073] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  498.176699][T10073] usb 4-1: device descriptor read/64, error -71
[  498.216880][T10076] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  498.287343][T10073] usb usb4-port1: attempt power cycle
[  498.306547][T11050] FAULT_INJECTION: forcing a failure.
[  498.306547][T11050] name failslab, interval 1, probability 0, space 0, times 0
[  498.337421][T11050] CPU: 1 UID: 0 PID: 11050 Comm: syz.1.1903 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  498.337452][T11050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  498.337466][T11050] Call Trace:
[  498.337474][T11050]  <TASK>
[  498.337484][T11050]  dump_stack_lvl+0x189/0x250
[  498.337513][T11050]  ? __pfx____ratelimit+0x10/0x10
[  498.337538][T11050]  ? __pfx_dump_stack_lvl+0x10/0x10
[  498.337561][T11050]  ? __pfx__printk+0x10/0x10
[  498.337592][T11050]  ? __pfx___might_resched+0x10/0x10
[  498.337618][T11050]  should_fail_ex+0x414/0x560
[  498.337656][T11050]  ? io_alloc_cache_init+0x3d/0x140
[  498.337676][T11050]  should_failslab+0xa8/0x100
[  498.337701][T11050]  __kvmalloc_node_noprof+0x161/0x5f0
[  498.337733][T11050]  ? io_alloc_cache_init+0x3d/0x140
[  498.337754][T11050]  ? __raw_spin_lock_init+0x45/0x100
[  498.337784][T11050]  io_alloc_cache_init+0x3d/0x140
[  498.337809][T11050]  io_ring_ctx_alloc+0x3f5/0xae0
[  498.337840][T11050]  io_uring_create+0x130/0xb60
[  498.337871][T11050]  __se_sys_io_uring_setup+0x264/0x270
[  498.337900][T11050]  ? __pfx___se_sys_io_uring_setup+0x10/0x10
[  498.337939][T11050]  ? rcu_is_watching+0x15/0xb0
[  498.337966][T11050]  ? do_syscall_64+0xbe/0x3b0
[  498.337995][T11050]  do_syscall_64+0xfa/0x3b0
[  498.338018][T11050]  ? lockdep_hardirqs_on+0x9c/0x150
[  498.338041][T11050]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.338062][T11050]  ? clear_bhb_loop+0x60/0xb0
[  498.338089][T11050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.338109][T11050] RIP: 0033:0x7fc26d38e929
[  498.338128][T11050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  498.338148][T11050] RSP: 002b:00007fc26b1d4fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[  498.338171][T11050] RAX: ffffffffffffffda RBX: 00007fc26d5b6080 RCX: 00007fc26d38e929
[  498.338188][T11050] RDX: 0000200000ffe000 RSI: 0000200000000040 RDI: 00000000000018d7
[  498.338202][T11050] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000200000ffe000
[  498.338216][T11050] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[  498.338229][T11050] R13: 0000200000ffe000 R14: 00000000000018d7 R15: 0000200000ffe000
[  498.338261][T11050]  </TASK>
[  498.581880][T10076] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  498.591660][T10076] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  498.601453][T10076] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  498.665397][T10076] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  498.674928][T10076] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  498.691510][T10076] usb 3-1: Product: syz
[  498.695721][T10076] usb 3-1: Manufacturer: syz
[  498.714717][T10076] usb 3-1: SerialNumber: syz
[  498.745262][T10076] hub 3-1:1.0: bad descriptor, ignoring hub
[  498.754165][T10076] hub 3-1:1.0: probe with driver hub failed with error -5
[  498.846925][T10073] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  498.867629][T10073] usb 4-1: device descriptor read/8, error -71
[  498.957859][T10076] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 35 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  499.116950][T10073] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  499.147530][T10073] usb 4-1: device descriptor read/8, error -71
[  499.193031][T11065] FAULT_INJECTION: forcing a failure.
[  499.193031][T11065] name failslab, interval 1, probability 0, space 0, times 0
[  499.207173][T11065] CPU: 0 UID: 0 PID: 11065 Comm: syz.1.1909 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  499.207203][T11065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  499.207216][T11065] Call Trace:
[  499.207225][T11065]  <TASK>
[  499.207234][T11065]  dump_stack_lvl+0x189/0x250
[  499.207263][T11065]  ? __pfx____ratelimit+0x10/0x10
[  499.207286][T11065]  ? __pfx_dump_stack_lvl+0x10/0x10
[  499.207311][T11065]  ? __pfx__printk+0x10/0x10
[  499.207342][T11065]  ? __pfx___might_resched+0x10/0x10
[  499.207362][T11065]  ? fs_reclaim_acquire+0x7d/0x100
[  499.207393][T11065]  should_fail_ex+0x414/0x560
[  499.207432][T11065]  should_failslab+0xa8/0x100
[  499.207458][T11065]  __kmalloc_noprof+0xcb/0x4f0
[  499.207478][T11065]  ? iter_file_splice_write+0x1cb/0x1000
[  499.207510][T11065]  iter_file_splice_write+0x1cb/0x1000
[  499.207564][T11065]  ? __pfx_iter_file_splice_write+0x10/0x10
[  499.207608][T11065]  ? rcu_read_lock_any_held+0xb3/0x120
[  499.207632][T11065]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  499.207656][T11065]  ? ovl_real_file_path+0x145/0x310
[  499.207688][T11065]  backing_file_splice_write+0x3be/0x5e0
[  499.207730][T11065]  ovl_splice_write+0x3b7/0x4e0
[  499.207750][T11065]  ? __lock_acquire+0xab9/0xd20
[  499.207788][T11065]  ? __pfx_ovl_splice_write+0x10/0x10
[  499.207810][T11065]  ? __pfx_ovl_file_end_write+0x10/0x10
[  499.207834][T11065]  ? rcu_read_lock_any_held+0xb3/0x120
[  499.207872][T11065]  ? __pfx_ovl_splice_write+0x10/0x10
[  499.207895][T11065]  direct_splice_actor+0xfe/0x160
[  499.207925][T11065]  splice_direct_to_actor+0x5a8/0xcc0
[  499.207973][T11065]  ? __pfx_direct_splice_actor+0x10/0x10
[  499.207999][T11065]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  499.208038][T11065]  do_splice_direct+0x181/0x270
[  499.208066][T11065]  ? __pfx_do_splice_direct+0x10/0x10
[  499.208093][T11065]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  499.208128][T11065]  ? rw_verify_area+0x258/0x650
[  499.208155][T11065]  do_sendfile+0x4da/0x7e0
[  499.208194][T11065]  ? __pfx_do_sendfile+0x10/0x10
[  499.208239][T11065]  __se_sys_sendfile64+0xd9/0x190
[  499.208270][T11065]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  499.208296][T11065]  ? rcu_is_watching+0x15/0xb0
[  499.208323][T11065]  ? do_syscall_64+0xbe/0x3b0
[  499.208351][T11065]  do_syscall_64+0xfa/0x3b0
[  499.208372][T11065]  ? lockdep_hardirqs_on+0x9c/0x150
[  499.208394][T11065]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.208415][T11065]  ? clear_bhb_loop+0x60/0xb0
[  499.208442][T11065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.208462][T11065] RIP: 0033:0x7fc26d38e929
[  499.208481][T11065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  499.208500][T11065] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  499.208523][T11065] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  499.208540][T11065] RDX: 0000200000000080 RSI: 0000000000000003 RDI: 0000000000000003
[  499.208554][T11065] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000
[  499.208568][T11065] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000002
[  499.208581][T11065] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  499.208621][T11065]  </TASK>
[  499.532633][    C0] vkms_vblank_simulate: vblank timer overrun
[  499.540153][T10073] usb usb4-port1: unable to enumerate USB device
[  499.546899][T10076] usb 3-1: USB disconnect, device number 35
[  499.556484][T10076] usblp0: removed
[  499.624560][T11067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  499.633736][T11067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  499.656132][T11067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  499.667089][T11067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  499.679958][T11069] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1911'.
[  499.846274][T11067] /dev/rnullb0: Can't open blockdev
[  500.246737][T10076] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  500.396713][T10076] usb 1-1: Using ep0 maxpacket: 32
[  500.419940][T10076] usb 1-1: unable to get BOS descriptor or descriptor too short
[  500.433970][T10076] usb 1-1: config 128 has an invalid interface number: 127 but max is 3
[  500.442826][T10076] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  500.458504][T10076] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4
[  500.469487][T10076] usb 1-1: config 128 has no interface number 0
[  500.475795][T10076] usb 1-1: config 128 interface 127 altsetting 14 has an invalid descriptor for endpoint zero, skipping
[  500.491185][T10076] usb 1-1: config 128 interface 127 has no altsetting 0
[  500.513416][T10076] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  500.535932][T10076] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.559348][T10076] usb 1-1: Product: syz
[  500.563550][T10076] usb 1-1: Manufacturer: Ї
[  500.572498][T10076] usb 1-1: SerialNumber: syz
[  500.605990][T11084] netdevsim netdevsim1: Direct firmware load for ..� failed with error -2
[  500.620328][T11084] netdevsim netdevsim1: Falling back to sysfs fallback for: ..�
[  501.422340][T11086] syz.1.1916 (11086) used greatest stack depth: 16184 bytes left
[  501.552381][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  501.566715][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  504.303944][T10076] usb 1-1: USB disconnect, device number 16
[  504.519596][T10710] udevd[10710]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  508.515332][T11162] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  509.947263][T10072] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  510.253899][T10072] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.383513][T10072] usb 4-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00
[  510.403949][T10072] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  510.476346][T10072] usb 4-1: config 0 descriptor??
[  510.929010][T10072] input: HID 28bd:0933 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28BD:0933.0033/input/input42
[  511.023263][T10072] uclogic 0003:28BD:0933.0033: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0933] on usb-dummy_hcd.3-1/input0
[  511.133145][T10072] usb 4-1: USB disconnect, device number 26
[  511.167727][T11206] fido_id[11206]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  511.697459][T11210] sctp: [Deprecated]: syz.1.1954 (pid 11210) Use of int in max_burst socket option deprecated.
[  511.697459][T11210] Use struct sctp_assoc_value instead
[  512.215525][T11216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  512.224607][T11216] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.135980][T10072] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  514.368643][T10072] usb 4-1: Using ep0 maxpacket: 32
[  514.761234][T10072] usb 4-1: unable to get BOS descriptor or descriptor too short
[  514.774955][T10072] usb 4-1: unable to read config index 0 descriptor/start: -71
[  514.938853][T10072] usb 4-1: can't read configurations, error -71
[  515.763013][T11252] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  515.821297][T11252] syzkaller0: entered promiscuous mode
[  515.840126][T11252] syzkaller0: entered allmulticast mode
[  516.097304][ T5874] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  516.275035][ T5874] usb 1-1: Using ep0 maxpacket: 32
[  516.291349][ T5874] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  516.318246][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.348157][ T5874] usb 1-1: Product: syz
[  516.358889][ T5874] usb 1-1: Manufacturer: syz
[  516.363500][ T5874] usb 1-1: SerialNumber: syz
[  516.411918][ T5874] usb 1-1: config 0 descriptor??
[  516.427673][ T5874] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  516.676962][T10072] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  516.852142][T10072] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  516.863280][T10072] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  517.075256][T10072] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  517.085532][T10072] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  517.099701][T10072] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  517.109524][T10072] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  517.118273][T10072] usb 4-1: Manufacturer: syz
[  517.125887][T10072] usb 4-1: config 0 descriptor??
[  517.345300][T11267] ==================================================================
[  517.353422][T11267] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160
[  517.361436][T11267] Read of size 8 at addr ffff88802740e030 by task syz.1.1973/11267
[  517.369352][T11267] 
[  517.371696][T11267] CPU: 1 UID: 0 PID: 11267 Comm: syz.1.1973 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  517.371725][T11267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  517.371740][T11267] Call Trace:
[  517.371750][T11267]  <TASK>
[  517.371759][T11267]  dump_stack_lvl+0x189/0x250
[  517.371787][T11267]  ? __virt_addr_valid+0x1c8/0x5c0
[  517.371814][T11267]  ? rcu_is_watching+0x15/0xb0
[  517.371834][T11267]  ? __kasan_check_byte+0x12/0x40
[  517.371858][T11267]  ? __pfx_dump_stack_lvl+0x10/0x10
[  517.371881][T11267]  ? rcu_is_watching+0x15/0xb0
[  517.371902][T11267]  ? lock_release+0x4b/0x3e0
[  517.371935][T11267]  ? __virt_addr_valid+0x1c8/0x5c0
[  517.371961][T11267]  ? __virt_addr_valid+0x4a5/0x5c0
[  517.371987][T11267]  print_report+0xd2/0x2b0
[  517.372016][T11267]  ? pause_parse_request+0x40/0x160
[  517.372038][T11267]  kasan_report+0x118/0x150
[  517.372062][T11267]  ? pause_parse_request+0x40/0x160
[  517.372088][T11267]  ? __pfx_pause_parse_request+0x10/0x10
[  517.372111][T11267]  pause_parse_request+0x40/0x160
[  517.372135][T11267]  ? __pfx_pause_parse_request+0x10/0x10
[  517.372159][T11267]  ethnl_default_set_doit+0x2be/0xa40
[  517.372188][T11267]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  517.372233][T11267]  genl_family_rcv_msg_doit+0x212/0x300
[  517.372270][T11267]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  517.372310][T11267]  ? bpf_lsm_capable+0x9/0x20
[  517.372332][T11267]  ? security_capable+0x7e/0x2e0
[  517.372360][T11267]  genl_rcv_msg+0x60e/0x790
[  517.372394][T11267]  ? __pfx_genl_rcv_msg+0x10/0x10
[  517.372425][T11267]  ? ref_tracker_free+0x63a/0x7d0
[  517.372447][T11267]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  517.372476][T11267]  ? __pfx_ref_tracker_free+0x10/0x10
[  517.372505][T11267]  netlink_rcv_skb+0x205/0x470
[  517.372530][T11267]  ? __pfx_genl_rcv_msg+0x10/0x10
[  517.372562][T11267]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  517.372596][T11267]  ? down_read+0x1ad/0x2e0
[  517.372624][T11267]  genl_rcv+0x28/0x40
[  517.372654][T11267]  netlink_unicast+0x758/0x8d0
[  517.372682][T11267]  netlink_sendmsg+0x805/0xb30
[  517.372712][T11267]  ? __pfx_netlink_sendmsg+0x10/0x10
[  517.372740][T11267]  ? aa_sock_msg_perm+0xf1/0x1d0
[  517.372765][T11267]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  517.372795][T11267]  ? __pfx_netlink_sendmsg+0x10/0x10
[  517.372821][T11267]  __sock_sendmsg+0x219/0x270
[  517.372845][T11267]  ____sys_sendmsg+0x505/0x830
[  517.372896][T11267]  ? __pfx_____sys_sendmsg+0x10/0x10
[  517.372939][T11267]  ? import_iovec+0x74/0xa0
[  517.372962][T11267]  ___sys_sendmsg+0x21f/0x2a0
[  517.372995][T11267]  ? __pfx____sys_sendmsg+0x10/0x10
[  517.373045][T11267]  ? __fget_files+0x2a/0x420
[  517.373073][T11267]  ? __fget_files+0x3a0/0x420
[  517.373107][T11267]  __x64_sys_sendmsg+0x19b/0x260
[  517.373140][T11267]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  517.373177][T11267]  ? rcu_is_watching+0x15/0xb0
[  517.373201][T11267]  ? do_syscall_64+0xbe/0x3b0
[  517.373236][T11267]  do_syscall_64+0xfa/0x3b0
[  517.373260][T11267]  ? lockdep_hardirqs_on+0x9c/0x150
[  517.373284][T11267]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.373306][T11267]  ? clear_bhb_loop+0x60/0xb0
[  517.373332][T11267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.373354][T11267] RIP: 0033:0x7fc26d38e929
[  517.373375][T11267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  517.373396][T11267] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  517.373420][T11267] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  517.373439][T11267] RDX: 0000000000000040 RSI: 0000200000000000 RDI: 0000000000000003
[  517.373454][T11267] RBP: 00007fc26d410b39 R08: 0000000000000000 R09: 0000000000000000
[  517.373469][T11267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  517.373484][T11267] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  517.373509][T11267]  </TASK>
[  517.373518][T11267] 
[  517.755734][T11267] Allocated by task 11267:
[  517.760178][T11267]  kasan_save_track+0x3e/0x80
[  517.764893][T11267]  __kasan_kmalloc+0x93/0xb0
[  517.769503][T11267]  __kmalloc_noprof+0x27a/0x4f0
[  517.774371][T11267]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  517.780482][T11267]  genl_family_rcv_msg_doit+0xb8/0x300
[  517.785968][T11267]  genl_rcv_msg+0x60e/0x790
[  517.790501][T11267]  netlink_rcv_skb+0x205/0x470
[  517.795285][T11267]  genl_rcv+0x28/0x40
[  517.799289][T11267]  netlink_unicast+0x758/0x8d0
[  517.804087][T11267]  netlink_sendmsg+0x805/0xb30
[  517.808868][T11267]  __sock_sendmsg+0x219/0x270
[  517.813564][T11267]  ____sys_sendmsg+0x505/0x830
[  517.818345][T11267]  ___sys_sendmsg+0x21f/0x2a0
[  517.823056][T11267]  __x64_sys_sendmsg+0x19b/0x260
[  517.828022][T11267]  do_syscall_64+0xfa/0x3b0
[  517.832547][T11267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.838459][T11267] 
[  517.840795][T11267] The buggy address belongs to the object at ffff88802740e000
[  517.840795][T11267]  which belongs to the cache kmalloc-64 of size 64
[  517.854687][T11267] The buggy address is located 8 bytes to the right of
[  517.854687][T11267]  allocated 40-byte region [ffff88802740e000, ffff88802740e028)
[  517.869121][T11267] 
[  517.871471][T11267] The buggy address belongs to the physical page:
[  517.878526][T11267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2740e
[  517.887312][T11267] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  517.894871][T11267] page_type: f5(slab)
[  517.898884][T11267] raw: 00fff00000000000 ffff88801a8418c0 0000000000000000 dead000000000001
[  517.907493][T11267] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[  517.916077][T11267] page dumped because: kasan: bad access detected
[  517.922535][T11267] page_owner tracks the page as allocated
[  517.928265][T11267] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1136, tgid 1136 (kworker/u8:5), ts 14671875122, free_ts 10749944756
[  517.947566][T11267]  post_alloc_hook+0x240/0x2a0
[  517.952352][T11267]  get_page_from_freelist+0x21e4/0x22c0
[  517.957922][T11267]  __alloc_frozen_pages_noprof+0x181/0x370
[  517.963756][T11267]  alloc_pages_mpol+0x232/0x4a0
[  517.968629][T11267]  allocate_slab+0x8a/0x370
[  517.973142][T11267]  ___slab_alloc+0xbeb/0x1410
[  517.977828][T11267]  __kmalloc_noprof+0x305/0x4f0
[  517.982684][T11267]  security_task_alloc+0x4d/0x360
[  517.987735][T11267]  copy_process+0x1530/0x3c00
[  517.992439][T11267]  kernel_clone+0x21e/0x870
[  517.996952][T11267]  user_mode_thread+0xdd/0x140
[  518.001727][T11267]  call_usermodehelper_exec_work+0x5c/0x230
[  518.007673][T11267]  process_scheduled_works+0xade/0x17b0
[  518.013254][T11267]  worker_thread+0x8a0/0xda0
[  518.017859][T11267]  kthread+0x711/0x8a0
[  518.021940][T11267]  ret_from_fork+0x3fc/0x770
[  518.026557][T11267] page last free pid 979 tgid 979 stack trace:
[  518.032721][T11267]  __free_frozen_pages+0xb80/0xd80
[  518.037850][T11267]  vfree+0x25a/0x400
[  518.041746][T11267]  delayed_vfree_work+0x55/0x80
[  518.046605][T11267]  process_scheduled_works+0xade/0x17b0
[  518.052177][T11267]  worker_thread+0x8a0/0xda0
[  518.056774][T11267]  kthread+0x711/0x8a0
[  518.060856][T11267]  ret_from_fork+0x3fc/0x770
[  518.065487][T11267]  ret_from_fork_asm+0x1a/0x30
[  518.070287][T11267] 
[  518.072625][T11267] Memory state around the buggy address:
[  518.078272][T11267]  ffff88802740df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  518.086349][T11267]  ffff88802740df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  518.094417][T11267] >ffff88802740e000: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
[  518.102586][T11267]                                      ^
[  518.108237][T11267]  ffff88802740e080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  518.116313][T11267]  ffff88802740e100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  518.124374][T11267] ==================================================================
[  518.140805][T11267] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  518.148130][T11267] CPU: 1 UID: 0 PID: 11267 Comm: syz.1.1973 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) 
[  518.159682][T11267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  518.169764][T11267] Call Trace:
[  518.173051][T11267]  <TASK>
[  518.176009][T11267]  dump_stack_lvl+0x99/0x250
[  518.180617][T11267]  ? __asan_memcpy+0x40/0x70
[  518.185220][T11267]  ? __pfx_dump_stack_lvl+0x10/0x10
[  518.190430][T11267]  ? __pfx__printk+0x10/0x10
[  518.195039][T11267]  panic+0x2db/0x790
[  518.198953][T11267]  ? __pfx_panic+0x10/0x10
[  518.203471][T11267]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  518.209375][T11267]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  518.215717][T11267]  ? print_memory_metadata+0x314/0x400
[  518.221196][T11267]  ? pause_parse_request+0x40/0x160
[  518.226416][T11267]  check_panic_on_warn+0x89/0xb0
[  518.231375][T11267]  ? pause_parse_request+0x40/0x160
[  518.236590][T11267]  end_report+0x78/0x160
[  518.240857][T11267]  kasan_report+0x129/0x150
[  518.245375][T11267]  ? pause_parse_request+0x40/0x160
[  518.250589][T11267]  ? __pfx_pause_parse_request+0x10/0x10
[  518.256319][T11267]  pause_parse_request+0x40/0x160
[  518.261360][T11267]  ? __pfx_pause_parse_request+0x10/0x10
[  518.267008][T11267]  ethnl_default_set_doit+0x2be/0xa40
[  518.272393][T11267]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  518.278831][T11267]  genl_family_rcv_msg_doit+0x212/0x300
[  518.284402][T11267]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  518.290489][T11267]  ? bpf_lsm_capable+0x9/0x20
[  518.295192][T11267]  ? security_capable+0x7e/0x2e0
[  518.300143][T11267]  genl_rcv_msg+0x60e/0x790
[  518.304667][T11267]  ? __pfx_genl_rcv_msg+0x10/0x10
[  518.309701][T11267]  ? ref_tracker_free+0x63a/0x7d0
[  518.314731][T11267]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  518.320639][T11267]  ? __pfx_ref_tracker_free+0x10/0x10
[  518.326027][T11267]  netlink_rcv_skb+0x205/0x470
[  518.330810][T11267]  ? __pfx_genl_rcv_msg+0x10/0x10
[  518.335855][T11267]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  518.341160][T11267]  ? down_read+0x1ad/0x2e0
[  518.345590][T11267]  genl_rcv+0x28/0x40
[  518.349586][T11267]  netlink_unicast+0x758/0x8d0
[  518.354366][T11267]  netlink_sendmsg+0x805/0xb30
[  518.359147][T11267]  ? __pfx_netlink_sendmsg+0x10/0x10
[  518.364449][T11267]  ? aa_sock_msg_perm+0xf1/0x1d0
[  518.369401][T11267]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  518.374698][T11267]  ? __pfx_netlink_sendmsg+0x10/0x10
[  518.380005][T11267]  __sock_sendmsg+0x219/0x270
[  518.384699][T11267]  ____sys_sendmsg+0x505/0x830
[  518.389478][T11267]  ? __pfx_____sys_sendmsg+0x10/0x10
[  518.394775][T11267]  ? import_iovec+0x74/0xa0
[  518.399287][T11267]  ___sys_sendmsg+0x21f/0x2a0
[  518.404005][T11267]  ? __pfx____sys_sendmsg+0x10/0x10
[  518.409235][T11267]  ? __fget_files+0x2a/0x420
[  518.413843][T11267]  ? __fget_files+0x3a0/0x420
[  518.418550][T11267]  __x64_sys_sendmsg+0x19b/0x260
[  518.423506][T11267]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  518.428990][T11267]  ? rcu_is_watching+0x15/0xb0
[  518.433770][T11267]  ? do_syscall_64+0xbe/0x3b0
[  518.438466][T11267]  do_syscall_64+0xfa/0x3b0
[  518.442984][T11267]  ? lockdep_hardirqs_on+0x9c/0x150
[  518.448198][T11267]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.454285][T11267]  ? clear_bhb_loop+0x60/0xb0
[  518.458979][T11267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.464883][T11267] RIP: 0033:0x7fc26d38e929
[  518.469305][T11267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  518.489012][T11267] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  518.497433][T11267] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929
[  518.505441][T11267] RDX: 0000000000000040 RSI: 0000200000000000 RDI: 0000000000000003
[  518.513423][T11267] RBP: 00007fc26d410b39 R08: 0000000000000000 R09: 0000000000000000
[  518.521407][T11267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  518.529384][T11267] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378
[  518.537366][T11267]  </TASK>
[  518.540752][T11267] Kernel Offset: disabled
[  518.545094][T11267] Rebooting in 86400 seconds..