last executing test programs:

5.789768851s ago: executing program 0 (id=399):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r2, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x0)

5.713603783s ago: executing program 0 (id=400):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_usb_ep_write(r0, 0x6, 0x93, &(0x7f00000001c0)="051e3a850d43220ad56ec2ae8da4c6e8640783122e60a1f3a8e4016c39a9f2a99e3eae37af58155f328412a2328338f7897b0a8f928af31b30c37a629eca300f41a2bc8a028baf68ca9453245544a3050010b379bcd904a915a855b37cf3bb5b091ef69fb84ecb03de1859b9d189bdac6c49fe9b228b23a744fd5f9ca77f6c66ea92af8f135216fea291b390c9f6faaf8231f3")
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000540)=0x9)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x4)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000280)=0x9)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x7e)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2cf6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f0000000400)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="200a0700000007000000000000e6a6ac5b6830b5fddd734a69b44fd10b1dd9ae00631cab5798a992b06e20fd38b40aa5922ad9d2ce398a5a88bbfba6e59080f199c89ed823e17d81826d4560fe35df34cfdbd279f4947c81d3e214675f54b8c673aa6323e51721999690bc3bcd043e7a118faa34ba83e6"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000001e40)={0x84, &(0x7f0000001980)={0x0, 0x14, 0x3, "b844a7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, 0x0)
r3 = syz_usb_connect(0x5, 0x7a8, &(0x7f0000000580)={{0x12, 0x1, 0x310, 0x85, 0x34, 0x18, 0x40, 0x2040, 0xb764, 0x83d1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x796, 0x3, 0x3, 0x83, 0x10, 0x1, [{{0x9, 0x4, 0x51, 0x7f, 0x9, 0xfb, 0xad, 0x80, 0x5, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "33ef"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x7fffffff, 0x0, 0x500}, {0x6, 0x24, 0x1a, 0x8}, [@dmm={0x7, 0x24, 0x14, 0x1, 0x7}, @dmm={0x7, 0x24, 0x14, 0x1, 0x7}, @country_functional={0x8, 0x24, 0x7, 0xe, 0xd, [0x7f]}, @acm={0x4, 0x24, 0x2, 0x9}, @obex={0x5, 0x24, 0x15, 0x3}, @network_terminal={0x7, 0x24, 0xa, 0x7, 0xb, 0x0, 0x1}]}], [{{0x9, 0x5, 0x1, 0xc, 0x20, 0x6, 0x4, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0xffff}]}}, {{0x9, 0x5, 0x0, 0xc, 0x20, 0x6, 0x8, 0x8f, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x2, 0x401}]}}, {{0x9, 0x5, 0x6, 0x30cc9047c2aeea7, 0x8, 0xfe, 0x1, 0x3, [@generic={0xd3, 0x11, "531cdda9d74f2359ffecd43730f9539adb5aa92dc5dd12a0292f0a8f14d5ef380b5bb6d10d5927079c1a0358e9b93162d13e291f79fec53c87c9ac55bd80fb866bf47dbcaf28e46a580f26f03ca3ae3c31060b1e2d7b2d10687c5d1d00ebaeab8cfc3ffd968b159bd73e96de707880fd5f316370c265cf3febdfb0b94137cc4c34de54ec569886c08f1b96d48642dcdd2e975c53194a1c33f64a311dbfeb4bf883854b1a3b1cbe2845d9046ad8ce98236031ca5e42cf6e05214d45d6a2bfbc70ce954b7c2279b6c218f7c0dd91cdd06f63"}]}}, {{0x9, 0x5, 0x9, 0x10, 0x20, 0xd, 0x9, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x5, 0xc4b8}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x5, 0x6}]}}, {{0x9, 0x5, 0xa, 0x0, 0x0, 0x5, 0xd, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x2, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x180, 0x6, 0x8}]}}, {{0x9, 0x5, 0x0, 0x0, 0x20, 0x6, 0x75, 0x1, [@generic={0x72, 0xf, "a968234133877b7e333b26f4a77666b901a486cbeadba2a735f2c85090a19819cfeff76fb926e5be975fbe3f6ff903ef125983135718567192af960b43fabbf9d5d5ef3bf1132edad04c57708a3e482b412c736fb60a03c816b47a60b0104648c475aefda2deec3348db17980e178273"}]}}, {{0x9, 0x5, 0xe, 0x0, 0x400, 0x5, 0x0, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x13, 0xfff}]}}, {{0x9, 0x5, 0xa, 0x10, 0x10, 0x3, 0x6, 0x5, [@generic={0x54, 0x0, "9a3b88556fbcea0d718b97ccf94261f11af3558288d0a50db1c265be6732ccd33f16828091ebaa4d66fbacf7b22486eb702705988f7eadb2b602b0f2308336f9466eb38e02716c05571806c721acd8aa7c6c"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x20, 0x8, 0x8, 0x7, [@generic={0x45, 0x22, "2d9459cd86828554fe235575cf36bf6d593552821be9e3960335224bf1cdd7902f9a4dc12c88c1b1a24971a4d2994d676ddf889445be8cea014ef9337366aca994cb93"}]}}]}}, {{0x9, 0x4, 0xdb, 0x3, 0x3, 0x7f, 0xb2, 0x38, 0x2, [@generic={0x9f, 0x3, "ac12d794805ba30911bf2204569eb0bdb3c3f3c6d16efaebd30202f0267d253c64cc5a45e0a4cb2b714a0995e312d7d7dcd00158b2b27439ac4207f5f65b9653e5611d882c9d7fb2a9b20e248a72854b0af24549074048a6bc291c8f234b4c8d0603e3b4e42478df10e0347b6315e4589a6a54e0bfb714b62b1ad6a5fb66fed247401f02fcaff372cf1443318fc3dd0c0c6810dc322b5e01267f069ce7"}, @uac_as={[@as_header={0x7, 0x24, 0x1, 0xc, 0x2, 0x2}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x80, 0x8, 0x3}]}], [{{0x9, 0x5, 0x3, 0x10, 0x400, 0x2, 0x2, 0x12, [@generic={0xa3, 0x4, "0e5f309a2f913640c184040744c263bb8b4e69f2a289ba25f5f223de34218a0dc1dba1e1718d8290f7db12a7ced169554adffb24edfdd4a2f52147f20c1f07fde269a2dd06ca06dbf886ed7512a3095553c9cd4f373ddebf296fe6f35275c1baac214f7bd523f02348ecbaaa4b2caf133588119512ebf8b65879cf6cfd00018301c920e6c3d4dbc3e2e7ffb67f5782841a5d3ff9e444bc44e93a60b08258a371c6"}]}}, {{0x9, 0x5, 0x8, 0x10, 0x3ff, 0x9, 0x1, 0x10, [@generic={0xe4, 0x2, "b2d26f2787afd0ffc69cd6469e3ffc9621d5c896593895daa4feeac98b618ae1edd743321703617248594ee9ec614b21baca3ea751775ec5b765a33d1cbd29fcefc8d4f8fd623c5eb720e58e5710572cdf4e95893475844135d81c31410ed3bef0c5de30f42cb190376a740c28aabe38e5a6afce81c5b3a3d6691f2a81d2a1adc6366f79758e6eaf5feca79c43a1f58cdf54c4394f5f329609dd37e8051e859873fd7591730fa0186b06b38a04743d6a6bb584c0f2f5fe923fcb87531c4647349a6889a8730b3cc232cf6ffb6ed4cc23d6e95200ff47b459fb5ffb4daf8ba7498ec8"}]}}, {{0x9, 0x5, 0xc, 0x10, 0x3ff, 0x7, 0x4, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xe}]}}]}}, {{0x9, 0x4, 0x4, 0x0, 0x8, 0xa3, 0xba, 0x1, 0x8, [@uac_control={{0xa, 0x24, 0x1, 0x2c7, 0x8}, [@extension_unit={0x7, 0x24, 0x8, 0x1, 0x6, 0x4f}, @input_terminal={0xc, 0x24, 0x2, 0x5, 0x206, 0x6, 0x8, 0x5, 0x2, 0x3}, @extension_unit={0x8, 0x24, 0x8, 0x3, 0xc5e2, 0x6, "b1"}, @input_terminal={0xc, 0x24, 0x2, 0x5, 0x100, 0x5, 0xf9, 0x10, 0x5, 0x6}]}], [{{0x9, 0x5, 0x80, 0x0, 0x8, 0xb, 0x7, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x41, 0x9}, @generic={0x45, 0xe, "49e13acc526511b2d2edddc44b86edbcc6fd05b54f177ddbdf866d87800402b95dd7cbefb739f9ee80e2155a00eea4323272ee3cdc17317a4f38e6977021c52e22d4df"}]}}, {{0x9, 0x5, 0xc, 0x1, 0x20, 0x4, 0x40, 0x8, [@generic={0x8f, 0x8, "43cd9985cc3475f4454d42f118258dcd7fc5ffcfef0208fec1b01a6b02cbbcde61b98fd22e7cd19ada021b5941d36410ee2f53d3664b4d0f863264d64bf828b22a31dd4a737b0bb7dcb3055f093ea2ed884e57ddd2a7b195b96a4e4d5542b65cc7c6539f1a73b39fc9fc42949c4f759edbd10b2e01ed005e17973527263fad023c1f24de3b55a7bdc64150a874"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x40, 0x9, 0x0, 0x8, [@generic={0xcc, 0x6, "34edbb6d9c164edcfbfefa8fa51a24638a55f42b76645a3566d64cf6ed3671fdfa4159235e6614b8c28f0a7c5e8861f144db32cdc8ce679a03f99848580d40920784de6753ae37cdcc63e599f2b1ae5b4d7680f014f50bf374f36767af74546b3114d2280be673ad4c1eea077216d0581cc05729b2dbecc521c5b25063ce1fad8c0a0410d9c1e4b3677d89cea50514a5896490a5abb55a4f898f15e576e54b90016a0de6a76c9cbd0a266b39927402f3cfa42ccb8c8776a9e2b3de25a67d34ed052ff003d3faa81ff47d"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x6, 0x1}]}}, {{0x9, 0x5, 0xa, 0x10, 0x400, 0x32, 0x5, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0xfff9}]}}, {{0x9, 0x5, 0x4, 0x1, 0x10, 0x7, 0x2, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x23, 0x7}]}}, {{0x9, 0x5, 0x8e, 0xc, 0x20, 0xf7, 0x81, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x43, 0xa, 0x7}]}}, {{0x9, 0x5, 0x5, 0x0, 0x120, 0x6, 0x4, 0x1, [@generic={0x33, 0x11, "695843fbb86fd0434538a76b74a012b15074ae2baa9a8fc04e692b9a7c8a7fa7a363f891a948f0cb67e880d6027779bacf"}]}}, {{0x9, 0x5, 0x5, 0x10, 0x3ff, 0x3, 0x3, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x1a, 0x4}]}}]}}]}}]}}, &(0x7f0000000dc0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x300, 0x81, 0x7f, 0xd, 0x10, 0xfe}, 0xba, &(0x7f0000000e40)={0x5, 0xf, 0xba, 0x5, [@wireless={0xb, 0x10, 0x1, 0x8, 0x89, 0x9c, 0x80, 0x2000}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "e0e28401318b6bb714e0ea4f389d3796"}, @generic={0x6f, 0x10, 0xa, "fd90def76ac373d627e1dbbccf0918f0ac031661d5568a222695e9fbf6e2bb975be63f35d107b75023a1e5166d438ddf22ed309b57e6c4fb03b64f17781b068741ab455af4c7c7b057d5fbd078c241bab5def7449e2546b77f75d785451d71fbff551403c9d7ab9d76cf94af"}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0xb, 0x5, 0xfffe}, @ssp_cap={0x20, 0x10, 0xa, 0xfd, 0x5, 0x1426d75, 0xf00, 0x2041, [0x3f00, 0xc000, 0x0, 0x3f0f, 0xff000f]}]}, 0x6, [{0xbb, &(0x7f0000000300)=@string={0xbb, 0x3, "31d90a69e5fe0235582c42fdab0d0d9726e1598756922a128bd9b14b3a8246216becfe89dd25ffaff873c01e043ad8224414b245a13144c5cc9262208d665ce05e7d6fe27e1c6f387718113b4d95014f7e4928a6129c71999975d57793b8a95a21416cea9e92cbb0121a109fab3a66a96f4b8d7aafac1fcb0c1a337f936ca0cdafc1895ca107343db13931a1786e321a5c1d12f18e2afa7ca44bd185e347cdbf6c46c4901b6eb914cc56f9c97f5ebbad521c21d47752508558"}}, {0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x200a}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x418}}, {0x8f, &(0x7f0000000440)=@string={0x8f, 0x3, "0909f947da974523b76dad70a61c7d86d306f588c37b154af2c804e37e5ae335df2d24c74308db0a177fd2625452ec3cbf9646a556552ef106f6ad76fe885c8cf0366a75020e0d0003da49d5b8e937cf1bfe8985c1afe4e82395de9afc4158b0dd326b526ec53f8988452ee6067afc13c0223fab801d3ea51e72d6448a2194a4124e687474e2fbc2ced997863b"}}, {0x2d, &(0x7f0000000500)=@string={0x2d, 0x3, "fcb08ca24a7e39512b8b4ba059256cb0c9bf540f43d1b044c5f08478cb8016cde19d85c7b38c24b6e20d82"}}, {0x7e, &(0x7f0000000d40)=@string={0x7e, 0x3, "6ead92ec557c244a983872345f8483e3f00dba52224d7b8594efb3a735182313f673860769e1c986029174fd15b3bc54cf8210e3d9eb6c8e570438e11cd72ea268fe746f19ad159c07d5320247bbe4df8b81cb3b0290763d675593f4272592540b19246684c2d02a4dbba0af81f42977e46d8302134d65b9780ea9b0"}}]})
syz_usb_disconnect(r3)
close(0x4)

4.433386198s ago: executing program 1 (id=410):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, 0x0}], 0x1, 0x52, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x300000000000000)

4.165962699s ago: executing program 1 (id=413):
mkdir(&(0x7f00000000c0)='./file0\x00', 0x28)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r0, 0x0, 0x1)
mkdirat(r0, &(0x7f00000001c0)='./bus\x00', 0x2b)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
getxattr(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)=@known='system.posix_acl_access\x00', 0x0, 0xed)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3})
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x10, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000000)={0x171, 0x2, 0x6})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00464b4, &(0x7f0000000400)={r4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})

4.076895504s ago: executing program 0 (id=414):
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
r1 = socket$inet(0x2, 0x1, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f0000000080)=0x7c, 0x4)
bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0xfffffffffffffc7d)
r3 = socket$inet(0x2, 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000380), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000040)={0x40000000})
setsockopt$sock_int(r3, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
r5 = socket$unix(0x1, 0x5, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r7=>0x0})
connect$can_bcm(r6, &(0x7f00000000c0)={0x1d, r7}, 0x10)
sendmsg$can_bcm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r8, 0x0)
sendmsg$can_bcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2, 0x0, 0x0, 0x4004}, 0x48084)
bind$inet(r3, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x2, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58)
r10 = accept4(r9, 0x0, 0x0, 0x800)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r10)
syz_open_pts(r0, 0x8182)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000))

4.075857973s ago: executing program 1 (id=415):
syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0)
r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xc5)
ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f0000000240)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xee00})
ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000080)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}})
r1 = socket$inet6(0xa, 0x1, 0x1)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x12040, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000000c0)={0x4d, 0x1, 0x0, "6040a7190200002000000000000000ff1057e31e94000000000000000006ff00", 0x34325258})
ioctl$RTC_AIE_ON(r2, 0x7001)
ioctl$F2FS_IOC_SET_COMPRESS_OPTION(r1, 0x4002f516, &(0x7f0000000100)={0xbe, 0x8})

3.101790954s ago: executing program 0 (id=416):
mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='\x00', &(0x7f0000000040)='ceph\x00', 0x100000, 0x0)

3.086825995s ago: executing program 0 (id=417):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000580)={0x18, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000280)={0x44, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f00000001c0)={0x20, 0x6, 0xa1, "fda51c83ed29a0f0dc54ab71839ff98b911e79ac33161f30b75559e2cfc9bdf8531a0cb99bf20a277e87b3883cabf58cc4af1fab47b6e960c8e927e6714d16291f00913e7a607bb525edebfe9fe4d4ef9f97b21609466688283cc6408c3fc804c18f0ba10e14ef0623640bce575f72b92caee19ff180da0e43d57f8fbacd2cc6f2cd5a8440fd2003e79ac3c897691a0a641ac122beff12833fb3ef1822a44ae756"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000040)={0x14, &(0x7f0000000300)={0x40, 0xd, 0xe0, {0xe0, 0x0, "0de48c346daafdb2af0db36f3fe143304ec48412fd2c72c0ec19f3818f11f2287bae8cf6f7b18a99784dea158aa65204ee53304f3eb12fc1d72c0dad2ccb3a09821cfd87c82e5554673fce0a1d66531e0b2e6590c45932dd376fb5d1694257aa6cc447ba7a23ad70e83e9aa7ec1bb508cbd47acce3bec9cc53a6a91763a3289ceb4cc2a4db4be2659f47398394d7d08f6546aac3561a3c584923bd4cfd323b9e074209fcf6375df98a671e6c47e824a1e61d49da275c3e5f775ba823ad5304d541f78c25e2bfb96b95e9cd89e38ca4cb1682270c27f68797a59628e1157c"}}, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000680)={0x44, &(0x7f0000000100)={0x0, 0x15, 0x9c, "652c569888c0dbd0b0164c82f7a57f00c47fee41476d9f072c0eb4555044e241628a49e6499d3956cc3aad151e0e9969476e12e75d0eed90b07b5f637977d160f42bf0010caefcca49a8b0964d2536af01208369db72245ed67da8e746c9147c2622adac994741943f5e352c78b537e32684ee3834b3ec4bc9937dee3c0a2d7b9669df76c59fba86b511d3a29a89842218fd647fa98b774d8968a93b"}, &(0x7f0000000400)={0x0, 0xa, 0x1, 0x2}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0xb}, &(0x7f0000000500)={0x20, 0x80, 0x1c, {0xfffa, 0x40, 0xb4, 0x7, 0x3, 0x1, 0x63, 0xfffffbff, 0x0, 0x0, 0x3, 0x8000}}, &(0x7f0000000540)={0x20, 0x85, 0x4, 0x9}, &(0x7f00000005c0)={0x20, 0x83, 0x2}, &(0x7f0000000600)={0x20, 0x87, 0x2, 0x1}, &(0x7f0000000640)={0x20, 0x89, 0x2, 0x1}})

2.808021211s ago: executing program 3 (id=419):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20a00, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000000)=0x8, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2)

2.609658361s ago: executing program 3 (id=421):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0xfffffffc, 0x5, 0x0, 'queue0\x00', 0x10000})
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000180)={0x0, 0x0, {0x2, 0x1}})
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x0, 0x3e8}})

2.511977426s ago: executing program 3 (id=422):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fddbdf2507000000080001004d000000080003007f367036bcbfdfb3e2e9a9a4f8fcbca871589553cb0706ed4c60378d45165da206dd6c90a7f220596d77acd5762cf9d026024e08e8f57e1601eaca4e45387fc8784641e0593aef7afa841b765fecdb44345080ae7f8e7b231cdfa13b7cf5e7537b37a0594251653d4566ceeeab31196ca241376f6f802d2d936481d1f9d49d1c7c7f32085986dbd6", @ANYRES32=r2, @ANYBLOB="140004006272696467655f736c6176655f31000008000500060000000c0017800400050004000300"], 0x4c}, 0x1, 0x0, 0x0, 0x8050}, 0x240048c0)
sendfile(0xffffffffffffffff, r0, &(0x7f0000000000)=0x2, 0x80000001)
sendfile(r0, r0, 0x0, 0x7ffff000)

2.380537902s ago: executing program 1 (id=423):
r0 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x42b, 0xfc000000, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)

2.245227595s ago: executing program 1 (id=424):
syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0xff2e)
r1 = socket$inet(0x2, 0x1, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f0000000080)=0x7c, 0x4)
bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0xfffffffffffffc7d)
r3 = socket$inet(0x2, 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000380), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f0000000040)={0x40000000})
setsockopt$sock_int(r3, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
r5 = socket$unix(0x1, 0x5, 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r7=>0x0})
connect$can_bcm(r6, &(0x7f00000000c0)={0x1d, r7}, 0x10)
sendmsg$can_bcm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r5, @ANYBLOB="3bf81bb9f9"], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r8, 0x0)
sendmsg$can_bcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2, 0x0, 0x0, 0x4004}, 0x48084)
bind$inet(r3, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x2, 0x0, "0062ba7d82000000000000000000f7fffeff00"})
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58)
r10 = accept4(r9, 0x0, 0x0, 0x800)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r10)
r11 = dup3(0xffffffffffffffff, r0, 0x0)
ioctl$TIOCSTI(r11, 0x5412, &(0x7f0000000000))

1.644612299s ago: executing program 2 (id=425):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
readv(r0, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"})
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x2)
r1 = syz_open_pts(r0, 0x101)
r2 = dup3(r1, r0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0) (fail_nth: 3)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd)
write$UHID_INPUT(r2, 0x0, 0x0)

1.601066071s ago: executing program 3 (id=426):
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
r0 = getpid()
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="200000002000010000ffffffffffffff81"], 0x20}}, 0x0)
r2 = syz_pidfd_open(r0, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
write$sndseq(r3, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r3, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x20, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xc4)
write$sndseq(r3, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff81}, {}, {}, @time=@time}], 0xc4)
write$sndseq(r3, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54)
write$sndseq(r3, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xc4)
write$sndseq(r3, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @tick=0x8}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_DEV_CREATE(r4, 0x541b)
write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}], 0x54)
write$sndseq(r3, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect={{0x1, 0x6}, {0xeb, 0x9}}}], 0xc4)
write$sndseq(r3, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c)
write$sndseq(r3, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c)
write$sndseq(r3, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4)
write$sndseq(r3, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x8, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x6, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x8}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0x6, 0x54, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x2, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0xc, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @result={0x5, 0x6}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x4, 0xb3}, {0x80, 0xd}, @control={0x66, 0x800, 0x3}}], 0xfc)
write$sndseq(r3, &(0x7f0000000400)=[{0x8, 0x53, 0x7, 0x65, @time={0x4, 0x8}, {0x7, 0x1}, {0x6, 0x5}, @raw8={"424a46f27d2a45434e135bda"}}, {0x7, 0x2, 0x64, 0x8, @tick=0x5, {0xc5, 0xf9}, {0x9, 0x16}, @addr={0x7, 0x40}}, {0x88, 0xfd, 0x7a, 0xd, @tick=0x1158, {0x9, 0x6}, {0x4, 0x4}, @connect={{}, {0xf, 0x6}}}], 0x54)
setns(r2, 0x8020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf}, 0x20)

1.372836359s ago: executing program 3 (id=427):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r2, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[], 0x2c}}, 0x0)

1.049351513s ago: executing program 3 (id=428):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x2, {0x0, 0xf0, 0x3}}, 0x18)
sendmmsg$inet6(r0, &(0x7f0000001d80)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000280)="e6810f78943c39de", 0x8}], 0x1}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000003c0)="28f200bd1f", 0x5}], 0x1}, 0x5000000}], 0x2, 0x40800)
syz_usb_connect(0x0, 0x4a, 0x0, 0x0)

1.047416213s ago: executing program 1 (id=429):
syz_usb_connect(0x2, 0x3d, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x5f, 0xfc, 0x70, 0x20, 0x711, 0x210, 0xfdd6, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8b, 0x0, 0x2, 0xbe, 0x44, 0x8f, 0xff, [], [{{0x9, 0x5, 0x80, 0x2, 0x3ff, 0x9, 0xf, 0x5, [@generic={0x7, 0x5, "bdf74e3781"}]}}, {{0x9, 0x5, 0x8b, 0x3, 0x40, 0xe, 0x4b, 0x2}}]}}]}}]}}, 0x0)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_int(r0, 0x0, 0x6, 0x0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000280)="05031600d3700ee1a880", 0xa, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000180)={r2, @broadcast, @empty}, 0xc)
memfd_create(&(0x7f0000000000)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06F\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\x1e\x88\xecif\xee\xba\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLD\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10', 0x7)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
getsockopt$bt_hci(r3, 0x84, 0x2, 0x0, &(0x7f00000000c0))
mkdir(&(0x7f00000001c0)='./file0\x00', 0x180)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x0, 0x0)

712.07714ms ago: executing program 2 (id=430):
syz_io_uring_setup(0x7304, &(0x7f0000000340)={0x0, 0x9f7, 0x80, 0x3, 0x38}, &(0x7f0000000100), 0x0)
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, &(0x7f0000000180)={0x10, 0x1, 0x0, 0x6, 0x0, 0x0, "5dc9ca561a5fbf61048955f6f876b2ff", 0xd, 0x1})
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000800)={r1, r1, r1}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}})

597.604706ms ago: executing program 2 (id=431):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = dup(r2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000032c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r4, &(0x7f0000003580)={0x0, 0x0, &(0x7f0000003540)={&(0x7f0000003300)={0x3c, r5, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xfff}, {0x6, 0x16, 0x973c}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004000}, 0x20004804)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r6)
sendmsg$IEEE802154_ADD_IFACE(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={0x34, r7, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x44800)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x4}], 0x1c)
sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x3}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x3, 0xfffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_ifreq(r8, 0x89f0, &(0x7f0000000040)={'bond0\x00', @ifru_names='ip6gre0\x00'})
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x3, 0xf06, 0x0, 0x84, 0x81, 0x5}, 0x9c)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xfffffff2, @empty, 0x3}}, 0x1000000, 0x31, 0xffff1896, 0x3, 0x6, 0x0, 0x1b}, 0x9c)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r10, 0x1000)
ioctl$KVM_SET_SIGNAL_MASK(r9, 0x4004ae8b, &(0x7f0000000080)={0x8})

251.025395ms ago: executing program 2 (id=432):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x202080, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0)

171.085956ms ago: executing program 2 (id=433):
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x208002, 0x0) (async)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000001c0)={0x7, [0x1, 0x7, 0x5, 0x6, 0x2, 0x401, 0x10]}, 0x12) (async, rerun: 32)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x181941) (rerun: 32)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
r2 = socket$kcm(0x10, 0x2, 0x4)
close(r2) (async)
socket$kcm(0x10, 0x2, 0x0) (async, rerun: 64)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x3, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800020007000c00060004c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) (rerun: 64)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r3=>0x0, 0xbc, &(0x7f0000000280)=[@in={0x2, 0x4e22, @private=0xa010102}, @in6={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8}, @in6={0xa, 0x4e21, 0x1, @empty, 0x7}, @in6={0xa, 0x4e22, 0xf0e, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xfffffff7}, @in6={0xa, 0x4e20, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x5}, @in6={0xa, 0x4e21, 0xf3dbdfb, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, @in={0x2, 0x4e22, @local}, @in={0x2, 0x4e21, @loopback}]}, &(0x7f0000000040)=0x10)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000240)={r3, 0x20, "d656c9a61490b7e8773ca55437fa234c0170c8cbe5ebdd2be9"}, &(0x7f0000000180)=0xfc86)
lsetxattr$trusted_overlay_nlink(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000100), &(0x7f0000000140)={'L+'}, 0x16, 0x2)
newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', &(0x7f0000000340), 0x400)

1.73208ms ago: executing program 2 (id=434):
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000340), 0x10)
read(r0, &(0x7f00000027c0)=""/4073, 0xfe9)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f0000000280)=@canfd={{0x0, 0x1, 0x1, 0x1}, 0x32, 0x5, 0x0, 0x0, "1037b0bbf254070aba7c5b6e63c98dcf420f4956d8aa5d4989f2f5650c080c2e2b53173b84ee9a4e09d796d418449e7d66d3ad79f13ad7c72145569b44545cfb"}, 0x48}}, 0x4000040)
socket(0x400000000010, 0x3, 0x0)
socket(0x10, 0x2, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003400200000300000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x20000080)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r4=>0x0}, &(0x7f0000000080)=0x8)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0))
socket$kcm(0x29, 0x7, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r8 = dup3(r7, r6, 0x80000)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5)
r10 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCALLUSERDATA(r10, 0x89e5, &(0x7f0000002dc0)={0x8200020, "4a68b2df3cdf4e47e55b0cfee618c3df4505ec43511065af69f264574a6f0c0d29320843e843b968dcf30fad98f75a6341ad4720b237d465ef75ba44b3572569b346e103e055a726ed096a98943a278be110001000000000005a9854babb6df599710dc47d907ba93d30ba06134cd08371cbc2212e9a7174bf50a8171b043423"})
timer_create(0x7, &(0x7f0000000080)={0x0, 0x3, 0x2}, &(0x7f00000000c0))
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00'})
r11 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r11, 0x0, 0x0)
r12 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r12, 0x5420, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "9e4d2236078f0080000004ff98023dffffffff"})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00ff00", @ANYRES16=r9, @ANYRES8=r4, @ANYRESOCT=0x0, @ANYBLOB="100026629fdb236ab83b6d3fa886ee85b704a906031f35ade2404110a084c852ee124db4e156bea333d57c24a8326cbf212f068e2cb53f9beb149bdcdc0679762dc70e74cf56c5163984e14352bdf05410cc3ec5a89a597936d2a89e0321d0015b37fd350341ee3176bb", @ANYRESOCT=r1, @ANYRESDEC=r8, @ANYRES32=0x0], 0x2c}, 0x1, 0x0, 0x0, 0x400c894}, 0x40000)

0s ago: executing program 0 (id=435):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x2000000, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1010000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

kernel console output (not intermixed with test programs):

interface() failed=-22
[   81.154929][ T5884] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   81.176801][ T5164] Bluetooth: hci3: command tx timeout
[   81.182334][ T5164] Bluetooth: hci0: command tx timeout
[   81.211674][ T5884] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[   81.221281][ T5884] usb 3-1: media controller created
[   81.244953][ T5934] netlink: 88 bytes leftover after parsing attributes in process `syz.2.5'.
[   81.268224][ T5164] Bluetooth: hci2: command tx timeout
[   81.273722][ T5848] Bluetooth: hci1: command tx timeout
[   81.296691][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   81.371821][ T5884] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[   81.402082][ T5884] zl10353_read_register: readreg error (reg=127, ret==-71)
[   81.422039][ T5884] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[   81.528070][ T5884] usb 3-1: USB disconnect, device number 2
[   81.938693][ T5969] random: crng reseeded on system resumption
[   82.257137][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   82.360684][ T5982] netlink: 128 bytes leftover after parsing attributes in process `syz.3.17'.
[   82.412074][ T5982] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17'.
[   82.418378][ T5985] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17'.
[   82.456612][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   82.472270][    T9] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[   82.499921][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   82.519562][    T9] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[   82.534935][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   82.553022][    T9] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[   82.564555][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   82.587708][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   82.606036][    T9] usb 1-1: SerialNumber: syz
[   82.646449][ T5884] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   82.827590][ T5884] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[   82.855276][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.895436][ T5995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   82.919416][ T5884] usb 3-1: config 0 descriptor??
[   82.931759][ T5995] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   82.999848][ T5973] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   83.015279][ T5884] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[   85.029091][ T5848] Bluetooth: hci0: command tx timeout
[   85.029612][ T5164] Bluetooth: hci3: command tx timeout
[   85.034626][ T5848] Bluetooth: hci2: command tx timeout
[   85.040237][ T5164] Bluetooth: hci1: command tx timeout
[   85.053863][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   85.436861][ T5884] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   85.447434][ T5884] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[   85.541947][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.815667][ T5884] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   86.006687][ T5976] usb 1-1: USB disconnect, device number 2
[   86.008171][ T5884] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   86.044605][ T5884] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   86.068664][ T5884] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   86.079583][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.087809][ T5884] usb 2-1: Product: syz
[   86.092278][ T5884] usb 2-1: Manufacturer: syz
[   86.097115][ T5884] usb 2-1: SerialNumber: syz
[   86.140061][ T5891] hid-generic 0005:16C0:05DF.0001: item fetching failed at offset 0/1
[   86.156430][ T5891] hid-generic 0005:16C0:05DF.0001: probe with driver hid-generic failed with error -22
[   86.357998][ T6002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   86.367076][ T6002] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   86.390438][ T6002] /dev/rnullb0: Can't open blockdev
[   86.435130][ T5884] usb 2-1: 0:2 : does not exist
[   86.507185][ T5884] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[   86.580421][ T5884] usb 2-1: USB disconnect, device number 2
[   86.729318][  T981] usb 3-1: USB disconnect, device number 3
[   86.765803][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   86.782221][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   86.799572][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[   86.874829][   T43] cfg80211: failed to load regulatory.db
[   87.345750][   T43] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   87.517846][   T43] usb 2-1: Using ep0 maxpacket: 16
[   87.543149][   T43] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   87.552428][   T43] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   87.598413][   T43] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   87.622242][   T43] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   87.632459][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.646710][   T43] usb 2-1: Product: syz
[   87.651009][   T43] usb 2-1: Manufacturer: syz
[   87.661290][ T6030] FAULT_INJECTION: forcing a failure.
[   87.661290][ T6030] name failslab, interval 1, probability 0, space 0, times 1
[   87.674252][ T6030] CPU: 0 UID: 0 PID: 6030 Comm: syz.2.31 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[   87.674276][ T6030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   87.674292][ T6030] Call Trace:
[   87.674299][ T6030]  <TASK>
[   87.674306][ T6030]  dump_stack_lvl+0x189/0x250
[   87.674340][ T6030]  ? __pfx____ratelimit+0x10/0x10
[   87.674358][ T6030]  ? __pfx_dump_stack_lvl+0x10/0x10
[   87.674379][ T6030]  ? __pfx__printk+0x10/0x10
[   87.674407][ T6030]  ? __pfx___might_resched+0x10/0x10
[   87.674427][ T6030]  ? fs_reclaim_acquire+0x7d/0x100
[   87.674451][ T6030]  should_fail_ex+0x414/0x560
[   87.674480][ T6030]  should_failslab+0xa8/0x100
[   87.674499][ T6030]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[   87.674521][ T6030]  ? __d_alloc+0x36/0x7a0
[   87.674542][ T6030]  ? __lock_acquire+0xab9/0xd20
[   87.674564][ T6030]  __d_alloc+0x36/0x7a0
[   87.674584][ T6030]  ? from_kgid+0x1b0/0x650
[   87.674605][ T6030]  d_alloc_parallel+0xe5/0x15e0
[   87.674627][ T6030]  ? security_capable+0x7e/0x2e0
[   87.674648][ T6030]  ? capable_wrt_inode_uidgid+0x1e7/0x290
[   87.674674][ T6030]  ? __lock_acquire+0xab9/0xd20
[   87.674692][ T6030]  ? __pfx_d_alloc_parallel+0x10/0x10
[   87.674720][ T6030]  ? __raw_spin_lock_init+0x45/0x100
[   87.674743][ T6030]  ? __init_waitqueue_head+0xa9/0x150
[   87.674771][ T6030]  __lookup_slow+0x116/0x3d0
[   87.674796][ T6030]  ? __pfx___lookup_slow+0x10/0x10
[   87.674835][ T6030]  ? down_read+0x1ad/0x2e0
[   87.674856][ T6030]  lookup_slow+0x53/0x70
[   87.674880][ T6030]  walk_component+0x2d2/0x400
[   87.674899][ T6030]  ? path_lookupat+0x156/0x430
[   87.674922][ T6030]  path_lookupat+0x163/0x430
[   87.674947][ T6030]  filename_lookup+0x212/0x570
[   87.674961][ T6030]  ? kasan_save_track+0x4f/0x80
[   87.674977][ T6030]  ? __pfx_filename_lookup+0x10/0x10
[   87.675006][ T6030]  ? __might_fault+0xb0/0x130
[   87.675031][ T6030]  do_linkat+0x120/0x560
[   87.675047][ T6030]  ? __pfx_do_linkat+0x10/0x10
[   87.675057][ T6030]  ? strncpy_from_user+0x150/0x290
[   87.675074][ T6030]  ? getname_flags+0x1e5/0x540
[   87.675089][ T6030]  __x64_sys_link+0x82/0x90
[   87.675101][ T6030]  do_syscall_64+0xfa/0x3b0
[   87.675111][ T6030]  ? lockdep_hardirqs_on+0x9c/0x150
[   87.675121][ T6030]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.675130][ T6030]  ? clear_bhb_loop+0x60/0xb0
[   87.675142][ T6030]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.675151][ T6030] RIP: 0033:0x7f911618e929
[   87.675165][ T6030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   87.675173][ T6030] RSP: 002b:00007f9116f33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056
[   87.675185][ T6030] RAX: ffffffffffffffda RBX: 00007f91163b5fa0 RCX: 00007f911618e929
[   87.675192][ T6030] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000200000000200
[   87.675198][ T6030] RBP: 00007f9116f33090 R08: 0000000000000000 R09: 0000000000000000
[   87.675203][ T6030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   87.675209][ T6030] R13: 0000000000000000 R14: 00007f91163b5fa0 R15: 00007ffd0045fef8
[   87.675223][ T6030]  </TASK>
[   87.698572][   T43] usb 2-1: SerialNumber: syz
[   88.587510][ T6047] No control pipe specified
[   88.606153][   T43] usb 2-1: 0:2 : does not exist
[   88.687961][ T6049] netlink: 12 bytes leftover after parsing attributes in process `syz.2.34'.
[   88.741735][ T6051] binder: 6050:6051 unknown command 1078485782
[   88.750201][ T6049] netlink: 32 bytes leftover after parsing attributes in process `syz.2.34'.
[   88.780144][ T6051] binder: 6050:6051 ioctl c0306201 200000000900 returned -22
[   89.015798][   T43] usb 2-1: 1:0: cannot get min/max values for control 2 (id 1)
[   89.047390][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   89.087624][   T43] usb 2-1: USB disconnect, device number 3
[   89.188456][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   89.589188][ T6063] Zero length message leads to an empty skb
[   89.990390][ T6073] netlink: 104 bytes leftover after parsing attributes in process `syz.3.42'.
[   90.076826][ T6076] comedi comedi1: Minor 2 could not be opened
[   90.137978][ T6076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.43'.
[   90.170707][ T6080] netlink: 5 bytes leftover after parsing attributes in process `syz.1.46'.
[   90.202152][ T6080] netlink: 'syz.1.46': attribute type 8 has an invalid length.
[   90.369646][ T6088] netlink: 48 bytes leftover after parsing attributes in process `syz.3.48'.
[   90.492161][ T6096] FAULT_INJECTION: forcing a failure.
[   90.492161][ T6096] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   90.606613][ T6096] CPU: 0 UID: 0 PID: 6096 Comm: syz.1.49 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[   90.606639][ T6096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   90.606649][ T6096] Call Trace:
[   90.606656][ T6096]  <TASK>
[   90.606664][ T6096]  dump_stack_lvl+0x189/0x250
[   90.606691][ T6096]  ? __pfx____ratelimit+0x10/0x10
[   90.606710][ T6096]  ? __pfx_dump_stack_lvl+0x10/0x10
[   90.606731][ T6096]  ? __pfx__printk+0x10/0x10
[   90.606766][ T6096]  should_fail_ex+0x414/0x560
[   90.606796][ T6096]  _copy_to_user+0x31/0xb0
[   90.606819][ T6096]  simple_read_from_buffer+0xe1/0x170
[   90.606845][ T6096]  proc_fail_nth_read+0x1df/0x250
[   90.606869][ T6096]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   90.606894][ T6096]  ? rw_verify_area+0x2a6/0x4d0
[   90.606910][ T6096]  ? __lock_acquire+0xab9/0xd20
[   90.606927][ T6096]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   90.606951][ T6096]  vfs_read+0x1fd/0x980
[   90.606984][ T6096]  ? __pfx___mutex_lock+0x10/0x10
[   90.607003][ T6096]  ? __pfx_vfs_read+0x10/0x10
[   90.607023][ T6096]  ? __fget_files+0x2a/0x420
[   90.607048][ T6096]  ? __fget_files+0x3a0/0x420
[   90.607066][ T6096]  ? __fget_files+0x2a/0x420
[   90.607095][ T6096]  ksys_read+0x145/0x250
[   90.607116][ T6096]  ? __pfx_ksys_read+0x10/0x10
[   90.607140][ T6096]  ? do_syscall_64+0xbe/0x3b0
[   90.607161][ T6096]  do_syscall_64+0xfa/0x3b0
[   90.607177][ T6096]  ? lockdep_hardirqs_on+0x9c/0x150
[   90.607194][ T6096]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.607210][ T6096]  ? clear_bhb_loop+0x60/0xb0
[   90.607230][ T6096]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   90.607246][ T6096] RIP: 0033:0x7fa57c78d33c
[   90.607262][ T6096] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   90.607275][ T6096] RSP: 002b:00007fa57d687030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   90.607294][ T6096] RAX: ffffffffffffffda RBX: 00007fa57c9b6080 RCX: 00007fa57c78d33c
[   90.607307][ T6096] RDX: 000000000000000f RSI: 00007fa57d6870a0 RDI: 0000000000000005
[   90.607317][ T6096] RBP: 00007fa57d687090 R08: 0000000000000000 R09: 0000000000000000
[   90.607328][ T6096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   90.607338][ T6096] R13: 0000000000000001 R14: 00007fa57c9b6080 R15: 00007fff3fc17bd8
[   90.607376][ T6096]  </TASK>
[   91.185887][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   91.385605][    T9] usb 3-1: Using ep0 maxpacket: 16
[   91.408824][    T9] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   91.436977][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   91.467824][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   91.506111][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   91.539891][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.566957][    T9] usb 3-1: Product: syz
[   91.571177][    T9] usb 3-1: Manufacturer: syz
[   91.645648][    T9] usb 3-1: SerialNumber: syz
[   92.135463][    T9] usb 3-1: 0:2 : does not exist
[   92.170518][ T6112] [U] 
[   92.180519][ T6112] [U] K{�
[   92.194482][ T6112] [U] �T �1��Š�F���Fˊ�`G�Jǘ�G���������O��/�MC�
[   92.223072][ T6112] [U] T�ؖ/,�~�Ĝ��J���}8���'O1��"�7-΂JQ�K��W��Q�5C%"�H12��Y������X�`���ȼ`+��(�¿!(���Z'�TXLN�I�G�J����ݭ�P�~�7�!���"ب���(�5�OBܤ�̓J�
[   92.328887][ T6112] [U] �K\&�}6�6�X�HX��Ե���.`�A�$�40|϶��9��ި����U��4��ĮVBZ��}�W�M�T���Q��ΦR�4��
[   92.394922][ T6112] [U] ".H6��"�KÇ[����J�4��I�N��[Z(��C|T�]Z{��3�C=��X�Ԟ˅�4�W�)\T�XJ��SH{Q;̹���T��+���G��߮D�.˂�>Y����WUH�FN����HL]S�2���\G%�O�&Z)�К'�PUL�_<�	�ذ�Ү��`ұT��ޜ���;_�"(�U{7J��2X �/�'��C���I����H�C�ճ�V�=��AI�%W�ES� R��J�Μ���G��R��͡HI
���A��6-�D��V�� I"��Nƨ ��ASC~4���8C�*�OO5/ߜJ�~���W�VK+����3��Y)��M���V��YQƽ�DTR�
OTPEM%F��EJ�A5��T_-X~�^AAۂҘ�Q��
[   92.520248][ T6112] [U] 	+�W�G?]��'A:	��)�
����' B>T���F/��<'�U�'��H�I�.+]E�.�-ɿ߿�%��>2`�^U�8F.�6��3��+�A�«���G3�P��6:�^0��T��V�'E�T����YC�N��Rϩ�N�PJ�;�Z����ۑ8!��\م�A�ʖ2��$е�­WI.��#��/BAI���`��4J��D�Y@�Z��GW�5˿B��ٜ�N�Y"VI2��
[   92.566788][    T9] usb 3-1: 1:0: cannot get min/max values for control 2 (id 1)
[   92.613651][    T9] usb 3-1: USB disconnect, device number 4
[   92.626374][ T6112] [U] �T�_K5�T�YJ���9��C�$BR�L�NUL��9W���|�G�"ʃ�%�ڶ�C�؝���Q��
 ��3��Q��N^HP*��$	�.�7Yӱ�2�
[   92.678751][ T6112] [U] �?���H��*����3͝7�ɍ�^#Q�"0~���(�O�XL�B�,'V��=���C�S���G�S��0�ւ��`���ه��=1(�ξ��P#�2DO*Ƀ
[   92.693744][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   92.722808][ T6112] [U] �S��G������GU��D-{���|&�����ѐ2��L�C_��!`��OZ֥�B��%>�RѶ�WχݎSS�H"�YA4�O.�Y��ď�RTԶ�B�[+/<<R�B����|ФE���۠�V96#���ͤʦJ�U�%
S851���ҩS�P��\��?Q�|L��QX�0�K�1ORɴ2��|��D�F���ِ��2ޔ���0��H�}C[/����PX^��O
[   92.764401][ T6112] [U] �؛���(J�Л��M��XZ�;�����؝_����*3�3��5�\�XM��U��AK!AQ`��;FЕ�I+��VUH���M�J��Ʒ��Z�C��Z���)_ǟ�	ԑ�&�֡��A�XTO���_� ڼ�:���%��P���Cֲ�Y�+_�ܛ��}U�M��ƫC�!KJ�7пG��=B�
[   92.789644][ T6112] [U] ٽ�F�%�XA��L�2R*G��VW��$��J	�A��F����+ؾ9̈́VI�֗�Kپ�1}_��
��%�R6��(]��/��ؐřYܺ��Hä���R G��RN/ܫ�#!�D����%���D��-{�$�VU��T���$:MTR�E�C1V�D~��];[�����SQ����(��E,X�8�"�
��G�D�ڵ2@T8���҃����T8.RC+�@�ʦ�P�U�
P����C���'ńYL�-SS1E?�7�O���^]����C�½H]�JKR]RKQ܆��ݣ޴OTC��X���4�N�	��&����ڋ��@�:M7�~�+�W*���XM��>>��{Q���
_�՝LX8�U����{�Z��ؐ)��7?�RR;�C�R�Hײڣ����1�>)�Mă‰�T���(��Aϝ�}9�ڥ�J*Mќ�ġ�'L��Q	�DW��ظ=��|Q�	�Æ�W;5��Ž�!�DB�X`ɧ�/��E�`ƦM��X��"�\
[   92.842617][ T6112] [U] {;�ե�٘_�O2��)�O��.2�W2ʲ��Y���X_  HPϱ�S�D����:]�{�����Ƚ
[   92.916402][ T6112] [U] I,�>�Ӥ	��5�1��^1�N4�OǶ�'0�?֒I�9W.�_.�W�A���V��`)�Z���C6GIӹ�A��XL[����F�*��O�W)+��'\N�
[K@����2�Ǭ���P"^`���	ؿ
[   92.948233][ T6112] [U] 22��Ʃ�۩X?0;3U�
[   92.953392][ T6112] [U] ޜ�
ƍ�SOBX�8�W�4��(�~/���K�U��ԖOQ�E+�G�-Y�GY_
�>V�����3.H�ә]̈́�2��)�D�,	��	�D~�D���+�W;A\�F
P��Ș|$��)�
KؐI���ɿK�YT^R���Ǚ���A=�#�ܜ	�Ϳ�AE��T�1��ݯ4K�.E"R�S|П�S���:��>P��R�"Z�ڭ���#P!�KY"�}��F�N84ܳ��Hޱ�O��S��̫%DLW�MƲ�
[   92.984227][ T6112] [U] [�['XN�'�����,MR��/����1D=!D�X91B�
WǻR�LF���K̤Z��#�`̑L؛�˜��B~�M���
[   93.012407][ T6112] [U] �L�>�сD+�D�����"5�ʍ�H3<���IR=F^�F�N��������V���D�OIO�:U�>�Y�
[   93.024422][ T6112] [U] 'B�6V�20�ķǞ��׌�"T8�{9�FW��]���̩�
[   93.031177][ T6112] [U] �72މ���U�C6����τI]8C��TۨQSK�Y��I��¹ �|V'�TV/��G�$[� 9KH`�"ܑ��}��[^=��0�]��%�̂T�����F�_V�4C���
[   93.051892][ T6112] [U] �EC�
[   93.058958][ T6112] [U] ���|���<��:^�3$7NK~�-�@��?��/MTL��۾�I�WȬ@G~T�{��P�+�$�JP|���I�RIӍPM� ��Y� ڔ8�T���V�����,�L�,�
[   93.080000][ T6112] [U] �K�����)0���~ܳʪ�IP'�F�ҜZ��R���@B�]�5��{��ʼ�'�8�ƥF��UTQUD
ǩ�K;7ͪ0C[��Y���YC���ذM��L�8�T�͚�5���RX����W� X���OQHVI'8����L�
[   93.324746][ T6119] comedi comedi1: Minor 47 could not be opened
[   93.776328][ T5898] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   93.930900][ T6126] binder: 6125:6126 ioctl c0306201 0 returned -14
[   93.951179][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   93.964006][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.974340][ T5898] usb 1-1: New USB device found, idVendor=0543, idProduct=e621, bcdDevice= 0.00
[   93.990711][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.018624][ T5898] usb 1-1: config 0 descriptor??
[   94.148074][ T6130] hfs: can't find a HFS filesystem on dev rnullb0
[   94.446022][ T5898] viewsonic 0003:0543:E621.0002: item fetching failed at offset 3/5
[   94.455381][ T5898] viewsonic 0003:0543:E621.0002: probe with driver viewsonic failed with error -22
[   94.510757][ T6132] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   94.518007][ T6132] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   94.529250][ T6132] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   94.544877][ T6132] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   94.555142][ T6132] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   94.563779][ T6132] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   94.572840][ T6132] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   94.583499][ T6132] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   94.590967][ T6132] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   94.599301][ T6132] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   94.605332][ T6132] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   94.620987][ T6132] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   94.648733][ T6122] tipc: Started in network mode
[   94.653844][ T6122] tipc: Node identity ce5963721285, cluster identity 4711
[   94.674058][ T6122] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   94.703282][ T6140] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[   94.713422][ T6140] UDF-fs: Scanning with blocksize 4096 failed
[   94.722814][ T6122] tipc: Resetting bearer <eth:syzkaller0>
[   94.741623][ T5976] usb 1-1: USB disconnect, device number 3
[   94.753308][ T6121] tipc: Disabling bearer <eth:syzkaller0>
[   95.015726][ T5884] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   95.115843][  T981] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   95.165631][ T5884] usb 4-1: Using ep0 maxpacket: 16
[   95.172276][ T5884] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   95.182271][ T5884] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   95.193448][ T5884] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   95.204319][ T5884] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   95.213493][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.221541][ T5884] usb 4-1: Product: syz
[   95.226591][ T5884] usb 4-1: Manufacturer: syz
[   95.231197][ T5884] usb 4-1: SerialNumber: syz
[   95.276096][  T981] usb 2-1: Using ep0 maxpacket: 16
[   95.283728][  T981] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   95.298505][  T981] usb 2-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=f6.59
[   95.307806][  T981] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.316262][  T981] usb 2-1: Product: syz
[   95.320448][  T981] usb 2-1: Manufacturer: syz
[   95.325055][  T981] usb 2-1: SerialNumber: syz
[   95.333198][  T981] usb 2-1: config 0 descriptor??
[   95.358376][  T981] peak_usb 2-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[   95.366413][  T981] peak_usb 2-1:0.0: unable to read PCAN-USB serial number (err -22)
[   95.447874][  T981] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22
[   95.656062][ T5884] usb 4-1: 0:2 : does not exist
[   96.071667][ T5884] usb 4-1: 1:0: cannot get min/max values for control 2 (id 1)
[   96.091737][  T981] usb 2-1: USB disconnect, device number 4
[   96.116776][ T5884] usb 4-1: USB disconnect, device number 2
[   96.172752][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   96.467069][ T5852] Bluetooth: hci2: command 0x0c1a tx timeout
[   96.526080][ T6168] syz.0.75 uses obsolete (PF_INET,SOCK_PACKET)
[   96.618858][ T5852] Bluetooth: hci3: command 0x0c1a tx timeout
[   96.618888][ T5164] Bluetooth: hci1: command 0x0c1a tx timeout
[   96.625830][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout
[   96.842816][   T30] audit: type=1804 audit(1752725274.011:2): pid=6181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.81" name="/newroot/19/file1" dev="fuse" ino=1 res=1 errno=0
[   96.866086][   T30] audit: type=1800 audit(1752725274.031:3): pid=6181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.81" name="/" dev="fuse" ino=1 res=0 errno=0
[   97.046809][   T30] audit: type=1804 audit(1752725274.221:4): pid=6190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.83" name="/newroot/20/file1" dev="fuse" ino=1 res=1 errno=0
[   97.057818][ T6192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.070362][   T30] audit: type=1800 audit(1752725274.221:5): pid=6190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.83" name="/" dev="fuse" ino=1 res=0 errno=0
[   97.485852][ T5884] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   97.635732][ T5884] usb 4-1: Using ep0 maxpacket: 16
[   97.657777][ T5884] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   97.677270][ T5884] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   97.708800][ T5884] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[   97.742049][ T5884] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   97.772493][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.787241][ T5884] usb 4-1: Product: syz
[   97.791432][ T5884] usb 4-1: Manufacturer: syz
[   97.797370][ T5884] usb 4-1: SerialNumber: syz
[   97.935702][    T9] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   97.947418][ T6224] FAULT_INJECTION: forcing a failure.
[   97.947418][ T6224] name failslab, interval 1, probability 0, space 0, times 0
[   97.961860][ T6224] CPU: 1 UID: 0 PID: 6224 Comm: syz.0.96 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[   97.961883][ T6224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   97.961893][ T6224] Call Trace:
[   97.961900][ T6224]  <TASK>
[   97.961908][ T6224]  dump_stack_lvl+0x189/0x250
[   97.961947][ T6224]  ? __pfx____ratelimit+0x10/0x10
[   97.961964][ T6224]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.961986][ T6224]  ? __pfx__printk+0x10/0x10
[   97.962014][ T6224]  ? __pfx___might_resched+0x10/0x10
[   97.962034][ T6224]  ? fs_reclaim_acquire+0x7d/0x100
[   97.962057][ T6224]  should_fail_ex+0x414/0x560
[   97.962087][ T6224]  should_failslab+0xa8/0x100
[   97.962106][ T6224]  __kmalloc_noprof+0xcb/0x4f0
[   97.962127][ T6224]  ? kfree+0x4d/0x440
[   97.962145][ T6224]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[   97.962171][ T6224]  tomoyo_realpath_from_path+0xe3/0x5d0
[   97.962193][ T6224]  ? tomoyo_domain+0xd9/0x130
[   97.962219][ T6224]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   97.962237][ T6224]  tomoyo_path_number_perm+0x1e8/0x5a0
[   97.962258][ T6224]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   97.962294][ T6224]  ? __lock_acquire+0xab9/0xd20
[   97.962334][ T6224]  ? __fget_files+0x2a/0x420
[   97.962357][ T6224]  ? __fget_files+0x2a/0x420
[   97.962375][ T6224]  ? __fget_files+0x3a0/0x420
[   97.962393][ T6224]  ? __fget_files+0x2a/0x420
[   97.962417][ T6224]  security_file_ioctl+0xcb/0x2d0
[   97.962436][ T6224]  __se_sys_ioctl+0x47/0x170
[   97.962455][ T6224]  do_syscall_64+0xfa/0x3b0
[   97.962469][ T6224]  ? lockdep_hardirqs_on+0x9c/0x150
[   97.962483][ T6224]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.962498][ T6224]  ? clear_bhb_loop+0x60/0xb0
[   97.962519][ T6224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.962534][ T6224] RIP: 0033:0x7fd2fa38e929
[   97.962550][ T6224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.962563][ T6224] RSP: 002b:00007fd2fb238038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   97.962581][ T6224] RAX: ffffffffffffffda RBX: 00007fd2fa5b5fa0 RCX: 00007fd2fa38e929
[   97.962593][ T6224] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[   97.962603][ T6224] RBP: 00007fd2fb238090 R08: 0000000000000000 R09: 0000000000000000
[   97.962613][ T6224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.962622][ T6224] R13: 0000000000000000 R14: 00007fd2fa5b5fa0 R15: 00007ffea8d06678
[   97.962650][ T6224]  </TASK>
[   97.962679][ T6224] ERROR: Out of memory at tomoyo_realpath_from_path.
[   98.095632][    T9] usb 3-1: Using ep0 maxpacket: 8
[   98.233428][    T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[   98.249480][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   98.260647][    T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   98.279464][    T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   98.294509][    T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   98.305336][ T5884] usb 4-1: 0:2 : does not exist
[   98.305801][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.454091][ T6233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   98.464326][ T6233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.529458][    T9] usb 3-1: GET_CAPABILITIES returned 0
[   98.535002][    T9] usbtmc 3-1:16.0: can't read capabilities
[   98.546665][ T5852] Bluetooth: hci2: command 0x0c1a tx timeout
[   98.632284][ T6238] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   98.644918][ T6242] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   98.662728][ T6242] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   98.676423][ T6242] =======================================================
[   98.676423][ T6242] WARNING: The mand mount option has been deprecated and
[   98.676423][ T6242]          and is ignored by this kernel. Remove the mand
[   98.676423][ T6242]          option from the mount to silence this warning.
[   98.676423][ T6242] =======================================================
[   98.711734][ T5898] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   98.720983][ T5852] Bluetooth: hci1: command 0x0c1a tx timeout
[   98.728343][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout
[   98.732931][ T5164] Bluetooth: hci0: command 0x0c1a tx timeout
[   98.743865][ T5884] usb 4-1: 1:0: cannot get min/max values for control 2 (id 1)
[   98.779554][    T9] usb 3-1: USB disconnect, device number 5
[   98.809539][ T5884] usb 4-1: USB disconnect, device number 3
[   98.891430][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   99.295717][ T5884] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   99.455666][ T5884] usb 2-1: device descriptor read/64, error -71
[   99.535730][ T5178] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   99.685361][ T5178] usb 4-1: device descriptor read/64, error -71
[   99.715804][ T5884] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   99.774971][ T6270] tmpfs: Bad value for 'mpol'
[   99.845655][ T5884] usb 2-1: device descriptor read/64, error -71
[   99.908621][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   99.925947][ T5178] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   99.955957][ T5884] usb usb2-port1: attempt power cycle
[  100.055662][ T5178] usb 4-1: device descriptor read/64, error -71
[  100.085632][    T9] usb 3-1: Using ep0 maxpacket: 32
[  100.092623][    T9] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  100.101043][    T9] usb 3-1: config 0 has no interface number 0
[  100.112179][    T9] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  100.122864][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.134542][    T9] usb 3-1: Product: syz
[  100.140342][    T9] usb 3-1: Manufacturer: syz
[  100.145239][    T9] usb 3-1: SerialNumber: syz
[  100.159167][    T9] usb 3-1: config 0 descriptor??
[  100.166306][ T5178] usb usb4-port1: attempt power cycle
[  100.170069][    T9] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  100.295621][ T5884] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  100.316363][ T5884] usb 2-1: device descriptor read/8, error -71
[  100.381913][    T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  100.398484][    T9] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  100.516452][ T5178] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  100.536328][ T5178] usb 4-1: device descriptor read/8, error -71
[  100.555740][ T5884] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  100.580173][ T5884] usb 2-1: device descriptor read/8, error -71
[  100.605818][ T5891] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  100.616115][ T5164] Bluetooth: hci2: command 0x0c1a tx timeout
[  100.697823][ T5884] usb usb2-port1: unable to enumerate USB device
[  100.755633][ T5891] usb 1-1: Using ep0 maxpacket: 16
[  100.762397][ T5891] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  100.771221][ T5891] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  100.781505][ T5164] Bluetooth: hci1: command 0x0c1a tx timeout
[  100.781553][ T5164] Bluetooth: hci3: command 0x0c1a tx timeout
[  100.785865][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout
[  100.787798][ T5178] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  100.809643][ T5891] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  100.826058][ T5891] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  100.835308][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.845635][ T5178] usb 4-1: device descriptor read/8, error -71
[  100.855821][ T5891] usb 1-1: Product: syz
[  100.860017][ T5891] usb 1-1: Manufacturer: syz
[  100.864713][ T5891] usb 1-1: SerialNumber: syz
[  100.939642][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  100.947909][    T9] usb 3-1: USB disconnect, device number 6
[  100.961211][    T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  100.966000][ T5178] usb usb4-port1: unable to enumerate USB device
[  100.981998][    T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  100.994572][    T9] quatech2 3-1:0.51: device disconnected
[  101.282362][ T5891] usb 1-1: 0:2 : does not exist
[  101.697094][ T5891] usb 1-1: 1:0: cannot get min/max values for control 2 (id 1)
[  101.731080][ T5891] usb 1-1: USB disconnect, device number 5
[  101.829011][ T6289] netlink: 4 bytes leftover after parsing attributes in process `syz.2.119'.
[  102.158812][ T5178] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  102.304781][ T6300] FAULT_INJECTION: forcing a failure.
[  102.304781][ T6300] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  102.322541][ T6300] CPU: 0 UID: 0 PID: 6300 Comm: syz.0.124 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  102.322567][ T6300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  102.322577][ T6300] Call Trace:
[  102.322584][ T6300]  <TASK>
[  102.322592][ T6300]  dump_stack_lvl+0x189/0x250
[  102.322621][ T6300]  ? __pfx____ratelimit+0x10/0x10
[  102.322638][ T6300]  ? __pfx_dump_stack_lvl+0x10/0x10
[  102.322659][ T6300]  ? __pfx__printk+0x10/0x10
[  102.322689][ T6300]  ? __might_fault+0xb0/0x130
[  102.322723][ T6300]  should_fail_ex+0x414/0x560
[  102.322752][ T6300]  _copy_from_user+0x2d/0xb0
[  102.322774][ T6300]  __sys_bind+0x199/0x3e0
[  102.322794][ T6300]  ? __pfx___sys_bind+0x10/0x10
[  102.322823][ T6300]  ? __pfx_ksys_write+0x10/0x10
[  102.322839][ T6300]  ? rcu_is_watching+0x15/0xb0
[  102.322867][ T6300]  __x64_sys_bind+0x7a/0x90
[  102.322885][ T6300]  do_syscall_64+0xfa/0x3b0
[  102.322901][ T6300]  ? lockdep_hardirqs_on+0x9c/0x150
[  102.322918][ T6300]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.322934][ T6300]  ? clear_bhb_loop+0x60/0xb0
[  102.322954][ T6300]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.322970][ T6300] RIP: 0033:0x7fd2fa38e929
[  102.322986][ T6300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  102.322998][ T6300] RSP: 002b:00007fd2fb238038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  102.323016][ T6300] RAX: ffffffffffffffda RBX: 00007fd2fa5b5fa0 RCX: 00007fd2fa38e929
[  102.323029][ T6300] RDX: 0000000000000048 RSI: 0000200000000100 RDI: 0000000000000004
[  102.323039][ T6300] RBP: 00007fd2fb238090 R08: 0000000000000000 R09: 0000000000000000
[  102.323049][ T6300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.323059][ T6300] R13: 0000000000000000 R14: 00007fd2fa5b5fa0 R15: 00007ffea8d06678
[  102.323087][ T6300]  </TASK>
[  102.327152][ T5178] usb 3-1: Using ep0 maxpacket: 32
[  102.451364][ T6303] binder: 6302:6303 ioctl c0306201 0 returned -14
[  102.487385][ T5178] usb 3-1: config index 0 descriptor too short (expected 6683, got 27)
[  102.541800][ T5178] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  102.550398][ T5178] usb 3-1: config 0 has no interface number 0
[  102.556876][ T5178] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  102.572628][ T5178] usb 3-1: config 0 interface 85 has no altsetting 0
[  102.582422][ T5178] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  102.594089][ T5178] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.604190][ T5178] usb 3-1: Product: syz
[  102.612981][ T5178] usb 3-1: Manufacturer: syz
[  102.623848][ T5178] usb 3-1: SerialNumber: syz
[  102.639874][ T5178] usb 3-1: config 0 descriptor??
[  103.062896][ T5178] appletouch 3-1:0.85: Geyser mode initialized.
[  103.084744][ T5178] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input6
[  103.135688][ T5898] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  103.159664][ T6329] binder: 6328:6329 ioctl c0306201 0 returned -14
[  103.305972][ T5898] usb 4-1: Using ep0 maxpacket: 32
[  103.306198][ T5976] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  103.319450][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  103.333725][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.346518][ T5898] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  103.356722][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.368061][ T5898] usb 4-1: config 0 descriptor??
[  103.376101][ T5898] hub 4-1:0.0: USB hub found
[  103.465589][ T5976] usb 1-1: Using ep0 maxpacket: 32
[  103.476989][ T5976] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  103.488486][ T5976] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  103.500121][ T5976] usb 1-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  103.501917][ T6293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.514001][ T5976] usb 1-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  103.529981][ T5976] usb 1-1: Product: syz
[  103.534319][ T5976] usb 1-1: Manufacturer: syz
[  103.538998][ T5976] usb 1-1: SerialNumber: syz
[  103.544153][ T6293] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  103.580752][ T5898] hub 4-1:0.0: 1 port detected
[  103.758094][ T6327] binder: 6326:6327 ioctl c0306201 200000000640 returned -22
[  103.767983][ T5178] usb 1-1: USB disconnect, device number 6
[  103.855625][ T5976] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  103.984231][ T6321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.993402][ T6321] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.005644][ T5976] usb 2-1: Using ep0 maxpacket: 16
[  104.015862][ T5976] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  104.028800][ T5976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  104.040916][ T5976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  104.053500][ T5976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  104.063411][ T5976] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  104.077739][ T5976] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  104.086844][ T5976] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  104.094831][ T5976] usb 2-1: Manufacturer: syz
[  104.103524][ T5976] usb 2-1: config 0 descriptor??
[  104.405632][ T5976] rc_core: IR keymap rc-hauppauge not found
[  104.413588][ T5976] Registered IR keymap rc-empty
[  104.419170][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.445821][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.467397][ T5976] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  104.482156][ T5976] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input7
[  104.499439][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.525878][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.545670][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.567444][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.585667][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.621329][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.645666][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.667060][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.685833][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.705755][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  104.713432][ T5976] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  104.738899][ T5976] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  104.747070][ T5898] hub 4-1:0.0: activate --> -90
[  104.748069][ T5976] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  104.885646][    T9] usb 1-1: Using ep0 maxpacket: 8
[  104.892950][    T9] usb 1-1: config index 0 descriptor too short (expected 28277, got 36)
[  104.901658][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  104.911819][    T9] usb 1-1: config 0 has no interfaces?
[  104.917727][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  104.929291][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.940678][    T9] usb 1-1: config 0 descriptor??
[  105.040239][    T9] usb 4-1: USB disconnect, device number 8
[  105.166505][ T5178] usb 1-1: USB disconnect, device number 7
[  105.195268][ T5884] usb 3-1: USB disconnect, device number 7
[  105.195419][    C0] appletouch 3-1:0.85: atp_complete: usb_submit_urb failed with result -19
[  105.257892][ T5884] appletouch 3-1:0.85: input: appletouch disconnected
[  106.115627][ T5884] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  106.268427][ T5884] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  106.277561][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.294316][ T5884] usb 1-1: config 0 descriptor??
[  106.302960][ T5884] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  106.396743][ T5898] usb 2-1: USB disconnect, device number 9
[  106.433235][ T6359] binder: 6358:6359 ioctl c0306201 0 returned -14
[  106.508687][ T5884] gp8psk: usb in 128 operation failed.
[  107.058448][ T5884] gp8psk: usb in 137 operation failed.
[  107.086713][ T5884] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  107.134643][ T5884] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  107.183762][ T5884] usb 1-1: USB disconnect, device number 8
[  107.709283][ T6388] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  107.758812][ T5976] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  107.789716][ T6394] hfs: can't find a HFS filesystem on dev rnullb0
[  107.837031][ T6396] 9pnet: p9_errstr2errno: server reported unknown error ��p��A���
��;
KZ�44�/@�q��k�p
[  107.837031][ T6396] �C<
[  107.898231][ T6399] comedi comedi3: comedi_config --init_data is deprecated
[  107.925598][ T5976] usb 1-1: Using ep0 maxpacket: 16
[  107.947137][ T5976] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  107.969831][ T5976] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  107.999673][ T5976] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  108.011445][ T5976] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  108.028325][ T5976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.038994][ T5976] usb 1-1: Product: syz
[  108.043311][ T5976] usb 1-1: Manufacturer: syz
[  108.043330][ T5976] usb 1-1: SerialNumber: syz
[  108.152718][ T6405] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  108.163031][ T6405] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  108.182908][ T6409] netlink: 8 bytes leftover after parsing attributes in process `syz.1.161'.
[  108.222754][   T30] audit: type=1326 audit(1752725285.381:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.244757][    C1] vkms_vblank_simulate: vblank timer overrun
[  108.263491][   T30] audit: type=1326 audit(1752725285.381:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.290984][   T30] audit: type=1326 audit(1752725285.381:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.316584][   T30] audit: type=1326 audit(1752725285.381:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.367548][   T30] audit: type=1326 audit(1752725285.381:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.390498][   T30] audit: type=1326 audit(1752725285.381:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.412437][    C1] vkms_vblank_simulate: vblank timer overrun
[  108.439346][ T6403] binder: 6402:6403 ioctl c0306201 200000000780 returned -14
[  108.445891][   T30] audit: type=1326 audit(1752725285.461:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.485039][ T5976] usb 1-1: 0:2 : does not exist
[  108.539473][   T30] audit: type=1326 audit(1752725285.461:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.561562][    C1] vkms_vblank_simulate: vblank timer overrun
[  108.575006][   T30] audit: type=1326 audit(1752725285.461:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.598905][   T30] audit: type=1326 audit(1752725285.521:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.1.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa57c78e929 code=0x7ffc0000
[  108.894971][ T5976] usb 1-1: 1:0: cannot get min/max values for control 2 (id 1)
[  108.931604][ T5976] usb 1-1: USB disconnect, device number 9
[  109.004445][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  109.743977][ T6444] loop6: detected capacity change from 0 to 7
[  109.798957][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  109.808420][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.831690][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  109.840920][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.856552][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  109.866202][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.885725][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  109.894892][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.904103][ T6445] openvswitch: netlink: Flow actions attr not present in new flow.
[  109.908082][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  109.921200][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.945995][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  109.955193][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.963298][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  109.972590][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  109.980603][ T5853] ldm_validate_partition_table(): Disk read failed.
[  110.007870][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  110.017083][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  110.027103][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  110.036300][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  110.053782][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  110.063029][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  110.081935][ T5853] Dev loop6: unable to read RDB block 0
[  110.088403][ T5853]  loop6: unable to read partition table
[  110.115337][ T5853] loop6: partition table beyond EOD, truncated
[  110.147953][ T6444] ldm_validate_partition_table(): Disk read failed.
[  110.176415][ T6444] Dev loop6: unable to read RDB block 0
[  110.183744][ T6444]  loop6: unable to read partition table
[  110.194087][ T6444] loop6: partition table beyond EOD, truncated
[  110.218086][ T6444] loop_reread_partitions: partition scan of loop6 (�被x������() failed (rc=-5)
[  110.302587][ T6459] netlink: 10 bytes leftover after parsing attributes in process `syz.0.177'.
[  110.419770][ T6463] netlink: 16 bytes leftover after parsing attributes in process `syz.1.178'.
[  110.565968][    T9] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  110.665929][ T5976] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  110.738515][    T9] usb 3-1: config 1 interface 0 altsetting 6 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  110.754578][    T9] usb 3-1: config 1 interface 0 has no altsetting 0
[  110.772283][    T9] usb 3-1: New USB device found, idVendor=056a, idProduct=0097, bcdDevice= 0.40
[  110.781686][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.793119][    T9] usb 3-1: Product: ␉
[  110.798340][    T9] usb 3-1: Manufacturer: 乁u᭽䛧Ḧӝ珱ꏞ鸠缯봢䶝갵㌌ᎅ秺飪勻광ⳳѕ䯠␚�퉂傍됽趪ᬪ澞빽Ꮇ區伢与ະ廖䭂킠㍬ᦢ걓ഋ䏔ᚓ煸萕䞴䖜ㄬ䉘첆䤄ꬆฦ㒞捰壝ꖻ极
[  110.824149][    T9] usb 3-1: SerialNumber: 센紑犁訠ف䟯虽︽棱期롩픗ᢒ斌䦏঄㙈퇻䕸뱍垑엃ࣣ諙匼巬紬氢픪᪸⊢ꁕ☂岘ⵗ绪㷮혛娠‹ؔ陥綌㈸ㄵ踖ࢇ眫슥챕虍楰慏篯囸疱躬ᜃ껮㦑೐쉆梡鉊蠄≙坒톑씬푧㡹餒㿉짽ﺈ䋣➍᳕꾵稽䑡굔홸쟤⧔
[  110.857679][ T6457] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  110.868014][ T5976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.879437][ T5976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  110.889836][ T5976] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  110.904441][ T5976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.916822][ T5976] usb 2-1: config 0 descriptor??
[  110.931544][ T6477] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  110.944992][ T6477] VFS: Can't find a romfs filesystem on dev rnullb0.
[  110.944992][ T6477] 
[  110.962181][ T6479] MTD: Attempt to mount non-MTD device "/dev/rnullb0"
[  110.970344][ T6479] VFS: Can't find a romfs filesystem on dev rnullb0.
[  110.970344][ T6479] 
[  111.304162][    T9] usbhid 3-1:1.0: can't add hid device: -71
[  111.329467][    T9] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  111.355945][    T9] usb 3-1: USB disconnect, device number 8
[  111.549484][ T5976] usbhid 2-1:0.0: can't add hid device: -71
[  111.557674][ T5976] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  111.579019][ T5976] usb 2-1: USB disconnect, device number 10
[  111.721260][ T6489] fuse: Bad value for 'user_id'
[  111.726501][ T6489] fuse: Bad value for 'user_id'
[  111.888952][ T6503] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found
[  111.898613][ T6503] UDF-fs: Scanning with blocksize 4096 failed
[  111.968160][ T6507] fuse: Unknown parameter 's���1~"VCXxq0x0000000000000004'
[  112.084159][ T5898] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[  112.225637][ T5976] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  112.254664][ T5898] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  112.276917][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  112.297651][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 189, setting to 64
[  112.323389][ T5898] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  112.336944][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.345004][ T5898] usb 1-1: Product: syz
[  112.361681][ T5898] usb 1-1: Manufacturer: syz
[  112.366415][ T5898] usb 1-1: SerialNumber: syz
[  112.379895][ T5898] usb 1-1: config 0 descriptor??
[  112.398069][ T6498] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  112.420844][ T5976] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  112.440552][ T5976] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  112.462882][ T5976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.483918][ T5976] usb 3-1: config 0 descriptor??
[  112.493659][ T5976] pwc: Askey VC010 type 2 USB webcam detected.
[  112.510911][ T5898] rc_core: IR keymap rc-streamzap not found
[  112.525552][ T5898] Registered IR keymap rc-empty
[  112.538201][ T5898] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  112.570962][ T5898] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8
[  112.646656][ T5898] usb 1-1: USB disconnect, device number 10
[  112.694421][ T5976] pwc: send_video_command error -71
[  112.713354][ T5976] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  112.734970][ T5976] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  112.771249][ T5976] usb 3-1: USB disconnect, device number 9
[  112.853144][ T6538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.203'.
[  113.124187][ T6546] netlink: 12 bytes leftover after parsing attributes in process `syz.1.204'.
[  113.235714][ T5976] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  113.345714][ T5178] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  113.398690][ T5976] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  113.409135][ T5976] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  113.419581][ T5976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  113.430399][ T5976] usb 3-1: config 0 descriptor??
[  113.444328][ T5976] pwc: Askey VC010 type 2 USB webcam detected.
[  113.475797][ T5898] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  113.505762][ T5178] usb 4-1: Using ep0 maxpacket: 8
[  113.514705][ T5178] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  113.528062][ T5178] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.536287][ T5178] usb 4-1: Product: syz
[  113.540484][ T5178] usb 4-1: Manufacturer: syz
[  113.545119][ T5178] usb 4-1: SerialNumber: syz
[  113.555113][ T5178] usb 4-1: config 0 descriptor??
[  113.605626][ T5898] usb 1-1: device descriptor read/64, error -71
[  113.766109][ T5178] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  113.839027][ T5976] pwc: recv_control_msg error -32 req 02 val 2b00
[  113.845653][ T5898] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  113.854580][ T5976] pwc: recv_control_msg error -32 req 02 val 2700
[  113.862651][ T5976] pwc: recv_control_msg error -32 req 02 val 2c00
[  113.870480][ T5976] pwc: recv_control_msg error -32 req 04 val 1000
[  113.878841][ T5976] pwc: recv_control_msg error -32 req 04 val 1300
[  113.886967][ T5976] pwc: recv_control_msg error -32 req 04 val 1400
[  113.894566][ T5976] pwc: recv_control_msg error -32 req 02 val 2000
[  113.903915][ T5976] pwc: recv_control_msg error -32 req 02 val 2100
[  113.911193][ T5976] pwc: recv_control_msg error -32 req 04 val 1500
[  113.920281][ T5976] pwc: recv_control_msg error -32 req 02 val 2500
[  113.927451][ T5976] pwc: recv_control_msg error -32 req 02 val 2400
[  113.936546][ T5976] pwc: recv_control_msg error -32 req 02 val 2600
[  113.943740][ T5976] pwc: recv_control_msg error -32 req 02 val 2900
[  113.951274][ T5976] pwc: recv_control_msg error -32 req 02 val 2800
[  113.959279][ T5976] pwc: recv_control_msg error -32 req 04 val 1100
[  113.973458][ T5976] pwc: Registered as video103.
[  113.976197][ T5898] usb 1-1: device descriptor read/64, error -71
[  113.982190][ T5976] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input9
[  114.106320][ T5898] usb usb1-port1: attempt power cycle
[  114.186613][    T9] usb 3-1: USB disconnect, device number 10
[  114.447561][ T5898] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  114.476070][ T5898] usb 1-1: device descriptor read/8, error -71
[  114.715673][ T5898] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  114.737126][ T5898] usb 1-1: device descriptor read/8, error -71
[  114.847937][ T5898] usb usb1-port1: unable to enumerate USB device
[  115.182667][ T5178] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  115.194493][ T5178] usb 4-1: USB disconnect, device number 10
[  116.035651][ T5178] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  116.185684][ T5178] usb 4-1: Using ep0 maxpacket: 16
[  116.192384][ T5178] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  116.204215][ T5178] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  116.221960][ T5178] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  116.231194][ T5178] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.239289][ T5178] usb 4-1: Product: syz
[  116.243489][ T5178] usb 4-1: Manufacturer: syz
[  116.248310][ T5178] usb 4-1: SerialNumber: syz
[  116.261092][ T5178] usb 4-1: config 0 descriptor??
[  116.272313][ T5178] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  116.301828][ T5178] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  116.322167][ T6566] FAULT_INJECTION: forcing a failure.
[  116.322167][ T6566] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  116.335316][ T6566] CPU: 1 UID: 0 PID: 6566 Comm: syz.0.212 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  116.335331][ T6566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  116.335337][ T6566] Call Trace:
[  116.335343][ T6566]  <TASK>
[  116.335348][ T6566]  dump_stack_lvl+0x189/0x250
[  116.335368][ T6566]  ? __pfx____ratelimit+0x10/0x10
[  116.335378][ T6566]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.335392][ T6566]  ? __pfx__printk+0x10/0x10
[  116.335412][ T6566]  should_fail_ex+0x414/0x560
[  116.335434][ T6566]  _copy_to_user+0x31/0xb0
[  116.335449][ T6566]  drm_ioctl+0x6a4/0xb10
[  116.335461][ T6566]  ? __pfx_drm_mode_getfb+0x10/0x10
[  116.335476][ T6566]  ? __pfx_drm_ioctl+0x10/0x10
[  116.335496][ T6566]  ? __fget_files+0x2a/0x420
[  116.335517][ T6566]  ? bpf_lsm_file_ioctl+0x9/0x20
[  116.335537][ T6566]  ? __pfx_drm_ioctl+0x10/0x10
[  116.335551][ T6566]  __se_sys_ioctl+0xfc/0x170
[  116.335569][ T6566]  do_syscall_64+0xfa/0x3b0
[  116.335584][ T6566]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.335599][ T6566]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.335615][ T6566]  ? clear_bhb_loop+0x60/0xb0
[  116.335634][ T6566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.335647][ T6566] RIP: 0033:0x7fd2fa38e929
[  116.335662][ T6566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.335673][ T6566] RSP: 002b:00007fd2fb238038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  116.335690][ T6566] RAX: ffffffffffffffda RBX: 00007fd2fa5b5fa0 RCX: 00007fd2fa38e929
[  116.335700][ T6566] RDX: 00002000000002c0 RSI: 00000000c01c64ad RDI: 0000000000000008
[  116.335711][ T6566] RBP: 00007fd2fb238090 R08: 0000000000000000 R09: 0000000000000000
[  116.335719][ T6566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  116.335728][ T6566] R13: 0000000000000000 R14: 00007fd2fa5b5fa0 R15: 00007ffea8d06678
[  116.335754][ T6566]  </TASK>
[  116.526603][    C1] vkms_vblank_simulate: vblank timer overrun
[  116.686667][ T6573] netlink: 12 bytes leftover after parsing attributes in process `syz.1.214'.
[  116.793831][ T6577] netlink: 'syz.1.215': attribute type 2 has an invalid length.
[  116.804167][ T6577] netlink: 17267 bytes leftover after parsing attributes in process `syz.1.215'.
[  116.906456][ T5164] Bluetooth: hci3: Malformed HCI Event
[  116.951685][ T5178] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  116.958648][ T5178] em28xx 4-1:0.0: Config register raw data: 0x41
[  117.015998][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  117.018276][ T5164] Bluetooth: hci4: command 0x1003 tx timeout
[  117.199573][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.223659][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.243029][ T5898] usb 4-1: USB disconnect, device number 11
[  117.255813][    T9] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  117.259084][ T5898] em28xx 4-1:0.0: Disconnecting em28xx
[  117.317815][ T5898] em28xx 4-1:0.0: Freeing device
[  117.406042][    T9] usb 2-1: device descriptor read/64, error -71
[  117.500753][ T6595] netlink: 12 bytes leftover after parsing attributes in process `syz.2.223'.
[  117.656457][    T9] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  117.785715][    T9] usb 2-1: device descriptor read/64, error -71
[  117.851988][   T59] Bluetooth: hci4: Frame reassembly failed (-84)
[  117.928462][    T9] usb usb2-port1: attempt power cycle
[  118.075608][ T5938] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  118.199641][ T6608] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  118.215270][ T6608] Error validating options; rc = [-22]
[  118.228142][ T5938] usb 4-1: Using ep0 maxpacket: 32
[  118.239407][ T5938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.251399][ T5938] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  118.263561][ T5938] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  118.272845][    T9] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  118.283667][ T5938] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.295174][ T5938] usb 4-1: config 0 descriptor??
[  118.308123][    T9] usb 2-1: device descriptor read/8, error -71
[  118.320686][ T5938] hub 4-1:0.0: USB hub found
[  118.517767][ T5938] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  118.567570][    T9] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  118.586415][    T9] usb 2-1: device descriptor read/8, error -71
[  118.707674][    T9] usb usb2-port1: unable to enumerate USB device
[  119.027017][ T6610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.035986][ T6610] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.049770][ T5938] hid-generic 0003:046D:C31C.0003: item fetching failed at offset 0/1
[  119.061185][ T5938] hid-generic 0003:046D:C31C.0003: probe with driver hid-generic failed with error -22
[  119.248743][ T6609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.258798][ T6609] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.895799][ T5164] Bluetooth: hci4: command 0x1003 tx timeout
[  119.902956][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  120.403975][ T6626] netlink: 60 bytes leftover after parsing attributes in process `syz.0.234'.
[  120.500346][ T6635] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  120.985697][ T5898] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  121.021459][ T6658] netlink: 12 bytes leftover after parsing attributes in process `syz.3.247'.
[  121.066472][    T9] usb 4-1: USB disconnect, device number 12
[  121.179603][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.206578][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.217129][ T6665] netlink: 40 bytes leftover after parsing attributes in process `syz.2.250'.
[  121.237446][ T5898] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  121.265944][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.289085][ T5898] usb 2-1: config 0 descriptor??
[  121.343943][ T6667] syz.3.251: attempt to access beyond end of device
[  121.343943][ T6667] loop3: rw=0, sector=2, nr_sectors = 2 limit=0
[  121.370760][ T6670] fuse: Unknown parameter 'fmĒ����c��Xd'
[  121.382718][ T6667] vxfs: unable to read disk superblock at 1
[  121.385877][ T6670] zonefs (rnullb0) ERROR: Not a zoned block device
[  121.391339][ T6667] syz.3.251: attempt to access beyond end of device
[  121.391339][ T6667] loop3: rw=0, sector=16, nr_sectors = 2 limit=0
[  121.411934][ T6667] vxfs: unable to read disk superblock at 8
[  121.423534][ T6667] vxfs: can't find superblock.
[  121.628880][ T6679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.256'.
[  121.638337][ T6679] netlink: 8 bytes leftover after parsing attributes in process `syz.0.256'.
[  121.650281][ T6679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.256'.
[  121.714099][ T5898] isku 0003:1E7D:319C.0004: unknown main item tag 0x0
[  121.723236][ T6681] comedi comedi3: comedi_test: 20263 microvolt, 5 microsecond waveform attached
[  121.733660][ T5898] isku 0003:1E7D:319C.0004: unknown main item tag 0x0
[  121.752268][ T5898] isku 0003:1E7D:319C.0004: unknown main item tag 0x0
[  121.764111][ T5898] isku 0003:1E7D:319C.0004: unknown main item tag 0x0
[  121.787048][ T5898] isku 0003:1E7D:319C.0004: item fetching failed at offset 4/7
[  121.799209][ T5898] isku 0003:1E7D:319C.0004: parse failed
[  121.805954][ T5884] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  121.819737][ T5898] isku 0003:1E7D:319C.0004: probe with driver isku failed with error -22
[  121.850759][ T6686] FAULT_INJECTION: forcing a failure.
[  121.850759][ T6686] name failslab, interval 1, probability 0, space 0, times 0
[  121.864144][ T6686] CPU: 1 UID: 0 PID: 6686 Comm: syz.0.259 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  121.864168][ T6686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  121.864178][ T6686] Call Trace:
[  121.864184][ T6686]  <TASK>
[  121.864191][ T6686]  dump_stack_lvl+0x189/0x250
[  121.864217][ T6686]  ? __pfx____ratelimit+0x10/0x10
[  121.864233][ T6686]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.864247][ T6686]  ? __pfx__printk+0x10/0x10
[  121.864259][ T6686]  ? rcu_is_watching+0x15/0xb0
[  121.864280][ T6686]  should_fail_ex+0x414/0x560
[  121.864299][ T6686]  should_failslab+0xa8/0x100
[  121.864310][ T6686]  kmem_cache_alloc_noprof+0x73/0x3c0
[  121.864324][ T6686]  ? skb_clone+0x212/0x3a0
[  121.864339][ T6686]  skb_clone+0x212/0x3a0
[  121.864354][ T6686]  __netlink_deliver_tap+0x404/0x850
[  121.864373][ T6686]  ? netlink_deliver_tap+0x2e/0x1b0
[  121.864384][ T6686]  netlink_deliver_tap+0x19c/0x1b0
[  121.864395][ T6686]  netlink_dump+0x91c/0xe60
[  121.864415][ T6686]  ? __pfx_netlink_dump+0x10/0x10
[  121.864435][ T6686]  ? kmem_cache_free+0x18f/0x400
[  121.864452][ T6686]  netlink_recvmsg+0x676/0xa30
[  121.864468][ T6686]  ? __pfx_netlink_recvmsg+0x10/0x10
[  121.864481][ T6686]  ? __lock_acquire+0xab9/0xd20
[  121.864491][ T6686]  ? aa_sock_msg_perm+0xf1/0x1d0
[  121.864505][ T6686]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  121.864517][ T6686]  ? __pfx_netlink_recvmsg+0x10/0x10
[  121.864528][ T6686]  sock_recvmsg_nosec+0x183/0x1c0
[  121.864546][ T6686]  ____sys_recvmsg+0x3aa/0x460
[  121.864563][ T6686]  ? __pfx_____sys_recvmsg+0x10/0x10
[  121.864583][ T6686]  ? import_iovec+0x74/0xa0
[  121.864598][ T6686]  ___sys_recvmsg+0x1b5/0x510
[  121.864614][ T6686]  ? __pfx____sys_recvmsg+0x10/0x10
[  121.864643][ T6686]  ? __might_fault+0xb0/0x130
[  121.864666][ T6686]  do_recvmmsg+0x307/0x770
[  121.864684][ T6686]  ? __pfx_do_recvmmsg+0x10/0x10
[  121.864702][ T6686]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  121.864722][ T6686]  __x64_sys_recvmmsg+0x190/0x240
[  121.864736][ T6686]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  121.864747][ T6686]  ? rcu_is_watching+0x15/0xb0
[  121.864762][ T6686]  ? do_syscall_64+0xbe/0x3b0
[  121.864774][ T6686]  do_syscall_64+0xfa/0x3b0
[  121.864785][ T6686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.864793][ T6686]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  121.864807][ T6686]  ? clear_bhb_loop+0x60/0xb0
[  121.864818][ T6686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.864827][ T6686] RIP: 0033:0x7fd2fa38e929
[  121.864837][ T6686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  121.864844][ T6686] RSP: 002b:00007fd2fb238038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  121.864855][ T6686] RAX: ffffffffffffffda RBX: 00007fd2fa5b5fa0 RCX: 00007fd2fa38e929
[  121.864861][ T6686] RDX: 0000000000000008 RSI: 0000200000002c00 RDI: 0000000000000003
[  121.864867][ T6686] RBP: 00007fd2fb238090 R08: 0000000000000000 R09: 0000000000000000
[  121.864873][ T6686] R10: 0000000040010020 R11: 0000000000000246 R12: 0000000000000002
[  121.864878][ T6686] R13: 0000000000000000 R14: 00007fd2fa5b5fa0 R15: 00007ffea8d06678
[  121.864893][ T6686]  </TASK>
[  122.182638][ T6687] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  122.198757][ T5898] usb 2-1: USB disconnect, device number 15
[  122.248368][ T5884] usb 3-1: Using ep0 maxpacket: 8
[  122.256523][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.267628][ T5884] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  122.280547][ T5884] usb 3-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00
[  122.289858][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.301172][ T5884] usb 3-1: config 0 descriptor??
[  122.717138][ T5884] logitech 0003:046D:C293.0005: nested delimiters
[  122.729335][ T5884] logitech 0003:046D:C293.0005: item 0 4 2 10 parsing failed
[  122.750242][ T5884] logitech 0003:046D:C293.0005: parse failed
[  122.757373][ T5884] logitech 0003:046D:C293.0005: probe with driver logitech failed with error -22
[  122.784675][ T6703] netlink: 128 bytes leftover after parsing attributes in process `syz.1.267'.
[  122.794007][ T6703] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  122.835766][    T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  122.878841][ T5938] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  122.925007][  T981] usb 3-1: USB disconnect, device number 11
[  122.995626][    T9] usb 4-1: Using ep0 maxpacket: 32
[  123.004445][    T9] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  123.013528][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.022413][    T9] usb 4-1: Product: syz
[  123.027056][    T9] usb 4-1: Manufacturer: syz
[  123.031862][    T9] usb 4-1: SerialNumber: syz
[  123.039114][    T9] usb 4-1: config 0 descriptor??
[  123.046494][ T5938] usb 1-1: Using ep0 maxpacket: 32
[  123.054975][    T9] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  123.063237][ T5938] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  123.072598][ T5938] usb 1-1: config 0 has no interface number 0
[  123.078785][ T5938] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  123.090564][ T5938] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  123.100329][ T5938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.108463][ T5938] usb 1-1: Product: syz
[  123.112667][ T5938] usb 1-1: Manufacturer: syz
[  123.117607][ T5938] usb 1-1: SerialNumber: syz
[  123.124621][ T5938] usb 1-1: config 0 descriptor??
[  123.135817][ T5938] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  123.145799][ T5884] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  123.145814][ T5938] em28xx 1-1:0.132: Video interface 132 found:
[  123.309765][ T5884] usb 2-1: unable to get BOS descriptor or descriptor too short
[  123.317990][ T5884] usb 2-1: not running at top speed; connect to a high speed hub
[  123.329028][ T5884] usb 2-1: config 9 has an invalid interface number: 98 but max is 0
[  123.337351][ T5884] usb 2-1: config 9 has no interface number 0
[  123.343711][ T5884] usb 2-1: config 9 interface 98 has no altsetting 0
[  123.356933][ T5884] usb 2-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=72.b1
[  123.366271][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.374360][ T5884] usb 2-1: Product: syz
[  123.378580][ T5884] usb 2-1: Manufacturer: syz
[  123.383177][ T5884] usb 2-1: SerialNumber: syz
[  123.535296][ T5938] em28xx 1-1:0.132: unknown em28xx chip ID (39)
[  123.602393][ T5884] cypress_cy7c63 2-1:9.98: Cypress CY7C63xxx device now attached
[  123.614469][ T5884] usb 2-1: USB disconnect, device number 16
[  123.622576][ T5884] cypress_cy7c63 2-1:9.98: Cypress CY7C63xxx device now disconnected
[  123.797735][ T5898] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  123.955765][ T5898] usb 3-1: Using ep0 maxpacket: 16
[  123.962875][ T5898] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  123.972047][ T5898] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.982654][ T5898] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  123.993754][ T5898] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  124.002857][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.010923][ T5898] usb 3-1: Product: syz
[  124.015119][ T5898] usb 3-1: Manufacturer: syz
[  124.019786][ T5898] usb 3-1: SerialNumber: syz
[  124.443920][ T5898] usb 3-1: 0:2 : does not exist
[  124.619840][ T6720] Can't find a SQUASHFS superblock on rnullb0
[  124.697042][ T5938] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  124.707792][ T5938] em28xx 1-1:0.132: board has no eeprom
[  124.765716][ T5938] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  124.773709][ T5938] em28xx 1-1:0.132: analog set to bulk mode.
[  124.783418][  T981] em28xx 1-1:0.132: Registering V4L2 extension
[  124.870595][ T5898] usb 3-1: 1:0: cannot get min/max values for control 2 (id 1)
[  124.908896][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  124.941374][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  124.953501][ T5898] usb 3-1: USB disconnect, device number 12
[  124.963483][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  124.981590][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  125.065111][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  125.088161][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[  125.112492][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[  125.133126][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[  125.201079][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[  125.223952][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[  125.239269][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[  125.256939][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5)
[  125.283735][  T981] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5)
[  125.285261][ T6740] binder_alloc: 6739: binder_alloc_buf, no vma
[  125.302234][  T981] em28xx 1-1:0.132: Config register raw data: 0xfffffffb
[  125.314980][  T981] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  125.323386][  T981] em28xx 1-1:0.132: No AC97 audio processor
[  125.358608][  T981] usb 1-1: Decoder not found
[  125.363298][  T981] em28xx 1-1:0.132: failed to create media graph
[  125.396156][  T981] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  125.436018][  T981] em28xx 1-1:0.132: Remote control support is not available for this card.
[  125.657103][  T981] usb 1-1: USB disconnect, device number 15
[  125.669527][  T981] em28xx 1-1:0.132: Disconnecting em28xx
[  125.685874][  T981] em28xx 1-1:0.132: Closing input extension
[  125.742315][  T981] em28xx 1-1:0.132: Freeing device
[  125.985823][ T5898] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  126.159411][ T5898] usb 2-1: Using ep0 maxpacket: 32
[  126.176212][ T5898] usb 2-1: config 243 has an invalid descriptor of length 166, skipping remainder of the config
[  126.196277][ T5898] usb 2-1: config 243 has 0 interfaces, different from the descriptor's value: 1
[  126.210804][ T5898] usb 2-1: New USB device found, idVendor=046d, idProduct=c39c, bcdDevice= 0.40
[  126.227856][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.714627][ T6699] /dev/rnullb0: Can't open blockdev
[  126.722022][    T9] gspca_stk1135: reg_w 0x19 err -71
[  126.736428][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  126.742801][    T9] gspca_stk1135: Sensor write failed
[  126.752085][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  126.771382][    T9] gspca_stk1135: Sensor write failed
[  126.777283][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  126.783730][    T9] gspca_stk1135: Sensor read failed
[  126.792112][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  126.799032][    T9] gspca_stk1135: Sensor read failed
[  126.804251][    T9] gspca_stk1135: Detected sensor type unknown (0x0)
[  126.814188][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  126.820754][    T9] gspca_stk1135: Sensor read failed
[  126.830438][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  126.843132][    T9] gspca_stk1135: Sensor read failed
[  126.848802][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  126.859307][    T9] gspca_stk1135: Sensor write failed
[  126.864630][    T9] gspca_stk1135: serial bus timeout: status=0x00
[  126.871287][    T9] gspca_stk1135: Sensor write failed
[  126.881845][    T9] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  126.892411][    T9] usb 4-1: USB disconnect, device number 13
[  126.929468][ T5884] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  126.994792][ T5898] usb 2-1: string descriptor 0 read error: -71
[  127.005448][ T5898] usb 2-1: USB disconnect, device number 17
[  127.095947][ T5884] usb 3-1: Using ep0 maxpacket: 16
[  127.105163][ T5884] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  127.113975][ T5884] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  127.124141][ T5884] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  127.135171][ T5884] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  127.144837][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.153121][ T5884] usb 3-1: Product: syz
[  127.157317][ T5884] usb 3-1: Manufacturer: syz
[  127.161924][ T5884] usb 3-1: SerialNumber: syz
[  127.175954][  T981] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  127.328321][  T981] usb 1-1: unable to get BOS descriptor or descriptor too short
[  127.337549][  T981] usb 1-1: not running at top speed; connect to a high speed hub
[  127.353485][  T981] usb 1-1: config 9 has an invalid interface number: 98 but max is 0
[  127.365449][  T981] usb 1-1: config 9 has no interface number 0
[  127.370805][ T6778] block device autoloading is deprecated and will be removed.
[  127.372154][  T981] usb 1-1: config 9 interface 98 has no altsetting 0
[  127.400874][  T981] usb 1-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=72.b1
[  127.412861][  T981] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.421015][  T981] usb 1-1: Product: syz
[  127.427327][  T981] usb 1-1: Manufacturer: syz
[  127.432382][  T981] usb 1-1: SerialNumber: syz
[  127.591959][ T5884] usb 3-1: 0:2 : does not exist
[  127.650994][ T6775] netlink: 56 bytes leftover after parsing attributes in process `syz.0.293'.
[  127.666614][  T981] cypress_cy7c63 1-1:9.98: Cypress CY7C63xxx device now attached
[  127.676289][  T981] usb 1-1: USB disconnect, device number 16
[  127.677026][  T981] cypress_cy7c63 1-1:9.98: Cypress CY7C63xxx device now disconnected
[  128.005636][ T5905] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  128.135689][ T5905] usb 2-1: device descriptor read/64, error -71
[  128.207846][ T5884] usb 3-1: 1:0: failed to get current value for ch 0 (-22)
[  128.232759][ T5884] usb 3-1: USB disconnect, device number 13
[  128.253683][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  128.385615][ T5905] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  128.515764][ T5905] usb 2-1: device descriptor read/64, error -71
[  128.629757][ T5905] usb usb2-port1: attempt power cycle
[  128.828957][ T6807] input: syz0 as /devices/virtual/input/input10
[  128.975626][ T5905] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  128.995817][ T5884] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  129.010991][ T5905] usb 2-1: device descriptor read/8, error -71
[  129.136739][ T5884] usb 4-1: device descriptor read/64, error -71
[  129.205730][ T5898] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  129.256498][ T5905] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  129.276970][ T5905] usb 2-1: device descriptor read/8, error -71
[  129.357314][ T5898] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[  129.366072][ T5898] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.375942][ T5884] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  129.385671][ T5898] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  129.387772][ T5905] usb usb2-port1: unable to enumerate USB device
[  129.395459][ T5898] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  129.395532][ T5898] usb 3-1: Manufacturer: syz
[  129.398160][ T5898] usb 3-1: config 0 descriptor??
[  129.405838][    T9] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  129.475680][ T5898] rc_core: IR keymap rc-hauppauge not found
[  129.481650][ T5898] Registered IR keymap rc-empty
[  129.491255][ T5898] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  129.505318][ T5898] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input11
[  129.516303][ T5884] usb 4-1: device descriptor read/64, error -71
[  129.579709][    T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  129.590073][    T9] usb 1-1: config 0 has no interface number 0
[  129.596959][    T9] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  129.611606][    T9] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  129.622780][    T9] usb 1-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00
[  129.626331][ T5884] usb usb4-port1: attempt power cycle
[  129.634606][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.648069][    T9] usb 1-1: config 0 descriptor??
[  129.654050][ T6814] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  129.838239][    C1] igorplugusb 3-1:0.0: receive overflow, at least 33 lost
[  129.976366][ T5884] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  129.997958][ T5884] usb 4-1: device descriptor read/8, error -71
[  130.039207][ T6809] /dev/rnullb0: Can't open blockdev
[  130.047582][ T5898] usb 3-1: USB disconnect, device number 14
[  130.086972][    T9] glorious 0003:22D4:1503.0006: hidraw0: USB HID v0.00 Device [Glorious Model I] on usb-dummy_hcd.0-1/input1
[  130.245993][ T5884] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  130.266286][ T5884] usb 4-1: device descriptor read/8, error -71
[  130.272877][    T9] usb 1-1: USB disconnect, device number 17
[  130.376357][ T5884] usb usb4-port1: unable to enumerate USB device
[  130.835608][ T5884] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  130.986171][ T5884] usb 3-1: device descriptor read/64, error -71
[  130.996663][ T6830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.012847][ T6830] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.025133][ T6830] ./cgroup: Can't lookup blockdev
[  131.205661][ T5898] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  131.245648][ T5884] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  131.325775][ T5905] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  131.355647][ T5898] usb 1-1: Using ep0 maxpacket: 8
[  131.362079][ T5898] usb 1-1: config 1 interface 0 has no altsetting 0
[  131.371783][ T5898] usb 1-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice= 0.40
[  131.381390][ T5884] usb 3-1: device descriptor read/64, error -71
[  131.387716][ T5898] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.395813][ T5898] usb 1-1: Product: syz
[  131.399983][ T5898] usb 1-1: Manufacturer: syz
[  131.404607][ T5898] usb 1-1: SerialNumber: syz
[  131.477512][ T5905] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  131.488601][ T5905] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  131.499866][ T5905] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  131.505967][ T5884] usb usb3-port1: attempt power cycle
[  131.514558][ T5905] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  131.527630][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  131.536674][ T5905] usb 2-1: SerialNumber: syz
[  131.553203][ T5905] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  131.613705][ T6828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.622836][ T6828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.631976][ T6828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.641082][ T6828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.650644][ T6828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.659780][ T6828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.671629][ T6828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.680644][ T6828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.714837][ T5898] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input12
[  131.727258][ T5200] bcm5974 1-1:1.0: could not read from device
[  131.740965][ T5200] bcm5974 1-1:1.0: could not read from device
[  131.752755][ T5200] bcm5974 1-1:1.0: could not read from device
[  131.754030][ T6834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  131.770925][ T5898] usb 1-1: USB disconnect, device number 18
[  131.771194][ T5200] bcm5974 1-1:1.0: could not read from device
[  131.785189][ T6834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  131.865608][ T5884] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  131.870075][ T5905] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  131.896836][ T5884] usb 3-1: device descriptor read/8, error -71
[  131.909119][ T5905] usb 2-1: USB disconnect, device number 22
[  132.137392][ T5884] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  132.166321][ T5884] usb 3-1: device descriptor read/8, error -71
[  132.282061][ T5884] usb usb3-port1: unable to enumerate USB device
[  132.334017][ T6848] /dev/rnullb0: Can't open blockdev
[  132.724789][ T6861] FAULT_INJECTION: forcing a failure.
[  132.724789][ T6861] name failslab, interval 1, probability 0, space 0, times 0
[  132.737695][ T6861] CPU: 1 UID: 0 PID: 6861 Comm: syz.1.326 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  132.737718][ T6861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  132.737727][ T6861] Call Trace:
[  132.737733][ T6861]  <TASK>
[  132.737740][ T6861]  dump_stack_lvl+0x189/0x250
[  132.737766][ T6861]  ? __pfx____ratelimit+0x10/0x10
[  132.737782][ T6861]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.737802][ T6861]  ? __pfx__printk+0x10/0x10
[  132.737828][ T6861]  ? __pfx___might_resched+0x10/0x10
[  132.737846][ T6861]  ? fs_reclaim_acquire+0x7d/0x100
[  132.737868][ T6861]  should_fail_ex+0x414/0x560
[  132.737898][ T6861]  should_failslab+0xa8/0x100
[  132.737916][ T6861]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  132.737939][ T6861]  ? __d_alloc+0x36/0x7a0
[  132.737966][ T6861]  __d_alloc+0x36/0x7a0
[  132.737993][ T6861]  d_alloc_pseudo+0x21/0xc0
[  132.738016][ T6861]  alloc_file_pseudo+0xcc/0x210
[  132.738042][ T6861]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  132.738061][ T6861]  ? evm_inode_alloc_security+0x40/0xb0
[  132.738084][ T6861]  ? security_inode_alloc+0xd5/0x330
[  132.738115][ T6861]  sock_alloc_file+0xb8/0x2e0
[  132.738141][ T6861]  do_accept+0x34b/0x680
[  132.738164][ T6861]  ? __pfx_do_accept+0x10/0x10
[  132.738204][ T6861]  __sys_accept4+0x11c/0x1c0
[  132.738223][ T6861]  ? __pfx___sys_accept4+0x10/0x10
[  132.738241][ T6861]  ? __pfx_ksys_write+0x10/0x10
[  132.738265][ T6861]  __x64_sys_accept4+0x9a/0xb0
[  132.738284][ T6861]  do_syscall_64+0xfa/0x3b0
[  132.738300][ T6861]  ? lockdep_hardirqs_on+0x9c/0x150
[  132.738315][ T6861]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.738331][ T6861]  ? clear_bhb_loop+0x60/0xb0
[  132.738351][ T6861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.738367][ T6861] RIP: 0033:0x7fa57c78e929
[  132.738382][ T6861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.738394][ T6861] RSP: 002b:00007fa57d6a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  132.738413][ T6861] RAX: ffffffffffffffda RBX: 00007fa57c9b5fa0 RCX: 00007fa57c78e929
[  132.738425][ T6861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  132.738434][ T6861] RBP: 00007fa57d6a8090 R08: 0000000000000000 R09: 0000000000000000
[  132.738445][ T6861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.738454][ T6861] R13: 0000000000000000 R14: 00007fa57c9b5fa0 R15: 00007fff3fc17bd8
[  132.738482][ T6861]  </TASK>
[  132.986610][    C1] vkms_vblank_simulate: vblank timer overrun
[  132.993331][ T5898] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  133.001866][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  133.009245][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  133.019109][ T5884] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  133.062245][ T6863] syz.1.327: attempt to access beyond end of device
[  133.062245][ T6863] loop1: rw=2048, sector=0, nr_sectors = 8 limit=0
[  133.076799][ T6863] SQUASHFS error: Failed to read block 0x0: -5
[  133.084053][ T6863] unable to read squashfs_super_block
[  133.155601][ T5884] usb 1-1: device descriptor read/64, error -71
[  133.165724][ T5898] usb 4-1: Using ep0 maxpacket: 16
[  133.180047][ T5898] usb 4-1: New USB device found, idVendor=0c45, idProduct=800a, bcdDevice=db.47
[  133.189734][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.197797][ T5898] usb 4-1: Product: syz
[  133.201993][ T5898] usb 4-1: Manufacturer: syz
[  133.206717][ T5898] usb 4-1: SerialNumber: syz
[  133.221086][ T5898] usb 4-1: config 0 descriptor??
[  133.230989][ T5898] gspca_main: sn9c2028-2.14.0 probing 0c45:800a
[  133.395638][ T5884] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  133.432479][ T6857] netlink: 12 bytes leftover after parsing attributes in process `syz.3.325'.
[  133.441813][ T6857] netlink: 31 bytes leftover after parsing attributes in process `syz.3.325'.
[  133.449319][    T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  133.452528][ T6857] netlink: 'syz.3.325': attribute type 3 has an invalid length.
[  133.466863][ T6857] netlink: 'syz.3.325': attribute type 2 has an invalid length.
[  133.474632][ T6857] netlink: 31 bytes leftover after parsing attributes in process `syz.3.325'.
[  133.535704][ T5884] usb 1-1: device descriptor read/64, error -71
[  133.605636][    T9] usb 2-1: Using ep0 maxpacket: 16
[  133.617564][    T9] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  133.626393][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  133.637836][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  133.650146][ T5884] usb usb1-port1: attempt power cycle
[  133.658569][    T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  133.670083][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.681764][    T9] usb 2-1: Product: syz
[  133.688084][    T9] usb 2-1: Manufacturer: syz
[  133.695822][    T9] usb 2-1: SerialNumber: syz
[  133.706048][ T5898] gspca_sn9c2028: read1 error -71
[  133.719632][ T5898] gspca_sn9c2028: read1 error -71
[  133.724989][ T5898] sn9c2028 4-1:0.0: probe with driver sn9c2028 failed with error -71
[  133.748753][ T5898] usb 4-1: USB disconnect, device number 18
[  133.894690][ T6873] program syz.2.331 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  134.005783][ T5884] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  134.033867][ T5884] usb 1-1: device descriptor read/8, error -71
[  134.121813][    T9] usb 2-1: 0:2 : does not exist
[  134.275817][ T5884] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  134.311222][ T5884] usb 1-1: device descriptor read/8, error -71
[  134.434394][ T5884] usb usb1-port1: unable to enumerate USB device
[  134.530109][    T9] usb 2-1: 1:0: cannot get min/max values for control 2 (id 1)
[  134.591907][    T9] usb 2-1: USB disconnect, device number 23
[  134.621866][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  135.644413][ T6913] /dev/rnullb0: Can't open blockdev
[  135.685677][ T5891] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  135.865612][ T5891] usb 3-1: Using ep0 maxpacket: 16
[  135.892542][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 112, changing to 10
[  135.912081][ T5891] usb 3-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.00
[  135.932458][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.934992][ T6926] /dev/rnullb0: Can't open blockdev
[  135.964503][ T5891] usb 3-1: config 0 descriptor??
[  136.185021][ T6906] /dev/rnullb0: Can't open blockdev
[  136.192656][ T5891] usb 3-1: string descriptor 0 read error: -71
[  136.212046][ T5891] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input13
[  136.263682][ T5200] bcm5974 3-1:0.0: could not read from device
[  136.276691][ T5891] usb 3-1: USB disconnect, device number 19
[  136.297210][ T5884] usb 4-1: new low-speed USB device number 19 using dummy_hcd
[  136.309510][ T5200] bcm5974 3-1:0.0: could not read from device
[  136.330469][ T5845] bcm5974 3-1:0.0: could not read from device
[  136.345691][ T5898] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  136.485696][ T5898] usb 2-1: device descriptor read/64, error -71
[  136.498769][ T5884] usb 4-1: unable to get BOS descriptor or descriptor too short
[  136.509598][ T5884] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x1 is Bulk; changing to Interrupt
[  136.520005][ T5884] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x82 is Bulk; changing to Interrupt
[  136.540373][ T5884] usb 4-1: config 1 interface 0 has no altsetting 0
[  136.563638][ T5884] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  136.575321][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.583470][ T5884] usb 4-1: SerialNumber: Њ
[  136.601202][ T6929] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  136.610515][ T6929] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  136.618543][ T5164] Bluetooth: hci3: command 0x0c1a tx timeout
[  136.736874][ T5898] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  136.895622][ T5898] usb 2-1: device descriptor read/64, error -71
[  136.975002][ T5884] usb 4-1: USB disconnect, device number 19
[  137.016885][ T5898] usb usb2-port1: attempt power cycle
[  137.083786][ T6962] FAULT_INJECTION: forcing a failure.
[  137.083786][ T6962] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.100430][ T6962] CPU: 1 UID: 0 PID: 6962 Comm: syz.2.363 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  137.100454][ T6962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  137.100464][ T6962] Call Trace:
[  137.100471][ T6962]  <TASK>
[  137.100479][ T6962]  dump_stack_lvl+0x189/0x250
[  137.100506][ T6962]  ? __pfx____ratelimit+0x10/0x10
[  137.100524][ T6962]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.100546][ T6962]  ? __pfx__printk+0x10/0x10
[  137.100582][ T6962]  should_fail_ex+0x414/0x560
[  137.100611][ T6962]  _copy_to_user+0x31/0xb0
[  137.100635][ T6962]  simple_read_from_buffer+0xe1/0x170
[  137.100661][ T6962]  proc_fail_nth_read+0x1df/0x250
[  137.100686][ T6962]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  137.100712][ T6962]  ? rw_verify_area+0x2a6/0x4d0
[  137.100728][ T6962]  ? __lock_acquire+0xab9/0xd20
[  137.100745][ T6962]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  137.100769][ T6962]  vfs_read+0x1fd/0x980
[  137.100792][ T6962]  ? __pfx___mutex_lock+0x10/0x10
[  137.100810][ T6962]  ? __pfx_vfs_read+0x10/0x10
[  137.100834][ T6962]  ? __fget_files+0x2a/0x420
[  137.100859][ T6962]  ? __fget_files+0x3a0/0x420
[  137.100877][ T6962]  ? __fget_files+0x2a/0x420
[  137.100913][ T6962]  ksys_read+0x145/0x250
[  137.100929][ T6962]  ? __fget_files+0x3a0/0x420
[  137.100950][ T6962]  ? __pfx_ksys_read+0x10/0x10
[  137.100974][ T6962]  ? do_syscall_64+0xbe/0x3b0
[  137.100995][ T6962]  do_syscall_64+0xfa/0x3b0
[  137.101011][ T6962]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.101028][ T6962]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.101044][ T6962]  ? clear_bhb_loop+0x60/0xb0
[  137.101065][ T6962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.101081][ T6962] RIP: 0033:0x7f911618d33c
[  137.101096][ T6962] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  137.101109][ T6962] RSP: 002b:00007f9116f12030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  137.101128][ T6962] RAX: ffffffffffffffda RBX: 00007f91163b6080 RCX: 00007f911618d33c
[  137.101140][ T6962] RDX: 000000000000000f RSI: 00007f9116f120a0 RDI: 0000000000000004
[  137.101150][ T6962] RBP: 00007f9116f12090 R08: 0000000000000000 R09: 0000000000000000
[  137.101160][ T6962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.101170][ T6962] R13: 0000000000000000 R14: 00007f91163b6080 R15: 00007ffd0045fef8
[  137.101199][ T6962]  </TASK>
[  137.340459][    C1] vkms_vblank_simulate: vblank timer overrun
[  137.625924][ T5898] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  137.657190][ T5898] usb 2-1: device descriptor read/8, error -71
[  137.897915][ T5898] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  137.946526][ T5898] usb 2-1: device descriptor read/8, error -71
[  138.067933][ T5898] usb usb2-port1: unable to enumerate USB device
[  138.196391][ T6978] netlink: 'syz.3.368': attribute type 1 has an invalid length.
[  138.200743][   T30] kauditd_printk_skb: 44 callbacks suppressed
[  138.200761][   T30] audit: type=1326 audit(1752725315.371:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6979 comm="syz.2.369" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f911618e929 code=0x0
[  138.229922][ T6978] netlink: 44 bytes leftover after parsing attributes in process `syz.3.368'.
[  138.271383][ T6978] /dev/rnullb0: Can't open blockdev
[  138.393807][ T6983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.370'.
[  138.741636][   T30] audit: type=1326 audit(1752725315.911:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6994 comm="syz.3.373" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c9e78e929 code=0x0
[  139.217266][ T7009] FAULT_INJECTION: forcing a failure.
[  139.217266][ T7009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  139.252220][ T7009] CPU: 0 UID: 0 PID: 7009 Comm: syz.2.374 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  139.252246][ T7009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  139.252256][ T7009] Call Trace:
[  139.252264][ T7009]  <TASK>
[  139.252271][ T7009]  dump_stack_lvl+0x189/0x250
[  139.252298][ T7009]  ? __pfx____ratelimit+0x10/0x10
[  139.252315][ T7009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  139.252336][ T7009]  ? __pfx__printk+0x10/0x10
[  139.252358][ T7009]  ? __might_fault+0xb0/0x130
[  139.252392][ T7009]  should_fail_ex+0x414/0x560
[  139.252421][ T7009]  _copy_from_user+0x2d/0xb0
[  139.252445][ T7009]  snd_ctl_ioctl+0x37d/0x1ad0
[  139.252465][ T7009]  ? stack_trace_save+0x9c/0xe0
[  139.252490][ T7009]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[  139.252516][ T7009]  ? kasan_save_track+0x4f/0x80
[  139.252536][ T7009]  ? kasan_save_track+0x3e/0x80
[  139.252554][ T7009]  ? kasan_save_free_info+0x46/0x50
[  139.252572][ T7009]  ? __kasan_slab_free+0x62/0x70
[  139.252591][ T7009]  ? kfree+0x18e/0x440
[  139.252619][ T7009]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  139.252636][ T7009]  ? security_file_ioctl+0xcb/0x2d0
[  139.252650][ T7009]  ? __se_sys_ioctl+0x47/0x170
[  139.252665][ T7009]  ? do_syscall_64+0xfa/0x3b0
[  139.252680][ T7009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.252747][ T7009]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  139.252766][ T7009]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  139.252788][ T7009]  ? do_vfs_ioctl+0xbe8/0x1430
[  139.252805][ T7009]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  139.252832][ T7009]  ? __lock_acquire+0xab9/0xd20
[  139.252867][ T7009]  ? __fget_files+0x2a/0x420
[  139.252889][ T7009]  ? __fget_files+0x2a/0x420
[  139.252905][ T7009]  ? __fget_files+0x3a0/0x420
[  139.252913][ T7013] kAFS: unparsable volume name
[  139.252922][ T7009]  ? __fget_files+0x2a/0x420
[  139.252943][ T7009]  ? bpf_lsm_file_ioctl+0x9/0x20
[  139.252960][ T7009]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[  139.252974][ T7009]  __se_sys_ioctl+0xfc/0x170
[  139.252992][ T7009]  do_syscall_64+0xfa/0x3b0
[  139.253007][ T7009]  ? lockdep_hardirqs_on+0x9c/0x150
[  139.253023][ T7009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.253038][ T7009]  ? clear_bhb_loop+0x60/0xb0
[  139.253058][ T7009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  139.253074][ T7009] RIP: 0033:0x7f911618e929
[  139.253088][ T7009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  139.253102][ T7009] RSP: 002b:00007f9116f33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  139.253120][ T7009] RAX: ffffffffffffffda RBX: 00007f91163b5fa0 RCX: 00007f911618e929
[  139.253132][ T7009] RDX: 0000200000000080 RSI: 00000000c1105517 RDI: 0000000000000003
[  139.253143][ T7009] RBP: 00007f9116f33090 R08: 0000000000000000 R09: 0000000000000000
[  139.253153][ T7009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  139.253163][ T7009] R13: 0000000000000000 R14: 00007f91163b5fa0 R15: 00007ffd0045fef8
[  139.253190][ T7009]  </TASK>
[  139.986519][ T5898] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  140.166252][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  140.179743][ T5898] usb 4-1: unable to get BOS descriptor or descriptor too short
[  140.204223][ T5898] usb 4-1: config index 0 descriptor too short (expected 1051, got 27)
[  140.225625][ T5898] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  140.246977][ T5898] usb 4-1: config 0 has no interfaces?
[  140.263068][ T5898] usb 4-1: string descriptor 0 read error: -22
[  140.271869][ T5898] usb 4-1: New USB device found, idVendor=05ac, idProduct=0217, bcdDevice=b6.f1
[  140.293327][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.319060][ T5898] usb 4-1: config 0 descriptor??
[  140.326444][    T9] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  140.495607][    T9] usb 1-1: Using ep0 maxpacket: 16
[  140.507986][    T9] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  140.525734][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  140.554491][ T7023] /dev/rnullb0: Can't open blockdev
[  140.575580][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  140.597347][    T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  140.631756][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.650899][    T9] usb 1-1: Product: syz
[  140.656174][    T9] usb 1-1: Manufacturer: syz
[  140.657996][ T5884] usb 4-1: USB disconnect, device number 20
[  140.667245][    T9] usb 1-1: SerialNumber: syz
[  140.865614][ T5898] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  140.905710][ T7055] FAULT_INJECTION: forcing a failure.
[  140.905710][ T7055] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  140.919352][ T7055] CPU: 1 UID: 0 PID: 7055 Comm: syz.1.387 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  140.919383][ T7055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  140.919393][ T7055] Call Trace:
[  140.919401][ T7055]  <TASK>
[  140.919408][ T7055]  dump_stack_lvl+0x189/0x250
[  140.919436][ T7055]  ? __pfx____ratelimit+0x10/0x10
[  140.919454][ T7055]  ? __pfx_dump_stack_lvl+0x10/0x10
[  140.919579][ T7055]  ? __pfx__printk+0x10/0x10
[  140.919603][ T7055]  ? __might_fault+0xb0/0x130
[  140.919636][ T7055]  should_fail_ex+0x414/0x560
[  140.919665][ T7055]  _copy_from_user+0x2d/0xb0
[  140.919687][ T7055]  video_usercopy+0x354/0x14f0
[  140.919716][ T7055]  ? __pfx___video_do_ioctl+0x10/0x10
[  140.919735][ T7055]  ? __pfx_video_usercopy+0x10/0x10
[  140.919761][ T7055]  ? __fget_files+0x2a/0x420
[  140.919785][ T7055]  ? __fget_files+0x2a/0x420
[  140.919803][ T7055]  ? __fget_files+0x3a0/0x420
[  140.919826][ T7055]  v4l2_ioctl+0x18a/0x1e0
[  140.919844][ T7055]  ? __pfx_v4l2_ioctl+0x10/0x10
[  140.919861][ T7055]  __se_sys_ioctl+0xfc/0x170
[  140.919881][ T7055]  do_syscall_64+0xfa/0x3b0
[  140.919898][ T7055]  ? lockdep_hardirqs_on+0x9c/0x150
[  140.919914][ T7055]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.919931][ T7055]  ? clear_bhb_loop+0x60/0xb0
[  140.919951][ T7055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.919968][ T7055] RIP: 0033:0x7fa57c78e929
[  140.919984][ T7055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.919998][ T7055] RSP: 002b:00007fa57d6a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  140.920016][ T7055] RAX: ffffffffffffffda RBX: 00007fa57c9b5fa0 RCX: 00007fa57c78e929
[  140.920028][ T7055] RDX: 0000200000000040 RSI: 00000000c0405610 RDI: 0000000000000003
[  140.920039][ T7055] RBP: 00007fa57d6a8090 R08: 0000000000000000 R09: 0000000000000000
[  140.920050][ T7055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  140.920060][ T7055] R13: 0000000000000000 R14: 00007fa57c9b5fa0 R15: 00007fff3fc17bd8
[  140.920088][ T7055]  </TASK>
[  141.147187][    T9] usb 1-1: 0:2 : does not exist
[  141.189714][ T7057] input: syz1 as /devices/virtual/input/input15
[  141.197145][ T5898] usb 3-1: device descriptor read/64, error -71
[  141.209286][ T7057] FAULT_INJECTION: forcing a failure.
[  141.209286][ T7057] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  141.224887][ T7057] CPU: 1 UID: 0 PID: 7057 Comm: syz.1.388 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  141.224919][ T7057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  141.224929][ T7057] Call Trace:
[  141.224936][ T7057]  <TASK>
[  141.224943][ T7057]  dump_stack_lvl+0x189/0x250
[  141.224977][ T7057]  ? __pfx____ratelimit+0x10/0x10
[  141.224995][ T7057]  ? __pfx_dump_stack_lvl+0x10/0x10
[  141.225025][ T7057]  ? __pfx__printk+0x10/0x10
[  141.225048][ T7057]  ? __might_fault+0xb0/0x130
[  141.225083][ T7057]  should_fail_ex+0x414/0x560
[  141.225119][ T7057]  _copy_from_user+0x2d/0xb0
[  141.225142][ T7057]  input_event_from_user+0xb2/0x280
[  141.225162][ T7057]  ? __pfx_input_event_from_user+0x10/0x10
[  141.225186][ T7057]  ? input_event+0xa6/0xc0
[  141.225208][ T7057]  uinput_write+0x279/0xfc0
[  141.225243][ T7057]  ? __pfx_uinput_write+0x10/0x10
[  141.225263][ T7057]  ? bpf_lsm_file_permission+0x9/0x20
[  141.225282][ T7057]  ? security_file_permission+0x75/0x290
[  141.225301][ T7057]  ? rw_verify_area+0x255/0x4d0
[  141.225324][ T7057]  ? __lock_acquire+0xab9/0xd20
[  141.225346][ T7057]  ? __pfx_uinput_write+0x10/0x10
[  141.225367][ T7057]  vfs_write+0x27b/0xa90
[  141.225394][ T7057]  ? __pfx_vfs_write+0x10/0x10
[  141.225420][ T7057]  ? __fget_files+0x2a/0x420
[  141.225441][ T7057]  ? __fget_files+0x2a/0x420
[  141.225460][ T7057]  ? __fget_files+0x3a0/0x420
[  141.225481][ T7057]  ? __fget_files+0x2a/0x420
[  141.225506][ T7057]  ksys_write+0x145/0x250
[  141.225525][ T7057]  ? __pfx_ksys_write+0x10/0x10
[  141.225540][ T7057]  ? rcu_is_watching+0x15/0xb0
[  141.225566][ T7057]  ? do_syscall_64+0xbe/0x3b0
[  141.225587][ T7057]  do_syscall_64+0xfa/0x3b0
[  141.225602][ T7057]  ? lockdep_hardirqs_on+0x9c/0x150
[  141.225619][ T7057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.225636][ T7057]  ? clear_bhb_loop+0x60/0xb0
[  141.225662][ T7057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  141.225686][ T7057] RIP: 0033:0x7fa57c78e929
[  141.225702][ T7057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  141.225716][ T7057] RSP: 002b:00007fa57d6a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  141.225741][ T7057] RAX: ffffffffffffffda RBX: 00007fa57c9b5fa0 RCX: 00007fa57c78e929
[  141.225754][ T7057] RDX: 000000000000045c RSI: 00002000000000c0 RDI: 0000000000000004
[  141.225771][ T7057] RBP: 00007fa57d6a8090 R08: 0000000000000000 R09: 0000000000000000
[  141.225781][ T7057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  141.225791][ T7057] R13: 0000000000000000 R14: 00007fa57c9b5fa0 R15: 00007fff3fc17bd8
[  141.225824][ T7057]  </TASK>
[  141.634763][ T5898] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  141.656520][ T7062] netlink: 88 bytes leftover after parsing attributes in process `syz.3.389'.
[  141.726181][    T9] usb 1-1: 1:0: cannot get min/max values for control 2 (id 1)
[  141.770719][ T5898] usb 3-1: device descriptor read/64, error -71
[  141.830953][    T9] usb 1-1: USB disconnect, device number 23
[  141.859241][ T7067] tipc: Started in network mode
[  141.864852][ T7067] tipc: Node identity ff120000000000000000000000000001, cluster identity 4711
[  141.879967][ T7067] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  141.902630][ T5898] usb usb3-port1: attempt power cycle
[  142.043302][ T7073] /dev/rnullb0: Can't open blockdev
[  142.245593][ T5898] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  142.296411][ T5898] usb 3-1: device descriptor read/8, error -71
[  142.536168][ T5898] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  142.588479][ T5898] usb 3-1: device descriptor read/8, error -71
[  142.706717][ T5898] usb usb3-port1: unable to enumerate USB device
[  142.852625][ T7100] /dev/rnullb0: Can't open blockdev
[  142.858467][    T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  142.911696][ T5164] Bluetooth: hci3: SCO packet for unknown connection handle 205
[  142.913362][ T7102] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  142.982074][ T7104] input: syz1 as /devices/virtual/input/input16
[  143.025683][    T9] usb 1-1: Using ep0 maxpacket: 32
[  143.047565][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  143.067373][    T9] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  143.078089][    T9] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  143.086357][    T9] usb 1-1: Product: syz
[  143.090524][    T9] usb 1-1: Manufacturer: syz
[  143.095118][    T9] usb 1-1: SerialNumber: syz
[  143.108800][    T9] usb 1-1: config 0 descriptor??
[  143.119937][ T7097] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  143.129162][    T9] hub 1-1:0.0: bad descriptor, ignoring hub
[  143.136326][    T9] hub 1-1:0.0: probe with driver hub failed with error -5
[  143.359627][ T7097] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.368494][ T7097] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.378202][ T7097] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  143.387655][ T7097] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  143.444785][ T7111] /dev/rnullb0: Can't open blockdev
[  143.461332][ T5898] IPVS: starting estimator thread 0...
[  143.555704][ T7113] IPVS: using max 35 ests per chain, 84000 per kthread
[  143.625566][   T43] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  143.716606][ T5905] usb 1-1: USB disconnect, device number 24
[  143.803458][   T43] usb 4-1: Using ep0 maxpacket: 16
[  143.824074][   T43] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  143.853808][   T43] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  143.869140][   T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  143.887454][   T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  143.897499][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.921280][   T43] usb 4-1: Product: syz
[  143.925711][   T43] usb 4-1: Manufacturer: syz
[  143.930318][   T43] usb 4-1: SerialNumber: syz
[  144.091744][ T7129] overlayfs: failed to resolve './file1': -2
[  144.225742][ T5898] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  144.359456][   T43] usb 4-1: 0:2 : does not exist
[  144.378994][ T5898] usb 3-1: unable to get BOS descriptor or descriptor too short
[  144.392131][ T5898] usb 3-1: not running at top speed; connect to a high speed hub
[  144.402190][ T5898] usb 3-1: config 0 has an invalid interface number: 88 but max is 0
[  144.415427][ T5898] usb 3-1: config 0 has no interface number 0
[  144.424154][ T5898] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 10
[  144.440375][ T5898] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  144.453436][ T5898] usb 3-1: config 0 interface 88 has no altsetting 0
[  144.469826][ T5898] usb 3-1: string descriptor 0 read error: -22
[  144.479925][ T5898] usb 3-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  144.485712][ T5905] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  144.489960][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  144.514441][ T5898] usb 3-1: config 0 descriptor??
[  144.542515][ T5898] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.88/input/input17
[  144.698530][ T5845] udevd[5845]: Error opening device "/dev/input/event4": Input/output error
[  144.708552][ T5845] udevd[5845]: Unable to EVIOCGABS device "/dev/input/event4"
[  144.717427][ T5845] udevd[5845]: Unable to EVIOCGABS device "/dev/input/event4"
[  144.768735][ T7127] netlink: 68 bytes leftover after parsing attributes in process `syz.2.412'.
[  144.796227][   T43] usb 4-1: 1:0: cannot get min/max values for control 2 (id 1)
[  144.812243][ T7127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.817105][ T5905] usb 2-1: Using ep0 maxpacket: 8
[  144.834901][ T7127] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.842822][ T5905] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  144.863815][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.872431][ T7127] input: syz0 as /devices/virtual/input/input19
[  144.888812][ T5905] usb 2-1: Product: syz
[  144.897982][   T43] usb 4-1: USB disconnect, device number 21
[  144.907267][ T5905] usb 2-1: Manufacturer: syz
[  144.923408][ T5905] usb 2-1: SerialNumber: syz
[  144.973667][ T6714] udevd[6714]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  144.998657][ T5905] usb 2-1: config 0 descriptor??
[  145.006040][    T9] usb 3-1: USB disconnect, device number 24
[  145.292741][ T5905] dvb_usb_rtl28xxu 2-1:0.0: chip type detection failed -71
[  145.303138][ T5905] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  145.316080][ T5905] usb 2-1: USB disconnect, device number 28
[  145.395704][   T43] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  145.547509][   T43] usb 1-1: device descriptor read/64, error -71
[  145.795799][   T43] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  145.935657][   T43] usb 1-1: device descriptor read/64, error -71
[  146.056186][   T43] usb usb1-port1: attempt power cycle
[  146.405813][   T43] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  146.446491][   T43] usb 1-1: device descriptor read/8, error -71
[  146.687099][   T43] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  146.704437][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.426'.
[  146.718671][   T43] usb 1-1: device descriptor read/8, error -71
[  146.748711][ T7167] FAULT_INJECTION: forcing a failure.
[  146.748711][ T7167] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  146.796707][ T7167] CPU: 0 UID: 0 PID: 7167 Comm: syz.2.425 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  146.796732][ T7167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  146.796743][ T7167] Call Trace:
[  146.796750][ T7167]  <TASK>
[  146.796757][ T7167]  dump_stack_lvl+0x189/0x250
[  146.796785][ T7167]  ? __pfx____ratelimit+0x10/0x10
[  146.796803][ T7167]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.796825][ T7167]  ? __pfx__printk+0x10/0x10
[  146.796849][ T7167]  ? fs_reclaim_acquire+0x7d/0x100
[  146.796874][ T7167]  should_fail_ex+0x414/0x560
[  146.796901][ T7167]  prepare_alloc_pages+0x213/0x610
[  146.796926][ T7167]  __alloc_frozen_pages_noprof+0x123/0x370
[  146.796949][ T7167]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  146.796978][ T7167]  ? policy_nodemask+0x27c/0x720
[  146.797007][ T7167]  alloc_pages_mpol+0x232/0x4a0
[  146.797036][ T7167]  alloc_pages_noprof+0xa9/0x190
[  146.797055][ T7167]  get_free_pages_noprof+0xf/0x80
[  146.797074][ T7167]  __pollwait+0x27b/0x460
[  146.797095][ T7167]  ? __pfx___pollwait+0x10/0x10
[  146.797113][ T7167]  datagram_poll+0x82/0x420
[  146.797138][ T7167]  sock_poll+0x329/0x3e0
[  146.797170][ T7167]  ? __pfx_sock_poll+0x10/0x10
[  146.797193][ T7167]  do_select+0x105b/0x17e0
[  146.797211][ T7167]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  146.797238][ T7167]  ? do_select+0x871/0x17e0
[  146.797275][ T7167]  ? __pfx_do_select+0x10/0x10
[  146.797293][ T7167]  ? __lock_acquire+0xab9/0xd20
[  146.797313][ T7167]  ? __pfx___pollwait+0x10/0x10
[  146.797336][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797358][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797380][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797402][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797424][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797446][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797468][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797488][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797507][ T7167]  ? __pfx_pollwake+0x10/0x10
[  146.797541][ T7167]  core_sys_select+0x6dd/0xa20
[  146.797572][ T7167]  ? __pfx_core_sys_select+0x10/0x10
[  146.797612][ T7167]  ? __pfx_set_user_sigmask+0x10/0x10
[  146.797640][ T7167]  __se_sys_pselect6+0x27a/0x300
[  146.797664][ T7167]  ? __pfx___se_sys_pselect6+0x10/0x10
[  146.797682][ T7167]  ? __pfx_ksys_write+0x10/0x10
[  146.797706][ T7167]  ? __x64_sys_pselect6+0x21/0xf0
[  146.797728][ T7167]  do_syscall_64+0xfa/0x3b0
[  146.797745][ T7167]  ? lockdep_hardirqs_on+0x9c/0x150
[  146.797761][ T7167]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.797778][ T7167]  ? clear_bhb_loop+0x60/0xb0
[  146.797798][ T7167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.797815][ T7167] RIP: 0033:0x7f911618e929
[  146.797831][ T7167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.797845][ T7167] RSP: 002b:00007f9116f12038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  146.797863][ T7167] RAX: ffffffffffffffda RBX: 00007f91163b6080 RCX: 00007f911618e929
[  146.797874][ T7167] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  146.797884][ T7167] RBP: 00007f9116f12090 R08: 0000000000000000 R09: 0000000000000000
[  146.797894][ T7167] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  146.797904][ T7167] R13: 0000000000000000 R14: 00007f91163b6080 R15: 00007ffd0045fef8
[  146.797930][ T7167]  </TASK>
[  146.845962][   T43] usb usb1-port1: unable to enumerate USB device
[  147.455622][ T5905] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[  147.612534][ T5905] usb 2-1: config 0 has an invalid interface number: 139 but max is 0
[  147.634004][ T5905] usb 2-1: config 0 has no interface number 0
[  147.640928][ T5905] usb 2-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  147.655195][ T5905] usb 2-1: config 0 interface 139 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D
[  147.667905][ T5905] usb 2-1: config 0 interface 139 altsetting 0 endpoint 0x8D has invalid maxpacket 14158, setting to 64
[  147.679617][ T5905] usb 2-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  147.707661][ T5905] usb 2-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6
[  147.718156][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.732087][ T5905] usb 2-1: Product: syz
[  147.736630][ T5905] usb 2-1: Manufacturer: syz
[  147.741237][ T5905] usb 2-1: SerialNumber: syz
[  147.749659][ T5905] usb 2-1: config 0 descriptor??
[  147.758263][ T7174] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  147.771377][ T7174] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  147.805188][ T7181] bond0: (slave ip6gre0): Error: Device can not be enslaved while up
[  148.015284][ T5905] mct_u232 2-1:0.139: MCT U232 converter detected
[  148.035135][ T5905] usb 2-1: MCT U232 converter now attached to ttyUSB0
[  148.056112][ T5905] usb 2-1: USB disconnect, device number 29
[  148.075003][ T5905] mct_u232 ttyUSB0: MCT U232 converter now disconnected from ttyUSB0
[  148.097138][ T5905] mct_u232 2-1:0.139: device disconnected
[  148.100692][ T7187] /dev/rnullb0: Can't open blockdev
[  148.270745][ T7195] netlink: 'syz.2.434': attribute type 4 has an invalid length.
[  148.280848][ T7195] netlink: 152 bytes leftover after parsing attributes in process `syz.2.434'.
[  148.301830][ T7195] : renamed from bond0 (while UP)
[  148.312513][ T7197] ==================================================================
[  148.320600][ T7197] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[  148.328575][ T7197] Read of size 1 at addr ffff888030a74330 by task syz.0.435/7197
[  148.336295][ T7197] 
[  148.338628][ T7197] CPU: 1 UID: 0 PID: 7197 Comm: syz.0.435 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  148.338652][ T7197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  148.338679][ T7197] Call Trace:
[  148.338687][ T7197]  <TASK>
[  148.338695][ T7197]  dump_stack_lvl+0x189/0x250
[  148.338723][ T7197]  ? __kasan_check_byte+0x12/0x40
[  148.338748][ T7197]  ? __pfx_dump_stack_lvl+0x10/0x10
[  148.338771][ T7197]  ? lock_release+0x4b/0x3e0
[  148.338793][ T7197]  ? __virt_addr_valid+0x4a5/0x5c0
[  148.338818][ T7197]  print_report+0xca/0x230
[  148.338836][ T7197]  ? xfrm_state_find+0x2cf2/0x5400
[  148.338858][ T7197]  kasan_report+0x118/0x150
[  148.338874][ T7197]  ? xfrm_state_find+0x2cf2/0x5400
[  148.338898][ T7197]  xfrm_state_find+0x2cf2/0x5400
[  148.338919][ T7197]  ? __lock_acquire+0xab9/0xd20
[  148.338946][ T7197]  ? xfrm_state_find+0x1da/0x5400
[  148.338971][ T7197]  ? __pfx_xfrm_state_find+0x10/0x10
[  148.338997][ T7197]  ? __lock_acquire+0xab9/0xd20
[  148.339017][ T7197]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  148.339050][ T7197]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  148.339069][ T7197]  ? __lock_acquire+0xab9/0xd20
[  148.339095][ T7197]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  148.339115][ T7197]  ? rt_set_nexthop+0x693/0xa80
[  148.339140][ T7197]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  148.339160][ T7197]  ? xfrm_expand_policies+0x41f/0x6a0
[  148.339178][ T7197]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  148.339199][ T7197]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  148.339222][ T7197]  xfrm_lookup_route+0x3c/0x1c0
[  148.339240][ T7197]  udp_sendmsg+0x140c/0x2300
[  148.339264][ T7197]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  148.339289][ T7197]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  148.339310][ T7197]  ? __pfx_udp_sendmsg+0x10/0x10
[  148.339336][ T7197]  ? count_memcg_event_mm+0x21/0x260
[  148.339361][ T7197]  ? count_memcg_event_mm+0x21/0x260
[  148.339386][ T7197]  ? __pfx_aa_sk_perm+0x10/0x10
[  148.339403][ T7197]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  148.339427][ T7197]  ? sock_rps_record_flow+0x19/0x410
[  148.339450][ T7197]  ? inet_sendmsg+0x29c/0x370
[  148.339471][ T7197]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  148.339492][ T7197]  __sock_sendmsg+0x19c/0x270
[  148.339517][ T7197]  ____sys_sendmsg+0x52d/0x830
[  148.339539][ T7197]  ? __pfx_____sys_sendmsg+0x10/0x10
[  148.339562][ T7197]  ? import_iovec+0x74/0xa0
[  148.339583][ T7197]  ___sys_sendmsg+0x21f/0x2a0
[  148.339603][ T7197]  ? __pfx____sys_sendmsg+0x10/0x10
[  148.339635][ T7197]  ? __fget_files+0x2a/0x420
[  148.339654][ T7197]  ? __fget_files+0x3a0/0x420
[  148.339687][ T7197]  __sys_sendmmsg+0x227/0x430
[  148.339708][ T7197]  ? __pfx___sys_sendmmsg+0x10/0x10
[  148.339726][ T7197]  ? do_futex+0x333/0x420
[  148.339750][ T7197]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  148.339772][ T7197]  ? rcu_is_watching+0x15/0xb0
[  148.339790][ T7197]  __x64_sys_sendmmsg+0xa0/0xc0
[  148.339806][ T7197]  do_syscall_64+0xfa/0x3b0
[  148.339819][ T7197]  ? lockdep_hardirqs_on+0x9c/0x150
[  148.339831][ T7197]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.339844][ T7197]  ? clear_bhb_loop+0x60/0xb0
[  148.339858][ T7197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.339871][ T7197] RIP: 0033:0x7fd2fa38e929
[  148.339885][ T7197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  148.339896][ T7197] RSP: 002b:00007fd2fb217038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  148.339913][ T7197] RAX: ffffffffffffffda RBX: 00007fd2fa5b6080 RCX: 00007fd2fa38e929
[  148.339924][ T7197] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005
[  148.339933][ T7197] RBP: 00007fd2fa410ca1 R08: 0000000000000000 R09: 0000000000000000
[  148.339943][ T7197] R10: 0000000001010000 R11: 0000000000000246 R12: 0000000000000000
[  148.339952][ T7197] R13: 0000000000000000 R14: 00007fd2fa5b6080 R15: 00007ffea8d06678
[  148.339968][ T7197]  </TASK>
[  148.339973][ T7197] 
[  148.719178][ T7197] Allocated by task 6053:
[  148.723488][ T7197]  kasan_save_track+0x3e/0x80
[  148.728153][ T7197]  __kasan_slab_alloc+0x6c/0x80
[  148.732991][ T7197]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  148.738437][ T7197]  xfrm_state_alloc+0x24/0x2f0
[  148.743187][ T7197]  __find_acq_core+0x8a7/0x1c00
[  148.748016][ T7197]  xfrm_find_acq+0x78/0xa0
[  148.752420][ T7197]  xfrm_alloc_userspi+0x6b3/0xc90
[  148.757427][ T7197]  xfrm_user_rcv_msg+0x7a3/0xab0
[  148.762347][ T7197]  netlink_rcv_skb+0x205/0x470
[  148.767091][ T7197]  xfrm_netlink_rcv+0x79/0x90
[  148.771752][ T7197]  netlink_unicast+0x75c/0x8e0
[  148.776505][ T7197]  netlink_sendmsg+0x805/0xb30
[  148.781249][ T7197]  __sock_sendmsg+0x21c/0x270
[  148.785912][ T7197]  ____sys_sendmsg+0x505/0x830
[  148.790660][ T7197]  ___sys_sendmsg+0x21f/0x2a0
[  148.795319][ T7197]  __x64_sys_sendmsg+0x19b/0x260
[  148.800240][ T7197]  do_syscall_64+0xfa/0x3b0
[  148.804726][ T7197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  148.810618][ T7197] 
[  148.812930][ T7197] Freed by task 5898:
[  148.816886][ T7197]  kasan_save_track+0x3e/0x80
[  148.821556][ T7197]  kasan_save_free_info+0x46/0x50
[  148.826650][ T7197]  __kasan_slab_free+0x62/0x70
[  148.831405][ T7197]  kmem_cache_free+0x18f/0x400
[  148.836160][ T7197]  xfrm_state_gc_task+0x52d/0x6b0
[  148.841175][ T7197]  process_scheduled_works+0xae1/0x17b0
[  148.846701][ T7197]  worker_thread+0x8a0/0xda0
[  148.851273][ T7197]  kthread+0x70e/0x8a0
[  148.855415][ T7197]  ret_from_fork+0x3f9/0x770
[  148.860011][ T7197]  ret_from_fork_asm+0x1a/0x30
[  148.864762][ T7197] 
[  148.867075][ T7197] The buggy address belongs to the object at ffff888030a74000
[  148.867075][ T7197]  which belongs to the cache xfrm_state of size 928
[  148.881021][ T7197] The buggy address is located 816 bytes inside of
[  148.881021][ T7197]  freed 928-byte region [ffff888030a74000, ffff888030a743a0)
[  148.894798][ T7197] 
[  148.897107][ T7197] The buggy address belongs to the physical page:
[  148.903515][ T7197] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30a74
[  148.912269][ T7197] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  148.920763][ T7197] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  148.928298][ T7197] page_type: f5(slab)
[  148.932266][ T7197] raw: 00fff00000000040 ffff88801a980500 dead000000000122 0000000000000000
[  148.940834][ T7197] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  148.949410][ T7197] head: 00fff00000000040 ffff88801a980500 dead000000000122 0000000000000000
[  148.958074][ T7197] head: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000
[  148.966733][ T7197] head: 00fff00000000002 ffffea0000c29d01 00000000ffffffff 00000000ffffffff
[  148.975398][ T7197] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  148.984044][ T7197] page dumped because: kasan: bad access detected
[  148.990612][ T7197] page_owner tracks the page as allocated
[  148.996323][ T7197] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6053, tgid 6052 (syz.0.36), ts 88958000070, free_ts 88790457891
[  149.015245][ T7197]  post_alloc_hook+0x240/0x2a0
[  149.020004][ T7197]  get_page_from_freelist+0x21e4/0x22c0
[  149.025805][ T7197]  __alloc_frozen_pages_noprof+0x181/0x370
[  149.031598][ T7197]  alloc_pages_mpol+0x232/0x4a0
[  149.036441][ T7197]  allocate_slab+0x8a/0x370
[  149.040928][ T7197]  ___slab_alloc+0xbeb/0x1410
[  149.045583][ T7197]  kmem_cache_alloc_noprof+0x283/0x3c0
[  149.051115][ T7197]  xfrm_state_alloc+0x24/0x2f0
[  149.055871][ T7197]  __find_acq_core+0x8a7/0x1c00
[  149.060717][ T7197]  xfrm_find_acq+0x78/0xa0
[  149.065114][ T7197]  xfrm_alloc_userspi+0x6b3/0xc90
[  149.070122][ T7197]  xfrm_user_rcv_msg+0x7a3/0xab0
[  149.075041][ T7197]  netlink_rcv_skb+0x205/0x470
[  149.079792][ T7197]  xfrm_netlink_rcv+0x79/0x90
[  149.084463][ T7197]  netlink_unicast+0x75c/0x8e0
[  149.089220][ T7197]  netlink_sendmsg+0x805/0xb30
[  149.093983][ T7197] page last free pid 5204 tgid 5204 stack trace:
[  149.100387][ T7197]  __free_frozen_pages+0xbc4/0xd30
[  149.105588][ T7197]  __put_partials+0x156/0x1a0
[  149.110264][ T7197]  put_cpu_partial+0x17c/0x250
[  149.115017][ T7197]  __slab_free+0x2d5/0x3c0
[  149.119438][ T7197]  qlist_free_all+0x97/0x140
[  149.124030][ T7197]  kasan_quarantine_reduce+0x148/0x160
[  149.129477][ T7197]  __kasan_slab_alloc+0x22/0x80
[  149.134324][ T7197]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[  149.140294][ T7197]  __alloc_skb+0x112/0x2d0
[  149.144734][ T7197]  alloc_skb_with_frags+0xca/0x890
[  149.149831][ T7197]  sock_alloc_send_pskb+0x857/0x990
[  149.155018][ T7197]  unix_dgram_sendmsg+0x4fe/0x18b0
[  149.160115][ T7197]  __sock_sendmsg+0x21c/0x270
[  149.164787][ T7197]  __sys_sendto+0x3bd/0x520
[  149.169292][ T7197]  __x64_sys_sendto+0xde/0x100
[  149.174040][ T7197]  do_syscall_64+0xfa/0x3b0
[  149.178532][ T7197] 
[  149.180841][ T7197] Memory state around the buggy address:
[  149.186452][ T7197]  ffff888030a74200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.194494][ T7197]  ffff888030a74280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.202535][ T7197] >ffff888030a74300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  149.210574][ T7197]                                      ^
[  149.216181][ T7197]  ffff888030a74380: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  149.224220][ T7197]  ffff888030a74400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  149.232259][ T7197] ==================================================================
[  149.240312][    C1] vkms_vblank_simulate: vblank timer overrun
[  149.274661][ T7197] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  149.281891][ T7197] CPU: 1 UID: 0 PID: 7197 Comm: syz.0.435 Not tainted 6.16.0-rc6-next-20250716-syzkaller #0 PREEMPT(full) 
[  149.293255][ T7197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  149.303307][ T7197] Call Trace:
[  149.306667][ T7197]  <TASK>
[  149.309589][ T7197]  dump_stack_lvl+0x99/0x250
[  149.314175][ T7197]  ? __asan_memcpy+0x40/0x70
[  149.318767][ T7197]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.323957][ T7197]  ? __pfx__printk+0x10/0x10
[  149.328539][ T7197]  vpanic+0x281/0x750
[  149.332508][ T7197]  ? preempt_schedule+0xae/0xc0
[  149.337348][ T7197]  ? __pfx_vpanic+0x10/0x10
[  149.341832][ T7197]  ? preempt_schedule_common+0x83/0xd0
[  149.347286][ T7197]  ? preempt_schedule+0xae/0xc0
[  149.352124][ T7197]  ? __pfx_preempt_schedule+0x10/0x10
[  149.357484][ T7197]  panic+0xb9/0xc0
[  149.361195][ T7197]  ? __pfx_panic+0x10/0x10
[  149.365616][ T7197]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  149.371513][ T7197]  ? xfrm_state_find+0x2cf2/0x5400
[  149.376620][ T7197]  check_panic_on_warn+0x89/0xb0
[  149.381547][ T7197]  ? xfrm_state_find+0x2cf2/0x5400
[  149.386647][ T7197]  end_report+0x78/0x160
[  149.390873][ T7197]  kasan_report+0x129/0x150
[  149.395368][ T7197]  ? xfrm_state_find+0x2cf2/0x5400
[  149.400473][ T7197]  xfrm_state_find+0x2cf2/0x5400
[  149.405398][ T7197]  ? __lock_acquire+0xab9/0xd20
[  149.410248][ T7197]  ? xfrm_state_find+0x1da/0x5400
[  149.415261][ T7197]  ? __pfx_xfrm_state_find+0x10/0x10
[  149.420538][ T7197]  ? __lock_acquire+0xab9/0xd20
[  149.425382][ T7197]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[  149.431533][ T7197]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[  149.438113][ T7197]  ? __lock_acquire+0xab9/0xd20
[  149.442953][ T7197]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  149.448312][ T7197]  ? rt_set_nexthop+0x693/0xa80
[  149.453240][ T7197]  ? xfrm_sk_policy_lookup+0x9d/0x750
[  149.458597][ T7197]  ? xfrm_expand_policies+0x41f/0x6a0
[  149.463960][ T7197]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[  149.469324][ T7197]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  149.475122][ T7197]  xfrm_lookup_route+0x3c/0x1c0
[  149.479961][ T7197]  udp_sendmsg+0x140c/0x2300
[  149.484543][ T7197]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  149.489905][ T7197]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  149.495438][ T7197]  ? __pfx_udp_sendmsg+0x10/0x10
[  149.500368][ T7197]  ? count_memcg_event_mm+0x21/0x260
[  149.505656][ T7197]  ? count_memcg_event_mm+0x21/0x260
[  149.510933][ T7197]  ? __pfx_aa_sk_perm+0x10/0x10
[  149.515772][ T7197]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  149.522177][ T7197]  ? sock_rps_record_flow+0x19/0x410
[  149.527454][ T7197]  ? inet_sendmsg+0x29c/0x370
[  149.532119][ T7197]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  149.537401][ T7197]  __sock_sendmsg+0x19c/0x270
[  149.542077][ T7197]  ____sys_sendmsg+0x52d/0x830
[  149.546828][ T7197]  ? __pfx_____sys_sendmsg+0x10/0x10
[  149.552121][ T7197]  ? import_iovec+0x74/0xa0
[  149.556623][ T7197]  ___sys_sendmsg+0x21f/0x2a0
[  149.561288][ T7197]  ? __pfx____sys_sendmsg+0x10/0x10
[  149.566488][ T7197]  ? __fget_files+0x2a/0x420
[  149.571069][ T7197]  ? __fget_files+0x3a0/0x420
[  149.575914][ T7197]  __sys_sendmmsg+0x227/0x430
[  149.580596][ T7197]  ? __pfx___sys_sendmmsg+0x10/0x10
[  149.585794][ T7197]  ? do_futex+0x333/0x420
[  149.590133][ T7197]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  149.596030][ T7197]  ? rcu_is_watching+0x15/0xb0
[  149.600784][ T7197]  __x64_sys_sendmmsg+0xa0/0xc0
[  149.605627][ T7197]  do_syscall_64+0xfa/0x3b0
[  149.610127][ T7197]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.615319][ T7197]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.621369][ T7197]  ? clear_bhb_loop+0x60/0xb0
[  149.626032][ T7197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.631910][ T7197] RIP: 0033:0x7fd2fa38e929
[  149.636312][ T7197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  149.655909][ T7197] RSP: 002b:00007fd2fb217038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  149.664312][ T7197] RAX: ffffffffffffffda RBX: 00007fd2fa5b6080 RCX: 00007fd2fa38e929
[  149.672277][ T7197] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005
[  149.680257][ T7197] RBP: 00007fd2fa410ca1 R08: 0000000000000000 R09: 0000000000000000
[  149.688219][ T7197] R10: 0000000001010000 R11: 0000000000000246 R12: 0000000000000000
[  149.696176][ T7197] R13: 0000000000000000 R14: 00007fd2fa5b6080 R15: 00007ffea8d06678
[  149.704139][ T7197]  </TASK>
[  149.707417][ T7197] Kernel Offset: disabled
[  149.711722][ T7197] Rebooting in 86400 seconds..