last executing test programs:

9.091919838s ago: executing program 3 (id=914):
creat(&(0x7f0000000080)='./file0\x00', 0x2)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x20000, 0x0)
read$FUSE(r1, &(0x7f0000002380)={0x2020}, 0x2020)
mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x200, 0x190)

7.208470449s ago: executing program 3 (id=919):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
statx(r0, &(0x7f0000000040)='./file0\x00', 0x6000, 0x400, &(0x7f0000000080))
openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)

6.919698217s ago: executing program 3 (id=922):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDSIGACCEPT(r2, 0x400455c8, 0x9)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd) (fail_nth: 19)

4.436874096s ago: executing program 2 (id=931):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='nilfs2\x00', 0x400, 0x0)

4.243609016s ago: executing program 2 (id=933):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x0, 0x0)
sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x1c, 0x0, 0x8, 0x70bd2b, 0x25dfdbfe}, 0x1c}, 0x1, 0x0, 0x0, 0x24000005}, 0x4004)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x8004}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x7ffffffb}, 0x8)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @local}, 0x10)
close(r0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2481000}, 0xc, &(0x7f0000000480)={&(0x7f0000000880)={0x54, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x8}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x6b05}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x3}, @CTA_EXPECT_HELP_NAME={0xe, 0x6, 'sip-20000\x00'}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'syz1\x00'}, @CTA_EXPECT_HELP_NAME={0xb, 0x6, 'amanda\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x40010}, 0x20008800)
r1 = socket(0x10, 0x803, 0x0)
sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r3, 0x80045301, 0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
sendto$inet(r2, &(0x7f0000000240)="183e", 0x2, 0x4800, &(0x7f0000000280)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

4.109832689s ago: executing program 3 (id=934):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x4, 0x184862)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x7]}})
pwritev2(r0, &(0x7f0000001600), 0x0, 0x739, 0xe2, 0x1f)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
bind$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c)
r2 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCGCHAN(r2, 0x80047437, 0x0)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r3, &(0x7f00000002c0)='./file1\x00', 0x40, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r4, &(0x7f0000000080)='\x00'/10, 0xfcf5, 0x0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r5 = openat$comedi(0xffffff9c, &(0x7f0000000780)='/dev/comedi0\x00', 0x101001, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000080)={'dac02\x00', [0x42d, 0x80008000, 0x9, 0x2, 0x6, 0x0, 0xffffff7e, 0xf, 0xffe, 0x0, 0x7, 0x4, 0x1006, 0x1000, 0xffff, 0x791, 0xffffffa7, 0x40000009, 0x832, 0x4, 0x5, 0x10000, 0x800, 0xe2df, 0x1, 0xfffffffd, 0x1, 0x3, 0x7, 0x5, 0x8005]})
recvmsg(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x20)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000040)={0x2, 0xb, 0x1, 'queue0\x00', 0x7fed})

3.915404027s ago: executing program 3 (id=935):
r0 = syz_open_dev$evdev(&(0x7f0000002ac0), 0x0, 0x0)
read$hidraw(r0, 0x0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'netpci0\x00', 0x400})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
dup2(r2, r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
syz_usb_connect$uac1(0x69a90eab3db9c902, 0x91, &(0x7f0000000800)=ANY=[@ANYBLOB="12010002000000406b1d010140000102030109027f00030104a0060904000000010100000a2401f7ff0702010209240303000303030b0524050601090401000001020000090401010101020000090501090004ffc80307250102040500090402000001020000090402010101"], &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0})
r5 = accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14, 0x80000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x18, 0x209, 0x100, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x24008004}, 0x8054)
setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000080)=@req3={0xe17, 0x2, 0x7, 0x2, 0xdd0, 0x25, 0x9}, 0x1c)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000240)={0x0, 0x0, 0x8, 0x4, 0x3, 0x3f00})
syz_open_dev$evdev(&(0x7f0000002ac0), 0x0, 0x0) (async)
read$hidraw(r0, 0x0, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) (async)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101}) (async)
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'netpci0\x00', 0x400}) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) (async)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) (async)
dup2(r2, r3) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r1, 0x45809000) (async)
syz_open_dev$tty1(0xc, 0x4, 0x2) (async)
syz_usb_connect$uac1(0x69a90eab3db9c902, 0x91, &(0x7f0000000800)=ANY=[@ANYBLOB="12010002000000406b1d010140000102030109027f00030104a0060904000000010100000a2401f7ff0702010209240303000303030b0524050601090401000001020000090401010101020000090501090004ffc80307250102040500090402000001020000090402010101"], &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0}) (async)
accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0x14, 0x80000) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
sendmsg$nl_generic(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x18, 0x209, 0x100, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x24008004}, 0x8054) (async)
setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000080)=@req3={0xe17, 0x2, 0x7, 0x2, 0xdd0, 0x25, 0x9}, 0x1c) (async)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000240)={0x0, 0x0, 0x8, 0x4, 0x3, 0x3f00}) (async)

3.315741796s ago: executing program 2 (id=936):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x501142, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f0000000040)={'HL\x00'}, &(0x7f0000000080)=0x1e)
sendfile(r1, r0, 0x0, 0x7ffff002)

3.215182155s ago: executing program 0 (id=938):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
nanosleep(&(0x7f0000000080)={0x77359400}, &(0x7f00000000c0))
ioctl$SNDCTL_MIDI_INFO(r0, 0xc074510c, &(0x7f0000000400)={"c8970ab2fe0feaed25a51b35e4c93ba10b8b84f63cc1f4c1155af20eaf02", 0xffffffff})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='gfs2\x00', 0x200000, 0x0)

3.19009459s ago: executing program 2 (id=939):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000fc0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="1a46339a22bd8c9a91334d31ca21b471252882101882f98cf04a3e59cba597b61aa2ab6320a39920bd4c", 0x2a}], 0x1, 0x0, 0x0, 0x10004814}}], 0x1, 0x480d0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r5=>0x0}, &(0x7f0000cab000)=0xc)
setresgid(0x0, 0x0, r5)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x1081090, &(0x7f0000002280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r5}})
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0)
read$FUSE(r3, &(0x7f0000006380)={0x2020, 0x0, <r6=>0x0, <r7=>0x0, <r8=>0x0}, 0x2020)
syz_fuse_handle_req(r3, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c272074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca36507002b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x130, 0x0, 0x403, {0x1, 0x5, 0x0, '\x00', {0x1, 0xad4, 0x8, 0x8, r7, r8, 0x4000, '\x00', 0xd2bc, 0x8, 0x100000000, 0x6, {0x6, 0x6}, {0x20000000000004}, {0x100000000, 0x9}, {0x8, 0xa04}, 0x4, 0x80000b, 0x5, 0x3}}}})
write$FUSE_INIT(r3, &(0x7f0000001200)={0x50, 0x0, r6}, 0x50)
recvmsg$kcm(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x60)
accept$ax25(r2, 0x0, &(0x7f0000000080))
write(r0, &(0x7f0000000000)="fb196dec69a10b22", 0x8)

3.007733768s ago: executing program 2 (id=940):
r0 = syz_io_uring_setup(0x18d7, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x25b}, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a0001006d6174636800000040000280080002400000000028000300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316330b00010068656c70657200000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a9cc62365ae109e048b2df44dbddd807240739ae3fd362b42b8c7041fffa5b78d83f9e0f22dac25b631a19d95fd9860b0c435d0891d3bdb57934d3d89a5818ceec9a813e95d9bfeec252ca4667f9afa00935b26c1db", @ANYRES8=r1, @ANYRES32=r1, @ANYBLOB="04a482d8c42717df60089215c1b19393806ec1072679866b75985a58eb59ee2f95fbfd4ba294d68a52bdc8dbaca393bbd4555f01b50b05dac9d78ad5fe74bec977b5bcc6d50edd2b3604803d1a0c1aaea4b7c81fec927d474181d6981d82736b930cdc6a37f3bb6ac81cc1d7713e8090ef969b30310cbc8675a73d76930e5b3ca09f60eccac14d", @ANYRES8=r0], 0xa8}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
close(0x4)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/comedi4\x00', 0x8000, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r3, 0x45809000)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private1={0xfc, 0x1, '\x00', 0x2}, 0x3, 0x2, 0x0, 0x6, 0xfffe}, 0x20)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r4, 0x8b32, &(0x7f0000000040))
ioctl$COMEDI_CHANINFO(r2, 0x80306403, &(0x7f0000000280)={0xffd, 0x0, 0x0, 0x0})
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000adc26b15af0db6c220000000080a01030000000000000000020000080c0003400000000000000003140000001100010000000000000000000700000a"], 0x48}, 0x1, 0x0, 0x0, 0x4004001}, 0x4048004)

2.808933903s ago: executing program 0 (id=941):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000700)={0x44, r2, 0x1, 0x0, 0x0, {0x2c}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x6}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}]}, 0x44}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1c, 0x0, 0x2, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}, [@CTA_EXPECT_TUPLE={0x4}, @CTA_EXPECT_MASK={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c004}, 0x40)
read(r3, &(0x7f0000000000)=""/31, 0x1f)

2.665199989s ago: executing program 2 (id=942):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDSIGACCEPT(r2, 0x400455c8, 0x9)
syz_usb_connect(0x0, 0x3f, 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd) (fail_nth: 20)

2.085672307s ago: executing program 1 (id=945):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000340)={0x73622a85, 0xb, 0x20000}) (async, rerun: 64)
r1 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xc002) (rerun: 64)
r2 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\x01\x04\x00\x00\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0) (async)
ioctl$LOOP_CLR_FD(r1, 0x4c01)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) (async, rerun: 32)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) (async, rerun: 32)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) (async)
sendto$inet(r3, 0x0, 0x0, 0x240007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000002c0)='bic\x00', 0x4) (async)
sendmmsg$inet(r3, &(0x7f0000004bc0)=[{{0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000014c0)='#', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000001bc0)="5c89eeb1aa86c6f680f09cc1c1d4bc5fc6a067d295afd3aa97af3d777b81db48f9ceb270e506af840503c6fbf20760e4cd8df9c220cd0728585229123d5c61507d00561b8f1a15e64fa2779be424fdeff46058eaee7acfc80b2ae9840e9ac1e33ac8378c98695a08bdb8f2a756b1704c036e3b0ff2d1e9d397a82e24debd371e6855b7dc2dea47d57a9dfbf4fb2ccb3f975c3851c6b5399ab80c4ba95604f70a69674cfe820d82fb06b243625a8a9e4ee52e7c2ec4d63241fb00efd1a485a36dfb4a7dd573", 0xc5}], 0x1}}], 0x2, 0x0) (async)
sendto$inet(r3, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) (async)
dup3(r3, r2, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)

1.907811642s ago: executing program 1 (id=946):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x103000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
ftruncate(r3, 0xde34)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x13, r3, 0x0)
close(r1)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae01, 0x1)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f00004b2000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000080)={0x0, 0x7, 0x3000, 0x2000, &(0x7f000060b000/0x2000)=nil, 0x8000})

1.855863929s ago: executing program 0 (id=947):
timer_create(0x4, 0x0, &(0x7f0000000080)=<r0=>0x0)
syz_open_dev$sg(&(0x7f0000000000), 0xff, 0x4c4000) (async)
timer_gettime(r0, &(0x7f0000000140))
creat(&(0x7f0000001380)='./file0\x00', 0x4) (async, rerun: 64)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000001480)='qnx4\x00', 0x0, 0x0) (rerun: 64)

1.800037366s ago: executing program 1 (id=948):
r0 = fsopen(&(0x7f0000000280)='rpc_pipefs\x00', 0x0)
r1 = fsmount(r0, 0x1, 0x85)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$KDSIGACCEPT(r3, 0x4b4e, 0x28)
write$uinput_user_dev(r1, &(0x7f0000000840)={'syz1\x00', {0x3ff, 0x100, 0x1, 0x3570}, 0x49, [0xfffffff8, 0x8, 0x1ff, 0x3, 0x41257c8e, 0x9, 0x2, 0xfffffffa, 0x6, 0xb, 0x1, 0x9, 0x1ff, 0xae2, 0x6, 0x10001, 0x5, 0x3, 0x3, 0x7, 0xfee6, 0x5, 0x8b28, 0x7fff, 0x6, 0x4, 0x0, 0x4, 0x8, 0x3, 0xa, 0x5c73, 0x7ff, 0x0, 0x3ebd, 0x9, 0x7, 0xc75, 0x8001, 0x3, 0x5d0e, 0x8, 0x8, 0xfffffff8, 0xff, 0x4000, 0x7, 0x7, 0x2, 0x10000, 0xae6, 0x47, 0x9, 0x5, 0x7, 0x7, 0x1, 0x6f1, 0x2, 0xf86, 0xe, 0x5, 0x7fff], [0x1, 0x5a, 0x9, 0x5340a964, 0x1, 0x2, 0x5, 0x7, 0xc, 0x9, 0x8001, 0xfffffff2, 0x0, 0x9, 0x7, 0xe8e9, 0x8, 0x1000, 0x7, 0xf, 0x2, 0x2, 0x3, 0x4, 0xb5c7, 0x4, 0x9, 0x3, 0x0, 0x200, 0x7, 0xdf, 0xca, 0x1, 0xfffffffa, 0x5, 0x6f6ec7cc, 0xff, 0x4, 0xfff, 0x0, 0x5, 0x6d5, 0x72, 0x80, 0x6, 0xfffffff7, 0x6, 0x40, 0x3, 0x5, 0x8, 0xc3, 0x3, 0x1ff, 0x5, 0xdba6, 0x5, 0x7, 0x9, 0xe2f, 0x7b, 0x400, 0x9], [0x5, 0x8001, 0xfffffff7, 0x1, 0x2, 0x2, 0x8, 0x74edc315, 0x1, 0x100, 0xc000000, 0x3, 0x4, 0x9, 0x1, 0x7, 0x0, 0x80000001, 0x0, 0x8, 0x8, 0x3, 0x0, 0x7fff, 0x9, 0x0, 0x7, 0x3ff, 0x5442, 0xd, 0x10000, 0x6, 0x9, 0x5, 0x5381, 0x8, 0x6, 0x4, 0x9, 0x5, 0x0, 0xffffff81, 0x4, 0x3, 0x3, 0x0, 0x2761, 0x9, 0x800, 0x9, 0x8, 0x1217, 0x8, 0x100, 0xffff, 0x5, 0xe32, 0x2, 0x5, 0x7f, 0x7, 0x7ff, 0x77d, 0x401], [0x6, 0x2, 0x6, 0xcd, 0xff, 0x10001, 0x8, 0x6, 0x0, 0x8, 0x5, 0x2, 0x9, 0xfffffff9, 0x4, 0x3, 0x5, 0x816f, 0x6, 0x40, 0x5, 0x4, 0x9, 0xadce, 0x10, 0xf, 0x3, 0x5f24ffd5, 0xffff, 0x6, 0x1, 0x6, 0x2, 0xfffffff8, 0x7fff, 0x10001, 0x7f, 0xb, 0x7, 0x9, 0xfffffff8, 0x5d, 0x7f, 0xa, 0x7, 0xb, 0xfffffffb, 0x1000, 0x8, 0x9, 0x2, 0x800, 0xfffffffd, 0xc, 0x10001, 0x80000000, 0x6, 0x79a, 0x7, 0x2, 0x3, 0x40000000, 0x7a, 0xfffffffe]}, 0x45c)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14}}, 0x3c}}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x105300, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$sock_int(r1, 0x1, 0x17, &(0x7f0000000100)=0xe94, 0x4)
r5 = socket$kcm(0x2, 0xa, 0x2)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r6, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a03760760beeab91e8ff0055e5c0d48bd63ffdb93bd43a847a1597c8ef03da5be42200", 0x37}, 0x60)
writev(r6, &(0x7f0000000780)=[{&(0x7f0000001480)="a6", 0x1}], 0x1)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r4, 0x84009422, &(0x7f0000000300)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, <r8=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_RESIZE(r2, 0x50009403, &(0x7f0000000cc0)=ANY=[@ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00', @ANYRESDEC=r8, @ANYBLOB="3a6d617c0f6df7b241beb5431c8fdd9dfa3b955dfd1e977f94857247bef556c67c9b765b6883d7a8814a22e8ae32a241d31e02217d73a00763f62bf1194a20e8561f4785b274aaf8a50fc16db829999dcac1c6a38627b85c6d41ed4660a035ba46db53c27fcf51a95d19c3daa77dca18dc7dc2ee92a70f14264a4be1b9a07d12d9dc6eb19a000000000000000060eb"])
sendmsg$nl_xfrm(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000140)=@polexpire={0xd4, 0x1b, 0x1, 0x70bd2c, 0x25dfdbff, {{{@in=@private=0xa010100, @in6=@local, 0x4e22, 0x8000, 0x4e21, 0x5, 0x2, 0x20, 0x84be0cf7f0636606, 0x3c}, {0xb, 0x8, 0x0, 0x100000000, 0x0, 0x6, 0x1670, 0xa}, {0x7, 0x6, 0xfff, 0xc2e}, 0x3ff, 0x6e6bbb, 0x2, 0x1, 0x1, 0x1}, 0x2}, [@policy_type={0xa}, @XFRMA_IF_ID={0x8, 0x1f, 0x4}]}, 0xd4}}, 0x40000)
write$tun(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="000008000100000000003d0000004600004000000000008490783fffffffac14148c00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="b40005009078001c0b030005020000fffe000880000002d58838068b91000000"], 0x4e)

1.455468904s ago: executing program 1 (id=949):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r0 = add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0)
socketpair(0x26, 0x80000, 0x5, &(0x7f0000000600))
fsopen(0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
dup(0xffffffffffffffff)
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
mkdir(&(0x7f0000000200)='./file0\x00', 0x16)
mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r5=>r4}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, r5, {0x7ffffffe}}, './file0\x00'})
r6 = syz_open_dev$usbmon(&(0x7f0000000040), 0x6, 0x40180)
ioctl$MON_IOCX_GET(r6, 0x40189206, &(0x7f0000000380)={&(0x7f0000000280), 0x0, 0xfffffffffffffc71})
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000140)=0xb00, 0x4)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r8=>0x0})
sendmsg$can_raw(r7, &(0x7f0000000440)={&(0x7f0000000780)={0x1d, r8}, 0x10, &(0x7f0000000200)={&(0x7f0000001100)=@can={{0x0, 0x0, 0x0, 0x1}, 0x1, 0x1, 0x0, 0x0, "09151995c95f32cc"}, 0x10}}, 0x44001)
recvmmsg(r7, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}, 0xeb}], 0x1, 0x2001, 0x0)
r9 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil)
shmat(r9, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
socket$nl_generic(0x10, 0x3, 0x10)

1.042208089s ago: executing program 0 (id=950):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000006, 0x11, r0, 0xf648e000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0xa)
r5 = fanotify_init(0x0, 0x101801)
fanotify_mark(r5, 0x105, 0x40001032, r4, 0x0)
r6 = openat(r4, &(0x7f0000000100)='./file2\x00', 0x281c2, 0x2)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/crash_elfcorehdr_size', 0x0, 0x140)
lseek(r7, 0x100000002, 0x1)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x91}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x7c}, 0x1, 0x0, 0x0, 0x20000854}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[], 0x9c}}, 0x40000)
futex(0x0, 0xc, 0x2, 0x0, 0x0, 0x0)
link(&(0x7f0000000200)='./file2\x00', &(0x7f0000000440)='./file1\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0)
mmap(&(0x7f000056c000/0x4000)=nil, 0x4000, 0x4, 0x40010, r9, 0x14e8f000)
r10 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r11=>0x0})
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r12, &(0x7f0000000180)={0xa, 0x4e20, 0xfffffffc, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x81}, 0x1c)
setsockopt$inet6_IPV6_PKTINFO(r12, 0x29, 0x32, &(0x7f00000002c0)={@local, r11}, 0x14)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

812.391645ms ago: executing program 1 (id=951):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap(&(0x7f0000261000/0x1000)=nil, 0x1000, 0x200000e, 0x8010, r0, 0x9000)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1000022300000d8010010000f90000001c04000000001f000061ee4d05010a7e9d86bc14a7cbd97c0316037d6606ae70e9db52627f558567401f412710b3bd28d5c32a5de44619166aa3d169e4e05c384a280b53446d816dc96cff069a176b155e3ae8c5373e1a10a07f2a04f0dabd09c642e2bf3b2d1668c2438fb53109f2021e7911d2c99675903ba726626c0b119498af"], 0x10}, 0x0)
preadv(r2, &(0x7f0000000440)=[{&(0x7f0000000200)=""/224, 0xe0}], 0x1, 0x4, 0x4)
write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'smaps\x00'}], 0xa, "ea3642916be6ef99919b7abc699ce20b5ca7f1ee961e8d50d068215614d90733baa86d"}, 0x35)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000480)={"d6577dbacf2922893bbbff76cf40d8de30ad7e326bcbe85a10e1cb8b6037270c791051ba403014ce5d4686719901d88255b0297f865fa92039d823015cf954a0c7e45c367ef37c81af8b683e5af635719909cea8937add045a7802ff265f6e28bd6e7f9e7e29b63099ee6087489040de2c959ca0949ac61210dfeb026cc1e8f6df1e33cdddf8094cbe3ee84ac78af35fae85ccd23388a26b270b8f9e4d0ff1d75f8b5c624ad0e857fb6098d209c862d7d3d6ef29bc93f3a83b1f38f901c0d40ca75d5e218482b9ec61653b668adea76ef210647469e1e8f23ed16b0f53e14407d1a59029237b0c72549c6499fc7f49a5a2f4e26dd01a6be293492905681234e615eb1437f6d8f89ce2705e4472e88af7a28ba0c8f408b4011e6e797e33583d87908f32d8985e575f1d29659f79424b753fb13f3411037b60cb25b2001f82d7f16ec34f44515f3c0115ad76324b5ca6f81a982c3a01518da7f0102b19da259d19095598606ffa3886873a4e184d55c6249dc06c3275e778ccb241e03415169cca10556b8c276e724c1e6c572820f890566781ffda9d899b2a826125dda781ac44dbd2ad6e1a113d1b30b8dd03d42d11d49153d31f8970c3879c965df654dedcc892d3258dcf88cc4458e359ae00fee01a6da99640553651480bd231e4ae1b4eb0ec04cdbd92e4d57248a32d9694630949fc1e2e1d3165925d8772b477e16d1a79c28d123c7b6c2ee6eb4bd27b765ff11b61a1b79760f5196ee1f5d86f2f611dc9a9d22e4cbac89c66040ab9fe4d4e72aba82ade33b54760bfd742be3cffc22dde2730d92151038ac83be07046d8c29ba1c1e981d706812d5249f74258e647507c509753fb6424dbc862f087fb59b204cdc78888032c5755496852c6ae5075623f34ee7bad638ab5d61239b27936ee99f27a3ad5f1ecd08eac25416db3217599573ac3b87ecd1a0b4ab6ea9f80d3dcf2454ea97a40e9f716989332b804634255cf4210f1514840a15c75fd1ea58695bc085d2f74ba27959add2344e6c66fe9f4c039a07673385e820f86f41df96ea17bfd35b8d70145344ffc7ed8427ba5863b68d5588179ed19bc8dbd1f45be404445ed50b1b6cecf6e1569062344d43c4b6c9879c0c33c1919e27bd31c5c624ed6d00fda0e47982ea3bbda386f1a0ce092554450385301aec2bab55c3bdbbabb4968d0d2099ea93cbce51d1165e5d8590ca9b18dd62177b0fe1e10c2a73bb441703ef308f15f47041926f936db6fba53973a945cfa60216283b77273cdf240f19beaa2f074238cb1deeb81fbc439d2fc0de008b5ca7e265129d2a45a9c74b90fc76db3ef67febacf5bc1fb5be10379a671f6fb9be609ea3b227e9dd3e24b055a2967f390ae436739c00c539d563233bc225fcd5ec9bc9c289ae2b9497a6c07be003f5b42387b14fdd4890470acd1c47a1be656"})

707.653102ms ago: executing program 0 (id=952):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x4, 0x184862)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x6, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x7]}})
pwritev2(r0, &(0x7f0000001600)=[{0x0}], 0x1, 0x739, 0xe2, 0x1f)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000)
bind$inet6(0xffffffffffffffff, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x5}, 0x1c)
r2 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$PPPIOCGCHAN(r2, 0x80047437, 0x0)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r3, &(0x7f00000002c0)='./file1\x00', 0x40, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
sendto$inet(r4, &(0x7f0000000080)='\x00'/10, 0xfcf5, 0x0, &(0x7f0000000000)={0x2, 0x4e20, @empty}, 0x10)
r5 = openat$comedi(0xffffff9c, &(0x7f0000000780)='/dev/comedi0\x00', 0x101001, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000080)={'dac02\x00', [0x42d, 0x80008000, 0x9, 0x2, 0x6, 0x0, 0xffffff7e, 0xf, 0xffe, 0x0, 0x7, 0x4, 0x1006, 0x1000, 0xffff, 0x791, 0xffffffa7, 0x40000009, 0x832, 0x4, 0x5, 0x10000, 0x800, 0xe2df, 0x1, 0xfffffffd, 0x1, 0x3, 0x7, 0x5, 0x8005]})
recvmsg(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x20)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000040)={0x2, 0xb, 0x1, 'queue0\x00', 0x7fed})

705.424769ms ago: executing program 3 (id=953):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r2, 0x7cb, &(0x7f0000000980)={&(0x7f0000000540)={{@hyper}, {}, 0x400, "1710194bd1372be65d5d1be456d243acca17147843aa07e4676b6e5e13d51fe3b442ddd575b7ea5ad5807b65f6ffac80b65547d4a62858f758a3c310e491a45dff1707cfb8288781aa397d3e28b552db90c3fd57f459b4e3da5126b8963a25e860e40c989341b47e8b95063656f91660d61ae86764cd5302c60b77fff946ee5d5b95a65deb8a11af66212c0a3802da8734cf65656145658ef881a33b771b9134fe2e1407a2ffeb9ae90b1cd06a1e2438c7cd1667c0d3dc53f15fd720ed9adc68ca0bf8cb3a5f3e8f2b48ec05a30d52182f3be35dc35ddad91cd4123051996b766cf7f2791773011420d79b507bba3f90ba48eb066b68d56570e96cdac68675271dc756c582705ced77c094ae8f12a4f268fd1c5ed18f1264e27fcc5d2cced8dc50569b03dffbb749caffa1748c5f7c5fc60a7264e04c53bef6c2cba5ed946d420a97a2fa74cb564f80206f75b408bb69c27ab96ae43936e5c497bc56409f13221e4736c3229193f32dfeae901c32027c5941b73beee853b0fcccfb97d02b8675ca92bfe97adcf83d49f8a405dc9be0cfbaa239a73b40b37ee1c03ae15bf08b05d594d3ae80c131b6a0f958a0b5e09653d5d541c29fa4203671c3e8d3898a5618d7d05e7742dad4a6696ae13deef6c402e2afea4acf40d2c14ed5092a438170f1681d4b97eab16fcbfa86d7a361c02f89069d58c2b32c58d5ef7babf62b97c7ac97e413f53bea59cdbf72fc1c14718b1fa6306da64c9700df190c356a9e972d9e63cc9b0383cc8cab28a02a4b3d4f8b96d485dedb3e6a3f4e40d110676dc8de884d3f915b04f220072d4d68697b106faa3577b5011f3144f235439f1aac9f59d37adcc58ba20f209442df6e2975fa5e9b5cc2653b15b7be37172df2d84329307831f2977cac3cca11676512d2d351e00d09889681f9e0e6c172f2d0c3c15eb75ffe6297aecc1cc9d3ebc80735a50b07c7b1eedadbc9f637e26dd4035322abcb77f93fcd9feb2c33bf37c34595dc9bb2e16ada83dc541f98880dd6d4e0ef38e27adf412d1e08a5c1ce83acdc4f40674d9dc14fbff2f42eb71ba5fac19fc742e00c4c15154fcf8f79ad4cd4c8183d4b2d9693eab7f0da562a9ffba7058b272b280611d877f0b05dda462a5e605ea5a8803ad17ce5a9c5f88ec6fef54f407f5f26dc218b21ac5899d03946fdc4d95791f09a272ef0f1388d718c3d38727b1fbbb2c9f22f2d5091c2d0963b971ab47402130e3ca8e201609c34d4379f75257240f9ff0fe921e29bdcc1319bf77a469739ebfc1d1f8605bfb6d46c0cdc31692254715082be9152eabb5a9f2c562c06a985f573b63f02aad0eb63ff970e5a9a28d209b657cd20dc572238ef1d5bbc57041f77c70fca6b5314b6bff2a9b1a03ed2269456e6467664ac0ec2d2304916885fd1f91d5c3b32b924de00"}, 0x418})
close(0x3)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
set_mempolicy(0x1, 0x0, 0x3)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200053, 0x0)

661.845543ms ago: executing program 1 (id=954):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='attr/current\x00')
close_range(r1, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x200000, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000080)=ANY=[@ANYRES64=r0], 0x0)
ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x7)
socket$inet_smc(0x2b, 0x1, 0x0) (async)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='attr/current\x00') (async)
close_range(r1, 0xffffffffffffffff, 0x0) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5) (async)
mount(&(0x7f0000000100)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='udf\x00', 0x200000, 0x0) (async)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000080)=ANY=[@ANYRES64=r0], 0x0) (async)
ioctl$AUTOFS_IOC_FAIL(r0, 0x9361, 0x7) (async)

0s ago: executing program 0 (id=955):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) (async)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = dup2(r0, r1)
sendmmsg$inet(r2, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a00)="316f825a3d29f96a2093a917017b4cd30000000000000035ed313e19d6dd", 0x1e}, {&(0x7f0000000640)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c76d7756bf4fcaff0c23374ec7c4aadbb8b985f14893a91d750e168350685e0f4f079d2d8e79be174ef9355b70719c712c5d15d2e7505a8696b50738ece15ee5", 0xbe}, {&(0x7f0000000700)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25c951279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c8461de7afec966f9c023ffe15c3c1caec8ff3ef3", 0xde}, {&(0x7f0000000500)="fff5c0293353db83a683db60266a3867d03f740f4f0a7bafe7be9b2bac0bf1b2019dbde5f640c897ac57789fb8490642b47a96f0d03ec69d1f6e90e86be7fb3ef9e76969438283b0ab8d31b707ddd3b453f5ed67232e172945aecaf6dd89d72d7a429ef6d0dcc5f0d9cc15db", 0x6c}], 0x4}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000180)="d0", 0x1}], 0x1}}], 0x2, 0x0)
sendmsg$TIPC_NL_SOCK_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001840)=ANY=[], 0x240}}, 0x0) (async)
sendmsg$TIPC_NL_SOCK_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001840)=ANY=[], 0x240}}, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000001c0)='htcp\x00', 0x5)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) (async)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000001600)="09268a927f1f6588b967481241ba7860fcfaf65ac635ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcec8044ab4ea6f7ae55d88fecf90b1a7511bf746b152124eb38d6c7a207112eb1bf554bc070626792d394df5adf7355fa5f8deb9db3da042d8803f5c0ca3642f22e4c896b5f1d4e16556e57cc2f36b50a00000063cf9528e90000000000581c7eeb130aac1cfd109c3e794fe91b5b473f244eeac47acbd809ca44d2ec59bfd29d8284c110c12383451ca080f21202c313d9e1433001c37c0cc36aa2feb07c4448ab65eb0e869e4eac424e301534d65c42cb556f46102dc89a4f3fd1af3b72abc4be573c7145547306d1d62631e4", 0xfb, 0x11, 0x0, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00')
read(r3, &(0x7f0000000100)=""/147, 0x93) (async)
read(r3, &(0x7f0000000100)=""/147, 0x93)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='nilfs2\x00', 0x200808, 0x0)

kernel console output (not intermixed with test programs):

usb 1-1: SerialNumber: syz
[  602.458780][ T8495] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  602.533524][ T8506] netlink: 72 bytes leftover after parsing attributes in process `syz.2.723'.
[  602.759899][   T24] dvb-usb: found a 'KWorld/ADSTech Instant DVB-T USB2.0' in warm state.
[  602.784828][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  602.835737][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  602.859089][   T24] dvbdev: DVB: registering new adapter (KWorld/ADSTech Instant DVB-T USB2.0)
[  602.888879][   T24] usb 1-1: media controller created
[  602.908827][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  602.986308][ T8517] XFS (rnullb0): Invalid superblock magic number
[  603.001504][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  603.034059][   T24] dvb-usb: no frontend was attached by 'KWorld/ADSTech Instant DVB-T USB2.0'
[  603.093558][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input10
[  603.133652][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  603.151702][   T24] dvb-usb: KWorld/ADSTech Instant DVB-T USB2.0 successfully initialized and connected.
[  603.203011][   T24] usb 1-1: USB disconnect, device number 37
[  603.426305][   T24] dvb-usb: KWorld/ADSTech Instant DVB-T USB2.0 successfully deinitialized and disconnected.
[  603.577692][   T10] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  603.595230][ T5877] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  603.740183][   T10] usb 2-1: not running at top speed; connect to a high speed hub
[  603.752172][   T10] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  603.765603][   T10] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  603.772458][ T5877] usb 4-1: unable to read config index 0 descriptor/start: -61
[  603.776144][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  603.776189][   T10] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 4, skipping
[  603.790038][ T5877] usb 4-1: can't read configurations, error -61
[  603.804790][   T10] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  603.830643][   T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  603.840446][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.852887][   T10] usb 2-1: Product: syz
[  603.857678][   T10] usb 2-1: Manufacturer: syz
[  603.862315][   T10] usb 2-1: SerialNumber: syz
[  603.875131][   T24] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  603.944964][ T5877] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  604.037029][   T24] usb 1-1: Using ep0 maxpacket: 32
[  604.044829][   T24] usb 1-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  604.059219][   T24] usb 1-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  604.071147][   T24] usb 1-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  604.083318][   T24] usb 1-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  604.105104][   T24] usb 1-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  604.114431][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.126853][ T8552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.139732][ T5877] usb 4-1: unable to read config index 0 descriptor/start: -61
[  604.154071][ T8552] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  604.155194][ T5877] usb 4-1: can't read configurations, error -61
[  604.168305][   T24] usb 1-1: Product: syz
[  604.172498][   T24] usb 1-1: Manufacturer: syz
[  604.180416][   T24] usb 1-1: SerialNumber: syz
[  604.185719][ T5877] usb usb4-port1: attempt power cycle
[  604.204580][   T10] usb 2-1: 0:2 : does not exist
[  604.240402][   T24] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/input/input11
[  604.271085][   T10] usb 2-1: USB disconnect, device number 30
[  604.336918][ T7533] udevd[7533]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  604.424956][   T24] imon 1-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  604.433991][   T24]  (id 0x00)
[  604.554907][ T5877] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  604.562932][   T24] rc_core: IR keymap rc-imon-pad not found
[  604.584941][   T24] Registered IR keymap rc-empty
[  604.590422][   T24] imon 1-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  604.607328][   T24] imon 1-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  604.624899][ T5877] usb 4-1: unable to read config index 0 descriptor/start: -61
[  604.637631][ T5877] usb 4-1: can't read configurations, error -61
[  604.658931][   T24] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/rc/rc0
[  604.675102][   T24] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:155.0/rc/rc0/input12
[  604.696575][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.705033][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.714357][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.722533][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.730730][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.745003][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.756007][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.764186][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.772350][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.784455][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.792658][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.800836][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.809014][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.817281][   T24] imon 1-1:155.0: iMON device (15c2:ffdc, intf0) on usb<1:38> initialized
[  604.817388][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.834788][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.843020][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.855511][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.864240][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.872428][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.880664][ T5877] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  604.888400][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.896732][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.904797][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.912852][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.920938][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.929033][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.937142][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.945312][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.953360][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.963085][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.971164][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.979275][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.987332][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  604.995413][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.003501][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.011566][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.019661][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.027824][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.036000][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.044045][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.052133][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.061781][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.069898][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.077964][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.086049][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.094092][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.102227][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.110080][ T8572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  605.110380][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.126937][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.135094][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.143258][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.151425][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.162842][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.171791][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.180170][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.188172][ T8572] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  605.188338][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.204784][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.212962][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.221121][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.229274][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.237421][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.245576][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.253722][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.263557][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.272522][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.280679][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.288857][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.297021][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.305182][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.313339][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.321503][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.329658][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.337812][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.345978][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.354282][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.363734][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.371906][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.380202][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.388477][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.396662][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.404879][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.413037][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.421264][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.429425][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.437654][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.445823][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.454075][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.463363][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.471525][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.479670][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.487849][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.496027][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.504315][    C1] imon 1-1:155.0: imon usb_rx_callback_intf0: status(-71): ignored
[  605.505398][   T10] usb 1-1: USB disconnect, device number 38
[  605.527953][ T5877] usb 4-1: unable to read config index 0 descriptor/start: -61
[  605.548046][ T5877] usb 4-1: can't read configurations, error -61
[  605.564610][ T5877] usb usb4-port1: unable to enumerate USB device
[  605.912434][   T30] audit: type=1326 audit(1752701250.284:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8582 comm="syz.1.744" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdca278e929 code=0x0
[  605.977025][ T5877] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  606.135043][ T5877] usb 3-1: Using ep0 maxpacket: 32
[  606.142112][ T5877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  606.153841][ T5877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  606.164785][ T5877] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  606.174206][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.200913][ T5877] usb 3-1: config 0 descriptor??
[  606.224938][ T5829] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  606.374904][ T5829] usb 2-1: Using ep0 maxpacket: 32
[  606.397238][ T5829] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  606.435135][ T5829] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  606.463347][ T5829] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  606.480877][ T5829] usb 2-1: New USB device strings: Mfr=64, Product=0, SerialNumber=203
[  606.504240][ T5911] Bluetooth: hci4: sending frame failed (-49)
[  606.505317][ T5829] usb 2-1: Manufacturer: syz
[  606.515540][ T5916] Bluetooth: hci4: Entering manufacturer mode failed (-49)
[  606.532494][ T5829] usb 2-1: SerialNumber: syz
[  606.536108][ T8594] FAULT_INJECTION: forcing a failure.
[  606.536108][ T8594] name failslab, interval 1, probability 0, space 0, times 0
[  606.551655][ T8594] CPU: 1 UID: 0 PID: 8594 Comm: syz.0.749 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  606.551685][ T8594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  606.551697][ T8594] Call Trace:
[  606.551706][ T8594]  <TASK>
[  606.551714][ T8594]  dump_stack_lvl+0x189/0x250
[  606.551754][ T8594]  ? __pfx____ratelimit+0x10/0x10
[  606.551776][ T8594]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.551806][ T8594]  ? __pfx__printk+0x10/0x10
[  606.551843][ T8594]  ? __pfx___might_resched+0x10/0x10
[  606.551867][ T8594]  ? fs_reclaim_acquire+0x7d/0x100
[  606.551895][ T8594]  should_fail_ex+0x414/0x560
[  606.551935][ T8594]  should_failslab+0xa8/0x100
[  606.551957][ T8594]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  606.551989][ T8594]  ? __alloc_skb+0x112/0x2d0
[  606.552017][ T8594]  __alloc_skb+0x112/0x2d0
[  606.552045][ T8594]  alloc_uevent_skb+0x7d/0x230
[  606.552077][ T8594]  kobject_uevent_net_broadcast+0x2fa/0x560
[  606.552111][ T8594]  kobject_uevent_env+0x55b/0x8c0
[  606.552149][ T8594]  device_del+0x73a/0x8e0
[  606.552188][ T8594]  ? __pfx_device_del+0x10/0x10
[  606.552214][ T8594]  ? kobject_put+0x446/0x480
[  606.552244][ T8594]  hci_unregister_dev+0x3a1/0x510
[  606.552280][ T8594]  hci_uart_tty_close+0x1b1/0x290
[  606.552305][ T8594]  tty_set_ldisc+0x33f/0x560
[  606.552334][ T8594]  tty_ioctl+0xc38/0xde0
[  606.552395][ T8594]  ? __pfx_tty_ioctl+0x10/0x10
[  606.552418][ T8594]  __se_sys_ioctl+0xfc/0x170
[  606.552442][ T8594]  do_syscall_64+0xfa/0x3b0
[  606.552463][ T8594]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.552483][ T8594]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.552504][ T8594]  ? clear_bhb_loop+0x60/0xb0
[  606.552529][ T8594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.552550][ T8594] RIP: 0033:0x7f75e938e929
[  606.552567][ T8594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  606.552585][ T8594] RSP: 002b:00007f75ea1ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  606.552606][ T8594] RAX: ffffffffffffffda RBX: 00007f75e95b5fa0 RCX: 00007f75e938e929
[  606.552621][ T8594] RDX: 0000200000000040 RSI: 0000000000005423 RDI: 0000000000000005
[  606.552634][ T8594] RBP: 00007f75ea1ac090 R08: 0000000000000000 R09: 0000000000000000
[  606.552646][ T8594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  606.552658][ T8594] R13: 0000000000000000 R14: 00007f75e95b5fa0 R15: 00007ffecdf05e08
[  606.552690][ T8594]  </TASK>
[  606.553569][ T5829] usb 2-1: config 0 descriptor??
[  606.622316][ T5877] holtek 0003:1241:5015.0007: item fetching failed at offset 0/2
[  606.629617][ T5829] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  606.651014][ T5877] holtek 0003:1241:5015.0007: parse failed
[  606.896489][ T5877] holtek 0003:1241:5015.0007: probe with driver holtek failed with error -22
[  606.910421][ T8599] binder: 8598:8599 ioctl c0306201 0 returned -14
[  606.924093][ T5877] usb 3-1: USB disconnect, device number 35
[  607.443638][ T8609] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem
[  607.574899][   T10] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  607.615413][ T5945] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  607.727131][   T10] usb 4-1: Using ep0 maxpacket: 16
[  607.739232][   T10] usb 4-1: config 0 has an invalid interface number: 9 but max is 1
[  607.750262][   T10] usb 4-1: config 0 has an invalid interface number: 9 but max is 1
[  607.758429][   T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  607.767500][   T10] usb 4-1: config 0 has no interface number 0
[  607.773628][   T10] usb 4-1: config 0 interface 9 has no altsetting 0
[  607.780372][   T10] usb 4-1: config 0 interface 9 has no altsetting 1
[  607.786995][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  607.787028][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  607.787067][ T5945] usb 1-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  607.802350][   T10] usb 4-1: New USB device found, idVendor=1199, idProduct=6891, bcdDevice=89.a0
[  607.809212][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.842109][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.846281][ T5945] usb 1-1: config 0 descriptor??
[  607.851516][   T10] usb 4-1: Product: syz
[  607.859651][   T10] usb 4-1: Manufacturer: syz
[  607.864442][   T10] usb 4-1: SerialNumber: syz
[  607.880652][   T10] usb 4-1: config 0 descriptor??
[  607.922000][ T8617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.756'.
[  608.130386][   T10] usb 4-1: selecting invalid altsetting 1
[  608.145989][   T10] sierra 4-1:0.9: Sierra USB modem converter detected
[  608.170629][   T10] usb 4-1: Sierra USB modem converter now attached to ttyUSB0
[  608.185805][   T10] usb 4-1: USB disconnect, device number 20
[  608.210135][   T10] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  608.230659][   T10] sierra 4-1:0.9: device disconnected
[  608.311135][ T5945] uclogic 0003:5543:0042.0008: hidraw0: USB HID v0.00 Device [HID 5543:0042] on usb-dummy_hcd.0-1/input0
[  608.509897][ T8631] netlink: 8 bytes leftover after parsing attributes in process `syz.2.760'.
[  608.526773][ T8631] ./cgroup: Can't lookup blockdev
[  608.943784][ T5829] usb 2-1: USB disconnect, device number 31
[  609.210642][ T8647] usb usb1: usbfs: process 8647 (syz.1.764) did not claim interface 0 before use
[  609.732324][ T8668] syzkaller0: entered promiscuous mode
[  609.739377][ T8668] syzkaller0: entered allmulticast mode
[  609.834925][   T10] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  609.988551][   T10] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  609.997784][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.005898][   T10] usb 2-1: Product: syz
[  610.010204][   T10] usb 2-1: Manufacturer: syz
[  610.014999][   T10] usb 2-1: SerialNumber: syz
[  610.022048][   T10] usb 2-1: config 0 descriptor??
[  610.104808][ T5829] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  610.229916][   T10] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  610.254865][ T5829] usb 3-1: Using ep0 maxpacket: 32
[  610.261765][ T5829] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  610.274054][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  610.286668][ T5829] usb 3-1: config 0 descriptor??
[  610.297454][ T5829] gspca_main: sunplus-2.14.0 probing 041e:400b
[  610.400704][ T5945] usb 1-1: USB disconnect, device number 39
[  610.703783][ T8671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.728000][ T8671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.744099][ T8671] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  610.766814][ T8671] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  610.775210][ T5916] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  610.857303][ T8676] netlink: 'syz.0.775': attribute type 29 has an invalid length.
[  611.170080][ T8681] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  611.178421][ T8681] VFS: Can't find a romfs filesystem on dev rnullb0.
[  611.178421][ T8681] 
[  611.226315][ T8671] Malformed UNC in devname
[  611.226315][ T8671] 
[  611.231169][ T5829] gspca_sunplus: reg_r err -32
[  611.233235][ T8671] CIFS: VFS: Malformed UNC in devname
[  611.244931][ T5829] sunplus 3-1:0.0: probe with driver sunplus failed with error -32
[  611.275318][ T5829] usb 3-1: USB disconnect, device number 36
[  611.618489][ T8691] FAULT_INJECTION: forcing a failure.
[  611.618489][ T8691] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  611.631907][ T8691] CPU: 1 UID: 0 PID: 8691 Comm: syz.0.781 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  611.631938][ T8691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  611.631949][ T8691] Call Trace:
[  611.631959][ T8691]  <TASK>
[  611.631967][ T8691]  dump_stack_lvl+0x189/0x250
[  611.632003][ T8691]  ? __pfx____ratelimit+0x10/0x10
[  611.632023][ T8691]  ? __pfx_dump_stack_lvl+0x10/0x10
[  611.632053][ T8691]  ? __pfx__printk+0x10/0x10
[  611.632075][ T8691]  ? __might_fault+0xb0/0x130
[  611.632106][ T8691]  should_fail_ex+0x414/0x560
[  611.632146][ T8691]  _copy_from_iter+0x1db/0x16f0
[  611.632175][ T8691]  ? __lock_acquire+0xab9/0xd20
[  611.632203][ T8691]  ? __pfx__copy_from_iter+0x10/0x10
[  611.632237][ T8691]  tun_get_user+0x219/0x3e20
[  611.632269][ T8691]  ? aa_file_perm+0x13e/0x11b0
[  611.632300][ T8691]  ? aa_file_perm+0x3ed/0x11b0
[  611.632327][ T8691]  ? __pfx_tun_get_user+0x10/0x10
[  611.632350][ T8691]  ? _parse_integer_limit+0x1ae/0x1f0
[  611.632377][ T8691]  ? __lock_acquire+0xab9/0xd20
[  611.632398][ T8691]  ? ref_tracker_alloc+0x318/0x460
[  611.632411][ T8691]  ? __lock_acquire+0xab9/0xd20
[  611.632436][ T8691]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  611.632463][ T8691]  ? tun_get+0x1c/0x2f0
[  611.632493][ T8691]  ? tun_get+0x1c/0x2f0
[  611.632517][ T8691]  ? tun_get+0x1c/0x2f0
[  611.632539][ T8691]  tun_chr_write_iter+0x113/0x200
[  611.632559][ T8691]  vfs_write+0x54b/0xa90
[  611.632586][ T8691]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  611.632614][ T8691]  ? __pfx_vfs_write+0x10/0x10
[  611.632646][ T8691]  ? __fget_files+0x2a/0x420
[  611.632678][ T8691]  ksys_write+0x145/0x250
[  611.632696][ T8691]  ? __pfx_ksys_write+0x10/0x10
[  611.632710][ T8691]  ? rcu_is_watching+0x15/0xb0
[  611.632740][ T8691]  ? do_syscall_64+0xbe/0x3b0
[  611.632767][ T8691]  do_syscall_64+0xfa/0x3b0
[  611.632786][ T8691]  ? lockdep_hardirqs_on+0x9c/0x150
[  611.632805][ T8691]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.632824][ T8691]  ? clear_bhb_loop+0x60/0xb0
[  611.632842][ T8691]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  611.632856][ T8691] RIP: 0033:0x7f75e938e929
[  611.632869][ T8691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  611.632894][ T8691] RSP: 002b:00007f75ea1ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  611.632917][ T8691] RAX: ffffffffffffffda RBX: 00007f75e95b5fa0 RCX: 00007f75e938e929
[  611.632931][ T8691] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  611.632943][ T8691] RBP: 00007f75ea1ac090 R08: 0000000000000000 R09: 0000000000000000
[  611.632955][ T8691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.632966][ T8691] R13: 0000000000000000 R14: 00007f75e95b5fa0 R15: 00007ffecdf05e08
[  611.632992][ T8691]  </TASK>
[  611.645094][   T10] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  611.910346][ T8693] hfs: can't find a HFS filesystem on dev rnullb0
[  611.920770][ T6017] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  611.945778][   T10] usb 2-1: USB disconnect, device number 32
[  612.084830][ T6017] usb 4-1: Using ep0 maxpacket: 8
[  612.092040][ T6017] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  612.100825][ T6017] usb 4-1: config 179 has no interface number 0
[  612.109622][ T6017] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  612.142008][ T6017] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  612.157118][ T6017] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  612.169727][ T6017] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  612.182736][ T6017] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  612.201545][ T6017] usb 4-1: config 179 interface 65 has no altsetting 0
[  612.209505][ T6017] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  612.223299][ T6017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  612.262500][ T6017] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input14
[  612.476099][ T8686] Can't find a SQUASHFS superblock on rnullb0
[  612.498239][ T6017] usb 4-1: USB disconnect, device number 21
[  612.498321][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  612.771156][ T3553] Bluetooth: hci4: Frame reassembly failed (-84)
[  613.415143][   T24] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  613.589963][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  613.604861][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  613.626963][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  613.650748][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  613.662984][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  613.679233][   T24] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  613.704783][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  613.729604][   T24] usb 4-1: Product: syz
[  613.733833][   T24] usb 4-1: Manufacturer: syz
[  613.751454][   T24] usb 4-1: SerialNumber: syz
[  613.780011][   T24] usb 4-1: config 0 descriptor??
[  613.782431][ T8744] syz.0.799 (8744): /proc/8743/oom_adj is deprecated, please use /proc/8743/oom_score_adj instead.
[  613.824507][ T8745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  613.836512][ T8745] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  613.944217][ T8751] FAULT_INJECTION: forcing a failure.
[  613.944217][ T8751] name failslab, interval 1, probability 0, space 0, times 0
[  613.958113][ T8751] CPU: 1 UID: 0 PID: 8751 Comm: syz.1.800 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  613.958145][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  613.958157][ T8751] Call Trace:
[  613.958165][ T8751]  <TASK>
[  613.958173][ T8751]  dump_stack_lvl+0x189/0x250
[  613.958206][ T8751]  ? __pfx____ratelimit+0x10/0x10
[  613.958227][ T8751]  ? __pfx_dump_stack_lvl+0x10/0x10
[  613.958254][ T8751]  ? __pfx__printk+0x10/0x10
[  613.958285][ T8751]  ? __pfx___might_resched+0x10/0x10
[  613.958310][ T8751]  ? fs_reclaim_acquire+0x7d/0x100
[  613.958336][ T8751]  should_fail_ex+0x414/0x560
[  613.958372][ T8751]  should_failslab+0xa8/0x100
[  613.958392][ T8751]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  613.958424][ T8751]  ? __alloc_skb+0x112/0x2d0
[  613.958450][ T8751]  __alloc_skb+0x112/0x2d0
[  613.958477][ T8751]  alloc_skb_with_frags+0xca/0x890
[  613.958500][ T8751]  ? __might_fault+0xb0/0x130
[  613.958541][ T8751]  sock_alloc_send_pskb+0x857/0x990
[  613.958586][ T8751]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  613.958624][ T8751]  ? iov_iter_advance+0x8b/0x1c0
[  613.958650][ T8751]  tun_get_user+0xa43/0x3e20
[  613.958691][ T8751]  ? aa_file_perm+0x13e/0x11b0
[  613.958717][ T8751]  ? aa_file_perm+0x3ed/0x11b0
[  613.958740][ T8751]  ? __pfx_tun_get_user+0x10/0x10
[  613.958764][ T8751]  ? _parse_integer_limit+0x1ae/0x1f0
[  613.958801][ T8751]  ? __lock_acquire+0xab9/0xd20
[  613.958827][ T8751]  ? ref_tracker_alloc+0x318/0x460
[  613.958844][ T8751]  ? __lock_acquire+0xab9/0xd20
[  613.958867][ T8751]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  613.958892][ T8751]  ? tun_get+0x1c/0x2f0
[  613.958921][ T8751]  ? tun_get+0x1c/0x2f0
[  613.958943][ T8751]  ? tun_get+0x1c/0x2f0
[  613.958973][ T8751]  tun_chr_write_iter+0x113/0x200
[  613.958999][ T8751]  vfs_write+0x54b/0xa90
[  613.959026][ T8751]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  613.959052][ T8751]  ? __pfx_vfs_write+0x10/0x10
[  613.959083][ T8751]  ? __fget_files+0x2a/0x420
[  613.959117][ T8751]  ksys_write+0x145/0x250
[  613.959140][ T8751]  ? __pfx_ksys_write+0x10/0x10
[  613.959159][ T8751]  ? rcu_is_watching+0x15/0xb0
[  613.959189][ T8751]  ? do_syscall_64+0xbe/0x3b0
[  613.959216][ T8751]  do_syscall_64+0xfa/0x3b0
[  613.959234][ T8751]  ? lockdep_hardirqs_on+0x9c/0x150
[  613.959253][ T8751]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.959272][ T8751]  ? clear_bhb_loop+0x60/0xb0
[  613.959296][ T8751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.959316][ T8751] RIP: 0033:0x7fdca278e929
[  613.959333][ T8751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.959350][ T8751] RSP: 002b:00007fdca35bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  613.959370][ T8751] RAX: ffffffffffffffda RBX: 00007fdca29b5fa0 RCX: 00007fdca278e929
[  613.959385][ T8751] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  613.959397][ T8751] RBP: 00007fdca35bb090 R08: 0000000000000000 R09: 0000000000000000
[  613.959409][ T8751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  613.959419][ T8751] R13: 0000000000000000 R14: 00007fdca29b5fa0 R15: 00007ffdac0f26a8
[  613.959449][ T8751]  </TASK>
[  614.084847][  T982] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  614.096804][   T24] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  614.294573][   T24] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  614.318065][   T24] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71
[  614.327219][   T24] radio-si470x 4-1:0.0: si470x_get_scratch: si470x_get_report returned -71
[  614.337517][   T24] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -5
[  614.360203][   T24] usb 4-1: USB disconnect, device number 22
[  614.774942][ T5911] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  614.775167][ T5916] Bluetooth: hci4: command 0xfc11 tx timeout
[  614.794326][ T8708] FAULT_INJECTION: forcing a failure.
[  614.794326][ T8708] name failslab, interval 1, probability 0, space 0, times 0
[  614.807600][ T8708] CPU: 1 UID: 0 PID: 8708 Comm: syz.2.787 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  614.807630][ T8708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  614.807643][ T8708] Call Trace:
[  614.807652][ T8708]  <TASK>
[  614.807660][ T8708]  dump_stack_lvl+0x189/0x250
[  614.807696][ T8708]  ? __pfx____ratelimit+0x10/0x10
[  614.807717][ T8708]  ? __pfx_dump_stack_lvl+0x10/0x10
[  614.807746][ T8708]  ? __pfx__printk+0x10/0x10
[  614.807783][ T8708]  ? __pfx___might_resched+0x10/0x10
[  614.807808][ T8708]  ? fs_reclaim_acquire+0x7d/0x100
[  614.807836][ T8708]  should_fail_ex+0x414/0x560
[  614.807874][ T8708]  should_failslab+0xa8/0x100
[  614.807895][ T8708]  kmem_cache_alloc_noprof+0x73/0x3c0
[  614.807925][ T8708]  ? skb_clone+0x212/0x3a0
[  614.807950][ T8708]  ? __pfx__raw_read_unlock_irqrestore+0x10/0x10
[  614.807987][ T8708]  skb_clone+0x212/0x3a0
[  614.808012][ T8708]  ? netlink_broadcast_filtered+0x654/0x1140
[  614.808049][ T8708]  netlink_broadcast_filtered+0x662/0x1140
[  614.808083][ T8708]  ? __pfx_sprintf+0x10/0x10
[  614.808130][ T8708]  netlink_broadcast+0x37/0x50
[  614.808152][ T8708]  kobject_uevent_net_broadcast+0x378/0x560
[  614.808187][ T8708]  kobject_uevent_env+0x55b/0x8c0
[  614.808225][ T8708]  device_del+0x73a/0x8e0
[  614.808262][ T8708]  ? __pfx_device_del+0x10/0x10
[  614.808290][ T8708]  ? kobject_put+0x446/0x480
[  614.808319][ T8708]  hci_unregister_dev+0x3a1/0x510
[  614.808355][ T8708]  hci_uart_tty_close+0x1b1/0x290
[  614.808381][ T8708]  tty_set_ldisc+0x33f/0x560
[  614.808410][ T8708]  tty_ioctl+0xc38/0xde0
[  614.808434][ T8708]  ? __pfx_tty_ioctl+0x10/0x10
[  614.808459][ T8708]  __se_sys_ioctl+0xfc/0x170
[  614.808482][ T8708]  do_syscall_64+0xfa/0x3b0
[  614.808503][ T8708]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.808522][ T8708]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.808549][ T8708]  ? clear_bhb_loop+0x60/0xb0
[  614.808574][ T8708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.808594][ T8708] RIP: 0033:0x7fd96f38e929
[  614.808612][ T8708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.808629][ T8708] RSP: 002b:00007fd970218038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  614.808651][ T8708] RAX: ffffffffffffffda RBX: 00007fd96f5b5fa0 RCX: 00007fd96f38e929
[  614.808666][ T8708] RDX: 0000200000000040 RSI: 0000000000005423 RDI: 0000000000000005
[  614.808679][ T8708] RBP: 00007fd970218090 R08: 0000000000000000 R09: 0000000000000000
[  614.808691][ T8708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  614.808702][ T8708] R13: 0000000000000000 R14: 00007fd96f5b5fa0 R15: 00007ffecd607198
[  614.808735][ T8708]  </TASK>
[  615.236651][ T8762] vxfs: WRONG superblock magic 00000000 at 1
[  615.248250][ T8762] vxfs: WRONG superblock magic 00000000 at 8
[  615.268301][ T8762] vxfs: can't find superblock.
[  615.379356][ T8764] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  615.418068][ T8764] UDF-fs: Scanning with blocksize 4096 failed
[  615.924931][  T982] usb 3-1: new full-speed USB device number 37 using dummy_hcd
[  616.123601][  T982] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  616.159944][  T982] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  616.186034][  T982] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  616.206394][  T982] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.247553][ T8791] MTD: Couldn't look up './cgroup': -15
[  616.254253][  T982] usb 3-1: config 0 descriptor??
[  616.272157][ T8791] netlink: 24 bytes leftover after parsing attributes in process `syz.3.813'.
[  616.614840][ T5945] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  616.663378][  T982] bigben 0003:146B:0902.0009: unexpected rdesc, please submit for review
[  616.674521][  T982] bigben 0003:146B:0902.0009: item fetching failed at offset 1/5
[  616.689006][  T982] bigben 0003:146B:0902.0009: parse failed
[  616.697105][  T982] bigben 0003:146B:0902.0009: probe with driver bigben failed with error -22
[  616.806895][ T5945] usb 4-1: Using ep0 maxpacket: 16
[  616.820716][ T5945] usb 4-1: config 1 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 142, changing to 11
[  616.838620][ T5945] usb 4-1: config 1 interface 0 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  616.851854][ T5945] usb 4-1: config 1 interface 0 has no altsetting 0
[  616.861813][ T8797] futex_wake_op: syz.2.808 tries to shift op by -1; fix this program
[  616.877255][ T8798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  616.884998][ T5945] usb 4-1: New USB device found, idVendor=04f2, idProduct=1421, bcdDevice= 0.40
[  616.894670][ T5945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.909670][ T5945] usb 4-1: Product: 㐉
[  616.913900][ T5945] usb 4-1: Manufacturer: 㗨㷅署甠斂ᆥ
[  616.922005][ T5945] usb 4-1: SerialNumber: 뛃杄삹Ⱕ㞡랜밅窚롵캡익﷼ൾ✜鲓䩸헄뚄㡇浑
[  616.952656][ T8798] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  616.988729][   T24] usb 3-1: USB disconnect, device number 37
[  617.164392][ T8794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.814'.
[  617.194065][ T8803] IPVS: sync thread started: state = MASTER, mcast_ifn = dummy0, syncid = 1, id = 0
[  617.199666][ T8794] exFAT-fs (rnullb0): invalid boot record signature
[  617.232167][ T8794] exFAT-fs (rnullb0): failed to read boot sector
[  617.245404][ T8794] exFAT-fs (rnullb0): failed to recognize exfat type
[  617.273931][ T5945] usbhid 4-1:1.0: can't add hid device: -71
[  617.280174][ T5945] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  617.306935][ T5945] usb 4-1: USB disconnect, device number 23
[  617.775219][ T8811] netlink: 'syz.1.820': attribute type 29 has an invalid length.
[  617.913753][ T8815] FAULT_INJECTION: forcing a failure.
[  617.913753][ T8815] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  617.954620][ T8815] CPU: 1 UID: 0 PID: 8815 Comm: syz.3.821 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  617.954651][ T8815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  617.954664][ T8815] Call Trace:
[  617.954673][ T8815]  <TASK>
[  617.954681][ T8815]  dump_stack_lvl+0x189/0x250
[  617.954729][ T8815]  ? __pfx____ratelimit+0x10/0x10
[  617.954753][ T8815]  ? __pfx_dump_stack_lvl+0x10/0x10
[  617.954782][ T8815]  ? __pfx__printk+0x10/0x10
[  617.954810][ T8815]  ? __might_fault+0xb0/0x130
[  617.954852][ T8815]  should_fail_ex+0x414/0x560
[  617.954889][ T8815]  _copy_from_iter+0x1db/0x16f0
[  617.954918][ T8815]  ? sock_alloc_send_pskb+0x875/0x990
[  617.954952][ T8815]  ? __pfx__copy_from_iter+0x10/0x10
[  617.954986][ T8815]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  617.955018][ T8815]  skb_copy_datagram_from_iter+0xf5/0x720
[  617.955052][ T8815]  ? skb_put+0x11b/0x210
[  617.955078][ T8815]  tun_get_user+0x1691/0x3e20
[  617.955129][ T8815]  ? aa_file_perm+0x13e/0x11b0
[  617.955157][ T8815]  ? aa_file_perm+0x3ed/0x11b0
[  617.955183][ T8815]  ? __pfx_tun_get_user+0x10/0x10
[  617.955208][ T8815]  ? _parse_integer_limit+0x1ae/0x1f0
[  617.955238][ T8815]  ? __lock_acquire+0xab9/0xd20
[  617.955267][ T8815]  ? ref_tracker_alloc+0x318/0x460
[  617.955285][ T8815]  ? __lock_acquire+0xab9/0xd20
[  617.955309][ T8815]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  617.955335][ T8815]  ? tun_get+0x1c/0x2f0
[  617.955366][ T8815]  ? tun_get+0x1c/0x2f0
[  617.955388][ T8815]  ? tun_get+0x1c/0x2f0
[  617.955417][ T8815]  tun_chr_write_iter+0x113/0x200
[  617.955446][ T8815]  vfs_write+0x54b/0xa90
[  617.955472][ T8815]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  617.955498][ T8815]  ? __pfx_vfs_write+0x10/0x10
[  617.955531][ T8815]  ? __fget_files+0x2a/0x420
[  617.955565][ T8815]  ksys_write+0x145/0x250
[  617.955589][ T8815]  ? __pfx_ksys_write+0x10/0x10
[  617.955607][ T8815]  ? rcu_is_watching+0x15/0xb0
[  617.955638][ T8815]  ? do_syscall_64+0xbe/0x3b0
[  617.955663][ T8815]  do_syscall_64+0xfa/0x3b0
[  617.955682][ T8815]  ? lockdep_hardirqs_on+0x9c/0x150
[  617.955702][ T8815]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.955720][ T8815]  ? clear_bhb_loop+0x60/0xb0
[  617.955745][ T8815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.955764][ T8815] RIP: 0033:0x7f90ff98e929
[  617.955782][ T8815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  617.955798][ T8815] RSP: 002b:00007f91007a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  617.955819][ T8815] RAX: ffffffffffffffda RBX: 00007f90ffbb5fa0 RCX: 00007f90ff98e929
[  617.955834][ T8815] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  617.955846][ T8815] RBP: 00007f91007a5090 R08: 0000000000000000 R09: 0000000000000000
[  617.955857][ T8815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  617.955869][ T8815] R13: 0000000000000000 R14: 00007f90ffbb5fa0 R15: 00007ffdd3527528
[  617.955899][ T8815]  </TASK>
[  618.479090][ T8824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.824'.
[  618.855009][ T6017] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  619.014939][ T5911] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  619.027428][ T6017] usb 4-1: config 0 has an invalid interface number: 175 but max is 0
[  619.036078][ T8800] FAULT_INJECTION: forcing a failure.
[  619.036078][ T8800] name failslab, interval 1, probability 0, space 0, times 0
[  619.057960][ T6017] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  619.070319][ T6017] usb 4-1: config 0 has no interface number 0
[  619.081093][ T6017] usb 4-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C
[  619.092906][ T6017] usb 4-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 10
[  619.104283][ T6017] usb 4-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  619.114801][ T8800] CPU: 0 UID: 0 PID: 8800 Comm: syz.0.816 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  619.114830][ T8800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  619.114843][ T8800] Call Trace:
[  619.114851][ T8800]  <TASK>
[  619.114859][ T8800]  dump_stack_lvl+0x189/0x250
[  619.114895][ T8800]  ? __pfx____ratelimit+0x10/0x10
[  619.114916][ T8800]  ? __pfx_dump_stack_lvl+0x10/0x10
[  619.114945][ T8800]  ? __pfx__printk+0x10/0x10
[  619.114980][ T8800]  ? __pfx___might_resched+0x10/0x10
[  619.115005][ T8800]  ? fs_reclaim_acquire+0x7d/0x100
[  619.115033][ T8800]  should_fail_ex+0x414/0x560
[  619.115071][ T8800]  should_failslab+0xa8/0x100
[  619.115093][ T8800]  __kmalloc_cache_noprof+0x70/0x3d0
[  619.115124][ T8800]  ? n_hdlc_tty_open+0x8c/0x460
[  619.115152][ T8800]  n_hdlc_tty_open+0x8c/0x460
[  619.115174][ T8800]  ? up_write+0x1c4/0x420
[  619.115207][ T8800]  tty_ldisc_open+0x9e/0x100
[  619.115240][ T8800]  tty_set_ldisc+0x373/0x560
[  619.115268][ T8800]  tty_ioctl+0xc38/0xde0
[  619.115292][ T8800]  ? __pfx_tty_ioctl+0x10/0x10
[  619.115315][ T8800]  __se_sys_ioctl+0xfc/0x170
[  619.115340][ T8800]  do_syscall_64+0xfa/0x3b0
[  619.115361][ T8800]  ? lockdep_hardirqs_on+0x9c/0x150
[  619.115380][ T8800]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.115399][ T8800]  ? clear_bhb_loop+0x60/0xb0
[  619.115425][ T8800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  619.115444][ T8800] RIP: 0033:0x7f75e938e929
[  619.115473][ T8800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  619.115490][ T8800] RSP: 002b:00007f75ea1ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  619.115509][ T8800] RAX: ffffffffffffffda RBX: 00007f75e95b5fa0 RCX: 00007f75e938e929
[  619.115523][ T8800] RDX: 0000200000000040 RSI: 0000000000005423 RDI: 0000000000000005
[  619.115536][ T8800] RBP: 00007f75ea1ac090 R08: 0000000000000000 R09: 0000000000000000
[  619.115548][ T8800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  619.115559][ T8800] R13: 0000000000000000 R14: 00007f75e95b5fa0 R15: 00007ffecdf05e08
[  619.115591][ T8800]  </TASK>
[  619.115599][ T8800] n_hdlc_tty_open: n_hdlc_alloc failed
[  619.339257][  T982] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  619.346970][ T6017] usb 4-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  619.372135][ T6017] usb 4-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b
[  619.381472][ T6017] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.394785][ T6017] usb 4-1: Product: syz
[  619.399051][ T6017] usb 4-1: Manufacturer: syz
[  619.403708][ T6017] usb 4-1: SerialNumber: syz
[  619.415123][ T6017] usb 4-1: config 0 descriptor??
[  619.423557][ T6017] symbolserial 4-1:0.175: symbol converter detected
[  619.448371][ T6017] usb 4-1: symbol converter now attached to ttyUSB0
[  619.518014][  T982] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 52, changing to 7
[  619.534772][  T982] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 9272, setting to 1024
[  619.564782][  T982] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  619.587101][  T982] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  619.615020][  T982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  619.625168][  T982] usb 2-1: SerialNumber: syz
[  619.625997][   T24] usb 4-1: USB disconnect, device number 24
[  619.644585][   T24] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0
[  619.672194][   T24] symbolserial 4-1:0.175: device disconnected
[  619.832947][ T8843] netlink: 'syz.2.830': attribute type 29 has an invalid length.
[  620.099126][ T8850] FAULT_INJECTION: forcing a failure.
[  620.099126][ T8850] name failslab, interval 1, probability 0, space 0, times 0
[  620.112223][ T8850] CPU: 1 UID: 0 PID: 8850 Comm: syz.0.833 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  620.112253][ T8850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  620.112266][ T8850] Call Trace:
[  620.112275][ T8850]  <TASK>
[  620.112285][ T8850]  dump_stack_lvl+0x189/0x250
[  620.112319][ T8850]  ? __pfx____ratelimit+0x10/0x10
[  620.112341][ T8850]  ? __pfx_dump_stack_lvl+0x10/0x10
[  620.112372][ T8850]  ? __pfx__printk+0x10/0x10
[  620.112411][ T8850]  ? __lock_acquire+0xab9/0xd20
[  620.112440][ T8850]  should_fail_ex+0x414/0x560
[  620.112478][ T8850]  should_failslab+0xa8/0x100
[  620.112501][ T8850]  kmem_cache_alloc_noprof+0x73/0x3c0
[  620.112533][ T8850]  ? dst_alloc+0x105/0x170
[  620.112567][ T8850]  dst_alloc+0x105/0x170
[  620.112600][ T8850]  ip_route_input_rcu+0x1ed5/0x2ff0
[  620.112640][ T8850]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  620.112675][ T8850]  ? __pfx_ip_route_input_rcu+0x10/0x10
[  620.112730][ T8850]  ? ipt_do_table+0x13dd/0x1640
[  620.112750][ T8850]  ? lockdep_hardirqs_on+0x9c/0x150
[  620.112776][ T8850]  ? ip_route_input_noref+0x98/0x250
[  620.112806][ T8850]  ip_route_input_noref+0x167/0x250
[  620.112838][ T8850]  ? __pfx_ip_route_input_noref+0x10/0x10
[  620.112882][ T8850]  ? ipt_do_table+0x2a3/0x1640
[  620.112902][ T8850]  ? __pfx_ipt_do_table+0x10/0x10
[  620.112927][ T8850]  ip_rcv_finish_core+0x5af/0x1c00
[  620.112964][ T8850]  ip_rcv_finish+0x14c/0x2f0
[  620.112989][ T8850]  NF_HOOK+0x30c/0x3a0
[  620.113012][ T8850]  ? __pfx_ip_rcv_finish+0x10/0x10
[  620.113032][ T8850]  ? NF_HOOK+0x9a/0x3a0
[  620.113051][ T8850]  ? __pfx_NF_HOOK+0x10/0x10
[  620.113068][ T8850]  ? ip_rcv_core+0x7f7/0xd00
[  620.113091][ T8850]  ? __pfx_ip_rcv_finish+0x10/0x10
[  620.113122][ T8850]  ? __pfx_ip_rcv+0x10/0x10
[  620.113141][ T8850]  __netif_receive_skb+0x143/0x380
[  620.113180][ T8850]  ? netif_receive_skb+0x115/0x790
[  620.113212][ T8850]  netif_receive_skb+0x1cb/0x790
[  620.113255][ T8850]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  620.113278][ T8850]  ? _copy_from_iter+0x24c/0x16f0
[  620.113302][ T8850]  ? __pfx_netif_receive_skb+0x10/0x10
[  620.113332][ T8850]  ? skb_partial_csum_set+0x107/0x360
[  620.113357][ T8850]  ? tun_rx_batched+0x160/0x730
[  620.113387][ T8850]  tun_rx_batched+0x1b9/0x730
[  620.113411][ T8850]  ? __lock_acquire+0xab9/0xd20
[  620.113438][ T8850]  ? __pfx_tun_rx_batched+0x10/0x10
[  620.113468][ T8850]  ? tun_get_user+0x266c/0x3e20
[  620.113509][ T8850]  tun_get_user+0x2aa2/0x3e20
[  620.113549][ T8850]  ? tun_get_user+0x266c/0x3e20
[  620.113574][ T8850]  ? aa_file_perm+0x13e/0x11b0
[  620.113599][ T8850]  ? aa_file_perm+0x3ed/0x11b0
[  620.113625][ T8850]  ? __pfx_tun_get_user+0x10/0x10
[  620.113651][ T8850]  ? _parse_integer_limit+0x1ae/0x1f0
[  620.113683][ T8850]  ? __lock_acquire+0xab9/0xd20
[  620.113712][ T8850]  ? ref_tracker_alloc+0x318/0x460
[  620.113729][ T8850]  ? __lock_acquire+0xab9/0xd20
[  620.113754][ T8850]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  620.113781][ T8850]  ? tun_get+0x1c/0x2f0
[  620.113813][ T8850]  ? tun_get+0x1c/0x2f0
[  620.113836][ T8850]  ? tun_get+0x1c/0x2f0
[  620.113874][ T8850]  tun_chr_write_iter+0x113/0x200
[  620.113903][ T8850]  vfs_write+0x54b/0xa90
[  620.113931][ T8850]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  620.113958][ T8850]  ? __pfx_vfs_write+0x10/0x10
[  620.114010][ T8850]  ? __fget_files+0x2a/0x420
[  620.114047][ T8850]  ksys_write+0x145/0x250
[  620.114073][ T8850]  ? __pfx_ksys_write+0x10/0x10
[  620.114094][ T8850]  ? rcu_is_watching+0x15/0xb0
[  620.114127][ T8850]  ? do_syscall_64+0xbe/0x3b0
[  620.114154][ T8850]  do_syscall_64+0xfa/0x3b0
[  620.114175][ T8850]  ? lockdep_hardirqs_on+0x9c/0x150
[  620.114195][ T8850]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.114216][ T8850]  ? clear_bhb_loop+0x60/0xb0
[  620.114249][ T8850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  620.114270][ T8850] RIP: 0033:0x7f75e938e929
[  620.114290][ T8850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  620.114308][ T8850] RSP: 002b:00007f75ea1ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  620.114330][ T8850] RAX: ffffffffffffffda RBX: 00007f75e95b5fa0 RCX: 00007f75e938e929
[  620.114345][ T8850] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  620.114359][ T8850] RBP: 00007f75ea1ac090 R08: 0000000000000000 R09: 0000000000000000
[  620.114371][ T8850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  620.114383][ T8850] R13: 0000000000000000 R14: 00007f75e95b5fa0 R15: 00007ffecdf05e08
[  620.114416][ T8850]  </TASK>
[  621.780726][  T982] usbtest 2-1:1.0: Linux user mode ISO test driver
[  621.790052][  T982] usbtest 2-1:1.0: high-speed {control bulk-in iso-out} tests (+alt)
[  621.808370][  T982] usb 2-1: USB disconnect, device number 33
[  621.950537][ T8873] netlink: 'syz.2.840': attribute type 29 has an invalid length.
[  622.063241][ T8879] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  622.544851][   T43] usb 3-1: new full-speed USB device number 38 using dummy_hcd
[  622.728783][   T43] usb 3-1: config 255 has an invalid interface number: 75 but max is 0
[  622.744775][   T43] usb 3-1: config 255 has no interface number 0
[  622.761337][   T43] usb 3-1: config 255 interface 75 altsetting 123 endpoint 0x9 has invalid maxpacket 512, setting to 64
[  622.794388][   T43] usb 3-1: config 255 interface 75 has no altsetting 0
[  622.830920][   T43] usb 3-1: New USB device found, idVendor=06e1, idProduct=a334, bcdDevice= 3.9d
[  622.854772][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.873045][   T43] usb 3-1: Product: syz
[  622.877620][   T43] usb 3-1: Manufacturer: syz
[  622.882258][   T43] usb 3-1: SerialNumber: syz
[  622.908719][ T8884] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  623.139254][ T8884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  623.161311][ T8884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  623.211380][ T8905] netlink: 'syz.0.853': attribute type 29 has an invalid length.
[  623.369668][ T5916] Bluetooth: hci1: unexpected event for opcode 0xbfcc
[  623.602558][   T43] dvb-usb: found a 'KWorld/ADSTech Instant DVB-T USB2.0' in warm state.
[  623.623429][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  623.653384][   T43] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  623.680578][   T43] dvbdev: DVB: registering new adapter (KWorld/ADSTech Instant DVB-T USB2.0)
[  623.710992][   T43] usb 3-1: media controller created
[  623.730575][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  623.767984][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  623.781707][   T43] dvb-usb: no frontend was attached by 'KWorld/ADSTech Instant DVB-T USB2.0'
[  623.809452][   T43] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input15
[  623.839267][   T43] dvb-usb: schedule remote query interval to 150 msecs.
[  623.855944][   T43] dvb-usb: KWorld/ADSTech Instant DVB-T USB2.0 successfully initialized and connected.
[  623.890137][   T43] usb 3-1: USB disconnect, device number 38
[  623.930481][   T43] dvb-usb: KWorld/ADSTech Instant DVB-T USB2.0 successfully deinitialized and disconnected.
[  623.976344][ T5916] Bluetooth: hci4: command 0xfc11 tx timeout
[  623.983787][ T5911] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  623.997574][ T8872] FAULT_INJECTION: forcing a failure.
[  623.997574][ T8872] name failslab, interval 1, probability 0, space 0, times 0
[  624.010498][   T10] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  624.015405][ T8872] CPU: 1 UID: 0 PID: 8872 Comm: syz.3.841 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  624.015441][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  624.015457][ T8872] Call Trace:
[  624.015467][ T8872]  <TASK>
[  624.015477][ T8872]  dump_stack_lvl+0x189/0x250
[  624.015518][ T8872]  ? __pfx____ratelimit+0x10/0x10
[  624.015543][ T8872]  ? __pfx_dump_stack_lvl+0x10/0x10
[  624.015575][ T8872]  ? __pfx__printk+0x10/0x10
[  624.015617][ T8872]  ? __pfx___might_resched+0x10/0x10
[  624.015646][ T8872]  ? fs_reclaim_acquire+0x7d/0x100
[  624.015677][ T8872]  should_fail_ex+0x414/0x560
[  624.015720][ T8872]  should_failslab+0xa8/0x100
[  624.015745][ T8872]  __kmalloc_noprof+0xcb/0x4f0
[  624.015780][ T8872]  ? n_hdlc_alloc_buf+0x83/0x210
[  624.015823][ T8872]  n_hdlc_alloc_buf+0x83/0x210
[  624.015856][ T8872]  ? __raw_spin_lock_init+0x45/0x100
[  624.015896][ T8872]  n_hdlc_tty_open+0x263/0x460
[  624.015930][ T8872]  tty_ldisc_open+0x9e/0x100
[  624.015960][ T8872]  tty_set_ldisc+0x373/0x560
[  624.015991][ T8872]  tty_ioctl+0xc38/0xde0
[  624.016019][ T8872]  ? __pfx_tty_ioctl+0x10/0x10
[  624.016045][ T8872]  __se_sys_ioctl+0xfc/0x170
[  624.016072][ T8872]  do_syscall_64+0xfa/0x3b0
[  624.016097][ T8872]  ? lockdep_hardirqs_on+0x9c/0x150
[  624.016119][ T8872]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.016142][ T8872]  ? clear_bhb_loop+0x60/0xb0
[  624.016171][ T8872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.016194][ T8872] RIP: 0033:0x7f90ff98e929
[  624.016215][ T8872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  624.016235][ T8872] RSP: 002b:00007f91007a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  624.016259][ T8872] RAX: ffffffffffffffda RBX: 00007f90ffbb5fa0 RCX: 00007f90ff98e929
[  624.016276][ T8872] RDX: 0000200000000040 RSI: 0000000000005423 RDI: 0000000000000005
[  624.016292][ T8872] RBP: 00007f91007a5090 R08: 0000000000000000 R09: 0000000000000000
[  624.016305][ T8872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  624.016319][ T8872] R13: 0000000000000000 R14: 00007f90ffbb5fa0 R15: 00007ffdd3527528
[  624.016356][ T8872]  </TASK>
[  624.405654][   T10] usb 1-1: Using ep0 maxpacket: 16
[  624.414339][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  624.423966][   T10] usb 1-1: config 1 has an invalid descriptor of length 240, skipping remainder of the config
[  624.445499][   T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  624.466673][   T10] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  624.486657][ T8933] FAULT_INJECTION: forcing a failure.
[  624.486657][ T8933] name failslab, interval 1, probability 0, space 0, times 0
[  624.499454][ T8933] CPU: 0 UID: 0 PID: 8933 Comm: syz.2.858 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  624.499484][ T8933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  624.499495][ T8933] Call Trace:
[  624.499501][ T8933]  <TASK>
[  624.499508][ T8933]  dump_stack_lvl+0x189/0x250
[  624.499538][ T8933]  ? __pfx____ratelimit+0x10/0x10
[  624.499556][ T8933]  ? __pfx_dump_stack_lvl+0x10/0x10
[  624.499580][ T8933]  ? __pfx__printk+0x10/0x10
[  624.499606][ T8933]  ? sk_filter_trim_cap+0x199/0xa70
[  624.499637][ T8933]  should_fail_ex+0x414/0x560
[  624.499667][ T8933]  should_failslab+0xa8/0x100
[  624.499686][ T8933]  kmem_cache_alloc_noprof+0x73/0x3c0
[  624.499717][ T8933]  ? sctp_chunkify+0x59/0x230
[  624.499738][ T8933]  sctp_chunkify+0x59/0x230
[  624.499757][ T8933]  sctp_rcv+0x101b/0x2490
[  624.499776][ T8933]  ? raw_local_deliver+0x30d/0xe90
[  624.499812][ T8933]  ? __pfx_sctp_rcv+0x10/0x10
[  624.499831][ T8933]  ? raw_local_deliver+0xd88/0xe90
[  624.499858][ T8933]  ? __lock_acquire+0xab9/0xd20
[  624.499882][ T8933]  ? raw_local_deliver+0x30d/0xe90
[  624.499910][ T8933]  ? __pfx_sctp4_rcv+0x10/0x10
[  624.499926][ T8933]  ip_protocol_deliver_rcu+0x2dd/0x440
[  624.499945][ T8933]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  624.499964][ T8933]  ip_local_deliver_finish+0x3bb/0x6f0
[  624.499987][ T8933]  NF_HOOK+0x30c/0x3a0
[  624.500005][ T8933]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  624.500022][ T8933]  ? NF_HOOK+0x9a/0x3a0
[  624.500037][ T8933]  ? __pfx_NF_HOOK+0x10/0x10
[  624.500051][ T8933]  ? ip_rcv_finish_core+0xda3/0x1c00
[  624.500071][ T8933]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  624.500090][ T8933]  ? skb_dst+0x4f/0xd0
[  624.500106][ T8933]  ? ip_local_deliver+0x12a/0x1b0
[  624.500126][ T8933]  NF_HOOK+0x30c/0x3a0
[  624.500144][ T8933]  ? __pfx_ip_rcv_finish+0x10/0x10
[  624.500160][ T8933]  ? NF_HOOK+0x9a/0x3a0
[  624.500175][ T8933]  ? __pfx_NF_HOOK+0x10/0x10
[  624.500189][ T8933]  ? ip_rcv_core+0x7f7/0xd00
[  624.500208][ T8933]  ? __pfx_ip_rcv_finish+0x10/0x10
[  624.500232][ T8933]  ? __pfx_ip_rcv+0x10/0x10
[  624.500247][ T8933]  __netif_receive_skb+0x143/0x380
[  624.500278][ T8933]  ? netif_receive_skb+0x115/0x790
[  624.500303][ T8933]  netif_receive_skb+0x1cb/0x790
[  624.500328][ T8933]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  624.500366][ T8933]  ? _copy_from_iter+0x24c/0x16f0
[  624.500386][ T8933]  ? __pfx_netif_receive_skb+0x10/0x10
[  624.500411][ T8933]  ? skb_partial_csum_set+0x107/0x360
[  624.500433][ T8933]  ? tun_rx_batched+0x160/0x730
[  624.500458][ T8933]  tun_rx_batched+0x1b9/0x730
[  624.500478][ T8933]  ? __lock_acquire+0xab9/0xd20
[  624.500500][ T8933]  ? __pfx_tun_rx_batched+0x10/0x10
[  624.500525][ T8933]  ? tun_get_user+0x266c/0x3e20
[  624.500557][ T8933]  tun_get_user+0x2aa2/0x3e20
[  624.500589][ T8933]  ? tun_get_user+0x266c/0x3e20
[  624.500610][ T8933]  ? aa_file_perm+0x13e/0x11b0
[  624.500634][ T8933]  ? aa_file_perm+0x3ed/0x11b0
[  624.500655][ T8933]  ? __pfx_tun_get_user+0x10/0x10
[  624.500676][ T8933]  ? _parse_integer_limit+0x1ae/0x1f0
[  624.500713][ T8933]  ? __lock_acquire+0xab9/0xd20
[  624.500741][ T8933]  ? ref_tracker_alloc+0x318/0x460
[  624.500756][ T8933]  ? __lock_acquire+0xab9/0xd20
[  624.500776][ T8933]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  624.500798][ T8933]  ? tun_get+0x1c/0x2f0
[  624.500823][ T8933]  ? tun_get+0x1c/0x2f0
[  624.500843][ T8933]  ? tun_get+0x1c/0x2f0
[  624.500868][ T8933]  tun_chr_write_iter+0x113/0x200
[  624.500892][ T8933]  vfs_write+0x54b/0xa90
[  624.500915][ T8933]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  624.500936][ T8933]  ? __pfx_vfs_write+0x10/0x10
[  624.500963][ T8933]  ? __fget_files+0x2a/0x420
[  624.500993][ T8933]  ksys_write+0x145/0x250
[  624.501014][ T8933]  ? __pfx_ksys_write+0x10/0x10
[  624.501030][ T8933]  ? rcu_is_watching+0x15/0xb0
[  624.501056][ T8933]  ? do_syscall_64+0xbe/0x3b0
[  624.501076][ T8933]  do_syscall_64+0xfa/0x3b0
[  624.501093][ T8933]  ? lockdep_hardirqs_on+0x9c/0x150
[  624.501109][ T8933]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.501125][ T8933]  ? clear_bhb_loop+0x60/0xb0
[  624.501145][ T8933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.501161][ T8933] RIP: 0033:0x7fd96f38e929
[  624.501177][ T8933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  624.501192][ T8933] RSP: 002b:00007fd970218038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  624.501210][ T8933] RAX: ffffffffffffffda RBX: 00007fd96f5b5fa0 RCX: 00007fd96f38e929
[  624.501222][ T8933] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  624.501232][ T8933] RBP: 00007fd970218090 R08: 0000000000000000 R09: 0000000000000000
[  624.501243][ T8933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.501257][ T8933] R13: 0000000000000000 R14: 00007fd96f5b5fa0 R15: 00007ffecd607198
[  624.501283][ T8933]  </TASK>
[  625.030812][   T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  625.040015][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.048195][   T10] usb 1-1: Product: syz
[  625.052935][   T10] usb 1-1: Manufacturer: syz
[  625.058142][   T10] usb 1-1: SerialNumber: syz
[  625.221268][ T8941] netlink: 'syz.1.862': attribute type 29 has an invalid length.
[  625.331241][   T10] cdc_ncm 1-1:1.0: skipping garbage
[  625.341137][   T10] cdc_ncm 1-1:1.0: skipping garbage
[  625.350642][   T10] cdc_ncm 1-1:1.0: skipping garbage
[  625.355946][   T10] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found
[  625.363226][   T10] cdc_ncm 1-1:1.0: bind() failure
[  625.377011][   T10] usb 1-1: USB disconnect, device number 41
[  625.389739][ T8944] vxfs: WRONG superblock magic 00000000 at 1
[  625.418617][ T8944] vxfs: WRONG superblock magic 00000000 at 8
[  625.454873][ T8944] vxfs: can't find superblock.
[  625.774687][ T8954] syz.2.865: attempt to access beyond end of device
[  625.774687][ T8954] loop2: rw=2048, sector=0, nr_sectors = 8 limit=0
[  625.803775][ T8954] SQUASHFS error: Failed to read block 0x0: -5
[  625.814895][ T8954] unable to read squashfs_super_block
[  626.060347][ T8968] syz.2.870: attempt to access beyond end of device
[  626.060347][ T8968] loop2: rw=0, sector=2, nr_sectors = 1 limit=0
[  626.127921][ T8968] hfs: can't find a HFS filesystem on dev loop2
[  626.268506][ T8971] FAULT_INJECTION: forcing a failure.
[  626.268506][ T8971] name failslab, interval 1, probability 0, space 0, times 0
[  626.281605][ T8971] CPU: 0 UID: 0 PID: 8971 Comm: syz.3.872 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  626.281629][ T8971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  626.281640][ T8971] Call Trace:
[  626.281648][ T8971]  <TASK>
[  626.281654][ T8971]  dump_stack_lvl+0x189/0x250
[  626.281685][ T8971]  ? __pfx____ratelimit+0x10/0x10
[  626.281702][ T8971]  ? __pfx_dump_stack_lvl+0x10/0x10
[  626.281726][ T8971]  ? __pfx__printk+0x10/0x10
[  626.281762][ T8971]  should_fail_ex+0x414/0x560
[  626.281793][ T8971]  should_failslab+0xa8/0x100
[  626.281811][ T8971]  __kmalloc_cache_noprof+0x70/0x3d0
[  626.281838][ T8971]  ? sctp_transport_new+0x7e/0x640
[  626.281865][ T8971]  sctp_transport_new+0x7e/0x640
[  626.281893][ T8971]  sctp_ootb_pkt_new+0x1c1/0x3c0
[  626.281921][ T8971]  sctp_sf_tabort_8_4_8+0x30/0x3f0
[  626.281943][ T8971]  sctp_sf_do_5_1B_init+0x484/0xe20
[  626.281958][ T8971]  ? unwind_get_return_address+0x4d/0x90
[  626.281987][ T8971]  ? __pfx_sctp_sf_do_5_1B_init+0x10/0x10
[  626.282013][ T8971]  sctp_do_sm+0x1e7/0x5a20
[  626.282035][ T8971]  ? __pfx_sctp_cname+0x10/0x10
[  626.282058][ T8971]  ? stack_depot_save_flags+0x40/0x900
[  626.282084][ T8971]  ? netif_receive_skb+0x161/0x790
[  626.282108][ T8971]  ? tun_get_user+0x2aa2/0x3e20
[  626.282135][ T8971]  ? kasan_save_track+0x4f/0x80
[  626.282157][ T8971]  ? kasan_save_track+0x3e/0x80
[  626.282181][ T8971]  ? __pfx_sctp_do_sm+0x10/0x10
[  626.282203][ T8971]  ? ip_protocol_deliver_rcu+0x2dd/0x440
[  626.282226][ T8971]  ? ip_local_deliver_finish+0x3bb/0x6f0
[  626.282243][ T8971]  ? NF_HOOK+0x30c/0x3a0
[  626.282257][ T8971]  ? NF_HOOK+0x30c/0x3a0
[  626.282271][ T8971]  ? __netif_receive_skb+0x143/0x380
[  626.282331][ T8971]  ? sctp_inq_pop+0xc46/0x1010
[  626.282355][ T8971]  ? sctp_auth_recv_cid+0x75/0x230
[  626.282374][ T8971]  sctp_endpoint_bh_rcv+0x591/0x7e0
[  626.282405][ T8971]  sctp_rcv+0x1ca6/0x2490
[  626.282424][ T8971]  ? raw_local_deliver+0x30d/0xe90
[  626.282463][ T8971]  ? __pfx_sctp_rcv+0x10/0x10
[  626.282481][ T8971]  ? raw_local_deliver+0xd88/0xe90
[  626.282508][ T8971]  ? __lock_acquire+0xab9/0xd20
[  626.282531][ T8971]  ? raw_local_deliver+0x30d/0xe90
[  626.282559][ T8971]  ? __pfx_sctp4_rcv+0x10/0x10
[  626.282575][ T8971]  ip_protocol_deliver_rcu+0x2dd/0x440
[  626.282596][ T8971]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  626.282618][ T8971]  ip_local_deliver_finish+0x3bb/0x6f0
[  626.282642][ T8971]  NF_HOOK+0x30c/0x3a0
[  626.282660][ T8971]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  626.282677][ T8971]  ? NF_HOOK+0x9a/0x3a0
[  626.282692][ T8971]  ? __pfx_NF_HOOK+0x10/0x10
[  626.282706][ T8971]  ? ip_rcv_finish_core+0xda3/0x1c00
[  626.282726][ T8971]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  626.282744][ T8971]  ? skb_dst+0x4f/0xd0
[  626.282761][ T8971]  ? ip_local_deliver+0x12a/0x1b0
[  626.282781][ T8971]  NF_HOOK+0x30c/0x3a0
[  626.282799][ T8971]  ? __pfx_ip_rcv_finish+0x10/0x10
[  626.282814][ T8971]  ? NF_HOOK+0x9a/0x3a0
[  626.282830][ T8971]  ? __pfx_NF_HOOK+0x10/0x10
[  626.282845][ T8971]  ? ip_rcv_core+0x7f7/0xd00
[  626.282862][ T8971]  ? __pfx_ip_rcv_finish+0x10/0x10
[  626.282886][ T8971]  ? __pfx_ip_rcv+0x10/0x10
[  626.282901][ T8971]  __netif_receive_skb+0x143/0x380
[  626.282932][ T8971]  ? netif_receive_skb+0x115/0x790
[  626.282957][ T8971]  netif_receive_skb+0x1cb/0x790
[  626.282981][ T8971]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  626.283001][ T8971]  ? _copy_from_iter+0x24c/0x16f0
[  626.283021][ T8971]  ? __pfx_netif_receive_skb+0x10/0x10
[  626.283046][ T8971]  ? skb_partial_csum_set+0x107/0x360
[  626.283067][ T8971]  ? tun_rx_batched+0x160/0x730
[  626.283090][ T8971]  tun_rx_batched+0x1b9/0x730
[  626.283111][ T8971]  ? __lock_acquire+0xab9/0xd20
[  626.283133][ T8971]  ? __pfx_tun_rx_batched+0x10/0x10
[  626.283158][ T8971]  ? tun_get_user+0x266c/0x3e20
[  626.283191][ T8971]  tun_get_user+0x2aa2/0x3e20
[  626.283229][ T8971]  ? tun_get_user+0x266c/0x3e20
[  626.283258][ T8971]  ? aa_file_perm+0x13e/0x11b0
[  626.283281][ T8971]  ? aa_file_perm+0x3ed/0x11b0
[  626.283303][ T8971]  ? __pfx_tun_get_user+0x10/0x10
[  626.283323][ T8971]  ? _parse_integer_limit+0x1ae/0x1f0
[  626.283349][ T8971]  ? __lock_acquire+0xab9/0xd20
[  626.283372][ T8971]  ? ref_tracker_alloc+0x318/0x460
[  626.283387][ T8971]  ? __lock_acquire+0xab9/0xd20
[  626.283407][ T8971]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  626.283429][ T8971]  ? tun_get+0x1c/0x2f0
[  626.283454][ T8971]  ? tun_get+0x1c/0x2f0
[  626.283476][ T8971]  ? tun_get+0x1c/0x2f0
[  626.283501][ T8971]  tun_chr_write_iter+0x113/0x200
[  626.283525][ T8971]  vfs_write+0x54b/0xa90
[  626.283547][ T8971]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  626.283568][ T8971]  ? __pfx_vfs_write+0x10/0x10
[  626.283596][ T8971]  ? __fget_files+0x2a/0x420
[  626.283625][ T8971]  ksys_write+0x145/0x250
[  626.283645][ T8971]  ? __pfx_ksys_write+0x10/0x10
[  626.283661][ T8971]  ? rcu_is_watching+0x15/0xb0
[  626.283688][ T8971]  ? do_syscall_64+0xbe/0x3b0
[  626.283709][ T8971]  do_syscall_64+0xfa/0x3b0
[  626.283726][ T8971]  ? lockdep_hardirqs_on+0x9c/0x150
[  626.283742][ T8971]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.283758][ T8971]  ? clear_bhb_loop+0x60/0xb0
[  626.283778][ T8971]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.283794][ T8971] RIP: 0033:0x7f90ff98e929
[  626.283810][ T8971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  626.283824][ T8971] RSP: 002b:00007f91007a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  626.283842][ T8971] RAX: ffffffffffffffda RBX: 00007f90ffbb5fa0 RCX: 00007f90ff98e929
[  626.283854][ T8971] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  626.283865][ T8971] RBP: 00007f91007a5090 R08: 0000000000000000 R09: 0000000000000000
[  626.283876][ T8971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  626.283885][ T8971] R13: 0000000000000000 R14: 00007f90ffbb5fa0 R15: 00007ffdd3527528
[  626.283911][ T8971]  </TASK>
[  626.873172][ T8975] gfs2: gfs2 mount does not exist
[  626.879511][ T8975] gfs2: gfs2 mount does not exist
[  626.991570][ T8977] netlink: 'syz.2.874': attribute type 29 has an invalid length.
[  627.216019][ T8983] Mount JFS Failure: -22
[  627.370592][   T30] audit: type=1326 audit(1752701271.744:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8984 comm="syz.3.877" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f90ff98e929 code=0x0
[  627.392165][    C1] vkms_vblank_simulate: vblank timer overrun
[  627.604888][   T24] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[  627.760919][   T24] usb 3-1: config 255 has an invalid interface number: 75 but max is 0
[  627.771735][   T24] usb 3-1: config 255 has no interface number 0
[  627.779611][   T24] usb 3-1: config 255 interface 75 altsetting 123 endpoint 0x9 has invalid maxpacket 512, setting to 64
[  627.797501][   T24] usb 3-1: config 255 interface 75 has no altsetting 0
[  627.812773][   T24] usb 3-1: New USB device found, idVendor=06e1, idProduct=a334, bcdDevice= 3.9d
[  627.831601][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.842859][   T24] usb 3-1: Product: syz
[  627.848075][   T24] usb 3-1: Manufacturer: syz
[  627.852960][   T24] usb 3-1: SerialNumber: syz
[  627.871805][ T8987] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  628.136628][ T5916] Bluetooth: hci4: command 0xfc11 tx timeout
[  628.143067][ T5911] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  628.171075][ T8966] FAULT_INJECTION: forcing a failure.
[  628.171075][ T8966] name failslab, interval 1, probability 0, space 0, times 0
[  628.235038][ T8966] CPU: 0 UID: 0 PID: 8966 Comm: syz.1.869 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  628.235070][ T8966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  628.235083][ T8966] Call Trace:
[  628.235091][ T8966]  <TASK>
[  628.235100][ T8966]  dump_stack_lvl+0x189/0x250
[  628.235135][ T8966]  ? __pfx____ratelimit+0x10/0x10
[  628.235157][ T8966]  ? __pfx_dump_stack_lvl+0x10/0x10
[  628.235186][ T8966]  ? __pfx__printk+0x10/0x10
[  628.235223][ T8966]  ? __pfx___might_resched+0x10/0x10
[  628.235248][ T8966]  ? fs_reclaim_acquire+0x7d/0x100
[  628.235276][ T8966]  should_fail_ex+0x414/0x560
[  628.235315][ T8966]  should_failslab+0xa8/0x100
[  628.235337][ T8966]  __kmalloc_noprof+0xcb/0x4f0
[  628.235367][ T8966]  ? n_hdlc_alloc_buf+0x83/0x210
[  628.235398][ T8966]  n_hdlc_alloc_buf+0x83/0x210
[  628.235433][ T8966]  n_hdlc_tty_open+0x263/0x460
[  628.235464][ T8966]  tty_ldisc_open+0x9e/0x100
[  628.235489][ T8966]  tty_set_ldisc+0x373/0x560
[  628.235518][ T8966]  tty_ioctl+0xc38/0xde0
[  628.235542][ T8966]  ? __pfx_tty_ioctl+0x10/0x10
[  628.235566][ T8966]  __se_sys_ioctl+0xfc/0x170
[  628.235591][ T8966]  do_syscall_64+0xfa/0x3b0
[  628.235612][ T8966]  ? lockdep_hardirqs_on+0x9c/0x150
[  628.235632][ T8966]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.235653][ T8966]  ? clear_bhb_loop+0x60/0xb0
[  628.235678][ T8966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  628.235699][ T8966] RIP: 0033:0x7fdca278e929
[  628.235716][ T8966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  628.235735][ T8966] RSP: 002b:00007fdca35bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  628.235756][ T8966] RAX: ffffffffffffffda RBX: 00007fdca29b5fa0 RCX: 00007fdca278e929
[  628.235771][ T8966] RDX: 0000200000000040 RSI: 0000000000005423 RDI: 0000000000000005
[  628.235784][ T8966] RBP: 00007fdca35bb090 R08: 0000000000000000 R09: 0000000000000000
[  628.235796][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  628.235808][ T8966] R13: 0000000000000000 R14: 00007fdca29b5fa0 R15: 00007ffdac0f26a8
[  628.235842][ T8966]  </TASK>
[  628.554377][   T24] dvb-usb: found a 'KWorld/ADSTech Instant DVB-T USB2.0' in warm state.
[  628.634909][   T24] dvb-usb: bulk message failed: -22 (3/0)
[  628.653948][   T24] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  628.669855][ T9001] netlink: 'syz.3.883': attribute type 29 has an invalid length.
[  628.688877][   T24] dvbdev: DVB: registering new adapter (KWorld/ADSTech Instant DVB-T USB2.0)
[  628.711360][   T24] usb 3-1: media controller created
[  628.732247][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  628.756549][ T5945] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  628.775896][   T24] dvb-usb: bulk message failed: -22 (6/0)
[  628.781781][   T24] dvb-usb: no frontend was attached by 'KWorld/ADSTech Instant DVB-T USB2.0'
[  628.812730][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input16
[  628.847261][   T24] dvb-usb: schedule remote query interval to 150 msecs.
[  628.854276][   T24] dvb-usb: KWorld/ADSTech Instant DVB-T USB2.0 successfully initialized and connected.
[  628.905147][   T24] usb 3-1: USB disconnect, device number 39
[  628.914935][ T5945] usb 1-1: Using ep0 maxpacket: 16
[  628.930104][ T5945] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  628.951069][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.981526][ T5945] usb 1-1: Product: syz
[  629.001759][ T5945] usb 1-1: Manufacturer: syz
[  629.007428][ T9008] FAULT_INJECTION: forcing a failure.
[  629.007428][ T9008] name failslab, interval 1, probability 0, space 0, times 0
[  629.017477][   T24] dvb-usb: KWorld/ADSTech Instant DVB-T USB2.0 successfully deinitialized and disconnected.
[  629.020264][ T9008] CPU: 0 UID: 0 PID: 9008 Comm: syz.1.885 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  629.020295][ T9008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  629.020313][ T9008] Call Trace:
[  629.020323][ T9008]  <TASK>
[  629.020334][ T9008]  dump_stack_lvl+0x189/0x250
[  629.020373][ T9008]  ? __pfx____ratelimit+0x10/0x10
[  629.020398][ T9008]  ? __pfx_dump_stack_lvl+0x10/0x10
[  629.020431][ T9008]  ? __pfx__printk+0x10/0x10
[  629.020468][ T9008]  ? __pfx_sctp_v4_get_dst+0x10/0x10
[  629.020504][ T9008]  should_fail_ex+0x414/0x560
[  629.020546][ T9008]  should_failslab+0xa8/0x100
[  629.020572][ T9008]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  629.020608][ T9008]  ? dst_release+0x72/0x1b0
[  629.020638][ T9008]  ? __alloc_skb+0x112/0x2d0
[  629.020669][ T9008]  __alloc_skb+0x112/0x2d0
[  629.020701][ T9008]  _sctp_make_chunk+0x5e/0x430
[  629.020731][ T9008]  sctp_make_abort+0x45/0x370
[  629.020758][ T9008]  sctp_sf_tabort_8_4_8+0x58/0x3f0
[  629.020789][ T9008]  sctp_sf_do_5_1B_init+0x484/0xe20
[  629.020811][ T9008]  ? unwind_get_return_address+0x4d/0x90
[  629.020851][ T9008]  ? __pfx_sctp_sf_do_5_1B_init+0x10/0x10
[  629.020888][ T9008]  sctp_do_sm+0x1e7/0x5a20
[  629.020920][ T9008]  ? __pfx_sctp_cname+0x10/0x10
[  629.020950][ T9008]  ? stack_depot_save_flags+0x40/0x900
[  629.020984][ T9008]  ? netif_receive_skb+0x161/0x790
[  629.021017][ T9008]  ? tun_get_user+0x2aa2/0x3e20
[  629.021047][ T9008]  ? ksys_write+0x145/0x250
[  629.021078][ T9008]  ? kasan_save_track+0x4f/0x80
[  629.021108][ T9008]  ? kasan_save_track+0x3e/0x80
[  629.021141][ T9008]  ? __pfx_sctp_do_sm+0x10/0x10
[  629.021181][ T9008]  ? ip_protocol_deliver_rcu+0x2dd/0x440
[  629.021205][ T9008]  ? ip_local_deliver_finish+0x3bb/0x6f0
[  629.021226][ T9008]  ? NF_HOOK+0x30c/0x3a0
[  629.021252][ T9008]  ? NF_HOOK+0x30c/0x3a0
[  629.021271][ T9008]  ? __netif_receive_skb+0x143/0x380
[  629.021357][ T9008]  ? sctp_inq_pop+0xc46/0x1010
[  629.021392][ T9008]  ? sctp_auth_recv_cid+0x75/0x230
[  629.021419][ T9008]  sctp_endpoint_bh_rcv+0x591/0x7e0
[  629.021463][ T9008]  sctp_rcv+0x1ca6/0x2490
[  629.021490][ T9008]  ? raw_local_deliver+0x30d/0xe90
[  629.021541][ T9008]  ? __pfx_sctp_rcv+0x10/0x10
[  629.021567][ T9008]  ? raw_local_deliver+0xd88/0xe90
[  629.021607][ T9008]  ? __lock_acquire+0xab9/0xd20
[  629.021640][ T9008]  ? raw_local_deliver+0x30d/0xe90
[  629.021682][ T9008]  ? __pfx_sctp4_rcv+0x10/0x10
[  629.021706][ T9008]  ip_protocol_deliver_rcu+0x2dd/0x440
[  629.021732][ T9008]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  629.021758][ T9008]  ip_local_deliver_finish+0x3bb/0x6f0
[  629.021791][ T9008]  NF_HOOK+0x30c/0x3a0
[  629.021817][ T9008]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  629.021842][ T9008]  ? NF_HOOK+0x9a/0x3a0
[  629.021863][ T9008]  ? __pfx_NF_HOOK+0x10/0x10
[  629.021882][ T9008]  ? ip_rcv_finish_core+0xda3/0x1c00
[  629.021910][ T9008]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  629.021934][ T9008]  ? skb_dst+0x4f/0xd0
[  629.021958][ T9008]  ? ip_local_deliver+0x12a/0x1b0
[  629.021986][ T9008]  NF_HOOK+0x30c/0x3a0
[  629.022012][ T9008]  ? __pfx_ip_rcv_finish+0x10/0x10
[  629.022033][ T9008]  ? NF_HOOK+0x9a/0x3a0
[  629.022054][ T9008]  ? __pfx_NF_HOOK+0x10/0x10
[  629.022074][ T9008]  ? ip_rcv_core+0x7f7/0xd00
[  629.022098][ T9008]  ? __pfx_ip_rcv_finish+0x10/0x10
[  629.022134][ T9008]  ? __pfx_ip_rcv+0x10/0x10
[  629.022156][ T9008]  __netif_receive_skb+0x143/0x380
[  629.022206][ T9008]  ? netif_receive_skb+0x115/0x790
[  629.022240][ T9008]  netif_receive_skb+0x1cb/0x790
[  629.022274][ T9008]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  629.022301][ T9008]  ? _copy_from_iter+0x24c/0x16f0
[  629.022329][ T9008]  ? __pfx_netif_receive_skb+0x10/0x10
[  629.022364][ T9008]  ? skb_partial_csum_set+0x107/0x360
[  629.022394][ T9008]  ? tun_rx_batched+0x160/0x730
[  629.022428][ T9008]  tun_rx_batched+0x1b9/0x730
[  629.022457][ T9008]  ? __lock_acquire+0xab9/0xd20
[  629.022487][ T9008]  ? __pfx_tun_rx_batched+0x10/0x10
[  629.022522][ T9008]  ? tun_get_user+0x266c/0x3e20
[  629.022571][ T9008]  tun_get_user+0x2aa2/0x3e20
[  629.022630][ T9008]  ? tun_get_user+0x266c/0x3e20
[  629.022668][ T9008]  ? aa_file_perm+0x13e/0x11b0
[  629.022698][ T9008]  ? aa_file_perm+0x3ed/0x11b0
[  629.022727][ T9008]  ? __pfx_tun_get_user+0x10/0x10
[  629.022755][ T9008]  ? _parse_integer_limit+0x1ae/0x1f0
[  629.022790][ T9008]  ? __lock_acquire+0xab9/0xd20
[  629.022823][ T9008]  ? ref_tracker_alloc+0x318/0x460
[  629.022842][ T9008]  ? __lock_acquire+0xab9/0xd20
[  629.022870][ T9008]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  629.022900][ T9008]  ? tun_get+0x1c/0x2f0
[  629.022933][ T9008]  ? tun_get+0x1c/0x2f0
[  629.022960][ T9008]  ? tun_get+0x1c/0x2f0
[  629.022994][ T9008]  tun_chr_write_iter+0x113/0x200
[  629.023029][ T9008]  vfs_write+0x54b/0xa90
[  629.023061][ T9008]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  629.023092][ T9008]  ? __pfx_vfs_write+0x10/0x10
[  629.023130][ T9008]  ? __fget_files+0x2a/0x420
[  629.023176][ T9008]  ksys_write+0x145/0x250
[  629.023204][ T9008]  ? __pfx_ksys_write+0x10/0x10
[  629.023227][ T9008]  ? rcu_is_watching+0x15/0xb0
[  629.023262][ T9008]  ? do_syscall_64+0xbe/0x3b0
[  629.023291][ T9008]  do_syscall_64+0xfa/0x3b0
[  629.023314][ T9008]  ? lockdep_hardirqs_on+0x9c/0x150
[  629.023335][ T9008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.023358][ T9008]  ? clear_bhb_loop+0x60/0xb0
[  629.023386][ T9008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.023408][ T9008] RIP: 0033:0x7fdca278e929
[  629.023430][ T9008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  629.023449][ T9008] RSP: 002b:00007fdca35bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  629.023473][ T9008] RAX: ffffffffffffffda RBX: 00007fdca29b5fa0 RCX: 00007fdca278e929
[  629.023490][ T9008] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  629.023503][ T9008] RBP: 00007fdca35bb090 R08: 0000000000000000 R09: 0000000000000000
[  629.023517][ T9008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  629.023530][ T9008] R13: 0000000000000000 R14: 00007fdca29b5fa0 R15: 00007ffdac0f26a8
[  629.023566][ T9008]  </TASK>
[  629.635145][ T5945] usb 1-1: SerialNumber: syz
[  629.699682][ T5945] usb 1-1: config 0 descriptor??
[  629.741442][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  629.759298][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  629.938185][ T9019] loop4: detected capacity change from 0 to 7
[  629.967615][    C0] blk_print_req_error: 10 callbacks suppressed
[  629.967634][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  629.983064][    C0] buffer_io_error: 10 callbacks suppressed
[  629.983081][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.007596][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.016814][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.044970][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.054255][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.062829][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.072129][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.094386][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.103673][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.150913][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.160195][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.181405][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.190705][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.199303][ T9019] ldm_validate_partition_table(): Disk read failed.
[  630.225516][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.234746][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.243553][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.252813][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.272659][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  630.281912][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  630.302000][ T9019] Dev loop4: unable to read RDB block 0
[  630.323511][ T5945] speedtch 1-1:0.0: speedtch_bind: data interface not found!
[  630.326204][ T9019]  loop4: unable to read partition table
[  630.344530][ T5945] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  630.355151][ T9019] loop4: partition table beyond EOD, truncated
[  630.361360][ T9019] loop_reread_partitions: partition scan of loop4 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  630.434078][ T5945] usb 1-1: USB disconnect, device number 42
[  630.789263][ T9037] netlink: 24 bytes leftover after parsing attributes in process `syz.3.895'.
[  630.851833][ T9037] ieee802154 phy0 wpan0: encryption failed: -22
[  630.875677][   T30] audit: type=1326 audit(1752701275.254:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9036 comm="syz.3.895" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f90ff98e929 code=0x0
[  631.591130][ T9053] loop4: detected capacity change from 0 to 7
[  631.639068][ T9053] ldm_validate_partition_table(): Disk read failed.
[  631.678773][ T9053] Dev loop4: unable to read RDB block 0
[  631.686998][ T9056] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  631.694978][ T9056] UDF-fs: Scanning with blocksize 4096 failed
[  631.710093][ T9053]  loop4: unable to read partition table
[  631.732808][ T9053] loop4: partition table beyond EOD, truncated
[  631.765779][ T9053] loop_reread_partitions: partition scan of loop4 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  632.388838][ T9072] FAULT_INJECTION: forcing a failure.
[  632.388838][ T9072] name failslab, interval 1, probability 0, space 0, times 0
[  632.401660][ T9072] CPU: 0 UID: 0 PID: 9072 Comm: syz.1.906 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  632.401689][ T9072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  632.401702][ T9072] Call Trace:
[  632.401710][ T9072]  <TASK>
[  632.401719][ T9072]  dump_stack_lvl+0x189/0x250
[  632.401755][ T9072]  ? __pfx____ratelimit+0x10/0x10
[  632.401777][ T9072]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.401807][ T9072]  ? __pfx__printk+0x10/0x10
[  632.401844][ T9072]  ? rcu_is_watching+0x15/0xb0
[  632.401876][ T9072]  should_fail_ex+0x414/0x560
[  632.401915][ T9072]  should_failslab+0xa8/0x100
[  632.401938][ T9072]  kmem_cache_alloc_noprof+0x73/0x3c0
[  632.401969][ T9072]  ? _sctp_make_chunk+0x14e/0x430
[  632.401995][ T9072]  _sctp_make_chunk+0x14e/0x430
[  632.402021][ T9072]  sctp_make_abort+0x45/0x370
[  632.402043][ T9072]  sctp_sf_tabort_8_4_8+0x58/0x3f0
[  632.402069][ T9072]  sctp_sf_do_5_1B_init+0x484/0xe20
[  632.402086][ T9072]  ? unwind_get_return_address+0x4d/0x90
[  632.402120][ T9072]  ? __pfx_sctp_sf_do_5_1B_init+0x10/0x10
[  632.402151][ T9072]  sctp_do_sm+0x1e7/0x5a20
[  632.402178][ T9072]  ? __pfx_sctp_cname+0x10/0x10
[  632.402204][ T9072]  ? stack_depot_save_flags+0x40/0x900
[  632.402235][ T9072]  ? netif_receive_skb+0x161/0x790
[  632.402263][ T9072]  ? tun_get_user+0x2aa2/0x3e20
[  632.402288][ T9072]  ? ksys_write+0x145/0x250
[  632.402314][ T9072]  ? kasan_save_track+0x4f/0x80
[  632.402340][ T9072]  ? kasan_save_track+0x3e/0x80
[  632.402368][ T9072]  ? __pfx_sctp_do_sm+0x10/0x10
[  632.402394][ T9072]  ? ip_protocol_deliver_rcu+0x2dd/0x440
[  632.402414][ T9072]  ? ip_local_deliver_finish+0x3bb/0x6f0
[  632.402432][ T9072]  ? NF_HOOK+0x30c/0x3a0
[  632.402449][ T9072]  ? NF_HOOK+0x30c/0x3a0
[  632.402466][ T9072]  ? __netif_receive_skb+0x143/0x380
[  632.402541][ T9072]  ? sctp_inq_pop+0xc46/0x1010
[  632.402584][ T9072]  ? sctp_auth_recv_cid+0x75/0x230
[  632.402607][ T9072]  sctp_endpoint_bh_rcv+0x591/0x7e0
[  632.402645][ T9072]  sctp_rcv+0x1ca6/0x2490
[  632.402668][ T9072]  ? raw_local_deliver+0x30d/0xe90
[  632.402714][ T9072]  ? __pfx_sctp_rcv+0x10/0x10
[  632.402735][ T9072]  ? raw_local_deliver+0xd88/0xe90
[  632.402770][ T9072]  ? __lock_acquire+0xab9/0xd20
[  632.402799][ T9072]  ? raw_local_deliver+0x30d/0xe90
[  632.402835][ T9072]  ? __pfx_sctp4_rcv+0x10/0x10
[  632.402856][ T9072]  ip_protocol_deliver_rcu+0x2dd/0x440
[  632.402880][ T9072]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  632.402903][ T9072]  ip_local_deliver_finish+0x3bb/0x6f0
[  632.402934][ T9072]  NF_HOOK+0x30c/0x3a0
[  632.402958][ T9072]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  632.402979][ T9072]  ? NF_HOOK+0x9a/0x3a0
[  632.402998][ T9072]  ? __pfx_NF_HOOK+0x10/0x10
[  632.403016][ T9072]  ? ip_rcv_finish_core+0xda3/0x1c00
[  632.403041][ T9072]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  632.403065][ T9072]  ? skb_dst+0x4f/0xd0
[  632.403086][ T9072]  ? ip_local_deliver+0x12a/0x1b0
[  632.403111][ T9072]  NF_HOOK+0x30c/0x3a0
[  632.403134][ T9072]  ? __pfx_ip_rcv_finish+0x10/0x10
[  632.403154][ T9072]  ? NF_HOOK+0x9a/0x3a0
[  632.403174][ T9072]  ? __pfx_NF_HOOK+0x10/0x10
[  632.403191][ T9072]  ? ip_rcv_core+0x7f7/0xd00
[  632.403214][ T9072]  ? __pfx_ip_rcv_finish+0x10/0x10
[  632.403246][ T9072]  ? __pfx_ip_rcv+0x10/0x10
[  632.403265][ T9072]  __netif_receive_skb+0x143/0x380
[  632.403304][ T9072]  ? netif_receive_skb+0x115/0x790
[  632.403334][ T9072]  netif_receive_skb+0x1cb/0x790
[  632.403365][ T9072]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  632.403390][ T9072]  ? _copy_from_iter+0x24c/0x16f0
[  632.403415][ T9072]  ? __pfx_netif_receive_skb+0x10/0x10
[  632.403446][ T9072]  ? skb_partial_csum_set+0x107/0x360
[  632.403473][ T9072]  ? tun_rx_batched+0x160/0x730
[  632.403502][ T9072]  tun_rx_batched+0x1b9/0x730
[  632.403529][ T9072]  ? __lock_acquire+0xab9/0xd20
[  632.403563][ T9072]  ? __pfx_tun_rx_batched+0x10/0x10
[  632.403595][ T9072]  ? tun_get_user+0x266c/0x3e20
[  632.403638][ T9072]  tun_get_user+0x2aa2/0x3e20
[  632.403679][ T9072]  ? tun_get_user+0x266c/0x3e20
[  632.403707][ T9072]  ? aa_file_perm+0x13e/0x11b0
[  632.403736][ T9072]  ? aa_file_perm+0x3ed/0x11b0
[  632.403763][ T9072]  ? __pfx_tun_get_user+0x10/0x10
[  632.403789][ T9072]  ? _parse_integer_limit+0x1ae/0x1f0
[  632.403823][ T9072]  ? __lock_acquire+0xab9/0xd20
[  632.403853][ T9072]  ? ref_tracker_alloc+0x318/0x460
[  632.403871][ T9072]  ? __lock_acquire+0xab9/0xd20
[  632.403896][ T9072]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  632.403923][ T9072]  ? tun_get+0x1c/0x2f0
[  632.403955][ T9072]  ? tun_get+0x1c/0x2f0
[  632.403980][ T9072]  ? tun_get+0x1c/0x2f0
[  632.404012][ T9072]  tun_chr_write_iter+0x113/0x200
[  632.404042][ T9072]  vfs_write+0x54b/0xa90
[  632.404071][ T9072]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  632.404100][ T9072]  ? __pfx_vfs_write+0x10/0x10
[  632.404135][ T9072]  ? __fget_files+0x2a/0x420
[  632.404174][ T9072]  ksys_write+0x145/0x250
[  632.404200][ T9072]  ? __pfx_ksys_write+0x10/0x10
[  632.404220][ T9072]  ? rcu_is_watching+0x15/0xb0
[  632.404253][ T9072]  ? do_syscall_64+0xbe/0x3b0
[  632.404280][ T9072]  do_syscall_64+0xfa/0x3b0
[  632.404301][ T9072]  ? lockdep_hardirqs_on+0x9c/0x150
[  632.404321][ T9072]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.404342][ T9072]  ? clear_bhb_loop+0x60/0xb0
[  632.404367][ T9072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.404387][ T9072] RIP: 0033:0x7fdca278e929
[  632.404406][ T9072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.404424][ T9072] RSP: 002b:00007fdca35bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  632.404446][ T9072] RAX: ffffffffffffffda RBX: 00007fdca29b5fa0 RCX: 00007fdca278e929
[  632.404461][ T9072] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  632.404474][ T9072] RBP: 00007fdca35bb090 R08: 0000000000000000 R09: 0000000000000000
[  632.404486][ T9072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  632.404497][ T9072] R13: 0000000000000000 R14: 00007fdca29b5fa0 R15: 00007ffdac0f26a8
[  632.404530][ T9072]  </TASK>
[  633.141330][ T5911] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  633.149272][ T5916] Bluetooth: hci4: command 0xfc11 tx timeout
[  633.161027][ T9035] FAULT_INJECTION: forcing a failure.
[  633.161027][ T9035] name failslab, interval 1, probability 0, space 0, times 0
[  633.230592][ T9035] CPU: 1 UID: 0 PID: 9035 Comm: syz.2.894 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  633.230622][ T9035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  633.230636][ T9035] Call Trace:
[  633.230645][ T9035]  <TASK>
[  633.230654][ T9035]  dump_stack_lvl+0x189/0x250
[  633.230689][ T9035]  ? __pfx____ratelimit+0x10/0x10
[  633.230711][ T9035]  ? __pfx_dump_stack_lvl+0x10/0x10
[  633.230741][ T9035]  ? __pfx__printk+0x10/0x10
[  633.230778][ T9035]  ? __pfx___might_resched+0x10/0x10
[  633.230803][ T9035]  ? fs_reclaim_acquire+0x7d/0x100
[  633.230831][ T9035]  should_fail_ex+0x414/0x560
[  633.230871][ T9035]  should_failslab+0xa8/0x100
[  633.230894][ T9035]  __kmalloc_noprof+0xcb/0x4f0
[  633.230924][ T9035]  ? n_hdlc_alloc_buf+0x83/0x210
[  633.230955][ T9035]  n_hdlc_alloc_buf+0x83/0x210
[  633.230991][ T9035]  n_hdlc_tty_open+0x263/0x460
[  633.231022][ T9035]  tty_ldisc_open+0x9e/0x100
[  633.231048][ T9035]  tty_set_ldisc+0x373/0x560
[  633.231078][ T9035]  tty_ioctl+0xc38/0xde0
[  633.231102][ T9035]  ? __pfx_tty_ioctl+0x10/0x10
[  633.231125][ T9035]  __se_sys_ioctl+0xfc/0x170
[  633.231149][ T9035]  do_syscall_64+0xfa/0x3b0
[  633.231170][ T9035]  ? lockdep_hardirqs_on+0x9c/0x150
[  633.231190][ T9035]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.231212][ T9035]  ? clear_bhb_loop+0x60/0xb0
[  633.231238][ T9035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  633.231259][ T9035] RIP: 0033:0x7fd96f38e929
[  633.231277][ T9035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  633.231295][ T9035] RSP: 002b:00007fd970218038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  633.231317][ T9035] RAX: ffffffffffffffda RBX: 00007fd96f5b5fa0 RCX: 00007fd96f38e929
[  633.231332][ T9035] RDX: 0000200000000040 RSI: 0000000000005423 RDI: 0000000000000005
[  633.231345][ T9035] RBP: 00007fd970218090 R08: 0000000000000000 R09: 0000000000000000
[  633.231358][ T9035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  633.231370][ T9035] R13: 0000000000000000 R14: 00007fd96f5b5fa0 R15: 00007ffecd607198
[  633.231403][ T9035]  </TASK>
[  633.879588][ T9082] netlink: 12 bytes leftover after parsing attributes in process `syz.0.909'.
[  634.000879][ T5905] Bluetooth: hci1: unexpected event for opcode 0x0c6d
[  634.166136][ T9093] hfs: can't find a HFS filesystem on dev rnullb0
[  634.214278][ T9096] loop4: detected capacity change from 0 to 7
[  634.272533][ T9096] ldm_validate_partition_table(): Disk read failed.
[  634.330233][ T9096] Dev loop4: unable to read RDB block 0
[  634.336413][   T10] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  634.381591][ T9096]  loop4: unable to read partition table
[  634.413276][ T9096] loop4: partition table beyond EOD, truncated
[  634.433323][ T9096] loop_reread_partitions: partition scan of loop4 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  634.554855][   T10] usb 2-1: Using ep0 maxpacket: 16
[  634.563844][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  634.585792][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  634.608917][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  634.634904][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  634.652351][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  634.684419][   T10] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  634.700823][   T10] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  634.714152][   T10] usb 2-1: Manufacturer: syz
[  634.727325][   T10] usb 2-1: config 0 descriptor??
[  634.892312][ T9091] Mount JFS Failure: -22
[  634.918560][ T9105] FAULT_INJECTION: forcing a failure.
[  634.918560][ T9105] name failslab, interval 1, probability 0, space 0, times 0
[  634.931373][ T9105] CPU: 1 UID: 0 PID: 9105 Comm: syz.0.917 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  634.931398][ T9105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  634.931411][ T9105] Call Trace:
[  634.931419][ T9105]  <TASK>
[  634.931428][ T9105]  dump_stack_lvl+0x189/0x250
[  634.931463][ T9105]  ? __pfx____ratelimit+0x10/0x10
[  634.931484][ T9105]  ? __pfx_dump_stack_lvl+0x10/0x10
[  634.931521][ T9105]  ? __pfx__printk+0x10/0x10
[  634.931563][ T9105]  should_fail_ex+0x414/0x560
[  634.931601][ T9105]  should_failslab+0xa8/0x100
[  634.931624][ T9105]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  634.931656][ T9105]  ? __alloc_skb+0x112/0x2d0
[  634.931685][ T9105]  __alloc_skb+0x112/0x2d0
[  634.931713][ T9105]  sctp_packet_transmit+0x2cc/0x2bb0
[  634.931754][ T9105]  ? sctp_sf_do_5_1B_init+0x484/0xe20
[  634.931773][ T9105]  ? unwind_get_return_address+0x4d/0x90
[  634.931809][ T9105]  ? __pfx_sctp_sf_do_5_1B_init+0x10/0x10
[  634.931842][ T9105]  sctp_do_sm+0x98e/0x5a20
[  634.931873][ T9105]  ? stack_depot_save_flags+0x40/0x900
[  634.931905][ T9105]  ? netif_receive_skb+0x161/0x790
[  634.931938][ T9105]  ? ksys_write+0x145/0x250
[  634.931969][ T9105]  ? __pfx_sctp_do_sm+0x10/0x10
[  634.931997][ T9105]  ? ip_protocol_deliver_rcu+0x2dd/0x440
[  634.932019][ T9105]  ? NF_HOOK+0x30c/0x3a0
[  634.932037][ T9105]  ? __netif_receive_skb+0x143/0x380
[  634.932115][ T9105]  ? sctp_inq_pop+0xc46/0x1010
[  634.932147][ T9105]  ? sctp_auth_recv_cid+0x75/0x230
[  634.932171][ T9105]  sctp_endpoint_bh_rcv+0x591/0x7e0
[  634.932211][ T9105]  sctp_rcv+0x1ca6/0x2490
[  634.932235][ T9105]  ? raw_local_deliver+0x30d/0xe90
[  634.932282][ T9105]  ? __pfx_sctp_rcv+0x10/0x10
[  634.932304][ T9105]  ? raw_local_deliver+0xd88/0xe90
[  634.932338][ T9105]  ? __lock_acquire+0xab9/0xd20
[  634.932367][ T9105]  ? raw_local_deliver+0x30d/0xe90
[  634.932403][ T9105]  ? __pfx_sctp4_rcv+0x10/0x10
[  634.932424][ T9105]  ip_protocol_deliver_rcu+0x2dd/0x440
[  634.932447][ T9105]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  634.932471][ T9105]  ip_local_deliver_finish+0x3bb/0x6f0
[  634.932501][ T9105]  NF_HOOK+0x30c/0x3a0
[  634.932532][ T9105]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  634.932553][ T9105]  ? NF_HOOK+0x9a/0x3a0
[  634.932573][ T9105]  ? __pfx_NF_HOOK+0x10/0x10
[  634.932590][ T9105]  ? ip_rcv_finish_core+0xda3/0x1c00
[  634.932615][ T9105]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  634.932638][ T9105]  ? skb_dst+0x4f/0xd0
[  634.932660][ T9105]  ? ip_local_deliver+0x12a/0x1b0
[  634.932685][ T9105]  NF_HOOK+0x30c/0x3a0
[  634.932708][ T9105]  ? __pfx_ip_rcv_finish+0x10/0x10
[  634.932728][ T9105]  ? NF_HOOK+0x9a/0x3a0
[  634.932747][ T9105]  ? __pfx_NF_HOOK+0x10/0x10
[  634.932765][ T9105]  ? ip_rcv_core+0x7f7/0xd00
[  634.932787][ T9105]  ? __pfx_ip_rcv_finish+0x10/0x10
[  634.932819][ T9105]  ? __pfx_ip_rcv+0x10/0x10
[  634.932837][ T9105]  __netif_receive_skb+0x143/0x380
[  634.932877][ T9105]  ? netif_receive_skb+0x115/0x790
[  634.932908][ T9105]  netif_receive_skb+0x1cb/0x790
[  634.932938][ T9105]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  634.932962][ T9105]  ? _copy_from_iter+0x24c/0x16f0
[  634.932987][ T9105]  ? __pfx_netif_receive_skb+0x10/0x10
[  634.933019][ T9105]  ? skb_partial_csum_set+0x107/0x360
[  634.933046][ T9105]  ? tun_rx_batched+0x160/0x730
[  634.933076][ T9105]  tun_rx_batched+0x1b9/0x730
[  634.933102][ T9105]  ? __lock_acquire+0xab9/0xd20
[  634.933131][ T9105]  ? __pfx_tun_rx_batched+0x10/0x10
[  634.933163][ T9105]  ? tun_get_user+0x266c/0x3e20
[  634.933205][ T9105]  tun_get_user+0x2aa2/0x3e20
[  634.933246][ T9105]  ? tun_get_user+0x266c/0x3e20
[  634.933275][ T9105]  ? aa_file_perm+0x13e/0x11b0
[  634.933304][ T9105]  ? aa_file_perm+0x3ed/0x11b0
[  634.933331][ T9105]  ? __pfx_tun_get_user+0x10/0x10
[  634.933356][ T9105]  ? _parse_integer_limit+0x1ae/0x1f0
[  634.933390][ T9105]  ? __lock_acquire+0xab9/0xd20
[  634.933420][ T9105]  ? ref_tracker_alloc+0x318/0x460
[  634.933439][ T9105]  ? __lock_acquire+0xab9/0xd20
[  634.933464][ T9105]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  634.933492][ T9105]  ? tun_get+0x1c/0x2f0
[  634.933532][ T9105]  ? tun_get+0x1c/0x2f0
[  634.933558][ T9105]  ? tun_get+0x1c/0x2f0
[  634.933590][ T9105]  tun_chr_write_iter+0x113/0x200
[  634.933620][ T9105]  vfs_write+0x54b/0xa90
[  634.933649][ T9105]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  634.933676][ T9105]  ? __pfx_vfs_write+0x10/0x10
[  634.933712][ T9105]  ? __fget_files+0x2a/0x420
[  634.933750][ T9105]  ksys_write+0x145/0x250
[  634.933776][ T9105]  ? __pfx_ksys_write+0x10/0x10
[  634.933796][ T9105]  ? rcu_is_watching+0x15/0xb0
[  634.933829][ T9105]  ? do_syscall_64+0xbe/0x3b0
[  634.933856][ T9105]  do_syscall_64+0xfa/0x3b0
[  634.933876][ T9105]  ? lockdep_hardirqs_on+0x9c/0x150
[  634.933896][ T9105]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.933917][ T9105]  ? clear_bhb_loop+0x60/0xb0
[  634.933943][ T9105]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.933963][ T9105] RIP: 0033:0x7f75e938e929
[  634.933983][ T9105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  634.933999][ T9105] RSP: 002b:00007f75ea1ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  634.934021][ T9105] RAX: ffffffffffffffda RBX: 00007f75e95b5fa0 RCX: 00007f75e938e929
[  634.934036][ T9105] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000004
[  634.934048][ T9105] RBP: 00007f75ea1ac090 R08: 0000000000000000 R09: 0000000000000000
[  634.934061][ T9105] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  634.934074][ T9105] R13: 0000000000000000 R14: 00007f75e95b5fa0 R15: 00007ffecdf05e08
[  634.934108][ T9105]  </TASK>
[  635.837952][   T10] rc_core: IR keymap rc-hauppauge not found
[  635.847750][   T10] Registered IR keymap rc-empty
[  635.853115][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  635.918439][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  635.979867][   T10] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  636.087908][   T10] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input17
[  636.148154][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.185015][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.225648][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.264886][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.313518][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.345109][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.404978][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.436054][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.466499][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.554923][   T10] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  636.597743][   T10] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  636.631826][   T10] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  636.645788][ T9130] netlink: 216 bytes leftover after parsing attributes in process `syz.2.924'.
[  636.665588][ T9130] netlink: 24 bytes leftover after parsing attributes in process `syz.2.924'.
[  636.677461][   T10] usb 2-1: USB disconnect, device number 34
[  636.694863][ T9130] netlink: 16 bytes leftover after parsing attributes in process `syz.2.924'.
[  636.706493][ T9131] loop4: detected capacity change from 0 to 7
[  636.715288][  T982] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  636.726222][    C0] blk_print_req_error: 35 callbacks suppressed
[  636.726243][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.741651][    C0] buffer_io_error: 35 callbacks suppressed
[  636.741669][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  636.759779][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.769025][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  636.777119][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.786378][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  636.821715][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.831066][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  636.854909][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.864147][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  636.877956][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.887216][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  636.900523][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.909807][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  636.917902][ T9131] ldm_validate_partition_table(): Disk read failed.
[  636.956100][  T982] usb 1-1: Using ep0 maxpacket: 32
[  636.970978][  T982] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  636.985786][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  636.995123][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  637.008661][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  637.017915][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  637.026854][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  637.029219][  T982] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.036093][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  637.037880][ T9131] Dev loop4: unable to read RDB block 0
[  637.046524][  T982] usb 1-1: Product: syz
[  637.062638][  T982] usb 1-1: Manufacturer: syz
[  637.069823][  T982] usb 1-1: SerialNumber: syz
[  637.078126][  T982] usb 1-1: config 0 descriptor??
[  637.087689][ T5877] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  637.112986][ T9131]  loop4: unable to read partition table
[  637.129551][ T9131] loop4: partition table beyond EOD, truncated
[  637.143895][ T9131] loop_reread_partitions: partition scan of loop4 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  637.247245][ T5877] usb 3-1: Using ep0 maxpacket: 8
[  637.255841][ T5877] usb 3-1: unable to get BOS descriptor or descriptor too short
[  637.268772][ T5877] usb 3-1: config 2 has an invalid interface number: 65 but max is 0
[  637.280435][ T5877] usb 3-1: config 2 has no interface number 0
[  637.296924][ T5877] usb 3-1: config 2 interface 65 has no altsetting 0
[  637.301318][ T9126] ufs: failed to set blocksize
[  637.313501][ T5911] Bluetooth: hci1: SCO packet for unknown connection handle 200
[  637.321822][ T5877] usb 3-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=d8.44
[  637.353703][  T982] peak_usb 1-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  637.357571][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.382077][ T5877] usb 3-1: Product: syz
[  637.386470][ T5877] usb 3-1: Manufacturer: syz
[  637.386815][  T982] peak_usb 1-1:0.0: unable to read PCAN-USB Pro firmware info (err -71)
[  637.391181][ T5877] usb 3-1: SerialNumber: syz
[  637.547992][  T982] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -71
[  637.583439][  T982] usb 1-1: USB disconnect, device number 43
[  637.713623][ T5877] ttusb_dec_send_command: command bulk message failed: error -22
[  637.729801][ T5877] ttusb-dec 3-1:2.65: probe with driver ttusb-dec failed with error -22
[  637.743313][ T5877] usb 3-1: USB disconnect, device number 40
[  637.745102][ T6017] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  637.915155][ T6017] usb 2-1: device descriptor read/64, error -71
[  638.175072][ T6017] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  638.328750][ T6017] usb 2-1: device descriptor read/64, error -71
[  638.374940][ T5911] Bluetooth: hci4: command 0xfc11 tx timeout
[  638.374954][ T5905] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  638.402639][ T9118] FAULT_INJECTION: forcing a failure.
[  638.402639][ T9118] name failslab, interval 1, probability 0, space 0, times 0
[  638.462318][ T6017] usb usb2-port1: attempt power cycle
[  638.478186][ T9118] CPU: 0 UID: 0 PID: 9118 Comm: syz.3.922 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  638.478214][ T9118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  638.478228][ T9118] Call Trace:
[  638.478236][ T9118]  <TASK>
[  638.478245][ T9118]  dump_stack_lvl+0x189/0x250
[  638.478281][ T9118]  ? __pfx____ratelimit+0x10/0x10
[  638.478303][ T9118]  ? __pfx_dump_stack_lvl+0x10/0x10
[  638.478333][ T9118]  ? __pfx__printk+0x10/0x10
[  638.478370][ T9118]  ? __pfx___might_resched+0x10/0x10
[  638.478395][ T9118]  ? fs_reclaim_acquire+0x7d/0x100
[  638.478423][ T9118]  should_fail_ex+0x414/0x560
[  638.478462][ T9118]  should_failslab+0xa8/0x100
[  638.478485][ T9118]  __kmalloc_noprof+0xcb/0x4f0
[  638.478515][ T9118]  ? n_hdlc_alloc_buf+0x83/0x210
[  638.478544][ T9118]  n_hdlc_alloc_buf+0x83/0x210
[  638.478580][ T9118]  n_hdlc_tty_open+0x263/0x460
[  638.478610][ T9118]  tty_ldisc_open+0x9e/0x100
[  638.478636][ T9118]  tty_set_ldisc+0x373/0x560
[  638.478665][ T9118]  tty_ioctl+0xc38/0xde0
[  638.478689][ T9118]  ? __pfx_tty_ioctl+0x10/0x10
[  638.478712][ T9118]  __se_sys_ioctl+0xfc/0x170
[  638.478736][ T9118]  do_syscall_64+0xfa/0x3b0
[  638.478756][ T9118]  ? lockdep_hardirqs_on+0x9c/0x150
[  638.478775][ T9118]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.478796][ T9118]  ? clear_bhb_loop+0x60/0xb0
[  638.478820][ T9118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.478840][ T9118] RIP: 0033:0x7f90ff98e929
[  638.478857][ T9118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  638.478873][ T9118] RSP: 002b:00007f91007a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  638.478894][ T9118] RAX: ffffffffffffffda RBX: 00007f90ffbb5fa0 RCX: 00007f90ff98e929
[  638.478910][ T9118] RDX: 0000200000000040 RSI: 0000000000005423 RDI: 0000000000000005
[  638.478923][ T9118] RBP: 00007f91007a5090 R08: 0000000000000000 R09: 0000000000000000
[  638.478936][ T9118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  638.478947][ T9118] R13: 0000000000000000 R14: 00007f90ffbb5fa0 R15: 00007ffdd3527528
[  638.478979][ T9118]  </TASK>
[  638.747273][ T9157] NILFS (nbd2): device size too small
[  638.884288][ T9161] qnx4: no qnx4 filesystem (no root dir).
[  638.995084][ T6017] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  639.035458][ T6017] usb 2-1: device descriptor read/8, error -71
[  639.074792][ T5945] usb 1-1: new full-speed USB device number 44 using dummy_hcd
[  639.086692][ T9164] loop4: detected capacity change from 0 to 7
[  639.101169][ T9164] ldm_validate_partition_table(): Disk read failed.
[  639.108813][ T9164] Dev loop4: unable to read RDB block 0
[  639.121818][ T9164]  loop4: unable to read partition table
[  639.127962][ T9164] loop4: partition table beyond EOD, truncated
[  639.134226][ T9164] loop_reread_partitions: partition scan of loop4 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  639.248155][ T5945] usb 1-1: config 255 has an invalid interface number: 75 but max is 0
[  639.261493][ T5945] usb 1-1: config 255 has no interface number 0
[  639.274825][ T5945] usb 1-1: config 255 interface 75 altsetting 123 endpoint 0x9 has invalid maxpacket 512, setting to 64
[  639.286497][ T5945] usb 1-1: config 255 interface 75 has no altsetting 0
[  639.295012][ T6017] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  639.296879][ T5945] usb 1-1: New USB device found, idVendor=06e1, idProduct=a334, bcdDevice= 3.9d
[  639.311962][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.321742][ T5945] usb 1-1: Product: syz
[  639.326321][ T5945] usb 1-1: Manufacturer: syz
[  639.335186][ T5945] usb 1-1: SerialNumber: syz
[  639.343821][ T6017] usb 2-1: device descriptor read/8, error -71
[  639.353497][ T9159] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  639.468020][ T6017] usb usb2-port1: unable to enumerate USB device
[  639.544885][ T5829] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  639.704861][ T5829] usb 4-1: device descriptor read/64, error -71
[  639.786163][ T5945] dvb-usb: found a 'KWorld/ADSTech Instant DVB-T USB2.0' in warm state.
[  639.817895][ T5945] dvb-usb: bulk message failed: -22 (3/0)
[  639.853304][ T5945] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  639.862773][ T5945] dvbdev: DVB: registering new adapter (KWorld/ADSTech Instant DVB-T USB2.0)
[  639.893875][ T5945] usb 1-1: media controller created
[  639.901533][ T5945] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  639.937779][ T5945] dvb-usb: bulk message failed: -22 (6/0)
[  639.945624][ T5829] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  639.953538][ T5945] dvb-usb: no frontend was attached by 'KWorld/ADSTech Instant DVB-T USB2.0'
[  639.984433][ T5945] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input18
[  640.036861][ T5945] dvb-usb: schedule remote query interval to 150 msecs.
[  640.043874][ T5945] dvb-usb: KWorld/ADSTech Instant DVB-T USB2.0 successfully initialized and connected.
[  640.105022][ T5945] usb 1-1: USB disconnect, device number 44
[  640.115502][ T5829] usb 4-1: device descriptor read/64, error -71
[  640.142940][ T9183] /dev/rnullb0: Can't open blockdev
[  640.148723][ T5945] dvb-usb: KWorld/ADSTech Instant DVB-T USB2.0 successfully deinitialized and disconnected.
[  640.230635][ T5829] usb usb4-port1: attempt power cycle
[  640.629500][ T5829] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  640.648531][ T9197] loop4: detected capacity change from 0 to 7
[  640.666997][ T5829] usb 4-1: device descriptor read/8, error -71
[  640.682774][ T9197] ldm_validate_partition_table(): Disk read failed.
[  640.710937][ T9197] Dev loop4: unable to read RDB block 0
[  640.733652][ T9197]  loop4: unable to read partition table
[  640.757228][ T9197] loop4: partition table beyond EOD, truncated
[  640.783052][ T9197] loop_reread_partitions: partition scan of loop4 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  640.935308][ T5829] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  640.943922][ T9203] Bluetooth: MGMT ver 1.23
[  640.955858][ T5829] usb 4-1: device descriptor read/8, error -71
[  641.065245][ T5829] usb usb4-port1: unable to enumerate USB device
[  641.338134][ T9216] /dev/rnullb0: Can't open blockdev
[  641.371616][ T9216] /dev/rnullb0: Can't open blockdev
[  641.400713][ T9216] /dev/rnullb0: Can't open blockdev
[  641.419863][ T9216] /dev/rnullb0: Can't open blockdev
[  641.427158][ T9216] /dev/rnullb0: Can't open blockdev
[  641.433704][ T9216] /dev/rnullb0: Can't open blockdev
[  641.453824][ T9216] /dev/rnullb0: Can't open blockdev
[  641.476272][ T9216] /dev/rnullb0: Can't open blockdev
[  641.490291][ T9216] /dev/rnullb0: Can't open blockdev
[  641.509357][ T9216] /dev/rnullb0: Can't open blockdev
[  641.522101][ T9216] /dev/rnullb0: Can't open blockdev
[  641.539282][ T9216] /dev/rnullb0: Can't open blockdev
[  641.551982][ T9216] /dev/rnullb0: Can't open blockdev
[  641.571433][ T9216] /dev/rnullb0: Can't open blockdev
[  641.590827][ T9216] /dev/rnullb0: Can't open blockdev
[  641.606602][ T9216] /dev/rnullb0: Can't open blockdev
[  641.643616][ T9216] /dev/rnullb0: Can't open blockdev
[  641.649820][ T9216] /dev/rnullb0: Can't open blockdev
[  641.662087][ T9216] /dev/rnullb0: Can't open blockdev
[  641.668452][ T9216] /dev/rnullb0: Can't open blockdev
[  641.674560][ T9216] /dev/rnullb0: Can't open blockdev
[  641.686824][ T9216] /dev/rnullb0: Can't open blockdev
[  641.693841][ T9216] /dev/rnullb0: Can't open blockdev
[  641.705599][ T9216] /dev/rnullb0: Can't open blockdev
[  641.717486][ T9216] /dev/rnullb0: Can't open blockdev
[  641.724380][ T9216] /dev/rnullb0: Can't open blockdev
[  641.738825][ T9216] /dev/rnullb0: Can't open blockdev
[  641.745865][ T9216] /dev/rnullb0: Can't open blockdev
[  641.755160][ T9216] /dev/rnullb0: Can't open blockdev
[  641.761135][ T9216] /dev/rnullb0: Can't open blockdev
[  641.771692][ T9216] /dev/rnullb0: Can't open blockdev
[  641.780571][ T9216] /dev/rnullb0: Can't open blockdev
[  641.790928][ T9216] /dev/rnullb0: Can't open blockdev
[  641.798650][ T9216] /dev/rnullb0: Can't open blockdev
[  641.810008][ T9216] /dev/rnullb0: Can't open blockdev
[  641.821911][ T9216] /dev/rnullb0: Can't open blockdev
[  641.831602][ T9216] /dev/rnullb0: Can't open blockdev
[  641.837708][ T9216] /dev/rnullb0: Can't open blockdev
[  641.843821][ T9216] /dev/rnullb0: Can't open blockdev
[  641.853327][ T9216] /dev/rnullb0: Can't open blockdev
[  641.859753][ T9216] /dev/rnullb0: Can't open blockdev
[  641.869351][ T9216] /dev/rnullb0: Can't open blockdev
[  641.875821][ T9216] /dev/rnullb0: Can't open blockdev
[  641.881973][ T9216] /dev/rnullb0: Can't open blockdev
[  641.891417][ T9216] /dev/rnullb0: Can't open blockdev
[  641.898769][ T9216] /dev/rnullb0: Can't open blockdev
[  641.910244][ T9216] /dev/rnullb0: Can't open blockdev
[  641.921261][ T9216] /dev/rnullb0: Can't open blockdev
[  641.930880][ T9216] /dev/rnullb0: Can't open blockdev
[  641.937024][ T9216] /dev/rnullb0: Can't open blockdev
[  641.943113][ T9216] /dev/rnullb0: Can't open blockdev
[  641.952550][ T9216] /dev/rnullb0: Can't open blockdev
[  641.958828][ T9216] /dev/rnullb0: Can't open blockdev
[  641.965529][ T9216] /dev/rnullb0: Can't open blockdev
[  641.974439][ T9216] /dev/rnullb0: Can't open blockdev
[  641.980904][ T9216] /dev/rnullb0: Can't open blockdev
[  641.990696][ T9216] /dev/rnullb0: Can't open blockdev
[  641.997127][ T9216] /dev/rnullb0: Can't open blockdev
[  642.003132][ T9216] /dev/rnullb0: Can't open blockdev
[  642.016612][ T9216] /dev/rnullb0: Can't open blockdev
[  642.030505][ T9216] /dev/rnullb0: Can't open blockdev
[  642.037029][ T9216] /dev/rnullb0: Can't open blockdev
[  642.043129][ T9216] /dev/rnullb0: Can't open blockdev
[  642.052654][ T9216] /dev/rnullb0: Can't open blockdev
[  642.488266][ T9236] loop4: detected capacity change from 0 to 7
[  642.499390][    C0] blk_print_req_error: 35 callbacks suppressed
[  642.499413][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.508844][ T9238] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  642.514932][    C0] buffer_io_error: 35 callbacks suppressed
[  642.514949][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.522673][ T9238] UDF-fs: Scanning with blocksize 4096 failed
[  642.544751][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.553956][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.562393][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.571606][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.582032][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.591408][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.601976][    C1] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.611356][    C1] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.623925][ T5911] Bluetooth: hci4: command 0xfc11 tx timeout
[  642.625282][ T5905] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  642.642894][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.652302][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.662402][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.666683][ T9195] FAULT_INJECTION: forcing a failure.
[  642.666683][ T9195] name failslab, interval 1, probability 0, space 0, times 0
[  642.671628][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.693505][ T9236] ldm_validate_partition_table(): Disk read failed.
[  642.705835][   T24] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  642.707453][ T9195] CPU: 0 UID: 0 PID: 9195 Comm: syz.2.942 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  642.707485][ T9195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  642.707500][ T9195] Call Trace:
[  642.707509][ T9195]  <TASK>
[  642.707519][ T9195]  dump_stack_lvl+0x189/0x250
[  642.707561][ T9195]  ? __pfx____ratelimit+0x10/0x10
[  642.707586][ T9195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  642.707619][ T9195]  ? __pfx__printk+0x10/0x10
[  642.707659][ T9195]  ? __pfx___might_resched+0x10/0x10
[  642.707696][ T9195]  ? fs_reclaim_acquire+0x7d/0x100
[  642.707728][ T9195]  should_fail_ex+0x414/0x560
[  642.707771][ T9195]  should_failslab+0xa8/0x100
[  642.707797][ T9195]  __kmalloc_noprof+0xcb/0x4f0
[  642.707832][ T9195]  ? n_hdlc_alloc_buf+0x83/0x210
[  642.707867][ T9195]  n_hdlc_alloc_buf+0x83/0x210
[  642.707906][ T9195]  n_hdlc_tty_open+0x263/0x460
[  642.707941][ T9195]  tty_ldisc_open+0x9e/0x100
[  642.707971][ T9195]  tty_set_ldisc+0x373/0x560
[  642.708004][ T9195]  tty_ioctl+0xc38/0xde0
[  642.708030][ T9195]  ? __pfx_tty_ioctl+0x10/0x10
[  642.708057][ T9195]  __se_sys_ioctl+0xfc/0x170
[  642.708083][ T9195]  do_syscall_64+0xfa/0x3b0
[  642.708106][ T9195]  ? lockdep_hardirqs_on+0x9c/0x150
[  642.708128][ T9195]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.708152][ T9195]  ? clear_bhb_loop+0x60/0xb0
[  642.708180][ T9195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.708203][ T9195] RIP: 0033:0x7fd96f38e929
[  642.708223][ T9195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  642.708243][ T9195] RSP: 002b:00007fd970218038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  642.708268][ T9195] RAX: ffffffffffffffda RBX: 00007fd96f5b5fa0 RCX: 00007fd96f38e929
[  642.708285][ T9195] RDX: 0000200000000040 RSI: 0000000000005423 RDI: 0000000000000005
[  642.708299][ T9195] RBP: 00007fd970218090 R08: 0000000000000000 R09: 0000000000000000
[  642.708313][ T9195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  642.708326][ T9195] R13: 0000000000000000 R14: 00007fd96f5b5fa0 R15: 00007ffecd607198
[  642.708362][ T9195]  </TASK>
[  642.710002][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.795205][ T5877] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  642.795484][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.884829][   T24] usb 4-1: Using ep0 maxpacket: 32
[  642.947136][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.954538][ T5877] usb 2-1: device descriptor read/64, error -71
[  642.956242][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.967967][   T24] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  642.973903][    C0] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  642.993458][   T24] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  642.997302][    C0] Buffer I/O error on dev loop4, logical block 0, async page read
[  642.999228][ T9236] Dev loop4: unable to read RDB block 0
[  643.028179][ T9236]  loop4: unable to read partition table
[  643.034273][ T9236] loop4: partition table beyond EOD, truncated
[  643.038978][   T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  643.044673][ T9236] loop_reread_partitions: partition scan of loop4 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  643.070853][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  643.083465][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  643.093448][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  643.111722][   T24] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  643.121967][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  643.146653][   T24] usb 4-1: config 0 descriptor??
[  643.201306][ T9242] ==================================================================
[  643.205505][ T5877] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  643.209432][ T9242] BUG: KASAN: slab-use-after-free in tcp_prune_ofo_queue+0x37e/0x6e0
[  643.225086][ T9242] Read of size 4 at addr ffff888022b2cbd0 by task syz.0.955/9242
[  643.232831][ T9242] 
[  643.235184][ T9242] CPU: 0 UID: 0 PID: 9242 Comm: syz.0.955 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  643.235211][ T9242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  643.235224][ T9242] Call Trace:
[  643.235233][ T9242]  <TASK>
[  643.235242][ T9242]  dump_stack_lvl+0x189/0x250
[  643.235276][ T9242]  ? __virt_addr_valid+0x1c8/0x5c0
[  643.235308][ T9242]  ? rcu_is_watching+0x15/0xb0
[  643.235335][ T9242]  ? __pfx_dump_stack_lvl+0x10/0x10
[  643.235374][ T9242]  ? rcu_is_watching+0x15/0xb0
[  643.235400][ T9242]  ? lock_release+0x4b/0x3e0
[  643.235421][ T9242]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  643.235453][ T9242]  ? __virt_addr_valid+0x1c8/0x5c0
[  643.235483][ T9242]  ? __virt_addr_valid+0x4a5/0x5c0
[  643.235515][ T9242]  print_report+0xca/0x230
[  643.235536][ T9242]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  643.235567][ T9242]  kasan_report+0x118/0x150
[  643.235587][ T9242]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  643.235624][ T9242]  tcp_prune_ofo_queue+0x37e/0x6e0
[  643.235663][ T9242]  tcp_try_rmem_schedule+0xb6b/0x1830
[  643.235702][ T9242]  tcp_data_queue+0x4e3/0x6380
[  643.235743][ T9242]  ? __pfx_tcp_data_queue+0x10/0x10
[  643.235773][ T9242]  ? __pfx_tcp_urg+0x10/0x10
[  643.235801][ T9242]  ? read_tsc+0x9/0x20
[  643.235827][ T9242]  tcp_rcv_established+0xf9e/0x1eb0
[  643.235859][ T9242]  ? rt_is_expired+0x1c/0x2d0
[  643.235888][ T9242]  ? __pfx_tcp_rcv_established+0x10/0x10
[  643.235916][ T9242]  ? rt_is_expired+0x1c/0x2d0
[  643.235938][ T9242]  ? rt_is_expired+0x1c/0x2d0
[  643.235963][ T9242]  ? rt_is_expired+0x250/0x2d0
[  643.235986][ T9242]  ? __pfx_ipv4_dst_check+0x10/0x10
[  643.236010][ T9242]  ? __pfx_ipv4_dst_check+0x10/0x10
[  643.236035][ T9242]  tcp_v4_do_rcv+0xa23/0xce0
[  643.236059][ T9242]  ? __pfx_tcp_v4_do_rcv+0x10/0x10
[  643.236078][ T9242]  __release_sock+0x21c/0x350
[  643.236112][ T9242]  release_sock+0x5f/0x1f0
[  643.236133][ T9242]  tcp_sendmsg+0x39/0x50
[  643.236164][ T9242]  __sock_sendmsg+0x19c/0x270
[  643.236196][ T9242]  __sys_sendto+0x3bd/0x520
[  643.236220][ T9242]  ? __pfx___sys_sendto+0x10/0x10
[  643.236241][ T9242]  ? do_futex+0x333/0x420
[  643.236289][ T9242]  ? rcu_is_watching+0x15/0xb0
[  643.236317][ T9242]  __x64_sys_sendto+0xde/0x100
[  643.236350][ T9242]  do_syscall_64+0xfa/0x3b0
[  643.236372][ T9242]  ? lockdep_hardirqs_on+0x9c/0x150
[  643.236392][ T9242]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.236412][ T9242]  ? clear_bhb_loop+0x60/0xb0
[  643.236435][ T9242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.236455][ T9242] RIP: 0033:0x7f75e938e929
[  643.236473][ T9242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  643.236490][ T9242] RSP: 002b:00007f75ea1ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  643.236512][ T9242] RAX: ffffffffffffffda RBX: 00007f75e95b5fa0 RCX: 00007f75e938e929
[  643.236527][ T9242] RDX: 00000000000000fb RSI: 0000200000001600 RDI: 0000000000000003
[  643.236541][ T9242] RBP: 00007f75e9410b39 R08: 0000000000000000 R09: 0000000000000000
[  643.236553][ T9242] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  643.236565][ T9242] R13: 0000000000000000 R14: 00007f75e95b5fa0 R15: 00007ffecdf05e08
[  643.236588][ T9242]  </TASK>
[  643.236594][ T9242] 
[  643.344991][ T5877] usb 2-1: device descriptor read/64, error -71
[  643.349187][ T9242] Allocated by task 9243:
[  643.349204][ T9242]  kasan_save_track+0x3e/0x80
[  643.349235][ T9242]  __kasan_slab_alloc+0x6c/0x80
[  643.349263][ T9242]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  643.349294][ T9242]  __alloc_skb+0x112/0x2d0
[  643.349313][ T9242]  tcp_stream_alloc_skb+0x3d/0x340
[  643.349340][ T9242]  tcp_write_xmit+0xeec/0x67f0
[  643.349362][ T9242]  __tcp_push_pending_frames+0x97/0x360
[  643.349391][ T9242]  tcp_rcv_established+0x1012/0x1eb0
[  643.349418][ T9242]  tcp_v4_do_rcv+0xa23/0xce0
[  643.349437][ T9242]  __release_sock+0x21c/0x350
[  643.349463][ T9242]  release_sock+0x5f/0x1f0
[  643.349480][ T9242]  tcp_sendmsg+0x39/0x50
[  643.349507][ T9242]  __sock_sendmsg+0x19c/0x270
[  643.349535][ T9242]  ____sys_sendmsg+0x505/0x830
[  643.349556][ T9242]  ___sys_sendmsg+0x21f/0x2a0
[  643.349579][ T9242]  __x64_sys_sendmsg+0x19b/0x260
[  643.349602][ T9242]  do_syscall_64+0xfa/0x3b0
[  643.349622][ T9242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.349642][ T9242] 
[  643.349648][ T9242] Freed by task 9242:
[  643.349669][ T9242]  kasan_save_track+0x3e/0x80
[  643.349694][ T9242]  kasan_save_free_info+0x46/0x50
[  643.349715][ T9242]  __kasan_slab_free+0x62/0x70
[  643.349742][ T9242]  kmem_cache_free+0x18f/0x400
[  643.349769][ T9242]  tcp_prune_ofo_queue+0x198/0x6e0
[  643.349798][ T9242]  tcp_try_rmem_schedule+0xb6b/0x1830
[  643.349824][ T9242]  tcp_data_queue+0x4e3/0x6380
[  643.349850][ T9242]  tcp_rcv_established+0xf9e/0x1eb0
[  643.349875][ T9242]  tcp_v4_do_rcv+0xa23/0xce0
[  643.349894][ T9242]  __release_sock+0x21c/0x350
[  643.349918][ T9242]  release_sock+0x5f/0x1f0
[  643.349935][ T9242]  tcp_sendmsg+0x39/0x50
[  643.349961][ T9242]  __sock_sendmsg+0x19c/0x270
[  643.349987][ T9242]  __sys_sendto+0x3bd/0x520
[  643.350007][ T9242]  __x64_sys_sendto+0xde/0x100
[  643.350024][ T9242]  do_syscall_64+0xfa/0x3b0
[  643.350042][ T9242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.350059][ T9242] 
[  643.350065][ T9242] The buggy address belongs to the object at ffff888022b2ca00
[  643.350065][ T9242]  which belongs to the cache skbuff_fclone_cache of size 488
[  643.350083][ T9242] The buggy address is located 464 bytes inside of
[  643.350083][ T9242]  freed 488-byte region [ffff888022b2ca00, ffff888022b2cbe8)
[  643.350103][ T9242] 
[  643.350109][ T9242] The buggy address belongs to the physical page:
[  643.350133][ T9242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22b2c
[  643.350150][ T9242] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  643.350164][ T9242] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  643.350181][ T9242] page_type: f5(slab)
[  643.350200][ T9242] raw: 00fff00000000040 ffff888140ae5a00 ffffea000093d380 dead000000000002
[  643.350217][ T9242] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[  643.350236][ T9242] head: 00fff00000000040 ffff888140ae5a00 ffffea000093d380 dead000000000002
[  643.350254][ T9242] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000
[  643.350272][ T9242] head: 00fff00000000001 ffffea00008acb01 00000000ffffffff 00000000ffffffff
[  643.350289][ T9242] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  643.350300][ T9242] page dumped because: kasan: bad access detected
[  643.350311][ T9242] page_owner tracks the page as allocated
[  643.350325][ T9242] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5888, tgid 5888 (syz-executor), ts 615624278486, free_ts 615575563813
[  643.350360][ T9242]  post_alloc_hook+0x240/0x2a0
[  643.350382][ T9242]  get_page_from_freelist+0x21e4/0x22c0
[  643.350404][ T9242]  __alloc_frozen_pages_noprof+0x181/0x370
[  643.350425][ T9242]  alloc_pages_mpol+0x232/0x4a0
[  643.350453][ T9242]  allocate_slab+0x8a/0x370
[  643.350474][ T9242]  ___slab_alloc+0xbeb/0x1410
[  643.350492][ T9242]  kmem_cache_alloc_node_noprof+0x280/0x3c0
[  643.350519][ T9242]  __alloc_skb+0x112/0x2d0
[  643.350538][ T9242]  tcp_stream_alloc_skb+0x3d/0x340
[  643.350564][ T9242]  tcp_sendmsg_locked+0xefc/0x56d0
[  643.350591][ T9242]  tcp_sendmsg+0x2f/0x50
[  643.350617][ T9242]  __sock_sendmsg+0x19c/0x270
[  643.350643][ T9242]  sock_write_iter+0x258/0x330
[  643.350668][ T9242]  vfs_write+0x54b/0xa90
[  643.469961][   T24] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 29 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  643.471391][ T9242]  ksys_write+0x145/0x250
[  643.485282][ T5877] usb usb2-port1: attempt power cycle
[  643.501436][ T9242]  do_syscall_64+0xfa/0x3b0
[  643.501468][ T9242] page last free pid 8771 tgid 8771 stack trace:
[  643.501481][ T9242]  __free_frozen_pages+0xbc4/0xd30
[  643.501500][ T9242]  rcu_core+0xca5/0x1710
[  643.501519][ T9242]  handle_softirqs+0x286/0x870
[  643.501540][ T9242]  __irq_exit_rcu+0xca/0x1f0
[  643.501561][ T9242]  irq_exit_rcu+0x9/0x30
[  643.515211][   T24] usb 4-1: USB disconnect, device number 29
[  643.517969][ T9242]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  643.547055][   T24] usblp0: removed
[  643.549979][ T9242]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  643.550009][ T9242] 
[  643.904870][ T5877] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  643.906854][ T9242] Memory state around the buggy address:
[  643.906869][ T9242]  ffff888022b2ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  643.914834][   T24] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  643.917522][ T9242]  ffff888022b2cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  643.937118][ T5877] usb 2-1: device descriptor read/8, error -71
[  643.942205][ T9242] >ffff888022b2cb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc
[  644.068773][   T24] usb 4-1: Using ep0 maxpacket: 32
[  644.072011][ T9242]                                                  ^
[  644.072028][ T9242]  ffff888022b2cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  644.082527][   T24] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  644.086250][ T9242]  ffff888022b2cc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  644.086265][ T9242] ==================================================================
[  644.143755][ T9242] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  644.151000][ T9242] CPU: 1 UID: 0 PID: 9242 Comm: syz.0.955 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  644.162405][ T9242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  644.172494][ T9242] Call Trace:
[  644.175812][ T9242]  <TASK>
[  644.178776][ T9242]  dump_stack_lvl+0x99/0x250
[  644.183503][ T9242]  ? __asan_memcpy+0x40/0x70
[  644.188150][ T9242]  ? __pfx_dump_stack_lvl+0x10/0x10
[  644.193396][ T9242]  ? __pfx__printk+0x10/0x10
[  644.198046][ T9242]  vpanic+0x281/0x750
[  644.202063][ T9242]  ? preempt_schedule+0xae/0xc0
[  644.206954][ T9242]  ? __pfx_vpanic+0x10/0x10
[  644.211497][ T9242]  ? preempt_schedule_common+0x83/0xd0
[  644.217008][ T9242]  ? preempt_schedule+0xae/0xc0
[  644.221903][ T9242]  ? __pfx_preempt_schedule+0x10/0x10
[  644.227322][ T9242]  panic+0xb9/0xc0
[  644.231080][ T9242]  ? __pfx_panic+0x10/0x10
[  644.235537][ T9242]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  644.241481][ T9242]  ? is_module_address+0x17/0xf0
[  644.246478][ T9242]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  644.251811][ T9242]  check_panic_on_warn+0x89/0xb0
[  644.256760][ T9242]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  644.262154][ T9242]  end_report+0x78/0x160
[  644.266413][ T9242]  kasan_report+0x129/0x150
[  644.270933][ T9242]  ? tcp_prune_ofo_queue+0x37e/0x6e0
[  644.276239][ T9242]  tcp_prune_ofo_queue+0x37e/0x6e0
[  644.281382][ T9242]  tcp_try_rmem_schedule+0xb6b/0x1830
[  644.286776][ T9242]  tcp_data_queue+0x4e3/0x6380
[  644.291567][ T9242]  ? __pfx_tcp_data_queue+0x10/0x10
[  644.296788][ T9242]  ? __pfx_tcp_urg+0x10/0x10
[  644.301419][ T9242]  ? read_tsc+0x9/0x20
[  644.305498][ T9242]  tcp_rcv_established+0xf9e/0x1eb0
[  644.310719][ T9242]  ? rt_is_expired+0x1c/0x2d0
[  644.315673][ T9242]  ? __pfx_tcp_rcv_established+0x10/0x10
[  644.321317][ T9242]  ? rt_is_expired+0x1c/0x2d0
[  644.326045][ T9242]  ? rt_is_expired+0x1c/0x2d0
[  644.330839][ T9242]  ? rt_is_expired+0x250/0x2d0
[  644.335610][ T9242]  ? __pfx_ipv4_dst_check+0x10/0x10
[  644.340818][ T9242]  ? __pfx_ipv4_dst_check+0x10/0x10
[  644.346027][ T9242]  tcp_v4_do_rcv+0xa23/0xce0
[  644.350628][ T9242]  ? __pfx_tcp_v4_do_rcv+0x10/0x10
[  644.355746][ T9242]  __release_sock+0x21c/0x350
[  644.360444][ T9242]  release_sock+0x5f/0x1f0
[  644.364878][ T9242]  tcp_sendmsg+0x39/0x50
[  644.369161][ T9242]  __sock_sendmsg+0x19c/0x270
[  644.373889][ T9242]  __sys_sendto+0x3bd/0x520
[  644.378582][ T9242]  ? __pfx___sys_sendto+0x10/0x10
[  644.383621][ T9242]  ? do_futex+0x333/0x420
[  644.387982][ T9242]  ? rcu_is_watching+0x15/0xb0
[  644.392760][ T9242]  __x64_sys_sendto+0xde/0x100
[  644.397530][ T9242]  do_syscall_64+0xfa/0x3b0
[  644.402042][ T9242]  ? lockdep_hardirqs_on+0x9c/0x150
[  644.407271][ T9242]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.413344][ T9242]  ? clear_bhb_loop+0x60/0xb0
[  644.418028][ T9242]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.423923][ T9242] RIP: 0033:0x7f75e938e929
[  644.428345][ T9242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  644.447966][ T9242] RSP: 002b:00007f75ea1ac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  644.456391][ T9242] RAX: ffffffffffffffda RBX: 00007f75e95b5fa0 RCX: 00007f75e938e929
[  644.464374][ T9242] RDX: 00000000000000fb RSI: 0000200000001600 RDI: 0000000000000003
[  644.472348][ T9242] RBP: 00007f75e9410b39 R08: 0000000000000000 R09: 0000000000000000
[  644.480328][ T9242] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  644.488487][ T9242] R13: 0000000000000000 R14: 00007f75e95b5fa0 R15: 00007ffecdf05e08
[  644.496481][ T9242]  </TASK>
[  644.499888][ T9242] Kernel Offset: disabled
[  644.504209][ T9242] Rebooting in 86400 seconds..