last executing test programs:

5.326517325s ago: executing program 3 (id=1269):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0) (async)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a02, 0x0)
userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', <r2=>0x0})
sendto$packet(r1, 0x0, 0x0, 0x24008850, &(0x7f0000000140)={0x11, 0x8100, r2}, 0x14) (async)
sendto$packet(r1, 0x0, 0x0, 0x24008850, &(0x7f0000000140)={0x11, 0x8100, r2}, 0x14)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000180)={0x1, 0x14, 0x4, 0xfffd, 0x46, 0x40, &(0x7f0000000480)="c9ea87d1c0e550f1a28fbc590fe3489fc3b1fa4828b551545d337b76b362d12de25d965d8ebc69c08ff64b72f94c9fde5b730f488f9a6f961aead38ece4e5a72e772805d1e51"})
r3 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000080)="bc5d", 0x2, r3) (async)
r4 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000080)="bc5d", 0x2, r3)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) (async)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) (async)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
dup(r7)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x4, 0xdddd0000, 0x1000, &(0x7f0000003000/0x1000)=nil})
creat(&(0x7f0000000340)='./file0\x00', 0x0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r8, &(0x7f0000006300)={0x2020, 0x0, <r9=>0x0, 0x0, 0x0, <r10=>0x0}, 0x2020)
write$FUSE_INIT(r8, &(0x7f0000000040)={0x50, 0x0, r9, {0x7, 0x1f, 0x3, 0x0, 0x0, 0x0, 0xd, 0x4001}}, 0x50)
syz_fuse_handle_req(r8, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) (async)
r11 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r11, r8)
fcntl$lock(r8, 0x6, &(0x7f0000000240)={0x1, 0x1, 0x7, 0x3, r10}) (async)
fcntl$lock(r8, 0x6, &(0x7f0000000240)={0x1, 0x1, 0x7, 0x3, r10})
r12 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200)={0x2, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fff7ffc}, {0x6, 0x7f, 0x3, 0x9}]})
close_range(r12, 0xffffffffffffffff, 0x0)

2.817031202s ago: executing program 0 (id=1282):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000100)='wg1\x00', 0x4)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x9)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1)
r3 = syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000200)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xca, 0x3, 0x1, 0x2, 0x60, 0xf7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x5, 0xfc}, [@feature_unit={0x13, 0x24, 0x6, 0x5, 0x6, 0x6, [0x1, 0xee23f391f15e4564, 0x1, 0x3, 0x5, 0x1], 0x73}, @mixer_unit={0xb, 0x24, 0x4, 0x5, 0x55, "2daff48ba442"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x100, 0x1ff, 0x2, "f8eebf2b3a2a595362"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0xf7, 0x3, 0x9, 0x5, "1cf4b9"}, @format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x10, 0x1, 0x5, 0x10, "2084e35ab48956a3e8"}, @as_header={0x7, 0x24, 0x1, 0x3, 0x7, 0x1002}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0xfb, 0x3, 0x9, 0x3, "", "9b"}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x2, 0x8, 0x3, {0x7, 0x25, 0x1, 0x80, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0xd1, 0x81, 0xff, "19dd5d482e35"}]}, {{0x9, 0x5, 0x82, 0x9, 0x7f7, 0x6, 0x1c, 0x28, {0x7, 0x25, 0x1, 0x382cb3c9d01a9c28, 0x0, 0x2}}}}}}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x6, 0x3, 0xf, 0xff, 0x5}, 0x39, &(0x7f0000000100)=ANY=[@ANYBLOB="050f39000320100a06050020000000800000000000c0000000303fff00ffc0fe01f0c0ff000a10020d00060007000a10030000000409030000"], 0x3, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x102b}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x180a}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x2c01}}]})
syz_usb_control_io$uac1(r3, &(0x7f0000000480)={0x14, &(0x7f00000003c0)={0x60, 0x3, 0x67, {0x67, 0x11, "f9e37ba9a1eeb722d6f94eee2ac96c29adc371eb89b77d724fc0b9302ce87181229151b57b7dafcd4cd74daeb55700524b65e19aa356129546316a4e5ac186d881f3d8a92e73e7564cf77c299a22e73bf12c0a99cc4749f7ba1d02dccdcaf014bf48293634"}}, &(0x7f0000000440)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x180c}}}, &(0x7f0000000700)={0x44, &(0x7f00000004c0)={0x40, 0x17, 0x61, "3f6127a7625ea3fe4487e3958ba50896a6772534bbdc0e1f94ea3a857d9f7d4367f9873f87c44fe9bc05fcccb6c8456ab7db45bbad703394a6f7254787c53ba3bef33a15ba670280e31d16cabe4874fa78f6cb6ac8d575aaa5892cf8e6399f6e36"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0xc}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0x1}, &(0x7f00000005c0)={0x20, 0x81, 0x1, 'G'}, &(0x7f0000000600)={0x20, 0x82, 0x2, "3cd6"}, &(0x7f0000000780)={0x20, 0x83, 0xfffffffffffffd29, "81"}, &(0x7f0000000680)={0x20, 0x84, 0x3, "4e3bf5"}, &(0x7f00000006c0)={0x20, 0x85, 0x3, "9478e0"}})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x2)
setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000640)=@gcm_128={{0x304}, "1d5b88a1a6f976b6", "71deaf94931797aa8154593596458c72", "3a0e04f2", "0b3af1801af9da8f"}, 0x28)

2.516126464s ago: executing program 1 (id=1284):
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.446379077s ago: executing program 1 (id=1285):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
mkdir(&(0x7f0000000000)='./file2\x00', 0x109)
r2 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r2, 0x8)
r3 = accept4(r2, 0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0x8}, &(0x7f0000000180)=0x8)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x40000, 0xf6)
r5 = fanotify_init(0x8, 0x0)
fanotify_mark(r5, 0x1, 0x8000021, r4, 0x0)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000080)=0x200000000)
r7 = dup2(r6, r6)
ioctl$VHOST_SET_VRING_ADDR(r7, 0x4028af11, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f0000000300)=""/121, 0x0})
read$FUSE(r7, &(0x7f0000004d80)={0x2020}, 0x2020)
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000040)=0x1)
write$vhost_msg_v2(r7, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000140)=""/128, 0x20000, 0x0, 0x0, 0x2}}, 0x48)
getsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000040), &(0x7f0000000080)=0x8)
r8 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000240)={0xf0f018, 0x1})
open(&(0x7f0000000100)='./bus\x00', 0x103100, 0xa2)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000300)="c99bfa0018", 0x5)
r10 = accept4(r9, 0x0, 0x0, 0x0)
sendmmsg$alg(r10, &(0x7f0000001800)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)

2.1771881s ago: executing program 1 (id=1286):
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
getpid()
pipe2(0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
fchmod(0xffffffffffffffff, 0x10)
syz_create_resource$binfmt(0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a", 0xa}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket(0xb, 0x2, 0x5)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @default, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r6, 0x890b, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8, @bcast, @bpq0, 0x6, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
ioctl$sock_ifreq(r4, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

2.07333509s ago: executing program 3 (id=1288):
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
getpid()
pipe2(0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
fchmod(0xffffffffffffffff, 0x10)
syz_create_resource$binfmt(0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket(0xb, 0x2, 0x5)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @default, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r6, 0x890b, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8, @bcast, @bpq0, 0x6, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
ioctl$sock_ifreq(r4, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

1.98184453s ago: executing program 2 (id=1289):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e08003950323030"], 0x15)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000140)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f0000000480)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x53b, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x12, r3, 0x75e7f000)
write$FUSE_INIT(r3, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1282, 0x400c6001, 0x5, 0x8, 0x10, 0xc40b, 0x0, 0x0, 0x40, 0x6}}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)

1.966429274s ago: executing program 2 (id=1290):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_open_dev$video(&(0x7f0000000280), 0x7fffffff, 0x8280)
ioctl$VIDIOC_G_CROP(r2, 0xc014563b, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, 0x0, 0x0, 0x7fffffff, 0x95)
sendfile(r0, r0, 0x0, 0x7ffff000)

1.627588715s ago: executing program 1 (id=1291):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000080)=0x2)
close_range(r0, 0xffffffffffffffff, 0x300)

1.477252721s ago: executing program 1 (id=1292):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', <r1=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x8100, r1}, 0x14)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000180)={0x1, 0x14, 0x4, 0xfffd, 0x46, 0x40, &(0x7f0000000480)="c9ea87d1c0e550f1a28fbc590fe3489fc3b1fa4828b551545d337b76b362d12de25d965d8ebc69c08ff64b72f94c9fde5b730f488f9a6f961aead38ece4e5a72e772805d1e51"})
r2 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r3 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000080)="bc", 0x1, r2)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

1.40286504s ago: executing program 3 (id=1293):
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.256558888s ago: executing program 0 (id=1294):
creat(&(0x7f0000001380)='./file0\x00', 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='minix\x00', 0x8020, 0x0)

1.18525423s ago: executing program 3 (id=1295):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x12c)
mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='omfs\x00', 0x8002, 0x0)
read$FUSE(r0, &(0x7f0000001480)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_BMAP(r0, &(0x7f0000000040)={0x18, 0x0, r1, {0xfffffffffffffff7}}, 0x18)
lsetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@random={'system.', '/dev/rnullb0\x00'}, &(0x7f0000000100)=',\x00', 0x2, 0x2)

1.028120955s ago: executing program 2 (id=1296):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000200)={0x0, 0x6000, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r1, 0x1, 0x1, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40800)

987.852381ms ago: executing program 0 (id=1297):
creat(&(0x7f0000001380)='./file0\x00', 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='minix\x00', 0x8000, 0x0) (fail_nth: 5)

952.997244ms ago: executing program 2 (id=1298):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x15)
r0 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r0, &(0x7f0000000140)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_DIRENTPLUS(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r0, &(0x7f0000000480)={0x18}, 0x18)
write$FUSE_INIT(r0, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x53b, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f00000000c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}})
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x12, r1, 0x75e7f000)
write$FUSE_INIT(r1, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1282, 0x400c6001, 0x5, 0x8, 0x10, 0xc40b, 0x0, 0x0, 0x40, 0x6}}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)

897.119324ms ago: executing program 3 (id=1299):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x18, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000100000069"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

892.335478ms ago: executing program 1 (id=1300):
socket(0x11, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$alg(0x26, 0x5, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

782.003931ms ago: executing program 2 (id=1301):
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
getpid()
pipe2(0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
fchmod(0xffffffffffffffff, 0x10)
syz_create_resource$binfmt(0x0)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r4 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket(0xb, 0x2, 0x5)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6, @default, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r6, 0x890b, 0x0)
ioctl$sock_rose_SIOCADDRT(r5, 0x890b, &(0x7f00000000c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x8, @bcast, @bpq0, 0x6, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]})
ioctl$sock_ifreq(r4, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

537.180164ms ago: executing program 0 (id=1302):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x48)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r1, 0x9423a67c26a11a1f, 0x70bd2b, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x80)
shutdown(r0, 0x1)
r3 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000500)=@xdp={0x2c, 0x300, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x5b0}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x20000084)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x4c, r1, 0x20, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_DEBUG_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6c173b564692734d}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x11}, 0x5)

513.65918ms ago: executing program 0 (id=1303):
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

453.904622ms ago: executing program 0 (id=1304):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_open_dev$video(&(0x7f0000000280), 0x7fffffff, 0x8280)
ioctl$VIDIOC_G_CROP(r2, 0xc014563b, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, 0x0, 0x0, 0x7fffffff, 0x95)
sendfile(r0, r0, 0x0, 0x7ffff000)

173.219206ms ago: executing program 3 (id=1305):
socket(0x11, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

0s ago: executing program 2 (id=1306):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_SET_DEBUGREGS(r3, 0x4080aea2, &(0x7f0000000080)={[0x6000, 0xf000, 0x6000, 0x3000], 0x800000000000000, 0x2})
connect$rose(r0, &(0x7f0000000180)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x1, @default}, 0x1c) (async)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0xb173, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f0000000040)={0x48, 0x1, 0x0, "b49e1b6225be4279fa07fbde4749573e7c17e6e724ae09b9424f5ab23870ecd4"})
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x4000}, 0x0) (async)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0) (async)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x351003, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r8, 0x0, 0x0, 0x0, <r9=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r7, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r9, r8, <r10=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r7, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r9, r10, <r11=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r7, 0x3b8d, &(0x7f0000000280)={0x20, r11, &(0x7f0000000480)=[{0x1, 0x1}], 0xdeadbeef, 0x8, 0x1}) (async)
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r6, 0x3b8b, &(0x7f0000000140)={0x10, 0x1, r11})

kernel console output (not intermixed with test programs):

syz.2.1000 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  246.527049][ T8681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  246.527060][ T8681] Call Trace:
[  246.527069][ T8681]  <TASK>
[  246.527079][ T8681]  dump_stack_lvl+0x189/0x250
[  246.527109][ T8681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  246.527135][ T8681]  ? __pfx__printk+0x10/0x10
[  246.527153][ T8681]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  246.527169][ T8681]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  246.527187][ T8681]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  246.527206][ T8681]  warn_alloc+0x214/0x310
[  246.527229][ T8681]  ? __pfx_warn_alloc+0x10/0x10
[  246.527248][ T8681]  ? kasan_save_track+0x3e/0x80
[  246.527262][ T8681]  ? __get_vm_area_node+0x13f/0x300
[  246.527281][ T8681]  ? __get_vm_area_node+0x2b5/0x300
[  246.527302][ T8681]  __vmalloc_node_range_noprof+0x326/0x12f0
[  246.527341][ T8681]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  246.527363][ T8681]  ? rcu_is_watching+0x15/0xb0
[  246.527377][ T8681]  ? vc_do_resize+0x39b/0x1770
[  246.527399][ T8681]  vzalloc_noprof+0xb2/0xf0
[  246.527416][ T8681]  ? vc_do_resize+0x39b/0x1770
[  246.527439][ T8681]  vc_do_resize+0x39b/0x1770
[  246.527480][ T8681]  ? vt_resize+0x46/0xd0
[  246.527496][ T8681]  ? __pfx_vc_do_resize+0x10/0x10
[  246.527529][ T8681]  vt_resize+0x81/0xd0
[  246.527546][ T8681]  ? __pfx_vt_resize+0x10/0x10
[  246.527561][ T8681]  tiocswinsz+0xfb/0x150
[  246.527578][ T8681]  ? __pfx_tiocswinsz+0x10/0x10
[  246.527594][ T8681]  ? __fget_files+0x2a/0x420
[  246.527613][ T8681]  ? __fget_files+0x3a0/0x420
[  246.527638][ T8681]  ? __fget_files+0x2a/0x420
[  246.527659][ T8681]  tty_ioctl+0x225/0xde0
[  246.527675][ T8681]  ? __pfx_tty_ioctl+0x10/0x10
[  246.527691][ T8681]  __se_sys_ioctl+0xf9/0x170
[  246.527709][ T8681]  do_syscall_64+0xfa/0x3b0
[  246.527728][ T8681]  ? lockdep_hardirqs_on+0x9c/0x150
[  246.527746][ T8681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.527760][ T8681]  ? clear_bhb_loop+0x60/0xb0
[  246.527778][ T8681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  246.527792][ T8681] RIP: 0033:0x7f2d9fb8e929
[  246.527804][ T8681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  246.527817][ T8681] RSP: 002b:00007f2da0944038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  246.527831][ T8681] RAX: ffffffffffffffda RBX: 00007f2d9fdb5fa0 RCX: 00007f2d9fb8e929
[  246.527841][ T8681] RDX: 0000200000000040 RSI: 0000000000005414 RDI: 0000000000000003
[  246.527850][ T8681] RBP: 00007f2da0944090 R08: 0000000000000000 R09: 0000000000000000
[  246.527859][ T8681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  246.527868][ T8681] R13: 0000000000000000 R14: 00007f2d9fdb5fa0 R15: 00007ffde33cfaa8
[  246.527891][ T8681]  </TASK>
[  246.530592][ T8681] Mem-Info:
[  246.530612][ T8681] active_anon:8650 inactive_anon:0 isolated_anon:0
[  246.530612][ T8681]  active_file:16637 inactive_file:40190 isolated_file:0
[  246.530612][ T8681]  unevictable:768 dirty:58 writeback:25
[  246.530612][ T8681]  slab_reclaimable:10620 slab_unreclaimable:93960
[  246.530612][ T8681]  mapped:26653 shmem:4230 pagetables:1406
[  246.530612][ T8681]  sec_pagetables:0 bounce:0
[  246.530612][ T8681]  kernel_misc_reclaimable:0
[  246.530612][ T8681]  free:1319076 free_pcp:15092 free_cma:0
[  246.530684][ T8681] Node 0 active_anon:34600kB inactive_anon:0kB active_file:66548kB inactive_file:160556kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106612kB dirty:228kB writeback:100kB shmem:15384kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12056kB pagetables:5496kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  246.530746][ T8681] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  246.530799][ T8681] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  246.530874][ T8681] lowmem_reserve[]: 0 2496 2498 2498 2498
[  246.530909][ T8681] Node 0 DMA32 free:1369564kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:34552kB inactive_anon:0kB active_file:66548kB inactive_file:159244kB unevictable:1536kB writepending:328kB present:3129332kB managed:2556912kB mlocked:0kB bounce:0kB free_pcp:43752kB local_pcp:16924kB free_cma:0kB
[  246.530988][ T8681] lowmem_reserve[]: 0 0 1 1 1
[  246.531034][ T8681] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  246.531094][ T8681] lowmem_reserve[]: 0 0 0 0 0
[  246.531182][ T8681] Node 1 Normal free:3891360kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:16608kB local_pcp:7424kB free_cma:0kB
[  246.531242][ T8681] lowmem_reserve[]: 0 0 0 0 0
[  246.531289][ T8681] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  246.531455][ T8681] Node 0 DMA32: 495*4kB (UM) 360*8kB (UME) 449*16kB (UM) 582*32kB (UM) 313*64kB (UME) 53*128kB (ME) 13*256kB (UM) 6*512kB (ME) 7*1024kB (UM) 8*2048kB (UME) 313*4096kB (M) = 1369484kB
[  246.531662][ T8681] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  246.531832][ T8681] Node 1 Normal: 198*4kB (UME) 37*8kB (UME) 44*16kB (UME) 109*32kB (UME) 34*64kB (UME) 5*128kB (UME) 7*256kB (UME) 5*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 946*4096kB (M) = 3891360kB
[  246.532047][ T8681] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  246.532061][ T8681] Node 0 hugepages_total=6 hugepages_free=4 hugepages_surp=4 hugepages_size=2048kB
[  246.532081][ T8681] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  246.532137][ T8681] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  246.532157][ T8681] 61053 total pagecache pages
[  246.532172][ T8681] 0 pages in swap cache
[  246.532181][ T8681] Free swap  = 124996kB
[  246.532190][ T8681] Total swap = 124996kB
[  246.532199][ T8681] 2097051 pages RAM
[  246.532207][ T8681] 0 pages HighMem/MovableOnly
[  246.532215][ T8681] 425845 pages reserved
[  246.532223][ T8681] 0 pages cma reserved
[  246.547869][  T979] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  246.558924][ T5839] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  246.739704][  T979] usb 1-1: device descriptor read/64, error -71
[  246.904443][ T5839] usb 2-1: Using ep0 maxpacket: 8
[  247.093670][ T8685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.101873][ T5839] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  247.113949][ T8685] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.123170][ T5839] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.149117][  T979] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  247.197443][    C0] vkms_vblank_simulate: vblank timer overrun
[  247.202306][ T5839] usb 2-1: config 0 descriptor??
[  247.231995][    C0] vkms_vblank_simulate: vblank timer overrun
[  247.374604][  T979] usb 1-1: device descriptor read/64, error -71
[  247.402208][    C0] vkms_vblank_simulate: vblank timer overrun
[  247.755270][  T979] usb usb1-port1: attempt power cycle
[  247.913357][ T8693] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  248.026002][ T8674] vxfs: WRONG superblock magic 00000000 at 1
[  248.032238][ T8674] vxfs: WRONG superblock magic 00000000 at 8
[  248.038503][ T8674] vxfs: can't find superblock.
[  248.044339][ T5839] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  248.061275][ T5839] asix 2-1:0.0: probe with driver asix failed with error -71
[  248.077701][ T5839] usb 2-1: USB disconnect, device number 28
[  248.104458][  T979] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  248.136565][  T979] usb 1-1: device descriptor read/8, error -71
[  248.374635][  T979] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  248.395408][  T979] usb 1-1: device descriptor read/8, error -71
[  248.505115][  T979] usb usb1-port1: unable to enumerate USB device
[  248.912578][ T8708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.925566][ T8708] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.935879][ T5920] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  249.126439][ T5920] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  249.136350][ T5920] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  249.146742][ T5920] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  249.155967][ T5920] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  249.169117][ T5920] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  249.178651][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  249.187899][ T5920] usb 2-1: Product: syz
[  249.192160][ T5920] usb 2-1: Manufacturer: syz
[  249.206169][ T5920] cdc_wdm 2-1:1.0: skipping garbage
[  249.211531][ T5920] cdc_wdm 2-1:1.0: skipping garbage
[  249.219265][ T5920] cdc_wdm 2-1:1.0: cdc-wdm1: USB WDM device
[  249.225564][ T5920] cdc_wdm 2-1:1.0: Unknown control protocol
[  249.324329][ T5839] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  249.427622][ T5901] usb 2-1: USB disconnect, device number 29
[  249.494386][ T5839] usb 3-1: Using ep0 maxpacket: 32
[  249.494393][  T982] usb 4-1: device descriptor read/64, error -110
[  249.506526][ T5839] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  249.515430][ T5839] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  249.544326][ T5839] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  249.570237][ T5839] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  249.601976][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  249.623582][ T5839] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  249.634324][ T5839] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  249.655373][ T5839] usb 3-1: Product: syz
[  249.660043][ T5839] usb 3-1: Manufacturer: syz
[  249.665185][ T5839] usb 3-1: SerialNumber: syz
[  249.673422][ T5839] usb 3-1: config 0 descriptor??
[  249.687119][ T5839] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  249.699911][ T5839] ldusb 3-1:0.0: LD USB Device #1 now attached to major 180 minor 1
[  249.774442][  T982] usb 4-1: reset high-speed USB device number 36 using dummy_hcd
[  249.904429][  T982] usb 4-1: device descriptor read/64, error -32
[  249.918918][ T8723] FAULT_INJECTION: forcing a failure.
[  249.918918][ T8723] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  249.974497][ T8723] CPU: 0 UID: 0 PID: 8723 Comm: syz.0.1016 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  249.974534][ T8723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.974549][ T8723] Call Trace:
[  249.974558][ T8723]  <TASK>
[  249.974568][ T8723]  dump_stack_lvl+0x189/0x250
[  249.974600][ T8723]  ? __pfx____ratelimit+0x10/0x10
[  249.974630][ T8723]  ? __pfx_dump_stack_lvl+0x10/0x10
[  249.974655][ T8723]  ? __pfx__printk+0x10/0x10
[  249.974697][ T8723]  should_fail_ex+0x414/0x560
[  249.974739][ T8723]  strncpy_from_user+0x36/0x290
[  249.974776][ T8723]  path_removexattrat+0xe0/0x690
[  249.974805][ T8723]  ? __pfx_path_removexattrat+0x10/0x10
[  249.974826][ T8723]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  249.974857][ T8723]  ? __pfx_vfs_write+0x10/0x10
[  249.974918][ T8723]  ? __pfx_ksys_write+0x10/0x10
[  249.974941][ T8723]  ? rcu_is_watching+0x15/0xb0
[  249.974974][ T8723]  __x64_sys_fremovexattr+0x62/0x70
[  249.974998][ T8723]  do_syscall_64+0xfa/0x3b0
[  249.975027][ T8723]  ? lockdep_hardirqs_on+0x9c/0x150
[  249.975055][ T8723]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.975078][ T8723]  ? clear_bhb_loop+0x60/0xb0
[  249.975106][ T8723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.975128][ T8723] RIP: 0033:0x7f609bb8e929
[  249.975148][ T8723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.975168][ T8723] RSP: 002b:00007f609c9e2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c7
[  249.975192][ T8723] RAX: ffffffffffffffda RBX: 00007f609bdb5fa0 RCX: 00007f609bb8e929
[  249.975209][ T8723] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  249.975223][ T8723] RBP: 00007f609c9e2090 R08: 0000000000000000 R09: 0000000000000000
[  249.975238][ T8723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.975251][ T8723] R13: 0000000000000000 R14: 00007f609bdb5fa0 R15: 00007fff9606af88
[  249.975287][ T8723]  </TASK>
[  250.240907][ T8727] hpfs: Bad magic ... probably not HPFS
[  250.395361][  T982] usb 4-1: reset high-speed USB device number 36 using dummy_hcd
[  250.427879][  T982] usb 4-1: device descriptor read/8, error -32
[  250.469704][ T8734] tipc: Started in network mode
[  250.494495][ T8734] tipc: Node identity 2a9a444102ca, cluster identity 4711
[  250.502041][ T8734] tipc: Enabled bearer <eth:syzkaller0>, priority 10
[  250.674413][  T982] usb 4-1: reset high-speed USB device number 36 using dummy_hcd
[  250.691966][ T8734] tipc: Resetting bearer <eth:syzkaller0>
[  250.701297][ T8736] "syz.1.1022" (8736) uses obsolete ecb(arc4) skcipher
[  250.708014][  T982] usb 4-1: device descriptor read/8, error -32
[  250.717680][ T8733] tipc: Resetting bearer <eth:syzkaller0>
[  250.824474][  T982] raw-gadget.2 gadget.3: failed to queue suspend event
[  250.873428][    T9] usb 4-1: USB disconnect, device number 36
[  250.921866][ T8749] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  250.971399][    T9] raw-gadget.2 gadget.3: failed to queue reset event
[  251.067163][    T9] raw-gadget.2 gadget.3: failed to queue resume event
[  251.139314][    T9] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  251.151041][    C0] raw-gadget.2 gadget.3: ignoring, device is not running
[  251.159008][    T9] raw-gadget.2 gadget.3: failed to queue reset event
[  251.237962][    T9] raw-gadget.2 gadget.3: failed to queue resume event
[  251.264486][ T5839] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  251.304435][    T9] usb 4-1: device descriptor read/64, error -32
[  251.311937][ T8758] vivid-000: =================  START STATUS  =================
[  251.335969][ T8758] vivid-000: Test Pattern: 75% Colorbar
[  251.357064][ T8758] vivid-000: Fill Percentage of Frame: 100
[  251.363073][ T8758] vivid-000: Horizontal Movement: No Movement
[  251.374362][ T8758] vivid-000: Vertical Movement: No Movement
[  251.380409][ T8758] vivid-000: OSD Text Mode: All
[  251.391011][ T8758] vivid-000: Show Border: false
[  251.396176][ T8758] vivid-000: Show Square: false
[  251.401255][ T8758] vivid-000: Sensor Flipped Horizontally: false
[  251.410797][ T8758] vivid-000: Sensor Flipped Vertically: false
[  251.417119][ T8758] vivid-000: Insert SAV Code in Image: false
[  251.423430][ T8758] vivid-000: Insert EAV Code in Image: false
[  251.425252][    T9] raw-gadget.2 gadget.3: failed to queue suspend event
[  251.433700][ T8758] vivid-000: Insert Video Guard Band: false
[  251.438381][    T9] raw-gadget.2 gadget.3: failed to queue reset event
[  251.442976][ T8758] vivid-000: Reduced Framerate: false
[  251.460808][ T8758] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  251.478327][ T8758] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  251.489158][ T8758] vivid-000: Enable Capture Cropping: true
[  251.495258][ T8758] vivid-000: Enable Capture Composing: true
[  251.501621][ T5839] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  251.513473][ T5839] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  251.523816][ T5839] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  251.533474][    T9] raw-gadget.2 gadget.3: failed to queue resume event
[  251.541293][ T8758] vivid-000: Enable Capture Scaler: true
[  251.547212][ T5839] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  251.559048][ T8758] vivid-000: Timestamp Source: End of Frame
[  251.567298][ T8758] vivid-000: Colorspace: sRGB
[  251.572393][ T8758] vivid-000: Transfer Function: Default
[  251.581525][   T24] tipc: Node number set to 676348993
[  251.584393][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  251.590556][ T8758] vivid-000: Y'CbCr Encoding: Default
[  251.600917][ T8758] vivid-000: HSV Encoding: Hue 0-179
[  251.610401][ T5839] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  251.620181][    C0] raw-gadget.2 gadget.3: ignoring, device is not running
[  251.620226][ T5839] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  251.628467][    T9] raw-gadget.2 gadget.3: failed to queue reset event
[  251.639867][ T8758] vivid-000: Quantization: Default
[  251.650516][ T5839] usb 1-1: Product: syz
[  251.654466][ T8758] vivid-000: Apply Alpha To Red Only: false
[  251.656308][ T5839] usb 1-1: Manufacturer: syz
[  251.668803][ T8758] vivid-000: Standard Aspect Ratio: 4x3
[  251.682212][ T5839] cdc_wdm 1-1:1.0: skipping garbage
[  251.688909][ T5839] cdc_wdm 1-1:1.0: skipping garbage
[  251.708152][ T5839] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  251.714250][ T8758] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  251.714628][    T9] raw-gadget.2 gadget.3: failed to queue resume event
[  251.722225][ T8758] vivid-000: DV Timings: 
[  251.729735][ T5839] cdc_wdm 1-1:1.0: Unknown control protocol
[  251.747361][ T8758] 640x480p59 inactive
[  251.751558][ T8758] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  251.780308][ T8758] vivid-000: Maximum EDID Blocks: 2
[  251.799677][    T9] usb 4-1: device descriptor read/64, error -32
[  251.806245][ T8758] vivid-000: Limited RGB Range (16-235): false
[  251.819713][ T8758] vivid-000: Rx RGB Quantization Range: Automatic
[  251.827654][ T8758] vivid-000: Power Present: 0x00000001
[  251.833264][ T8758] tpg source WxH: 3840x2160 (Y'CbCr)
[  251.840290][ T8758] tpg field: 1
[  251.843744][ T8758] tpg crop: (0,0)/3840x2160
[  251.850490][ T8758] tpg compose: (0,0)/3840x2160
[  251.855716][ T8758] tpg colorspace: 8
[  251.861793][ T8758] tpg transfer function: 0/0
[  251.877885][ T8758] tpg Y'CbCr encoding: 0/0
[  251.882676][ T8758] tpg quantization: 0/0
[  251.890254][ T8758] tpg RGB range: 0/2
[  251.894416][ T8758] vivid-000: ==================  END STATUS  ==================
[  251.903633][  T982] usb 1-1: USB disconnect, device number 46
[  251.914522][    T9] raw-gadget.2 gadget.3: failed to queue suspend event
[  251.922209][    T9] usb usb4-port1: attempt power cycle
[  251.948071][    T9] raw-gadget.2 gadget.3: failed to queue disconnect event
[  251.969426][    T9] raw-gadget.2 gadget.3: failed to queue reset event
[  252.044520][    T9] raw-gadget.2 gadget.3: failed to queue resume event
[  252.064365][    T9] raw-gadget.2 gadget.3: failed to queue reset event
[  252.081142][   T24] usb 3-1: USB disconnect, device number 33
[  252.095479][   T24] ldusb 3-1:0.0: LD USB Device #1 now disconnected
[  252.278491][    T9] raw-gadget.2 gadget.3: failed to queue resume event
[  252.297415][ T8764] loop8: detected capacity change from 0 to 7
[  252.297638][  T979] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  252.349424][    T9] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  252.358087][ T8764] Dev loop8: unable to read RDB block 7
[  252.367539][ T8764]  loop8: unable to read partition table
[  252.373638][ T8764] loop8: partition table beyond EOD, truncated
[  252.380772][    C0] raw-gadget.2 gadget.3: ignoring, device is not running
[  252.395103][    T9] usb 4-1: device descriptor read/8, error -32
[  252.398758][ T8764] loop_reread_partitions: partition scan of loop8 (�被x�^>�� �) failed (rc=-5)
[  252.508021][    T9] raw-gadget.2 gadget.3: failed to queue suspend event
[  252.527431][  T979] usb 2-1: config 10 has an invalid interface number: 98 but max is 3
[  252.544846][    T9] raw-gadget.2 gadget.3: failed to queue reset event
[  252.554606][  T979] usb 2-1: config 10 has an invalid interface number: 146 but max is 3
[  252.593798][  T979] usb 2-1: config 10 has an invalid descriptor of length 0, skipping remainder of the config
[  252.624610][  T979] usb 2-1: config 10 has 2 interfaces, different from the descriptor's value: 4
[  252.634037][  T979] usb 2-1: config 10 has no interface number 0
[  252.640821][    T9] raw-gadget.2 gadget.3: failed to queue resume event
[  252.648435][  T979] usb 2-1: config 10 has no interface number 1
[  252.657103][  T979] usb 2-1: config 10 interface 98 altsetting 250 endpoint 0x5 has invalid maxpacket 38611, setting to 64
[  252.670168][  T979] usb 2-1: config 10 interface 98 altsetting 250 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  252.682257][  T979] usb 2-1: config 10 interface 98 altsetting 250 endpoint 0xE has invalid maxpacket 1024, setting to 64
[  252.694779][  T979] usb 2-1: config 10 interface 98 altsetting 250 has a duplicate endpoint with address 0xE, skipping
[  252.707647][  T979] usb 2-1: config 10 interface 98 altsetting 250 has 4 endpoint descriptors, different from the interface descriptor's value: 5
[  252.723010][    T9] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  252.734689][  T979] usb 2-1: config 10 interface 98 has no altsetting 0
[  252.741853][  T979] usb 2-1: config 10 interface 146 has no altsetting 0
[  252.752743][  T979] usb 2-1: New USB device found, idVendor=0af0, idProduct=c031, bcdDevice=e8.f9
[  252.762453][  T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.770722][    C0] raw-gadget.2 gadget.3: ignoring, device is not running
[  252.784308][    T9] usb 4-1: device descriptor read/8, error -32
[  252.791932][  T979] usb 2-1: Product: syz
[  252.799465][  T979] usb 2-1: Manufacturer: syz
[  252.804630][  T979] usb 2-1: SerialNumber: syz
[  252.813271][ T8760] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  252.829953][ T8760] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  252.878137][ T5839] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  252.894455][    T9] raw-gadget.2 gadget.3: failed to queue suspend event
[  252.902250][    T9] usb usb4-port1: unable to enumerate USB device
[  253.035359][ T5839] usb 1-1: Using ep0 maxpacket: 32
[  253.043177][ T5839] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  253.052185][ T5839] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  253.063816][ T5839] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  253.075702][ T5839] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  253.089503][ T5839] usb 1-1: config 0 interface 0 has no altsetting 0
[  253.098960][ T5839] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  253.112133][ T5839] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  253.121131][ T5839] usb 1-1: Product: syz
[  253.127303][ T5839] usb 1-1: Manufacturer: syz
[  253.132020][ T5839] usb 1-1: SerialNumber: syz
[  253.141889][ T5839] usb 1-1: config 0 descriptor??
[  253.160820][ T5839] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  253.180181][ T5839] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  253.833363][ T8733] tipc: Disabling bearer <eth:syzkaller0>
[  253.848628][ T8774] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  253.939647][ T8779] misc userio: Can't change port type on an already running userio instance
[  254.422170][ T8784] FAULT_INJECTION: forcing a failure.
[  254.422170][ T8784] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  254.436161][ T8784] CPU: 1 UID: 0 PID: 8784 Comm: syz.2.1036 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  254.436191][ T8784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  254.436204][ T8784] Call Trace:
[  254.436212][ T8784]  <TASK>
[  254.436221][ T8784]  dump_stack_lvl+0x189/0x250
[  254.436250][ T8784]  ? __pfx____ratelimit+0x10/0x10
[  254.436277][ T8784]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.436300][ T8784]  ? __pfx__printk+0x10/0x10
[  254.436335][ T8784]  should_fail_ex+0x414/0x560
[  254.436372][ T8784]  _copy_to_user+0x31/0xb0
[  254.436394][ T8784]  simple_read_from_buffer+0xe1/0x170
[  254.436426][ T8784]  proc_fail_nth_read+0x1df/0x250
[  254.436449][ T8784]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  254.436471][ T8784]  ? rw_verify_area+0x258/0x650
[  254.436494][ T8784]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  254.436516][ T8784]  vfs_read+0x200/0x980
[  254.436545][ T8784]  ? __pfx___mutex_lock+0x10/0x10
[  254.436573][ T8784]  ? __pfx_vfs_read+0x10/0x10
[  254.436598][ T8784]  ? __fget_files+0x2a/0x420
[  254.436631][ T8784]  ? __fget_files+0x3a0/0x420
[  254.436657][ T8784]  ? __fget_files+0x2a/0x420
[  254.436694][ T8784]  ksys_read+0x145/0x250
[  254.436721][ T8784]  ? __pfx_ksys_read+0x10/0x10
[  254.436752][ T8784]  ? do_syscall_64+0xbe/0x3b0
[  254.436782][ T8784]  do_syscall_64+0xfa/0x3b0
[  254.436816][ T8784]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.436842][ T8784]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.436862][ T8784]  ? clear_bhb_loop+0x60/0xb0
[  254.436886][ T8784]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.436904][ T8784] RIP: 0033:0x7f2d9fb8d33c
[  254.436922][ T8784] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  254.436939][ T8784] RSP: 002b:00007f2da0944030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  254.436961][ T8784] RAX: ffffffffffffffda RBX: 00007f2d9fdb5fa0 RCX: 00007f2d9fb8d33c
[  254.436982][ T8784] RDX: 000000000000000f RSI: 00007f2da09440a0 RDI: 0000000000000005
[  254.436994][ T8784] RBP: 00007f2da0944090 R08: 0000000000000000 R09: 0000000000000000
[  254.437010][ T8784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  254.437022][ T8784] R13: 0000000000000000 R14: 00007f2d9fdb5fa0 R15: 00007ffde33cfaa8
[  254.437052][ T8784]  </TASK>
[  254.998005][ T8796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  255.016661][ T8796] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  255.117741][  T979] hso 2-1:10.98: Not our interface
[  255.148373][  T979] usb 2-1: USB disconnect, device number 30
[  255.437241][ T8800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1043'.
[  255.707976][ T5901] usb 1-1: USB disconnect, device number 47
[  255.737226][ T5901] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  255.755810][ T8804] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  255.769453][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  255.776004][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  255.812180][ T8804] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  256.217340][ T5847] Bluetooth: hci3: unexpected event 0x05 length: 5 > 4
[  256.349184][ T8825] binder: 8824:8825 ioctl c0306201 200000001900 returned -14
[  256.569892][ T8835] FAULT_INJECTION: forcing a failure.
[  256.569892][ T8835] name failslab, interval 1, probability 0, space 0, times 0
[  256.583251][ T8835] CPU: 0 UID: 0 PID: 8835 Comm: syz.0.1054 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  256.583273][ T8835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  256.583283][ T8835] Call Trace:
[  256.583291][ T8835]  <TASK>
[  256.583298][ T8835]  dump_stack_lvl+0x189/0x250
[  256.583324][ T8835]  ? __pfx____ratelimit+0x10/0x10
[  256.583343][ T8835]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.583360][ T8835]  ? __pfx__printk+0x10/0x10
[  256.583380][ T8835]  ? __pfx___might_resched+0x10/0x10
[  256.583395][ T8835]  ? fs_reclaim_acquire+0x7d/0x100
[  256.583419][ T8835]  should_fail_ex+0x414/0x560
[  256.583453][ T8835]  should_failslab+0xa8/0x100
[  256.583472][ T8835]  __kmalloc_noprof+0xcb/0x4f0
[  256.583487][ T8835]  ? kfree+0x4d/0x440
[  256.583499][ T8835]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  256.583521][ T8835]  tomoyo_realpath_from_path+0xe3/0x5d0
[  256.583539][ T8835]  ? tomoyo_domain+0xd9/0x130
[  256.583559][ T8835]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  256.583582][ T8835]  tomoyo_path_number_perm+0x1e8/0x5a0
[  256.583606][ T8835]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  256.583641][ T8835]  ? __lock_acquire+0xab9/0xd20
[  256.583677][ T8835]  ? __fget_files+0x2a/0x420
[  256.583702][ T8835]  ? __fget_files+0x2a/0x420
[  256.583720][ T8835]  ? __fget_files+0x3a0/0x420
[  256.583739][ T8835]  ? __fget_files+0x2a/0x420
[  256.583761][ T8835]  security_file_ioctl+0xcb/0x2d0
[  256.583784][ T8835]  __se_sys_ioctl+0x47/0x170
[  256.583803][ T8835]  do_syscall_64+0xfa/0x3b0
[  256.583821][ T8835]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.583839][ T8835]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.583853][ T8835]  ? clear_bhb_loop+0x60/0xb0
[  256.583870][ T8835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.583884][ T8835] RIP: 0033:0x7f609bb8e929
[  256.583897][ T8835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.583909][ T8835] RSP: 002b:00007f609c9c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  256.583924][ T8835] RAX: ffffffffffffffda RBX: 00007f609bdb6080 RCX: 00007f609bb8e929
[  256.583934][ T8835] RDX: 0000200000000100 RSI: 00000000c0045002 RDI: 0000000000000003
[  256.583944][ T8835] RBP: 00007f609c9c1090 R08: 0000000000000000 R09: 0000000000000000
[  256.583952][ T8835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  256.583961][ T8835] R13: 0000000000000001 R14: 00007f609bdb6080 R15: 00007fff9606af88
[  256.583983][ T8835]  </TASK>
[  256.584019][ T8835] ERROR: Out of memory at tomoyo_realpath_from_path.
[  256.848591][  T979] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  256.974347][ T5901] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  256.984163][ T8837] netlink: 'syz.0.1056': attribute type 10 has an invalid length.
[  257.006826][  T979] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  257.017824][  T979] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  257.031210][  T979] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  257.041033][  T979] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.055900][ T8837] veth0_vlan: left promiscuous mode
[  257.078691][  T979] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  257.090636][ T8837] veth0_vlan: entered promiscuous mode
[  257.100300][  T979] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  257.108911][ T5901] usb 3-1: device descriptor read/64, error -71
[  257.133035][  T979] usb 2-1: Product: syz
[  257.141622][  T979] usb 2-1: Manufacturer: syz
[  257.169656][  T979] cdc_wdm 2-1:1.0: skipping garbage
[  257.177970][  T979] cdc_wdm 2-1:1.0: skipping garbage
[  257.188782][  T979] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  257.201277][ T8837] team0: Device veth0_vlan failed to register rx_handler
[  257.209221][  T979] cdc_wdm 2-1:1.0: Unknown control protocol
[  257.232429][ T8840] FAULT_INJECTION: forcing a failure.
[  257.232429][ T8840] name failslab, interval 1, probability 0, space 0, times 0
[  257.273471][ T8840] CPU: 1 UID: 0 PID: 8840 Comm: syz.3.1057 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  257.273504][ T8840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  257.273518][ T8840] Call Trace:
[  257.273527][ T8840]  <TASK>
[  257.273536][ T8840]  dump_stack_lvl+0x189/0x250
[  257.273565][ T8840]  ? __pfx____ratelimit+0x10/0x10
[  257.273591][ T8840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  257.273615][ T8840]  ? __pfx__printk+0x10/0x10
[  257.273644][ T8840]  ? __pfx___might_resched+0x10/0x10
[  257.273670][ T8840]  should_fail_ex+0x414/0x560
[  257.273708][ T8840]  should_failslab+0xa8/0x100
[  257.273735][ T8840]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  257.273759][ T8840]  ? __alloc_skb+0x112/0x2d0
[  257.273793][ T8840]  __alloc_skb+0x112/0x2d0
[  257.273826][ T8840]  netlink_sendmsg+0x5c6/0xb30
[  257.273865][ T8840]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.273896][ T8840]  ? __lock_acquire+0xab9/0xd20
[  257.273924][ T8840]  ? aa_sock_msg_perm+0xf1/0x1d0
[  257.273950][ T8840]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  257.273980][ T8840]  ? __pfx_netlink_sendmsg+0x10/0x10
[  257.274009][ T8840]  __sock_sendmsg+0x219/0x270
[  257.274037][ T8840]  sock_write_iter+0x258/0x330
[  257.274065][ T8840]  ? __pfx_sock_write_iter+0x10/0x10
[  257.274095][ T8840]  ? bpf_lsm_file_permission+0x9/0x20
[  257.274110][ T8840]  ? security_file_permission+0x75/0x290
[  257.274148][ T8840]  vfs_write+0x54b/0xa90
[  257.274177][ T8840]  ? __pfx_sock_write_iter+0x10/0x10
[  257.274201][ T8840]  ? __pfx_vfs_write+0x10/0x10
[  257.274233][ T8840]  ? __fget_files+0x2a/0x420
[  257.274268][ T8840]  ksys_write+0x145/0x250
[  257.274294][ T8840]  ? __pfx_ksys_write+0x10/0x10
[  257.274316][ T8840]  ? rcu_is_watching+0x15/0xb0
[  257.274350][ T8840]  ? do_syscall_64+0xbe/0x3b0
[  257.274381][ T8840]  do_syscall_64+0xfa/0x3b0
[  257.274406][ T8840]  ? lockdep_hardirqs_on+0x9c/0x150
[  257.274431][ T8840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.274451][ T8840]  ? clear_bhb_loop+0x60/0xb0
[  257.274474][ T8840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.274494][ T8840] RIP: 0033:0x7fc876d8e929
[  257.274512][ T8840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  257.274530][ T8840] RSP: 002b:00007fc877b21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  257.274553][ T8840] RAX: ffffffffffffffda RBX: 00007fc876fb5fa0 RCX: 00007fc876d8e929
[  257.274568][ T8840] RDX: 0000000000000024 RSI: 00002000000000c0 RDI: 0000000000000003
[  257.274581][ T8840] RBP: 00007fc877b21090 R08: 0000000000000000 R09: 0000000000000000
[  257.274595][ T8840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.274606][ T8840] R13: 0000000000000000 R14: 00007fc876fb5fa0 R15: 00007fffc93e2598
[  257.274639][ T8840]  </TASK>
[  257.283106][ T8837] syz.0.1056 (8837) used greatest stack depth: 19640 bytes left
[  257.488181][ T5919] usb 2-1: USB disconnect, device number 31
[  257.554354][ T5901] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  257.735496][ T5901] usb 3-1: device descriptor read/64, error -71
[  257.847246][ T5901] usb usb3-port1: attempt power cycle
[  258.194425][ T5901] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  258.227508][ T5901] usb 3-1: device descriptor read/8, error -71
[  258.413292][ T8859] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  258.454506][    T9] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  258.465182][ T5901] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  258.506767][ T5901] usb 3-1: device descriptor read/8, error -71
[  258.625362][ T5901] usb usb3-port1: unable to enumerate USB device
[  258.634393][    T9] usb 1-1: Using ep0 maxpacket: 8
[  258.648878][    T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  258.660620][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.669057][    T9] usb 1-1: Product: syz
[  258.673541][    T9] usb 1-1: Manufacturer: syz
[  258.678605][    T9] usb 1-1: SerialNumber: syz
[  258.687456][    T9] usb 1-1: config 0 descriptor??
[  258.909101][    T9] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  259.360719][ T8883] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  259.462646][ T8885] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  259.514658][    T9] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  259.529586][    T9] usb 1-1: USB disconnect, device number 48
[  259.898648][ T8896] FAULT_INJECTION: forcing a failure.
[  259.898648][ T8896] name failslab, interval 1, probability 0, space 0, times 0
[  259.911977][ T8896] CPU: 1 UID: 0 PID: 8896 Comm: syz.3.1079 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  259.912006][ T8896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  259.912019][ T8896] Call Trace:
[  259.912030][ T8896]  <TASK>
[  259.912040][ T8896]  dump_stack_lvl+0x189/0x250
[  259.912072][ T8896]  ? __pfx____ratelimit+0x10/0x10
[  259.912106][ T8896]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.912128][ T8896]  ? __pfx__printk+0x10/0x10
[  259.912158][ T8896]  ? __pfx___might_resched+0x10/0x10
[  259.912184][ T8896]  should_fail_ex+0x414/0x560
[  259.912220][ T8896]  ? seq_read_iter+0x1fd/0xe10
[  259.912240][ T8896]  should_failslab+0xa8/0x100
[  259.912263][ T8896]  __kvmalloc_node_noprof+0x161/0x5f0
[  259.912281][ T8896]  ? seq_read_iter+0x1fd/0xe10
[  259.912300][ T8896]  seq_read_iter+0x1fd/0xe10
[  259.912321][ T8896]  ? look_up_lock_class+0x74/0x170
[  259.912354][ T8896]  ? __asan_memset+0x22/0x50
[  259.912393][ T8896]  seq_read+0x2e2/0x3d0
[  259.912422][ T8896]  ? __pfx_seq_read+0x10/0x10
[  259.912455][ T8896]  ? rw_verify_area+0x258/0x650
[  259.912472][ T8896]  ? __pfx_seq_read+0x10/0x10
[  259.912488][ T8896]  vfs_read+0x200/0x980
[  259.912509][ T8896]  ? __pfx___mutex_lock+0x10/0x10
[  259.912538][ T8896]  ? __pfx_vfs_read+0x10/0x10
[  259.912564][ T8896]  ? __fget_files+0x2a/0x420
[  259.912605][ T8896]  ? __fget_files+0x3a0/0x420
[  259.912629][ T8896]  ? __fget_files+0x2a/0x420
[  259.912659][ T8896]  ksys_read+0x145/0x250
[  259.912678][ T8896]  ? __pfx_ksys_read+0x10/0x10
[  259.912699][ T8896]  ? do_syscall_64+0xbe/0x3b0
[  259.912729][ T8896]  do_syscall_64+0xfa/0x3b0
[  259.912758][ T8896]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.912777][ T8896]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  259.912797][ T8896]  ? clear_bhb_loop+0x60/0xb0
[  259.912820][ T8896]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.912841][ T8896] RIP: 0033:0x7fc876d8e929
[  259.912854][ T8896] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.912867][ T8896] RSP: 002b:00007fc877b21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  259.912883][ T8896] RAX: ffffffffffffffda RBX: 00007fc876fb5fa0 RCX: 00007fc876d8e929
[  259.912893][ T8896] RDX: 0000000000002020 RSI: 00002000000020c0 RDI: 0000000000000004
[  259.912903][ T8896] RBP: 00007fc877b21090 R08: 0000000000000000 R09: 0000000000000000
[  259.912911][ T8896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.912924][ T8896] R13: 0000000000000000 R14: 00007fc876fb5fa0 R15: 00007fffc93e2598
[  259.912957][ T8896]  </TASK>
[  260.339990][ T8902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  260.364815][ T8902] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.392282][ T8902] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1081'.
[  260.409483][ T8904] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  260.633863][ T8908] capability: warning: `syz.0.1084' uses deprecated v2 capabilities in a way that may be insecure
[  260.995213][ T5919] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  261.126954][ T8919] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  261.157837][ T5919] usb 1-1: Using ep0 maxpacket: 32
[  261.170657][ T5919] usb 1-1: unable to get BOS descriptor or descriptor too short
[  261.180398][ T5919] usb 1-1: config 4 has an invalid interface number: 150 but max is 1
[  261.189573][ T5919] usb 1-1: config 4 has an invalid interface number: 184 but max is 1
[  261.198464][ T5919] usb 1-1: config 4 has no interface number 0
[  261.206128][ T5919] usb 1-1: config 4 has no interface number 1
[  261.212640][ T5919] usb 1-1: config 4 interface 150 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 32
[  261.224794][ T5919] usb 1-1: config 4 interface 150 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 64
[  261.235447][ T5919] usb 1-1: config 4 interface 150 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  261.247118][ T5919] usb 1-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  261.258460][ T5919] usb 1-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  261.269800][ T5919] usb 1-1: config 4 interface 184 altsetting 64 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  261.305612][ T5919] usb 1-1: config 4 interface 184 altsetting 64 has a duplicate endpoint with address 0x4, skipping
[  261.318551][ T5919] usb 1-1: config 4 interface 150 has no altsetting 0
[  261.326175][ T5919] usb 1-1: config 4 interface 184 has no altsetting 0
[  261.336638][ T5919] usb 1-1: New USB device found, idVendor=10b8, idProduct=1f90, bcdDevice=ba.45
[  261.346596][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.355261][ T5919] usb 1-1: Product: љ
[  261.359601][ T5919] usb 1-1: Manufacturer: ᐜ鞞褵颱ഥ歄⯞춐ﱗ沣뿛䎲퇱૥嚃㋠伅胜鈔႗ఇ띵鳕䄽䭉霡Ꞌ쏻䗖ีꅅ⡼螧䣁㠱嶫䳨⪜돧从᷶᫚럗ꖀ᤭῞ʜ쫤䑀ꉁ뗺萇꒔앃뫵ꀕᎥ衰糱㦼弻鯲㧑埛ﭩ㝨鿽摀
[  261.407683][ T5919] usb 1-1: SerialNumber: ﶴ쯟눊飵뺪帩䮥䐫힉ὔ嵃챻痹飔簭줽㱡珟쌳馅ୗ蓩揺Ꝛ諡ⅸ鿔쮟
[  261.447034][ T8912] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  261.454945][ T8912] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  261.544325][ T5839] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  261.678314][ T5919] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  261.692523][ T5919] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  261.701278][ T5839] usb 2-1: Using ep0 maxpacket: 8
[  261.709399][ T5919] dib0700: firmware download failed at 7 with -8
[  261.718492][ T5839] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  261.734393][ T5839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.747324][ T5839] usb 2-1: Product: syz
[  261.754625][ T5839] usb 2-1: Manufacturer: syz
[  261.759328][ T5839] usb 2-1: SerialNumber: syz
[  261.765676][ T5919] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  261.785902][ T5839] usb 2-1: config 0 descriptor??
[  261.793446][ T5919] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  261.807499][ T5919] dib0700: firmware download failed at 7 with -8
[  261.831335][ T5919] usb 1-1: USB disconnect, device number 49
[  261.972617][ T8935] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  262.009090][ T5839] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  262.494389][    T9] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  262.612803][ T5839] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  262.636488][ T5839] usb 2-1: USB disconnect, device number 32
[  262.644380][    T9] usb 1-1: device descriptor read/64, error -71
[  262.861570][ T8949] FAULT_INJECTION: forcing a failure.
[  262.861570][ T8949] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  262.875648][ T8949] CPU: 1 UID: 0 PID: 8949 Comm: syz.3.1101 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  262.875678][ T8949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  262.875690][ T8949] Call Trace:
[  262.875698][ T8949]  <TASK>
[  262.875707][ T8949]  dump_stack_lvl+0x189/0x250
[  262.875736][ T8949]  ? __pfx____ratelimit+0x10/0x10
[  262.875762][ T8949]  ? __pfx_dump_stack_lvl+0x10/0x10
[  262.875785][ T8949]  ? __pfx__printk+0x10/0x10
[  262.875808][ T8949]  ? __might_fault+0xb0/0x130
[  262.875843][ T8949]  should_fail_ex+0x414/0x560
[  262.875880][ T8949]  _copy_from_user+0x2d/0xb0
[  262.875901][ T8949]  do_sys_poll+0x242/0x1070
[  262.875953][ T8949]  ? __pfx_do_sys_poll+0x10/0x10
[  262.876065][ T8949]  ? rcu_read_lock_any_held+0xb3/0x120
[  262.876087][ T8949]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  262.876112][ T8949]  ? vfs_write+0x8d8/0xa90
[  262.876164][ T8949]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  262.876190][ T8949]  ? set_user_sigmask+0xc7/0x1b0
[  262.876209][ T8949]  ? __pfx_set_user_sigmask+0x10/0x10
[  262.876226][ T8949]  ? __fget_files+0x3a0/0x420
[  262.876259][ T8949]  __se_sys_ppoll+0x1ff/0x260
[  262.876289][ T8949]  ? __pfx___se_sys_ppoll+0x10/0x10
[  262.876315][ T8949]  ? __pfx_ksys_write+0x10/0x10
[  262.876344][ T8949]  ? do_syscall_64+0xbe/0x3b0
[  262.876370][ T8949]  ? __x64_sys_ppoll+0x20/0xc0
[  262.876403][ T8949]  do_syscall_64+0xfa/0x3b0
[  262.876429][ T8949]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.876453][ T8949]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.876473][ T8949]  ? clear_bhb_loop+0x60/0xb0
[  262.876497][ T8949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.876516][ T8949] RIP: 0033:0x7fc876d8e929
[  262.876536][ T8949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  262.876553][ T8949] RSP: 002b:00007fc877b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  262.876575][ T8949] RAX: ffffffffffffffda RBX: 00007fc876fb5fa0 RCX: 00007fc876d8e929
[  262.876590][ T8949] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  262.876604][ T8949] RBP: 00007fc877b21090 R08: 0000000000000000 R09: 0000000000000000
[  262.876629][ T8949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  262.876641][ T8949] R13: 0000000000000000 R14: 00007fc876fb5fa0 R15: 00007fffc93e2598
[  262.876673][ T8949]  </TASK>
[  262.894622][    T9] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  263.008638][ T8951] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  263.265959][ T8956] FAULT_INJECTION: forcing a failure.
[  263.265959][ T8956] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.281025][    T9] usb 1-1: device descriptor read/64, error -71
[  263.288081][ T8956] CPU: 0 UID: 0 PID: 8956 Comm: syz.1.1104 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  263.288113][ T8956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  263.288126][ T8956] Call Trace:
[  263.288134][ T8956]  <TASK>
[  263.288143][ T8956]  dump_stack_lvl+0x189/0x250
[  263.288170][ T8956]  ? __pfx____ratelimit+0x10/0x10
[  263.288197][ T8956]  ? __pfx_dump_stack_lvl+0x10/0x10
[  263.288219][ T8956]  ? __pfx__printk+0x10/0x10
[  263.288242][ T8956]  ? __might_fault+0xb0/0x130
[  263.288275][ T8956]  should_fail_ex+0x414/0x560
[  263.288312][ T8956]  _copy_from_user+0x2d/0xb0
[  263.288331][ T8956]  ___sys_sendmsg+0x158/0x2a0
[  263.288354][ T8956]  ? __pfx____sys_sendmsg+0x10/0x10
[  263.288412][ T8956]  ? __fget_files+0x2a/0x420
[  263.288438][ T8956]  ? __fget_files+0x3a0/0x420
[  263.288476][ T8956]  __x64_sys_sendmsg+0x19b/0x260
[  263.288500][ T8956]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  263.288546][ T8956]  do_syscall_64+0xfa/0x3b0
[  263.288575][ T8956]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.288593][ T8956]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  263.288612][ T8956]  ? clear_bhb_loop+0x60/0xb0
[  263.288636][ T8956]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.288655][ T8956] RIP: 0033:0x7ff31318e929
[  263.288673][ T8956] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.288690][ T8956] RSP: 002b:00007ff3140cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  263.288712][ T8956] RAX: ffffffffffffffda RBX: 00007ff3133b5fa0 RCX: 00007ff31318e929
[  263.288727][ T8956] RDX: 0000000000000000 RSI: 0000200000000900 RDI: 0000000000000003
[  263.288740][ T8956] RBP: 00007ff3140cc090 R08: 0000000000000000 R09: 0000000000000000
[  263.288752][ T8956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  263.288764][ T8956] R13: 0000000000000000 R14: 00007ff3133b5fa0 R15: 00007ffe6380b9f8
[  263.288794][ T8956]  </TASK>
[  263.503211][    T9] usb usb1-port1: attempt power cycle
[  263.567437][ T8960] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  263.825618][ T8970] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  263.864399][    T9] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  263.904943][    T9] usb 1-1: device descriptor read/8, error -71
[  264.133007][ T8974] 
: renamed from bond_slave_0 (while UP)
[  264.144469][    T9] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  264.177092][    T9] usb 1-1: device descriptor read/8, error -71
[  264.295282][    T9] usb usb1-port1: unable to enumerate USB device
[  264.414386][   T24] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  264.514531][ T5839] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  264.554433][   T24] usb 2-1: device descriptor read/64, error -71
[  264.676571][ T5839] usb 3-1: Using ep0 maxpacket: 8
[  264.686724][ T5839] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  264.697452][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.703563][ T8980] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  264.706034][ T5839] usb 3-1: Product: syz
[  264.718716][ T5839] usb 3-1: Manufacturer: syz
[  264.723646][ T5839] usb 3-1: SerialNumber: syz
[  264.735043][ T5839] usb 3-1: config 0 descriptor??
[  264.804853][   T24] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  264.944988][ T5839] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  264.958557][   T24] usb 2-1: device descriptor read/64, error -71
[  265.074816][   T24] usb usb2-port1: attempt power cycle
[  265.298420][ T8982] FAULT_INJECTION: forcing a failure.
[  265.298420][ T8982] name failslab, interval 1, probability 0, space 0, times 0
[  265.312988][ T8982] CPU: 1 UID: 0 PID: 8982 Comm: syz.3.1116 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  265.313018][ T8982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  265.313031][ T8982] Call Trace:
[  265.313039][ T8982]  <TASK>
[  265.313052][ T8982]  dump_stack_lvl+0x189/0x250
[  265.313079][ T8982]  ? __pfx____ratelimit+0x10/0x10
[  265.313107][ T8982]  ? __pfx_dump_stack_lvl+0x10/0x10
[  265.313131][ T8982]  ? __pfx__printk+0x10/0x10
[  265.313160][ T8982]  ? __pfx___might_resched+0x10/0x10
[  265.313180][ T8982]  ? fs_reclaim_acquire+0x7d/0x100
[  265.313212][ T8982]  should_fail_ex+0x414/0x560
[  265.313250][ T8982]  should_failslab+0xa8/0x100
[  265.313277][ T8982]  __kmalloc_noprof+0xcb/0x4f0
[  265.313297][ T8982]  ? kfree+0x4d/0x440
[  265.313315][ T8982]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  265.313345][ T8982]  tomoyo_realpath_from_path+0xe3/0x5d0
[  265.313371][ T8982]  ? tomoyo_domain+0xd9/0x130
[  265.313402][ T8982]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  265.313432][ T8982]  tomoyo_path_number_perm+0x1e8/0x5a0
[  265.313464][ T8982]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  265.313511][ T8982]  ? __lock_acquire+0xab9/0xd20
[  265.313561][ T8982]  ? __fget_files+0x2a/0x420
[  265.313591][ T8982]  ? __fget_files+0x2a/0x420
[  265.313616][ T8982]  ? __fget_files+0x3a0/0x420
[  265.313640][ T8982]  ? __fget_files+0x2a/0x420
[  265.313671][ T8982]  security_file_ioctl+0xcb/0x2d0
[  265.313703][ T8982]  __se_sys_ioctl+0x47/0x170
[  265.313728][ T8982]  do_syscall_64+0xfa/0x3b0
[  265.313762][ T8982]  ? lockdep_hardirqs_on+0x9c/0x150
[  265.313785][ T8982]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.313804][ T8982]  ? clear_bhb_loop+0x60/0xb0
[  265.313829][ T8982]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.313848][ T8982] RIP: 0033:0x7fc876d8e929
[  265.313866][ T8982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.313881][ T8982] RSP: 002b:00007fc877b21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  265.313901][ T8982] RAX: ffffffffffffffda RBX: 00007fc876fb5fa0 RCX: 00007fc876d8e929
[  265.313916][ T8982] RDX: 0000200000000140 RSI: 00000000c01864b1 RDI: 0000000000000003
[  265.313929][ T8982] RBP: 00007fc877b21090 R08: 0000000000000000 R09: 0000000000000000
[  265.313941][ T8982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.313952][ T8982] R13: 0000000000000000 R14: 00007fc876fb5fa0 R15: 00007fffc93e2598
[  265.313983][ T8982]  </TASK>
[  265.314095][ T8982] ERROR: Out of memory at tomoyo_realpath_from_path.
[  265.573463][ T5839] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  265.591830][ T5839] usb 3-1: USB disconnect, device number 38
[  265.624666][   T24] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  265.663335][   T24] usb 2-1: device descriptor read/8, error -71
[  265.818616][ T8990] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  265.904446][   T24] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  265.927240][   T24] usb 2-1: device descriptor read/8, error -71
[  266.034810][   T24] usb usb2-port1: unable to enumerate USB device
[  266.683188][ T9002] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  266.817273][ T9006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  266.829625][ T9006] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  266.974403][   T24] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  267.124385][   T24] usb 3-1: Using ep0 maxpacket: 32
[  267.132645][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  267.142169][   T24] usb 3-1: config 4 has an invalid interface number: 150 but max is 1
[  267.150965][   T24] usb 3-1: config 4 has an invalid interface number: 184 but max is 1
[  267.160759][   T24] usb 3-1: config 4 has no interface number 0
[  267.167122][   T24] usb 3-1: config 4 has no interface number 1
[  267.173502][   T24] usb 3-1: config 4 interface 150 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 32
[  267.184486][   T24] usb 3-1: config 4 interface 150 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 64
[  267.195381][   T24] usb 3-1: config 4 interface 150 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  267.210105][   T24] usb 3-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  267.239692][   T24] usb 3-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  267.251360][   T24] usb 3-1: config 4 interface 184 altsetting 64 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  267.274500][   T24] usb 3-1: config 4 interface 184 altsetting 64 has a duplicate endpoint with address 0x4, skipping
[  267.286106][   T24] usb 3-1: config 4 interface 150 has no altsetting 0
[  267.293715][   T24] usb 3-1: config 4 interface 184 has no altsetting 0
[  267.304472][   T24] usb 3-1: New USB device found, idVendor=10b8, idProduct=1f90, bcdDevice=ba.45
[  267.314031][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.322710][   T24] usb 3-1: Product: љ
[  267.327429][   T24] usb 3-1: Manufacturer: ᐜ鞞褵颱ഥ歄⯞춐ﱗ沣뿛䎲퇱૥嚃㋠伅胜鈔႗ఇ띵鳕䄽䭉霡Ꞌ쏻䗖ีꅅ⡼螧䣁㠱嶫䳨⪜돧从᷶᫚럗ꖀ᤭῞ʜ쫤䑀ꉁ뗺萇꒔앃뫵ꀕᎥ衰糱㦼弻鯲㧑埛ﭩ㝨鿽摀
[  267.439521][   T24] usb 3-1: SerialNumber: ﶴ쯟눊飵뺪帩䮥䐫힉ὔ嵃챻痹飔簭줽㱡珟쌳馅ୗ蓩揺Ꝛ諡ⅸ鿔쮟
[  267.476424][ T9004] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  267.483973][ T9004] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  267.629199][ T9021] FAULT_INJECTION: forcing a failure.
[  267.629199][ T9021] name failslab, interval 1, probability 0, space 0, times 0
[  267.643636][ T9021] CPU: 0 UID: 0 PID: 9021 Comm: syz.1.1132 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  267.643666][ T9021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  267.643678][ T9021] Call Trace:
[  267.643686][ T9021]  <TASK>
[  267.643695][ T9021]  dump_stack_lvl+0x189/0x250
[  267.643728][ T9021]  ? __pfx____ratelimit+0x10/0x10
[  267.643882][ T9021]  ? __pfx_dump_stack_lvl+0x10/0x10
[  267.643925][ T9021]  ? __pfx__printk+0x10/0x10
[  267.643955][ T9021]  ? __pfx___might_resched+0x10/0x10
[  267.643974][ T9021]  ? fs_reclaim_acquire+0x7d/0x100
[  267.644003][ T9021]  should_fail_ex+0x414/0x560
[  267.644032][ T9021]  should_failslab+0xa8/0x100
[  267.644058][ T9021]  __kmalloc_noprof+0xcb/0x4f0
[  267.644079][ T9021]  ? kfree+0x4d/0x440
[  267.644097][ T9021]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  267.644125][ T9021]  tomoyo_realpath_from_path+0xe3/0x5d0
[  267.644152][ T9021]  ? tomoyo_domain+0xd9/0x130
[  267.644192][ T9021]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  267.644224][ T9021]  tomoyo_path_number_perm+0x1e8/0x5a0
[  267.644257][ T9021]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  267.644305][ T9021]  ? __lock_acquire+0xab9/0xd20
[  267.644355][ T9021]  ? __fget_files+0x2a/0x420
[  267.644387][ T9021]  ? __fget_files+0x2a/0x420
[  267.644412][ T9021]  ? __fget_files+0x3a0/0x420
[  267.644438][ T9021]  ? __fget_files+0x2a/0x420
[  267.644469][ T9021]  security_file_ioctl+0xcb/0x2d0
[  267.644501][ T9021]  __se_sys_ioctl+0x47/0x170
[  267.644523][ T9021]  do_syscall_64+0xfa/0x3b0
[  267.644550][ T9021]  ? lockdep_hardirqs_on+0x9c/0x150
[  267.644581][ T9021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.644605][ T9021]  ? clear_bhb_loop+0x60/0xb0
[  267.644630][ T9021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.644648][ T9021] RIP: 0033:0x7ff31318e929
[  267.644667][ T9021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  267.644684][ T9021] RSP: 002b:00007ff3140cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  267.644705][ T9021] RAX: ffffffffffffffda RBX: 00007ff3133b5fa0 RCX: 00007ff31318e929
[  267.644720][ T9021] RDX: 0000200000000440 RSI: 00000000c04064a0 RDI: 0000000000000003
[  267.644733][ T9021] RBP: 00007ff3140cc090 R08: 0000000000000000 R09: 0000000000000000
[  267.644745][ T9021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  267.644757][ T9021] R13: 0000000000000000 R14: 00007ff3133b5fa0 R15: 00007ffe6380b9f8
[  267.644789][ T9021]  </TASK>
[  267.654091][ T9019] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  267.656985][ T9021] ERROR: Out of memory at tomoyo_realpath_from_path.
[  267.745435][   T24] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  267.929983][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  267.938609][   T24] dib0700: firmware download failed at 7 with -8
[  267.957959][   T24] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  267.978326][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  267.986837][   T24] dib0700: firmware download failed at 7 with -8
[  268.002314][   T24] usb 3-1: USB disconnect, device number 39
[  268.364086][ T9029] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  268.697587][ T9038] FAULT_INJECTION: forcing a failure.
[  268.697587][ T9038] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  268.712016][ T9038] CPU: 0 UID: 0 PID: 9038 Comm: syz.3.1141 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  268.712045][ T9038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  268.712058][ T9038] Call Trace:
[  268.712075][ T9038]  <TASK>
[  268.712084][ T9038]  dump_stack_lvl+0x189/0x250
[  268.712115][ T9038]  ? __pfx____ratelimit+0x10/0x10
[  268.712141][ T9038]  ? __pfx_dump_stack_lvl+0x10/0x10
[  268.712162][ T9038]  ? __pfx__printk+0x10/0x10
[  268.712195][ T9038]  should_fail_ex+0x414/0x560
[  268.712231][ T9038]  _copy_to_user+0x31/0xb0
[  268.712252][ T9038]  simple_read_from_buffer+0xe1/0x170
[  268.712283][ T9038]  proc_fail_nth_read+0x1df/0x250
[  268.712307][ T9038]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  268.712329][ T9038]  ? rw_verify_area+0x258/0x650
[  268.712350][ T9038]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  268.712369][ T9038]  vfs_read+0x200/0x980
[  268.712398][ T9038]  ? __pfx___mutex_lock+0x10/0x10
[  268.712426][ T9038]  ? __pfx_vfs_read+0x10/0x10
[  268.712450][ T9038]  ? __fget_files+0x2a/0x420
[  268.712482][ T9038]  ? __fget_files+0x3a0/0x420
[  268.712508][ T9038]  ? __fget_files+0x2a/0x420
[  268.712534][ T9038]  ksys_read+0x145/0x250
[  268.712558][ T9038]  ? vfs_fadvise+0x9a/0xc0
[  268.712586][ T9038]  ? __pfx_ksys_read+0x10/0x10
[  268.712615][ T9038]  ? do_syscall_64+0xbe/0x3b0
[  268.712647][ T9038]  do_syscall_64+0xfa/0x3b0
[  268.712671][ T9038]  ? lockdep_hardirqs_on+0x9c/0x150
[  268.712697][ T9038]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.712717][ T9038]  ? clear_bhb_loop+0x60/0xb0
[  268.712734][ T9038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  268.712748][ T9038] RIP: 0033:0x7fc876d8d33c
[  268.712761][ T9038] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  268.712773][ T9038] RSP: 002b:00007fc877b21030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  268.712789][ T9038] RAX: ffffffffffffffda RBX: 00007fc876fb5fa0 RCX: 00007fc876d8d33c
[  268.712800][ T9038] RDX: 000000000000000f RSI: 00007fc877b210a0 RDI: 0000000000000004
[  268.712809][ T9038] RBP: 00007fc877b21090 R08: 0000000000000000 R09: 0000000000000000
[  268.712817][ T9038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  268.712826][ T9038] R13: 0000000000000000 R14: 00007fc876fb5fa0 R15: 00007fffc93e2598
[  268.712848][ T9038]  </TASK>
[  268.944431][    C0] vkms_vblank_simulate: vblank timer overrun
[  269.053168][    C0] vkms_vblank_simulate: vblank timer overrun
[  269.137670][ T9046] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1142'.
[  269.355735][ T9049] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  270.025454][ T9058] NILFS (rnullb0): couldn't find nilfs on the device
[  270.194443][ T5919] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  270.365001][ T5919] usb 3-1: Using ep0 maxpacket: 32
[  270.374012][ T9071] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  270.397769][ T5919] usb 3-1: unable to get BOS descriptor or descriptor too short
[  270.407664][ T5919] usb 3-1: config 4 has an invalid interface number: 150 but max is 1
[  270.424303][ T5919] usb 3-1: config 4 has an invalid interface number: 184 but max is 1
[  270.444280][ T5919] usb 3-1: config 4 has no interface number 0
[  270.450521][ T5919] usb 3-1: config 4 has no interface number 1
[  270.461284][ T5919] usb 3-1: config 4 interface 150 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 32
[  270.471505][ T5919] usb 3-1: config 4 interface 150 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 64
[  270.485093][ T5919] usb 3-1: config 4 interface 150 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  270.499305][ T5919] usb 3-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  270.511340][ T5919] usb 3-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  270.527131][ T5919] usb 3-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  270.542335][ T5919] usb 3-1: config 4 interface 184 altsetting 64 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  270.557621][ T5919] usb 3-1: config 4 interface 184 altsetting 64 has a duplicate endpoint with address 0x4, skipping
[  270.570609][ T5919] usb 3-1: config 4 interface 150 has no altsetting 0
[  270.579436][ T5919] usb 3-1: config 4 interface 184 has no altsetting 0
[  270.591476][ T5919] usb 3-1: New USB device found, idVendor=10b8, idProduct=1f90, bcdDevice=ba.45
[  270.614294][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.622441][ T5919] usb 3-1: Product: љ
[  270.634321][ T5919] usb 3-1: Manufacturer: ᐜ鞞褵颱ഥ歄⯞춐ﱗ沣뿛䎲퇱૥嚃㋠伅胜鈔႗ఇ띵鳕䄽䭉霡Ꞌ쏻䗖ีꅅ⡼螧䣁㠱嶫䳨⪜돧从᷶᫚럗ꖀ᤭῞ʜ쫤䑀ꉁ뗺萇꒔앃뫵ꀕᎥ衰糱㦼弻鯲㧑埛ﭩ㝨鿽摀
[  270.674316][ T5919] usb 3-1: SerialNumber: ﶴ쯟눊飵뺪帩䮥䐫힉ὔ嵃챻痹飔簭줽㱡珟쌳馅ୗ蓩揺Ꝛ諡ⅸ鿔쮟
[  270.708226][ T9056] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  270.719519][ T9056] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  270.947387][ T5919] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  270.963314][ T5919] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  270.976412][ T5919] dib0700: firmware download failed at 7 with -8
[  271.003989][ T5919] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  271.020760][ T5919] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  271.029185][ T5919] dib0700: firmware download failed at 7 with -8
[  271.033629][ T9078] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  271.064648][ T5919] usb 3-1: USB disconnect, device number 40
[  271.190172][ T9080] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  271.358169][ T9082] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  271.868253][ T9097] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  271.960851][ T9099] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  272.094476][ T5919] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  272.254356][ T5919] usb 2-1: Using ep0 maxpacket: 32
[  272.262737][ T5919] usb 2-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice=30.46
[  272.272463][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.285769][ T5919] usb 2-1: config 0 descriptor??
[  272.352818][ T9106] XFS (rnullb0): Invalid superblock magic number
[  272.512902][ T9095] netlink: 'syz.1.1162': attribute type 4 has an invalid length.
[  272.587220][ T9113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  272.598040][ T9113] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  272.632140][ T9115] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  272.759962][    T9] usb 2-1: USB disconnect, device number 37
[  272.872500][ T9120] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  273.415685][ T9130] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  273.589359][ T9133] FAULT_INJECTION: forcing a failure.
[  273.589359][ T9133] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  273.632583][ T9133] CPU: 1 UID: 0 PID: 9133 Comm: syz.2.1176 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  273.632613][ T9133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  273.632625][ T9133] Call Trace:
[  273.632635][ T9133]  <TASK>
[  273.632644][ T9133]  dump_stack_lvl+0x189/0x250
[  273.632669][ T9133]  ? __pfx____ratelimit+0x10/0x10
[  273.632688][ T9133]  ? __pfx_dump_stack_lvl+0x10/0x10
[  273.632705][ T9133]  ? __pfx__printk+0x10/0x10
[  273.632749][ T9133]  should_fail_ex+0x414/0x560
[  273.632786][ T9133]  _copy_to_user+0x31/0xb0
[  273.632809][ T9133]  simple_read_from_buffer+0xe1/0x170
[  273.632832][ T9133]  proc_fail_nth_read+0x1df/0x250
[  273.632853][ T9133]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  273.632876][ T9133]  ? rw_verify_area+0x258/0x650
[  273.632899][ T9133]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  273.632920][ T9133]  vfs_read+0x200/0x980
[  273.632950][ T9133]  ? __pfx___mutex_lock+0x10/0x10
[  273.632977][ T9133]  ? __pfx_vfs_read+0x10/0x10
[  273.633001][ T9133]  ? __fget_files+0x2a/0x420
[  273.633025][ T9133]  ? __fget_files+0x3a0/0x420
[  273.633047][ T9133]  ? __fget_files+0x2a/0x420
[  273.633073][ T9133]  ksys_read+0x145/0x250
[  273.633092][ T9133]  ? __pfx_ksys_read+0x10/0x10
[  273.633109][ T9133]  ? rcu_is_watching+0x15/0xb0
[  273.633137][ T9133]  ? do_syscall_64+0xbe/0x3b0
[  273.633167][ T9133]  do_syscall_64+0xfa/0x3b0
[  273.633193][ T9133]  ? lockdep_hardirqs_on+0x9c/0x150
[  273.633212][ T9133]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.633226][ T9133]  ? clear_bhb_loop+0x60/0xb0
[  273.633244][ T9133]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  273.633258][ T9133] RIP: 0033:0x7f2d9fb8d33c
[  273.633272][ T9133] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  273.633285][ T9133] RSP: 002b:00007f2da0944030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  273.633301][ T9133] RAX: ffffffffffffffda RBX: 00007f2d9fdb5fa0 RCX: 00007f2d9fb8d33c
[  273.633316][ T9133] RDX: 000000000000000f RSI: 00007f2da09440a0 RDI: 0000000000000003
[  273.633329][ T9133] RBP: 00007f2da0944090 R08: 0000000000000000 R09: 0000000000000000
[  273.633342][ T9133] R10: 00000000000000f5 R11: 0000000000000246 R12: 0000000000000001
[  273.633353][ T9133] R13: 0000000000000000 R14: 00007f2d9fdb5fa0 R15: 00007ffde33cfaa8
[  273.633384][ T9133]  </TASK>
[  274.669343][    T9] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  274.762163][ T9148] FAULT_INJECTION: forcing a failure.
[  274.762163][ T9148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  274.775648][ T9148] CPU: 1 UID: 0 PID: 9148 Comm: syz.2.1183 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  274.775677][ T9148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.775690][ T9148] Call Trace:
[  274.775698][ T9148]  <TASK>
[  274.775707][ T9148]  dump_stack_lvl+0x189/0x250
[  274.775736][ T9148]  ? __pfx____ratelimit+0x10/0x10
[  274.775763][ T9148]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.775786][ T9148]  ? __pfx__printk+0x10/0x10
[  274.775823][ T9148]  should_fail_ex+0x414/0x560
[  274.775860][ T9148]  strncpy_from_user+0x36/0x290
[  274.775895][ T9148]  path_setxattrat+0x150/0x3a0
[  274.775925][ T9148]  ? __pfx_path_setxattrat+0x10/0x10
[  274.775945][ T9148]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  274.776000][ T9148]  ? ksys_write+0x22a/0x250
[  274.776028][ T9148]  ? __pfx_ksys_write+0x10/0x10
[  274.776061][ T9148]  __x64_sys_setxattr+0xbc/0xe0
[  274.776094][ T9148]  do_syscall_64+0xfa/0x3b0
[  274.776120][ T9148]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.776145][ T9148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.776165][ T9148]  ? clear_bhb_loop+0x60/0xb0
[  274.776190][ T9148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.776209][ T9148] RIP: 0033:0x7f2d9fb8e929
[  274.776227][ T9148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.776245][ T9148] RSP: 002b:00007f2da0944038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  274.776267][ T9148] RAX: ffffffffffffffda RBX: 00007f2d9fdb5fa0 RCX: 00007f2d9fb8e929
[  274.776282][ T9148] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000200000000000
[  274.776296][ T9148] RBP: 00007f2da0944090 R08: 0000000000000001 R09: 0000000000000000
[  274.776308][ T9148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.776320][ T9148] R13: 0000000000000000 R14: 00007f2d9fdb5fa0 R15: 00007ffde33cfaa8
[  274.776351][ T9148]  </TASK>
[  274.995060][    T9] usb 2-1: Using ep0 maxpacket: 32
[  275.003831][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  275.014950][    T9] usb 2-1: config 4 has an invalid interface number: 150 but max is 1
[  275.026771][    T9] usb 2-1: config 4 has an invalid interface number: 184 but max is 1
[  275.075219][    T9] usb 2-1: config 4 has no interface number 0
[  275.081618][    T9] usb 2-1: config 4 has no interface number 1
[  275.100203][    T9] usb 2-1: config 4 interface 150 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 32
[  275.148361][    T9] usb 2-1: config 4 interface 150 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 64
[  275.199952][    T9] usb 2-1: config 4 interface 150 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  275.245364][    T9] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  275.261447][    T9] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  275.268478][ T9152] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  275.273590][    T9] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  275.298005][    T9] usb 2-1: config 4 interface 184 altsetting 64 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  275.311667][    T9] usb 2-1: config 4 interface 184 altsetting 64 has a duplicate endpoint with address 0x4, skipping
[  275.331502][    T9] usb 2-1: config 4 interface 150 has no altsetting 0
[  275.339822][    T9] usb 2-1: config 4 interface 184 has no altsetting 0
[  275.353854][    T9] usb 2-1: New USB device found, idVendor=10b8, idProduct=1f90, bcdDevice=ba.45
[  275.374856][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.383141][    T9] usb 2-1: Product: љ
[  275.390276][    T9] usb 2-1: Manufacturer: ᐜ鞞褵颱ഥ歄⯞춐ﱗ沣뿛䎲퇱૥嚃㋠伅胜鈔႗ఇ띵鳕䄽䭉霡Ꞌ쏻䗖ีꅅ⡼螧䣁㠱嶫䳨⪜돧从᷶᫚럗ꖀ᤭῞ʜ쫤䑀ꉁ뗺萇꒔앃뫵ꀕᎥ衰糱㦼弻鯲㧑埛ﭩ㝨鿽摀
[  275.436028][    T9] usb 2-1: SerialNumber: ﶴ쯟눊飵뺪帩䮥䐫힉ὔ嵃챻痹飔簭줽㱡珟쌳馅ୗ蓩揺Ꝛ諡ⅸ鿔쮟
[  275.458818][ T9144] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  275.466917][ T9144] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  275.588997][ T9160] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  275.697279][    T9] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  275.710253][    T9] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  275.718838][    T9] dib0700: firmware download failed at 7 with -8
[  275.737642][    T9] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  275.750765][    T9] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  275.772282][    T9] dib0700: firmware download failed at 7 with -8
[  275.799872][    T9] usb 2-1: USB disconnect, device number 38
[  276.129233][ T9168] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  276.174322][ T5919] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  276.334432][ T5919] usb 3-1: Using ep0 maxpacket: 16
[  276.348061][ T5919] usb 3-1: config index 0 descriptor too short (expected 2066, got 18)
[  276.370267][ T5919] usb 3-1: New USB device found, idVendor=6d63, idProduct=f0e5, bcdDevice=9c.ac
[  276.381537][ T5919] usb 3-1: New USB device strings: Mfr=141, Product=179, SerialNumber=3
[  276.396438][ T5919] usb 3-1: Product: syz
[  276.408670][ T5919] usb 3-1: Manufacturer: syz
[  276.457379][ T5919] usb 3-1: SerialNumber: syz
[  276.482015][ T5919] usb 3-1: config 0 descriptor??
[  277.238299][ T9183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  277.254637][ T9183] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  277.882485][ T9187] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  278.082542][ T9193] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  278.744397][ T5919] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  278.904377][ T5919] usb 2-1: Using ep0 maxpacket: 32
[  278.923888][ T5919] usb 2-1: unable to get BOS descriptor or descriptor too short
[  278.951703][ T5919] usb 2-1: config 4 has an invalid interface number: 150 but max is 1
[  278.964848][ T5919] usb 2-1: config 4 has an invalid interface number: 184 but max is 1
[  278.991739][ T5919] usb 2-1: config 4 has no interface number 0
[  279.001110][ T5842] usb 3-1: USB disconnect, device number 41
[  279.012957][ T5919] usb 2-1: config 4 has no interface number 1
[  279.023346][ T5919] usb 2-1: config 4 interface 150 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 32
[  279.035323][ T5919] usb 2-1: config 4 interface 150 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 64
[  279.047159][ T9201] infiniband syz2: set active
[  279.060287][ T9201] infiniband syz2: added bond_slave_0
[  279.065460][ T5919] usb 2-1: config 4 interface 150 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  279.089894][ T5919] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  279.103704][ T5919] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  279.116153][ T5919] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  279.127395][ T5919] usb 2-1: config 4 interface 184 altsetting 64 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  279.140295][ T5919] usb 2-1: config 4 interface 184 altsetting 64 has a duplicate endpoint with address 0x4, skipping
[  279.151554][ T5919] usb 2-1: config 4 interface 150 has no altsetting 0
[  279.158602][ T5919] usb 2-1: config 4 interface 184 has no altsetting 0
[  279.169105][ T5919] usb 2-1: New USB device found, idVendor=10b8, idProduct=1f90, bcdDevice=ba.45
[  279.179634][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.187924][ T5919] usb 2-1: Product: љ
[  279.192256][ T5919] usb 2-1: Manufacturer: ᐜ鞞褵颱ഥ歄⯞춐ﱗ沣뿛䎲퇱૥嚃㋠伅胜鈔႗ఇ띵鳕䄽䭉霡Ꞌ쏻䗖ีꅅ⡼螧䣁㠱嶫䳨⪜돧从᷶᫚럗ꖀ᤭῞ʜ쫤䑀ꉁ뗺萇꒔앃뫵ꀕᎥ衰糱㦼弻鯲㧑埛ﭩ㝨鿽摀
[  279.218013][ T5919] usb 2-1: SerialNumber: ﶴ쯟눊飵뺪帩䮥䐫힉ὔ嵃챻痹飔簭줽㱡珟쌳馅ୗ蓩揺Ꝛ諡ⅸ鿔쮟
[  279.243285][ T9199] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  279.250927][ T9199] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  279.295987][ T9201] RDS/IB: syz2: added
[  279.309578][ T9201] smc: adding ib device syz2 with port count 1
[  279.316647][ T9201] smc:    ib device syz2 port 1 has pnetid 
[  279.489105][ T5919] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  279.516233][ T5919] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  279.534490][ T5919] dib0700: firmware download failed at 7 with -8
[  279.586873][ T5919] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  279.616265][ T5919] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  279.648189][ T5919] dib0700: firmware download failed at 7 with -8
[  279.673833][ T5919] usb 2-1: USB disconnect, device number 39
[  280.354406][ T5839] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  280.362364][ T5919] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  280.544282][ T5919] usb 2-1: Using ep0 maxpacket: 32
[  280.549627][ T5839] usb 3-1: Using ep0 maxpacket: 8
[  280.568516][ T5919] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  280.577568][ T5919] usb 2-1: config 0 has no interface number 0
[  280.598733][ T5839] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  280.608207][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.616452][ T5839] usb 3-1: Product: syz
[  280.620963][ T5839] usb 3-1: Manufacturer: syz
[  280.625747][ T5839] usb 3-1: SerialNumber: syz
[  280.630575][ T5919] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  280.639840][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.648137][ T5919] usb 2-1: Product: syz
[  280.653550][ T5919] usb 2-1: Manufacturer: syz
[  280.659066][ T5919] usb 2-1: SerialNumber: syz
[  280.664858][ T5839] usb 3-1: config 0 descriptor??
[  280.685268][ T5919] usb 2-1: config 0 descriptor??
[  280.700531][ T5919] smsc95xx v2.0.0
[  280.714279][ T5919] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  280.726242][ T5919] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -22
[  280.876623][ T5839] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  280.896394][ T9211] FAULT_INJECTION: forcing a failure.
[  280.896394][ T9211] name failslab, interval 1, probability 0, space 0, times 0
[  280.932434][ T9211] CPU: 1 UID: 0 PID: 9211 Comm: syz.1.1208 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  280.932465][ T9211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  280.932477][ T9211] Call Trace:
[  280.932488][ T9211]  <TASK>
[  280.932497][ T9211]  dump_stack_lvl+0x189/0x250
[  280.932526][ T9211]  ? __pfx____ratelimit+0x10/0x10
[  280.932552][ T9211]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.932575][ T9211]  ? __pfx__printk+0x10/0x10
[  280.932605][ T9211]  ? __pfx___might_resched+0x10/0x10
[  280.932623][ T9211]  ? fs_reclaim_acquire+0x7d/0x100
[  280.932655][ T9211]  should_fail_ex+0x414/0x560
[  280.932693][ T9211]  should_failslab+0xa8/0x100
[  280.932732][ T9211]  kmem_cache_alloc_noprof+0x73/0x3c0
[  280.932755][ T9211]  ? getname_flags+0xb8/0x540
[  280.932786][ T9211]  getname_flags+0xb8/0x540
[  280.932818][ T9211]  do_sys_openat2+0xbc/0x1c0
[  280.932841][ T9211]  ? __pfx_do_sys_openat2+0x10/0x10
[  280.932862][ T9211]  ? ksys_write+0x22a/0x250
[  280.932889][ T9211]  ? __pfx_ksys_write+0x10/0x10
[  280.932910][ T9211]  ? rcu_is_watching+0x15/0xb0
[  280.932934][ T9211]  __x64_sys_openat+0x138/0x170
[  280.932959][ T9211]  do_syscall_64+0xfa/0x3b0
[  280.932985][ T9211]  ? lockdep_hardirqs_on+0x9c/0x150
[  280.933010][ T9211]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.933031][ T9211]  ? clear_bhb_loop+0x60/0xb0
[  280.933055][ T9211]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.933074][ T9211] RIP: 0033:0x7ff31318e929
[  280.933093][ T9211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.933111][ T9211] RSP: 002b:00007ff3140cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  280.933133][ T9211] RAX: ffffffffffffffda RBX: 00007ff3133b5fa0 RCX: 00007ff31318e929
[  280.933149][ T9211] RDX: 0000000000101a02 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  280.933163][ T9211] RBP: 00007ff3140cc090 R08: 0000000000000000 R09: 0000000000000000
[  280.933175][ T9211] R10: 00000000000000d1 R11: 0000000000000246 R12: 0000000000000001
[  280.933188][ T9211] R13: 0000000000000000 R14: 00007ff3133b5fa0 R15: 00007ffe6380b9f8
[  280.933220][ T9211]  </TASK>
[  281.013007][ T9213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  281.019166][ T5919] usb 2-1: USB disconnect, device number 40
[  281.049942][ T9213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  281.573283][ T5839] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  281.601214][ T5839] usb 3-1: USB disconnect, device number 42
[  281.775083][ T9217] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  281.812839][ T9219] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  281.999463][ T9221] exFAT-fs (rnullb0): invalid boot record signature
[  282.010591][ T9221] exFAT-fs (rnullb0): failed to read boot sector
[  282.019810][ T9221] exFAT-fs (rnullb0): failed to recognize exfat type
[  282.414452][ T5901] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  282.595595][ T5901] usb 1-1: device descriptor read/64, error -71
[  282.905197][ T9232] FAULT_INJECTION: forcing a failure.
[  282.905197][ T9232] name failslab, interval 1, probability 0, space 0, times 0
[  282.918185][ T9232] CPU: 0 UID: 0 PID: 9232 Comm: syz.3.1217 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  282.918206][ T9232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  282.918216][ T9232] Call Trace:
[  282.918222][ T9232]  <TASK>
[  282.918227][ T9232]  dump_stack_lvl+0x189/0x250
[  282.918249][ T9232]  ? __pfx____ratelimit+0x10/0x10
[  282.918269][ T9232]  ? __pfx_dump_stack_lvl+0x10/0x10
[  282.918285][ T9232]  ? __pfx__printk+0x10/0x10
[  282.918309][ T9232]  ? __pfx___might_resched+0x10/0x10
[  282.918323][ T9232]  ? fs_reclaim_acquire+0x7d/0x100
[  282.918345][ T9232]  should_fail_ex+0x414/0x560
[  282.918372][ T9232]  should_failslab+0xa8/0x100
[  282.918391][ T9232]  kmem_cache_alloc_noprof+0x73/0x3c0
[  282.918407][ T9232]  ? getname_flags+0xb8/0x540
[  282.918432][ T9232]  getname_flags+0xb8/0x540
[  282.918456][ T9232]  do_sys_openat2+0xbc/0x1c0
[  282.918473][ T9232]  ? __pfx_do_sys_openat2+0x10/0x10
[  282.918488][ T9232]  ? ksys_write+0x22a/0x250
[  282.918506][ T9232]  ? __pfx_ksys_write+0x10/0x10
[  282.918521][ T9232]  ? rcu_is_watching+0x15/0xb0
[  282.918538][ T9232]  __x64_sys_openat+0x138/0x170
[  282.918556][ T9232]  do_syscall_64+0xfa/0x3b0
[  282.918576][ T9232]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.918590][ T9232]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  282.918605][ T9232]  ? clear_bhb_loop+0x60/0xb0
[  282.918622][ T9232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  282.918635][ T9232] RIP: 0033:0x7fc876d8e929
[  282.918649][ T9232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  282.918662][ T9232] RSP: 002b:00007fc877b21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  282.918677][ T9232] RAX: ffffffffffffffda RBX: 00007fc876fb5fa0 RCX: 00007fc876d8e929
[  282.918688][ T9232] RDX: 0000000000004041 RSI: 0000200000000d80 RDI: ffffffffffffff9c
[  282.918698][ T9232] RBP: 00007fc877b21090 R08: 0000000000000000 R09: 0000000000000000
[  282.918706][ T9232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  282.918722][ T9232] R13: 0000000000000000 R14: 00007fc876fb5fa0 R15: 00007fffc93e2598
[  282.918743][ T9232]  </TASK>
[  283.159137][ T5901] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  283.304354][ T5901] usb 1-1: device descriptor read/64, error -71
[  283.414639][ T5901] usb usb1-port1: attempt power cycle
[  283.474380][ T5842] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[  283.524423][ T5839] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  283.637825][ T5842] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  283.647178][ T5842] usb 2-1: config 0 has no interface number 0
[  283.654112][ T5842] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  283.663670][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.682693][ T5842] usb 2-1: config 0 descriptor??
[  283.687910][ T5839] usb 3-1: Using ep0 maxpacket: 8
[  283.698123][ T5842] usb 2-1: selecting invalid altsetting 1
[  283.709294][ T5839] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  283.719856][ T5842] dvb_ttusb_budget: ttusb_init_controller: error
[  283.727113][ T5839] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  283.737136][ T5842] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  283.750153][ T5839] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  283.754464][ T5901] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  283.761162][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.791153][ T5839] usb 3-1: Product: syz
[  283.795976][ T5901] usb 1-1: device descriptor read/8, error -71
[  283.807005][ T5839] usb 3-1: Manufacturer: syz
[  283.814721][ T5839] usb 3-1: SerialNumber: syz
[  283.827706][ T5839] usb 3-1: config 0 descriptor??
[  283.867957][ T5842] DVB: Unable to find symbol cx22700_attach()
[  283.931075][ T5842] DVB: Unable to find symbol tda10046_attach()
[  283.937922][ T5842] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  283.951400][ T5842] usb 2-1: USB disconnect, device number 41
[  284.056394][ T5901] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  284.085424][ T5901] usb 1-1: device descriptor read/8, error -71
[  284.196003][ T5901] usb usb1-port1: unable to enumerate USB device
[  284.854387][ T5842] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  285.014294][ T5842] usb 2-1: Using ep0 maxpacket: 8
[  285.024330][ T5842] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  285.033498][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.042301][ T5842] usb 2-1: Product: syz
[  285.047085][ T5842] usb 2-1: Manufacturer: syz
[  285.051924][ T5842] usb 2-1: SerialNumber: syz
[  285.059821][ T5842] usb 2-1: config 0 descriptor??
[  285.262992][ T9255] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  285.274622][ T5842] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  285.881828][ T5842] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  285.886675][ T9259] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  285.914298][ T5842] usb 2-1: USB disconnect, device number 42
[  286.310756][    T9] usb 3-1: USB disconnect, device number 43
[  286.495864][ T9264] FAULT_INJECTION: forcing a failure.
[  286.495864][ T9264] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  286.514552][ T9264] CPU: 1 UID: 0 PID: 9264 Comm: syz.1.1227 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  286.514584][ T9264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  286.514596][ T9264] Call Trace:
[  286.514605][ T9264]  <TASK>
[  286.514614][ T9264]  dump_stack_lvl+0x189/0x250
[  286.514642][ T9264]  ? __pfx____ratelimit+0x10/0x10
[  286.514669][ T9264]  ? __pfx_dump_stack_lvl+0x10/0x10
[  286.514692][ T9264]  ? __pfx__printk+0x10/0x10
[  286.514729][ T9264]  should_fail_ex+0x414/0x560
[  286.514767][ T9264]  _copy_to_user+0x31/0xb0
[  286.514790][ T9264]  simple_read_from_buffer+0xe1/0x170
[  286.514823][ T9264]  proc_fail_nth_read+0x1df/0x250
[  286.514846][ T9264]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  286.514869][ T9264]  ? rw_verify_area+0x258/0x650
[  286.514892][ T9264]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  286.514914][ T9264]  vfs_read+0x200/0x980
[  286.514943][ T9264]  ? __pfx___mutex_lock+0x10/0x10
[  286.514972][ T9264]  ? __pfx_vfs_read+0x10/0x10
[  286.514997][ T9264]  ? __fget_files+0x2a/0x420
[  286.515034][ T9264]  ? __fget_files+0x3a0/0x420
[  286.515068][ T9264]  ? __fget_files+0x2a/0x420
[  286.515105][ T9264]  ksys_read+0x145/0x250
[  286.515133][ T9264]  ? __pfx_ksys_read+0x10/0x10
[  286.515154][ T9264]  ? rcu_is_watching+0x15/0xb0
[  286.515180][ T9264]  ? do_syscall_64+0xbe/0x3b0
[  286.515212][ T9264]  do_syscall_64+0xfa/0x3b0
[  286.515237][ T9264]  ? lockdep_hardirqs_on+0x9c/0x150
[  286.515262][ T9264]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.515282][ T9264]  ? clear_bhb_loop+0x60/0xb0
[  286.515307][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.515327][ T9264] RIP: 0033:0x7ff31318d33c
[  286.515345][ T9264] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  286.515363][ T9264] RSP: 002b:00007ff3140cc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  286.515384][ T9264] RAX: ffffffffffffffda RBX: 00007ff3133b5fa0 RCX: 00007ff31318d33c
[  286.515399][ T9264] RDX: 000000000000000f RSI: 00007ff3140cc0a0 RDI: 0000000000000006
[  286.515412][ T9264] RBP: 00007ff3140cc090 R08: 0000000000000000 R09: 0000000000000000
[  286.515425][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.515437][ T9264] R13: 0000000000000000 R14: 00007ff3133b5fa0 R15: 00007ffe6380b9f8
[  286.515469][ T9264]  </TASK>
[  286.694421][    T9] usb 3-1: new full-speed USB device number 44 using dummy_hcd
[  287.016097][ T9273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  287.037479][ T9273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  287.072706][ T9273] /dev/rnullb0: Can't open blockdev
[  287.274718][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  287.282980][    T9] usb 3-1: config 0 has no interface number 0
[  287.308433][    T9] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  287.318135][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.350766][    T9] usb 3-1: config 0 descriptor??
[  287.363197][    T9] usb 3-1: selecting invalid altsetting 1
[  287.370611][    T9] dvb_ttusb_budget: ttusb_init_controller: error
[  287.379195][    T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  287.519976][    T9] DVB: Unable to find symbol cx22700_attach()
[  287.523893][ T9281] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  287.582670][    T9] DVB: Unable to find symbol tda10046_attach()
[  287.591827][    T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  287.610384][    T9] usb 3-1: USB disconnect, device number 44
[  287.655283][ T5839] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  287.680866][ T9284] FAULT_INJECTION: forcing a failure.
[  287.680866][ T9284] name failslab, interval 1, probability 0, space 0, times 0
[  287.700693][ T9284] CPU: 1 UID: 0 PID: 9284 Comm: syz.3.1234 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  287.700725][ T9284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  287.700738][ T9284] Call Trace:
[  287.700747][ T9284]  <TASK>
[  287.700755][ T9284]  dump_stack_lvl+0x189/0x250
[  287.700784][ T9284]  ? __pfx____ratelimit+0x10/0x10
[  287.700811][ T9284]  ? __pfx_dump_stack_lvl+0x10/0x10
[  287.700833][ T9284]  ? __pfx__printk+0x10/0x10
[  287.700863][ T9284]  ? __pfx___might_resched+0x10/0x10
[  287.700883][ T9284]  ? fs_reclaim_acquire+0x7d/0x100
[  287.700915][ T9284]  should_fail_ex+0x414/0x560
[  287.700962][ T9284]  should_failslab+0xa8/0x100
[  287.700989][ T9284]  __kmalloc_noprof+0xcb/0x4f0
[  287.701011][ T9284]  ? kfree+0x4d/0x440
[  287.701028][ T9284]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  287.701061][ T9284]  tomoyo_realpath_from_path+0xe3/0x5d0
[  287.701088][ T9284]  ? tomoyo_domain+0xd9/0x130
[  287.701118][ T9284]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  287.701150][ T9284]  tomoyo_path_number_perm+0x1e8/0x5a0
[  287.701184][ T9284]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  287.701234][ T9284]  ? __lock_acquire+0xab9/0xd20
[  287.701286][ T9284]  ? __fget_files+0x2a/0x420
[  287.701317][ T9284]  ? __fget_files+0x2a/0x420
[  287.701343][ T9284]  ? __fget_files+0x3a0/0x420
[  287.701369][ T9284]  ? __fget_files+0x2a/0x420
[  287.701401][ T9284]  security_file_ioctl+0xcb/0x2d0
[  287.701433][ T9284]  __se_sys_ioctl+0x47/0x170
[  287.701459][ T9284]  do_syscall_64+0xfa/0x3b0
[  287.701485][ T9284]  ? lockdep_hardirqs_on+0x9c/0x150
[  287.701511][ T9284]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.701531][ T9284]  ? clear_bhb_loop+0x60/0xb0
[  287.701556][ T9284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.701575][ T9284] RIP: 0033:0x7fc876d8e929
[  287.701594][ T9284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.701611][ T9284] RSP: 002b:00007fc877b21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  287.701633][ T9284] RAX: ffffffffffffffda RBX: 00007fc876fb5fa0 RCX: 00007fc876d8e929
[  287.701648][ T9284] RDX: 0000200000000000 RSI: 0000000000008b18 RDI: 0000000000000004
[  287.701661][ T9284] RBP: 00007fc877b21090 R08: 0000000000000000 R09: 0000000000000000
[  287.701674][ T9284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.701686][ T9284] R13: 0000000000000000 R14: 00007fc876fb5fa0 R15: 00007fffc93e2598
[  287.701718][ T9284]  </TASK>
[  287.701748][ T9284] ERROR: Out of memory at tomoyo_realpath_from_path.
[  287.960970][ T9284] warning: `syz.3.1234' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  288.022920][ T9286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.034991][ T5839] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  288.046133][ T9286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  288.056010][ T5839] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  288.065572][ T5839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  288.081514][ T5839] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.090366][ T5839] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  288.104617][ T5839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  288.124528][ T5839] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.141074][ T5839] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  288.171802][ T5839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  288.185989][ T5839] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.195689][ T5839] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  288.205233][ T5839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  288.220723][ T5839] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.231868][ T5839] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  288.244848][ T5839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  288.259808][ T5839] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.265418][ T9288] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  288.268418][ T5839] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  288.287417][ T5839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  288.298864][ T5839] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.309920][ T5839] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  288.320227][ T5839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  288.334084][ T5839] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.343473][ T5839] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  288.353844][ T5839] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  288.365350][ T5839] usb 2-1: config 0 interface 0 has no altsetting 0
[  288.374939][ T5839] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  288.384629][ T5839] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  288.393114][ T5839] usb 2-1: Product: syz
[  288.397606][ T5839] usb 2-1: Manufacturer: syz
[  288.402582][ T5839] usb 2-1: SerialNumber: syz
[  288.410808][ T5839] usb 2-1: config 0 descriptor??
[  288.422296][ T5839] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  288.626010][ T9278] FAULT_INJECTION: forcing a failure.
[  288.626010][ T9278] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  288.645932][ T9278] CPU: 0 UID: 0 PID: 9278 Comm: syz.1.1232 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  288.645962][ T9278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  288.645975][ T9278] Call Trace:
[  288.645983][ T9278]  <TASK>
[  288.645991][ T9278]  dump_stack_lvl+0x189/0x250
[  288.646019][ T9278]  ? __pfx____ratelimit+0x10/0x10
[  288.646045][ T9278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.646067][ T9278]  ? __pfx__printk+0x10/0x10
[  288.646087][ T9278]  ? lock_acquire+0x175/0x360
[  288.646142][ T9278]  should_fail_ex+0x414/0x560
[  288.646181][ T9278]  _copy_from_user+0x2d/0xb0
[  288.646203][ T9278]  yurex_write+0x1f4/0xb70
[  288.646233][ T9278]  ? __pfx_yurex_write+0x10/0x10
[  288.646256][ T9278]  ? end_current_label_crit_section+0xe0/0x180
[  288.646284][ T9278]  ? __pfx_autoremove_wake_function+0x10/0x10
[  288.646312][ T9278]  ? bpf_lsm_file_permission+0x9/0x20
[  288.646330][ T9278]  ? security_file_permission+0x75/0x290
[  288.646361][ T9278]  ? rw_verify_area+0x258/0x650
[  288.646383][ T9278]  ? __pfx_yurex_write+0x10/0x10
[  288.646407][ T9278]  vfs_write+0x27e/0xa90
[  288.646442][ T9278]  ? __pfx_vfs_write+0x10/0x10
[  288.646468][ T9278]  ? __fget_files+0x2a/0x420
[  288.646499][ T9278]  ? __fget_files+0x2a/0x420
[  288.646525][ T9278]  ? __fget_files+0x3a0/0x420
[  288.646551][ T9278]  ? __fget_files+0x2a/0x420
[  288.646589][ T9278]  ksys_write+0x145/0x250
[  288.646616][ T9278]  ? __pfx_ksys_write+0x10/0x10
[  288.646637][ T9278]  ? rcu_is_watching+0x15/0xb0
[  288.646663][ T9278]  ? do_syscall_64+0xbe/0x3b0
[  288.646694][ T9278]  do_syscall_64+0xfa/0x3b0
[  288.646723][ T9278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.646742][ T9278]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  288.646762][ T9278]  ? clear_bhb_loop+0x60/0xb0
[  288.646787][ T9278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.646807][ T9278] RIP: 0033:0x7ff31318e929
[  288.646826][ T9278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.646844][ T9278] RSP: 002b:00007ff3140cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  288.646865][ T9278] RAX: ffffffffffffffda RBX: 00007ff3133b5fa0 RCX: 00007ff31318e929
[  288.646879][ T9278] RDX: 0000000000000001 RSI: 0000200000001300 RDI: 0000000000000004
[  288.646891][ T9278] RBP: 00007ff3140cc090 R08: 0000000000000000 R09: 0000000000000000
[  288.646903][ T9278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.646915][ T9278] R13: 0000000000000000 R14: 00007ff3133b5fa0 R15: 00007ffe6380b9f8
[  288.646947][ T9278]  </TASK>
[  288.649595][    T9] usb 2-1: USB disconnect, device number 43
[  288.660494][ T9293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  288.690252][    T9] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  288.702018][ T9293] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.770474][ T9307] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  289.805889][   T30] audit: type=1326 audit(1751541624.423:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9308 comm="syz.3.1245" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc876d8e929 code=0x0
[  290.363260][ T9314] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  290.464411][    T9] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  290.624336][    T9] usb 1-1: Using ep0 maxpacket: 8
[  290.642088][    T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  290.655156][    T9] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  290.667392][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.676776][    T9] usb 1-1: Product: syz
[  290.681212][    T9] usb 1-1: Manufacturer: syz
[  290.686464][    T9] usb 1-1: SerialNumber: syz
[  290.698569][    T9] usb 1-1: config 0 descriptor??
[  291.039137][ T9322] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1249'.
[  291.414337][    T9] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  291.584417][    T9] usb 2-1: Using ep0 maxpacket: 32
[  291.593833][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  291.603226][    T9] usb 2-1: config 4 has an invalid interface number: 150 but max is 1
[  291.611760][    T9] usb 2-1: config 4 has an invalid interface number: 184 but max is 1
[  291.620307][    T9] usb 2-1: config 4 has no interface number 0
[  291.627635][    T9] usb 2-1: config 4 has no interface number 1
[  291.634853][    T9] usb 2-1: config 4 interface 150 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 32
[  291.645276][    T9] usb 2-1: config 4 interface 150 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 64
[  291.655716][    T9] usb 2-1: config 4 interface 150 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  291.667338][    T9] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  291.678701][    T9] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  291.689939][    T9] usb 2-1: config 4 interface 150 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  291.701216][    T9] usb 2-1: config 4 interface 184 altsetting 64 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  291.712725][    T9] usb 2-1: config 4 interface 184 altsetting 64 has a duplicate endpoint with address 0x4, skipping
[  291.723941][    T9] usb 2-1: config 4 interface 150 has no altsetting 0
[  291.732266][    T9] usb 2-1: config 4 interface 184 has no altsetting 0
[  291.741861][    T9] usb 2-1: New USB device found, idVendor=10b8, idProduct=1f90, bcdDevice=ba.45
[  291.751523][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.754391][ T5839] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  291.759788][    T9] usb 2-1: Product: љ
[  291.774045][    T9] usb 2-1: Manufacturer: ᐜ鞞褵颱ഥ歄⯞춐ﱗ沣뿛䎲퇱૥嚃㋠伅胜鈔႗ఇ띵鳕䄽䭉霡Ꞌ쏻䗖ีꅅ⡼螧䣁㠱嶫䳨⪜돧从᷶᫚럗ꖀ᤭῞ʜ쫤䑀ꉁ뗺萇꒔앃뫵ꀕᎥ衰糱㦼弻鯲㧑埛ﭩ㝨鿽摀
[  291.799939][    T9] usb 2-1: SerialNumber: ﶴ쯟눊飵뺪帩䮥䐫힉ὔ嵃챻痹飔簭줽㱡珟쌳馅ୗ蓩揺Ꝛ諡ⅸ鿔쮟
[  291.819578][ T9325] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  291.828414][ T9325] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  291.936078][ T5839] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  291.948827][ T5839] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  291.959484][ T5839] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  291.975746][ T5839] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  291.985499][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.993688][ T5839] usb 3-1: Product: syz
[  291.998783][ T5839] usb 3-1: Manufacturer: syz
[  292.003485][ T5839] usb 3-1: SerialNumber: syz
[  292.015984][ T5839] usb 3-1: config 0 descriptor??
[  292.029592][ T5839] usb-storage 3-1:0.0: USB Mass Storage device detected
[  292.051198][ T5839] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000
[  292.067620][    T9] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  292.082058][    T9] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  292.090810][    T9] dib0700: firmware download failed at 7 with -8
[  292.114374][    T9] dvb-usb: found a 'DiBcom STK807xP reference design' in cold state, will try to load a firmware
[  292.132467][    T9] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  292.146679][    T9] dib0700: firmware download failed at 7 with -8
[  292.168572][    T9] usb 2-1: USB disconnect, device number 44
[  292.246433][ T9328] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4093662463 (4093662463 ns) > initial count (1099723850 ns). Using initial count to start timer.
[  292.268215][ T9328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.280436][ T9328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.303573][ T9328] hpfs: Bad magic ... probably not HPFS
[  292.315952][  T982] usb 3-1: USB disconnect, device number 45
[  292.638882][ T9337] FAULT_INJECTION: forcing a failure.
[  292.638882][ T9337] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  292.655263][ T9337] CPU: 1 UID: 0 PID: 9337 Comm: syz.1.1253 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  292.655294][ T9337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  292.655307][ T9337] Call Trace:
[  292.655315][ T9337]  <TASK>
[  292.655324][ T9337]  dump_stack_lvl+0x189/0x250
[  292.655353][ T9337]  ? __pfx____ratelimit+0x10/0x10
[  292.655380][ T9337]  ? __pfx_dump_stack_lvl+0x10/0x10
[  292.655413][ T9337]  ? __pfx__printk+0x10/0x10
[  292.655435][ T9337]  ? __might_fault+0xb0/0x130
[  292.655469][ T9337]  should_fail_ex+0x414/0x560
[  292.655507][ T9337]  _copy_from_iter+0x1db/0x16f0
[  292.655550][ T9337]  ? __pfx__copy_from_iter+0x10/0x10
[  292.655581][ T9337]  ? ip6_dst_lookup_tail+0x2ca/0x1510
[  292.655617][ T9337]  ? skb_put+0x11b/0x210
[  292.655651][ T9337]  rawv6_send_hdrinc+0x813/0x1790
[  292.655691][ T9337]  ? __pfx_rawv6_send_hdrinc+0x10/0x10
[  292.655720][ T9337]  ? ip6_dst_hoplimit+0x96/0x350
[  292.655746][ T9337]  ? ip6_dst_hoplimit+0x96/0x350
[  292.655777][ T9337]  rawv6_sendmsg+0x12e2/0x1820
[  292.655817][ T9337]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  292.655849][ T9337]  ? aa_file_perm+0x13e/0x11b0
[  292.655887][ T9337]  ? __pfx_aa_sk_perm+0x10/0x10
[  292.655911][ T9337]  ? sock_rps_record_flow+0x19/0x410
[  292.655939][ T9337]  ? inet_sendmsg+0x2f4/0x370
[  292.655960][ T9337]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  292.655993][ T9337]  __sock_sendmsg+0x19c/0x270
[  292.656021][ T9337]  sock_write_iter+0x258/0x330
[  292.656052][ T9337]  ? __pfx_sock_write_iter+0x10/0x10
[  292.656087][ T9337]  ? bpf_lsm_file_permission+0x9/0x20
[  292.656106][ T9337]  ? security_file_permission+0x75/0x290
[  292.656144][ T9337]  vfs_write+0x54b/0xa90
[  292.656173][ T9337]  ? __pfx_sock_write_iter+0x10/0x10
[  292.656197][ T9337]  ? __pfx_vfs_write+0x10/0x10
[  292.656232][ T9337]  ? __fget_files+0x2a/0x420
[  292.656269][ T9337]  ksys_write+0x145/0x250
[  292.656296][ T9337]  ? __pfx_ksys_write+0x10/0x10
[  292.656318][ T9337]  ? rcu_is_watching+0x15/0xb0
[  292.656343][ T9337]  ? do_syscall_64+0xbe/0x3b0
[  292.656374][ T9337]  do_syscall_64+0xfa/0x3b0
[  292.656405][ T9337]  ? lockdep_hardirqs_on+0x9c/0x150
[  292.656429][ T9337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.656449][ T9337]  ? clear_bhb_loop+0x60/0xb0
[  292.656474][ T9337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  292.656493][ T9337] RIP: 0033:0x7ff31318e929
[  292.656512][ T9337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  292.656529][ T9337] RSP: 002b:00007ff3140cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  292.656551][ T9337] RAX: ffffffffffffffda RBX: 00007ff3133b5fa0 RCX: 00007ff31318e929
[  292.656566][ T9337] RDX: 0000000000000046 RSI: 0000200000000300 RDI: 0000000000000003
[  292.656579][ T9337] RBP: 00007ff3140cc090 R08: 0000000000000000 R09: 0000000000000000
[  292.656591][ T9337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  292.656603][ T9337] R13: 0000000000000000 R14: 00007ff3133b5fa0 R15: 00007ffe6380b9f8
[  292.656634][ T9337]  </TASK>
[  293.305774][  T982] usb 1-1: USB disconnect, device number 58
[  293.369943][ T9342] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  293.803229][ T9348] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  293.996372][ T9354] use of bytesused == 0 is deprecated and will be removed in the future,
[  294.005279][ T9354] use the actual size instead.
[  294.194467][  T982] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  294.224319][ T5839] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  294.350206][ T9361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  294.364690][  T982] usb 2-1: Using ep0 maxpacket: 8
[  294.370619][ T9361] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  294.385224][  T982] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  294.396181][  T982] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.406130][  T982] usb 2-1: Product: syz
[  294.406477][ T5839] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  294.411411][  T982] usb 2-1: Manufacturer: syz
[  294.425353][  T982] usb 2-1: SerialNumber: syz
[  294.434082][  T982] usb 2-1: config 0 descriptor??
[  294.448780][ T5839] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.465287][ T5839] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.483745][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  294.498815][ T5839] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.510590][ T5839] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.523051][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  294.531090][ T5839] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.540457][ T5839] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.553373][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  294.561637][ T5839] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.570974][ T5839] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.582085][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  294.590129][ T5839] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.601170][ T5839] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.613949][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  294.622511][ T5839] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.633401][ T5839] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.644525][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  294.644550][  T982] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  294.652558][ T5839] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.672977][ T5839] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.684333][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  294.692344][ T5839] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  294.704850][ T5839] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  294.716264][ T5839] usb 3-1: config 0 interface 0 has no altsetting 0
[  294.726423][ T5839] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  294.735717][ T5839] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  294.744980][ T5839] usb 3-1: Product: syz
[  294.749265][ T5839] usb 3-1: Manufacturer: syz
[  294.753934][ T5839] usb 3-1: SerialNumber: syz
[  294.762528][ T5839] usb 3-1: config 0 descriptor??
[  294.777289][ T5839] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[  295.281546][  T982] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  295.303161][  T982] usb 2-1: USB disconnect, device number 45
[  295.921544][ T9369] FAULT_INJECTION: forcing a failure.
[  295.921544][ T9369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  295.942027][ T9369] CPU: 0 UID: 0 PID: 9369 Comm: syz.1.1268 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  295.942058][ T9369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  295.942073][ T9369] Call Trace:
[  295.942081][ T9369]  <TASK>
[  295.942093][ T9369]  dump_stack_lvl+0x189/0x250
[  295.942123][ T9369]  ? __pfx____ratelimit+0x10/0x10
[  295.942150][ T9369]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.942173][ T9369]  ? __pfx__printk+0x10/0x10
[  295.942208][ T9369]  ? __might_fault+0xb0/0x130
[  295.942248][ T9369]  should_fail_ex+0x414/0x560
[  295.942286][ T9369]  _copy_from_user+0x2d/0xb0
[  295.942313][ T9369]  ___sys_sendmsg+0x158/0x2a0
[  295.942339][ T9369]  ? __pfx____sys_sendmsg+0x10/0x10
[  295.942399][ T9369]  ? __fget_files+0x2a/0x420
[  295.942427][ T9369]  ? __fget_files+0x3a0/0x420
[  295.942466][ T9369]  __x64_sys_sendmsg+0x19b/0x260
[  295.942491][ T9369]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  295.942530][ T9369]  ? rcu_is_watching+0x15/0xb0
[  295.942557][ T9369]  ? do_syscall_64+0xbe/0x3b0
[  295.942589][ T9369]  do_syscall_64+0xfa/0x3b0
[  295.942615][ T9369]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.942642][ T9369]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.942662][ T9369]  ? clear_bhb_loop+0x60/0xb0
[  295.942688][ T9369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.942708][ T9369] RIP: 0033:0x7ff31318e929
[  295.942731][ T9369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.942750][ T9369] RSP: 002b:00007ff3140cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  295.942772][ T9369] RAX: ffffffffffffffda RBX: 00007ff3133b5fa0 RCX: 00007ff31318e929
[  295.942788][ T9369] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  295.942801][ T9369] RBP: 00007ff3140cc090 R08: 0000000000000000 R09: 0000000000000000
[  295.942815][ T9369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.942828][ T9369] R13: 0000000000000000 R14: 00007ff3133b5fa0 R15: 00007ffe6380b9f8
[  295.942861][ T9369]  </TASK>
[  296.223555][ T9372] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  296.990764][    C1] usb 3-1: yurex_control_callback - control failed: -2
[  297.045236][ T5839] usb 3-1: USB disconnect, device number 46
[  297.051390][   T30] audit: type=1107 audit(1751541631.663:8): pid=9379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='��G�=�'���o�*���R�s�i��U�L��'
[  297.080852][ T5839] yurex 3-1:0.0: USB YUREX #0 now disconnected
[  297.139511][ T9382] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  297.184580][ T9384] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  297.191174][ T9384] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  297.201101][ T9384] vhci_hcd vhci_hcd.0: Device attached
[  297.210476][ T9385] vhci_hcd: connection closed
[  297.212132][ T1115] vhci_hcd: stop threads
[  297.225302][ T1115] vhci_hcd: release socket
[  297.229925][ T1115] vhci_hcd: disconnect device
[  297.867938][ T9396] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  297.994397][    T9] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  298.154416][    T9] usb 3-1: Using ep0 maxpacket: 8
[  298.188338][    T9] usb 3-1: config 0 has an invalid interface number: 186 but max is 0
[  298.204376][    T9] usb 3-1: config 0 has no interface number 0
[  298.210715][    T9] usb 3-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  298.223240][    T9] usb 3-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  298.238543][    T9] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  298.250142][    T9] usb 3-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  298.268480][    T9] usb 3-1: New USB device found, idVendor=07c0, idProduct=1501, bcdDevice=b8.c5
[  298.278152][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.289355][    T9] usb 3-1: Product: syz
[  298.293730][    T9] usb 3-1: Manufacturer: syz
[  298.298585][    T9] usb 3-1: SerialNumber: syz
[  298.309800][    T9] usb 3-1: config 0 descriptor??
[  298.547344][    T9] iowarrior 3-1:0.186: IOWarrior product=0x1501, serial=42424242 interface=186 now attached to iowarrior0
[  298.748455][ T9394] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.758339][ T9394] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.771317][    T9] usb 3-1: USB disconnect, device number 47
[  298.936337][ T5839] usb 1-1: new full-speed USB device number 59 using dummy_hcd
[  299.098661][ T5839] usb 1-1: not running at top speed; connect to a high speed hub
[  299.109892][ T5839] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  299.122336][ T5839] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  299.134076][ T5839] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  299.143421][ T5839] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.151941][ T5839] usb 1-1: Product: Ⰱ
[  299.156462][ T5839] usb 1-1: Manufacturer: ᠊
[  299.161206][ T5839] usb 1-1: SerialNumber: syz
[  299.316207][ T9414] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  299.496535][ T9418] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  299.587719][ T5839] usb 1-1: 0:2 : does not exist
[  299.625210][ T5839] usb 1-1: USB disconnect, device number 59
[  299.678997][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  300.597066][ T9438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.606350][ T9438] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.642030][ T9439] 9pnet_fd: Insufficient options for proto=fd
[  300.653277][ T9442] FAULT_INJECTION: forcing a failure.
[  300.653277][ T9442] name failslab, interval 1, probability 0, space 0, times 0
[  300.673951][ T9442] CPU: 1 UID: 0 PID: 9442 Comm: syz.0.1297 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  300.673993][ T9442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  300.674006][ T9442] Call Trace:
[  300.674013][ T9442]  <TASK>
[  300.674021][ T9442]  dump_stack_lvl+0x189/0x250
[  300.674052][ T9442]  ? __pfx____ratelimit+0x10/0x10
[  300.674078][ T9442]  ? __pfx_dump_stack_lvl+0x10/0x10
[  300.674100][ T9442]  ? __pfx__printk+0x10/0x10
[  300.674127][ T9442]  ? __pfx___might_resched+0x10/0x10
[  300.674151][ T9442]  should_fail_ex+0x414/0x560
[  300.674188][ T9442]  should_failslab+0xa8/0x100
[  300.674213][ T9442]  kmem_cache_alloc_noprof+0x73/0x3c0
[  300.674252][ T9442]  ? getname_flags+0xb8/0x540
[  300.674283][ T9442]  getname_flags+0xb8/0x540
[  300.674310][ T9442]  ? _copy_from_user+0x94/0xb0
[  300.674334][ T9442]  user_path_at+0x24/0x60
[  300.674355][ T9442]  __se_sys_mount+0x2d3/0x410
[  300.674390][ T9442]  ? __pfx___se_sys_mount+0x10/0x10
[  300.674416][ T9442]  ? rcu_is_watching+0x15/0xb0
[  300.674442][ T9442]  ? do_syscall_64+0xbe/0x3b0
[  300.674467][ T9442]  ? __x64_sys_mount+0x20/0xc0
[  300.674496][ T9442]  do_syscall_64+0xfa/0x3b0
[  300.674529][ T9442]  ? lockdep_hardirqs_on+0x9c/0x150
[  300.674553][ T9442]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.674572][ T9442]  ? clear_bhb_loop+0x60/0xb0
[  300.674595][ T9442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.674613][ T9442] RIP: 0033:0x7f609bb8e929
[  300.674631][ T9442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.674648][ T9442] RSP: 002b:00007f609c9e2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  300.674669][ T9442] RAX: ffffffffffffffda RBX: 00007f609bdb5fa0 RCX: 00007f609bb8e929
[  300.674684][ T9442] RDX: 0000200000000000 RSI: 0000200000001440 RDI: 0000200000000140
[  300.674698][ T9442] RBP: 00007f609c9e2090 R08: 0000000000000000 R09: 0000000000000000
[  300.674711][ T9442] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001
[  300.674723][ T9442] R13: 0000000000000000 R14: 00007f609bdb5fa0 R15: 00007fff9606af88
[  300.674763][ T9442]  </TASK>
[  300.789228][ T9446] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  300.794467][    C1] vkms_vblank_simulate: vblank timer overrun
[  301.044744][    T9] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  301.184325][    T9] usb 2-1: device descriptor read/64, error -71
[  301.346830][ T9454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.380186][ T9454] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.434551][    T9] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  301.587125][ T9456] ==================================================================
[  301.595258][ T9456] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x3c5/0x990
[  301.595600][ T9458] /dev/rnullb0: Can't open blockdev
[  301.602925][ T9456] Read of size 1 at addr ffff88805e922830 by task syz.2.1306/9456
[  301.602945][ T9456] 
[  301.602957][ T9456] CPU: 1 UID: 0 PID: 9456 Comm: syz.2.1306 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  301.602980][ T9456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  301.602993][ T9456] Call Trace:
[  301.603004][ T9456]  <TASK>
[  301.603013][ T9456]  dump_stack_lvl+0x189/0x250
[  301.603038][ T9456]  ? __virt_addr_valid+0x1c8/0x5c0
[  301.603060][ T9456]  ? rcu_is_watching+0x15/0xb0
[  301.603078][ T9456]  ? __kasan_check_byte+0x12/0x40
[  301.603101][ T9456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.603122][ T9456]  ? rcu_is_watching+0x15/0xb0
[  301.603139][ T9456]  ? lock_release+0x4b/0x3e0
[  301.603169][ T9456]  ? __virt_addr_valid+0x1c8/0x5c0
[  301.603214][ T9456]  ? __virt_addr_valid+0x4a5/0x5c0
[  301.603243][ T9456]  print_report+0xd2/0x2b0
[  301.603273][ T9456]  ? rose_get_neigh+0x3c5/0x990
[  301.603297][ T9456]  kasan_report+0x118/0x150
[  301.603325][ T9456]  ? rose_get_neigh+0x3c5/0x990
[  301.603363][ T9456]  rose_get_neigh+0x3c5/0x990
[  301.603394][ T9456]  rose_connect+0x416/0x10a0
[  301.603427][ T9456]  ? __pfx_current_check_access_socket+0x10/0x10
[  301.603458][ T9456]  ? aa_sk_perm+0x81e/0x950
[  301.603478][ T9456]  ? __might_fault+0xb0/0x130
[  301.603504][ T9456]  ? __pfx_rose_connect+0x10/0x10
[  301.603535][ T9456]  ? aa_af_perm+0x270/0x2d0
[  301.603554][ T9456]  ? tomoyo_socket_connect_permission+0x164/0x290
[  301.603585][ T9456]  ? bpf_lsm_socket_connect+0x9/0x20
[  301.603619][ T9456]  __sys_connect+0x313/0x440
[  301.603653][ T9456]  ? __pfx___sys_connect+0x10/0x10
[  301.603696][ T9456]  __x64_sys_connect+0x7a/0x90
[  301.603728][ T9456]  do_syscall_64+0xfa/0x3b0
[  301.603758][ T9456]  ? lockdep_hardirqs_on+0x9c/0x150
[  301.603785][ T9456]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.603808][ T9456]  ? clear_bhb_loop+0x60/0xb0
[  301.603833][ T9456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.603854][ T9456] RIP: 0033:0x7f2d9fb8e929
[  301.603876][ T9456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.603898][ T9456] RSP: 002b:00007f2da0944038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  301.603922][ T9456] RAX: ffffffffffffffda RBX: 00007f2d9fdb5fa0 RCX: 00007f2d9fb8e929
[  301.603940][ T9456] RDX: 000000000000001c RSI: 0000200000000180 RDI: 0000000000000004
[  301.603955][ T9456] RBP: 00007f2d9fc10b39 R08: 0000000000000000 R09: 0000000000000000
[  301.603969][ T9456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  301.603983][ T9456] R13: 0000000000000000 R14: 00007f2d9fdb5fa0 R15: 00007ffde33cfaa8
[  301.604009][ T9456]  </TASK>
[  301.604017][ T9456] 
[  301.612069][ T9457] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  301.616155][ T9456] Allocated by task 5845:
[  301.616172][ T9456]  kasan_save_track+0x3e/0x80
[  301.616196][ T9456]  __kasan_kmalloc+0x93/0xb0
[  301.616214][ T9456]  __kmalloc_cache_noprof+0x230/0x3d0
[  301.616234][ T9456]  kernfs_fop_open+0x397/0xca0
[  301.616257][ T9456]  do_dentry_open+0xdf0/0x1970
[  301.616285][ T9456]  vfs_open+0x3b/0x340
[  301.645155][    T9] usb 2-1: device descriptor read/64, error -71
[  301.646358][ T9456]  path_openat+0x2ee5/0x3830
[  301.646386][ T9456]  do_filp_open+0x1fa/0x410
[  301.928284][ T9456]  do_sys_openat2+0x121/0x1c0
[  301.932983][ T9456]  __x64_sys_openat+0x138/0x170
[  301.937837][ T9456]  do_syscall_64+0xfa/0x3b0
[  301.942350][ T9456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.948245][ T9456] 
[  301.950576][ T9456] Freed by task 5845:
[  301.954551][ T9456]  kasan_save_track+0x3e/0x80
[  301.959239][ T9456]  kasan_save_free_info+0x46/0x50
[  301.964278][ T9456]  __kasan_slab_free+0x62/0x70
[  301.969058][ T9456]  kfree+0x18e/0x440
[  301.972971][ T9456]  kernfs_fop_release+0x160/0x190
[  301.978006][ T9456]  __fput+0x44c/0xa70
[  301.981992][ T9456]  fput_close_sync+0x119/0x200
[  301.986754][ T9456]  __x64_sys_close+0x7f/0x110
[  301.991437][ T9456]  do_syscall_64+0xfa/0x3b0
[  301.995955][ T9456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.001854][ T9456] 
[  302.004187][ T9456] The buggy address belongs to the object at ffff88805e922800
[  302.004187][ T9456]  which belongs to the cache kmalloc-512 of size 512
[  302.018244][ T9456] The buggy address is located 48 bytes inside of
[  302.018244][ T9456]  freed 512-byte region [ffff88805e922800, ffff88805e922a00)
[  302.031960][ T9456] 
[  302.034289][ T9456] The buggy address belongs to the physical page:
[  302.040704][ T9456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e920
[  302.049469][ T9456] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  302.057977][ T9456] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  302.065527][ T9456] page_type: f5(slab)
[  302.069522][ T9456] raw: 00fff00000000040 ffff88801a841c80 ffffea00017a8a00 dead000000000002
[  302.078122][ T9456] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  302.086734][ T9456] head: 00fff00000000040 ffff88801a841c80 ffffea00017a8a00 dead000000000002
[  302.095440][ T9456] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  302.104145][ T9456] head: 00fff00000000002 ffffea00017a4801 00000000ffffffff 00000000ffffffff
[  302.112822][ T9456] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  302.121495][ T9456] page dumped because: kasan: bad access detected
[  302.128010][ T9456] page_owner tracks the page as allocated
[  302.133809][ T9456] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5832, tgid 5832 (syz-executor), ts 88661422314, free_ts 29542966198
[  302.155182][ T9456]  post_alloc_hook+0x240/0x2a0
[  302.159995][ T9456]  get_page_from_freelist+0x21e4/0x22c0
[  302.165728][ T9456]  __alloc_frozen_pages_noprof+0x181/0x370
[  302.171544][ T9456]  alloc_pages_mpol+0x232/0x4a0
[  302.176420][ T9456]  allocate_slab+0x8a/0x370
[  302.180937][ T9456]  ___slab_alloc+0xbeb/0x1410
[  302.185626][ T9456]  __kmalloc_noprof+0x305/0x4f0
[  302.190479][ T9456]  fib6_info_alloc+0x30/0xf0
[  302.195081][ T9456]  ip6_route_info_create+0x142/0x860
[  302.200379][ T9456]  addrconf_f6i_alloc+0x1d2/0x450
[  302.205417][ T9456]  ipv6_add_addr+0x56e/0x1090
[  302.210193][ T9456]  addrconf_add_linklocal+0x28c/0x6c0
[  302.215573][ T9456]  addrconf_addr_gen+0x490/0x580
[  302.220517][ T9456]  addrconf_init_auto_addrs+0x649/0xbb0
[  302.226068][ T9456]  addrconf_notify+0xacc/0x1010
[  302.230924][ T9456]  notifier_call_chain+0x1b3/0x3e0
[  302.236038][ T9456] page last free pid 1 tgid 1 stack trace:
[  302.241840][ T9456]  __free_frozen_pages+0xb80/0xd80
[  302.246980][ T9456]  free_contig_range+0x1bd/0x4a0
[  302.251928][ T9456]  destroy_args+0x7e/0x5d0
[  302.256349][ T9456]  debug_vm_pgtable+0x3fa/0x430
[  302.261203][ T9456]  do_one_initcall+0x233/0x820
[  302.266000][ T9456]  do_initcall_level+0x137/0x1f0
[  302.271081][ T9456]  do_initcalls+0x69/0xd0
[  302.275444][ T9456]  kernel_init_freeable+0x3d9/0x570
[  302.280763][ T9456]  kernel_init+0x1d/0x1d0
[  302.285110][ T9456]  ret_from_fork+0x3fc/0x770
[  302.289708][ T9456]  ret_from_fork_asm+0x1a/0x30
[  302.294494][ T9456] 
[  302.296822][ T9456] Memory state around the buggy address:
[  302.302456][ T9456]  ffff88805e922700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  302.310531][ T9456]  ffff88805e922780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  302.318600][ T9456] >ffff88805e922800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  302.326661][ T9456]                                      ^
[  302.332301][ T9456]  ffff88805e922880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  302.340384][ T9456]  ffff88805e922900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  302.348469][ T9456] ==================================================================
[  302.356710][    C1] vkms_vblank_simulate: vblank timer overrun
[  302.366950][ T9456] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  302.374295][ T9456] CPU: 1 UID: 0 PID: 9456 Comm: syz.2.1306 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  302.385787][ T9456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  302.395854][ T9456] Call Trace:
[  302.399150][ T9456]  <TASK>
[  302.402173][ T9456]  dump_stack_lvl+0x99/0x250
[  302.406773][ T9456]  ? __asan_memcpy+0x40/0x70
[  302.411368][ T9456]  ? __pfx_dump_stack_lvl+0x10/0x10
[  302.416574][ T9456]  ? __pfx__printk+0x10/0x10
[  302.421201][ T9456]  panic+0x2db/0x790
[  302.425109][ T9456]  ? __pfx_panic+0x10/0x10
[  302.429531][ T9456]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  302.435437][ T9456]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  302.441338][ T9456]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  302.447674][ T9456]  ? print_memory_metadata+0x314/0x400
[  302.453153][ T9456]  ? rose_get_neigh+0x3c5/0x990
[  302.458012][ T9456]  check_panic_on_warn+0x89/0xb0
[  302.462962][ T9456]  ? rose_get_neigh+0x3c5/0x990
[  302.467823][ T9456]  end_report+0x78/0x160
[  302.472072][ T9456]  kasan_report+0x129/0x150
[  302.476587][ T9456]  ? rose_get_neigh+0x3c5/0x990
[  302.481454][ T9456]  rose_get_neigh+0x3c5/0x990
[  302.486248][ T9456]  rose_connect+0x416/0x10a0
[  302.490863][ T9456]  ? __pfx_current_check_access_socket+0x10/0x10
[  302.497205][ T9456]  ? aa_sk_perm+0x81e/0x950
[  302.501712][ T9456]  ? __might_fault+0xb0/0x130
[  302.506394][ T9456]  ? __pfx_rose_connect+0x10/0x10
[  302.511434][ T9456]  ? aa_af_perm+0x270/0x2d0
[  302.515943][ T9456]  ? tomoyo_socket_connect_permission+0x164/0x290
[  302.522375][ T9456]  ? bpf_lsm_socket_connect+0x9/0x20
[  302.527675][ T9456]  __sys_connect+0x313/0x440
[  302.532294][ T9456]  ? __pfx___sys_connect+0x10/0x10
[  302.537430][ T9456]  __x64_sys_connect+0x7a/0x90
[  302.542212][ T9456]  do_syscall_64+0xfa/0x3b0
[  302.546728][ T9456]  ? lockdep_hardirqs_on+0x9c/0x150
[  302.551941][ T9456]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.558016][ T9456]  ? clear_bhb_loop+0x60/0xb0
[  302.562705][ T9456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.568608][ T9456] RIP: 0033:0x7f2d9fb8e929
[  302.573035][ T9456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  302.592650][ T9456] RSP: 002b:00007f2da0944038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  302.601089][ T9456] RAX: ffffffffffffffda RBX: 00007f2d9fdb5fa0 RCX: 00007f2d9fb8e929
[  302.609070][ T9456] RDX: 000000000000001c RSI: 0000200000000180 RDI: 0000000000000004
[  302.617051][ T9456] RBP: 00007f2d9fc10b39 R08: 0000000000000000 R09: 0000000000000000
[  302.625029][ T9456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  302.633012][ T9456] R13: 0000000000000000 R14: 00007f2d9fdb5fa0 R15: 00007ffde33cfaa8
[  302.641017][ T9456]  </TASK>
[  302.644374][ T9456] Kernel Offset: disabled
[  302.648717][ T9456] Rebooting in 86400 seconds..